Fig 1 - uploaded by Dominik Maier
Content may be subject to copyright.
Source publication
The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commer...
Contexts in source publication
Context 1
... life cycle of an app protected by Promon Shield is illustrated in Fig. 1. The app first loads the native library libshield.so. For this, the integration tool adds initializing Java code to the onCreate method of the main activity, as specified in AndroidManifest.xml. The native library relies on three files which are a product of the integration tool and are added encrypted to the assets of the APK: ...
Context 2
... Externalization. Apart from the substitution of strings with method calls to Promon's getStr method, it also externalizes Java constants in a clever way. This works as follows and the process is further illustrated in Fig. 3: (1) The Promon integration tool replaces any class member field declared as static and final with a random value of the correct type. Similar to the string externalization, the replaced values of a class are stored in a nested dictionary: While the first level takes the fully qualified class name as a key, its value is a dictionary that ...
Citations
... However, their study used static analysis techniques, which are susceptible to errors due to obfuscation, and did not cover all the resiliency requirements set forth by the OWASP. Prior works have also extensively evaluated app hardening techniques [14], audited runtime protection mechanisms [13], or scrutinized specific defense mechanisms such as anti-root [12] or defense libraries such as ProGuard [15]. While previous studies used static analysis and focused on the usage of specific protection methods, the presence of a defense mechanism against a specific type of attack does not guarantee safety against any tampering attack. ...
... For a wider understanding of how multiple resiliency methods are in place, researchers also analyzed more than one attack vector at a time. Haupert et al, [14] examined a widely used library which provides app selfprotection, and demonstrated two runtime attacks against the protections in place to disable security measures. In their work, they analyzed the custom libraries which can provide multiple self-protection methods, however were able to exploit the integrity of apps regardless. ...
... Malware researchers are propagating obfuscated and encrypted banking trojans, evading anti-malware scanners. They employ code obfuscation, encryption, dynamic loading and native code execution to circumvent Google Play protection [5,6,7,8,9,10,11,12,13,14]. App developers, on the other hand, are us- 30 ing them to prevent their source code and intellectual property from misuse. ...
... Note that the graph only accounts for publications having the desired keyword(s) in its title or abstract and belonging to the related field of research. Figure 2: Layout of the survey droid malware evolution and detection techniques [16,11,17] but in detail focuses on Android application hardening methods systematically. It differs from previous surveys as depicted in table 1. ...
... Attackers are always trying to reverse popular applications to inject mali-750 cious code. An attacker using the tampered application can get inside smartphone to access, manipulate and exchange user data [42,11,122]. Anti tampering popular as Integrity Checking uses methods to ensure that application code and resources are not altered by a third party. ...
In the age of increasing mobile and smart connectivity, malware poses an ever evolving threat to individuals, societies and nations. Anti-malware companies are often the first and only line of defense for mobile users. Driven by economic benefits, quantity and complexity of Android malware are increasing, thus making them difficult to detect. Malware authors employ multiple techniques (e.g. code obfuscation, packaging and encryption) to evade static analysis (signature based) and dynamic analysis (behavior based) detection methods. In this article, we present an overview of Android and its state of the art security services. We then present an exhaustive and analytic taxonomy of Android malware hardening techniques available in the literature. Furthermore, we review and analyze the code obfuscation and preventive techniques used by malware to evade detection. Hardening mechanisms are also popular amongst application developers to fortify against reverse engineering. Based on our in-depth survey, we highlight the issues related to them and manifest future directions. We believe the need to examine the effectiveness and efficiency of hardening techniques and their combination.
... Application hardening [50] Modification of an application to make it more resistant against attacks, such as the obfuscation of the application code. ...
... We also propose using ML anomaly detection systems to identify potential malware threats [24] [141]. Finally, Chakkaravarty et al. [154] reviewed current persistent malware techniques able to bypass common countermeasures and proposed mitigation techniques, such as sandboxing [104], application hardening [50] and malware visualization [41]. It is essential to highlight that the countermeasures applicable for this phase highly depend on the device constraints that implement this phase, which is typically the BCI device (see Section 3). ...
Brain-Computer Interfaces (BCIs) have significantly improved the patientsfi quality of life by restoring damaged hearing, sight, and movement capabilities. After evolving their application scenarios, the current trend of BCI is to enable new innovative brain-to-brain and brain-to-the-Internet communication paradigms. This technological advancement generates opportunities for attackers since users’ personal information and physical integrity could be under tremendous risk. This work presents the existing versions of the BCI life-cycle and homogenizes them in a new approach that overcomes current limitations. After that, we offer a qualitative characterization of the security attacks affecting each phase of the BCI cycle to analyze their impacts and countermeasures documented in the literature. Finally, we reflect on lessons learned, highlighting research trends and future challenges concerning security on BCIs.
... In the ideal case, RASP agents can be deployed in a plug and play manner, requiring only an initial configuration as Haupert et al. [12] describes regarding the deployment of Promon SHIELD RASP [22]. In cases where an agent does not require any configuration or a learning phase, attacks are detected using techniques that, e.g., combine taint-tracking with lexical analysis [2] or that monitor common input sinks and output sources for known malicious behavior and signatures [23]. ...
... European researchers have also been looking into their banking systems and the security of mobile banking applications. European banking applications seem to adopt a by far stronger protection strategy, as evident by the measures the authors had to adopt to attempt an analysis [30,31]. Among others, the use of commercial protectors is employed to impede analysis by reverse engineers and provide a strong measure of integrity protection, as well as enhanced safeguards for data stored on the mobile device and transmitted through the network [30]. ...
... European banking applications seem to adopt a by far stronger protection strategy, as evident by the measures the authors had to adopt to attempt an analysis [30,31]. Among others, the use of commercial protectors is employed to impede analysis by reverse engineers and provide a strong measure of integrity protection, as well as enhanced safeguards for data stored on the mobile device and transmitted through the network [30]. Therefore, we advocate for other countries, including Brazil, to adopt similar rules towards establishing a more security environment for mobile banks apps operations. ...
Internet Banking have become the primary way of accessing banking services for most customers, but its security is still a constant concern, since million dollars are still lost every year due to frauds. Over time, banks and customers overcome the initial technology distrust and learned how to secure their operations. However, there are still many lessons to learn, mainly when looking to the upcoming technological developments. To understand the lessons learned over time and also to help shedding light on possible future developments, we review the past and the present of internet banking implementations in Brazil, a country widely adopting this type of service and an early adopter of new banking technologies, thus targeted by many threats. We show how Internet banking evolved from desktop software to mobile apps and how attackers also evolved from phishing mails to complete phishing applications to target Brazilian users. We also performed a detailed security analysis of Brazilian banking apps available in the Android app store and identified that developers still fail to follow secure development practices, thus causing banking apps to leak user's sensitive data. Moreover, we also looked to the future to present new attacks which can threat users in a short-term. In particular, we demonstrate an attack against a Whatsapp-based transaction mechanism implemented by some Brazilian banks
... Malicious or potentially unwanted applications are programs purposely designed to attack the security and privacy of the devices and their users. Moreover, Android apps are commonly hardened with advanced anti-analysis techniques, including obfuscation [3,6] and packing [7], which turn their analysis into a really challenging task. To cope with this challenge, Anti-Virus (AV) vendors and cyber security firms characterize newly discovered threats, label them with a family name, and share the specimens together with associated Indicators of Compromise (IoC) with the security community. ...
... Like in the previous section, we select two of the most popular families (i.e., Cvmtld and Rusms) and provide a qualitative evaluation or our findings. Cvmtld is an Android SMS Trojan which contains 19 different samples out of which: one sample is first detected in 2013, five samples are first detected in 2014, and the rest have been all detected in 2016 3 . We observe that 8 ensembles of API methods are shared among all samples in this family. ...
Assigning family labels to malicious apps is a common practice for grouping together malware with identical behavior. However, recent studies show that apps labeled as belonging to the same family do not necessarily behave similarly: one app may lack or have extra capabilities compared to others in the same family, and, conversely, two apps labeled as belonging to different families may exhibit close behavior. To reveal these inconsistencies, this paper presents AndrEnsemble, a characterization system for Android malware families based on ensembles of sensitive API calls extracted from aggregated call graphs of different families. Our method has several advantages over similar characterization approaches, including a greater reduction ratio with respect to original call graphs, robustness against transformation attacks, and flexibility to be applied at different granularity levels. We experimentally validate our approach and discuss three specific use cases: mobile ransomware, SMS Trojans and banking Trojans. This left us with some interesting findings. First of all, malicious operations in these types of malware are not necessarily exercised by using several sensitive API calls all together. Second, SMS Trojans have larger ensembles of API calls compared to the other types. Last but not least, we identified several samples with identical ensembles though being labeled as part of different families.
Android applications (called apps) are an integral part of our digital lives, with an ever-growing user base generating massive amounts of data every day. Despite privacy measures in place, such as the Android permission model, there persists a significant privacy concern due to factors like centralized data storage and lack of transparency. This paper presents a novel approach to enhance privacy preservation in Android platforms, focusing specifically on managing ’dangerous’ permissions related to sensitive health data. We propose a hybrid architecture that combines traditional data processing for regular data with a blockchain-based system for handling sensitive data, thus offering enhanced security, transparency, and user control. Our detailed evaluation using Ethereum Virtual Machine (EVM) compatible platforms (i.e., BNB, Fantom, Celo, and Matic) shows the feasibility and effectiveness of our approach, with the Fantom platform proving the most suitable due to its low transaction cost and optimal gas limit. We acknowledge that the successful implementation of our proposed solution relies on stakeholder acceptance. Therefore, we outline strategies for convincing both service providers and Android OS producers to consider this transformative approach. This paper offers a pioneering view into using blockchain technology to address the persistent privacy concerns in the Android app ecosystem.