Conference Paper

Mobile Malware Exposed

Conference Paper

Mobile Malware Exposed

If you want to read the PDF, try requesting it from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... 随着移动终端设备功能日益强大,移动互联 网产业得到了迅猛发展, 正逐渐渗透到人们生活、 工作的各个领域。越来越多的企业员工已经或即 将摆脱办公室的约束,通过移动终端设备来处理 日常工作事务。当前,企业的"移动化"是大势 所趋, 市场调研企业高德纳 [1] 预计, 到 2017 年底, 企业级移动应用的市场需求增长速度将至少是现 有供给速度的 5 倍以上。然而,企业关键数据向 [5] 工作性能不稳定,且需要编译用 户移动终端的系统,通用性不强,不适用于企业数 据防泄露体系。基于 Hook 技术的透明加密技术 [6,7] 通用性强,但相比驱动加密技术,文件读写慢、性 能较差。2) Android 平台数据隔离技术 [8,9] ,主要是 通过关键数据加密存储、文档数据防泄露(DLP, data leakage prevention)控制 [10] 、应用锁定 [11] 等实 现数据隔离的安全体系,公私数据并没有做到彻 底的环境隔离。存在企业涉密进程遭到信息被劫 持的可能, 现在的方案并不能有效预防企业关键数 据泄露 [12~14] 。 本文设计与实现了一个面向移动终端的数据 防泄露系统,具体贡献如下。 1) 首次提出了基于移动终端的文件预解密透 明加密技术。利用基于 Xposed 框架 [15] 、Hook 技术 ...
Article
With the trend that enterprise key data moves to mobile terminal, data leakage prevention has become an important issue on mobile terminal. To solve the problem, a pre-decryption transparent encryption technology was set up which solved the problem that traditional transparent encryption technology only can ensure application layer security, in addition, performance on mobile was improved. At the same time, taking advantage of the idea of combining thin client and mobile terminal to prevent leakage of data, a virtual remote desktop technology on mobile was proposed, which completely shield the shortcomings of data transmission and ensure the safe transmission of mobile terminal data. Finally, a data leakage prevention system for mobile terminal was set up, which makes the mobile terminal fully and effectively protected. © 2016, Editorial Board of Journal on Communications. All right reserved.
Preprint
Full-text available
As mobile devices become ubiquitous, people around the world have enjoyed the convenience they have brought to our lives. At the same time, the increasing security threats that rise from using mobile devices not only have caught attention from cyber security agencies but also have become a valid concern for mobile users. Keylogging is one of the mobile security threats caused by using insecure third-party IME (input method editor) applications. Keylogging, as the name suggests, keeps track of user\rq s key events performed on the device and stores all the events in a log. The log could include highly sensitive data such as credit card number, social security number, and passwords. This paper presents a novel solution by intercepting the keystroke events triggered by a user and encrypting them before sending them to the third-party IME, making the third-party IME unable to log what the users actually entered on the screen. Input will be decrypted when showing on text view on the underlying app. This solution addresses the fundamental reason why an IME may leak sensitive information since an IME will no longer have access to the user\rq s actual sensitive information, which will greatly reduce the chance of leaking sensitive information by using a third-party IME while maintaining the functionalities of the third-party IME at the same time.
Conference Paper
Predicting application performing malicious activity based on its behavioural analysis is extremely difficult compare to signature based approach. But considering the rapid development and slight changes in code allowing avoiding of signature-based malware analysis has made behaviour-based analysis more and more important in recent years. In last decade there is unimagined and trilling growth in the mobile market, which is unquestionably dominated by Android OS. Android has very fast growing application markets that have been targeted by underground malware distribution networks. There are larger numbers of new application stores across the globe apart from leaders of App market like Google Play Store, Amazon etc. It is very important to test the possible ways of behaviour based malware analysis in Android. Research focuses on creating a working prototype of a system that takes different behavioural parameters of Android application as input and perform analysis using artificial intelligence approach. During the implementation signature based detection methods were also included in the implemented prototype.
Article
Full-text available
In this paper, we present a systematic study for the de-tection of malicious applications (or apps) on popular An-droid Markets. To this end, we first propose a permission-based behavioral footprinting scheme to detect new sam-ples of known Android malware families. Then we apply a heuristics-based filtering scheme to identify certain inher-ent behaviors of unknown malicious families. We imple-mented both schemes in a system called DroidRanger. The experiments with 204, 040 apps collected from five different Android Markets in May-June 2011 reveal 211 malicious ones: 32 from the official Android Market (0.02% infec-tion rate) and 179 from alternative marketplaces (infection rates ranging from 0.20% to 0.47%). Among those mali-cious apps, our system also uncovered two zero-day mal-ware (in 40 apps): one from the official Android Market and the other from alternative marketplaces. The results show that current marketplaces are functional and rela-tively healthy. However, there is also a clear need for a rigorous policing process, especially for non-regulated al-ternative marketplaces.
Conference Paper
Full-text available
The popularity of mobile devices and the enormous number of third party mobile applications in the market have naturally lead to several vulnerabilities being identified and abused. This is coupled with the immaturity of intrusion detection system (IDS) technology targeting mobile devices. In this paper we propose a modular host-based IDS framework for mobile devices that uses behavior analysis to profile applications on the Android platform. Anomaly detection can then be used to categorize malicious behavior and alert users. The proposed system accommodates different detection algorithms, and is being tested at a major telecom operator in North America. This paper highlights the architecture, findings, and lessons learned.
Conference Paper
Full-text available
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
Conference Paper
Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.
Conference Paper
One of the most important threats for Android users is the collection of private data by malware put on the market. Most of the proposed approaches that help to guarantee the user's privacy rely on modified versions of the Android operating system. In this paper, we propose to automatically detect when an application accesses private data and to log this access in a third-party application. This detection should be performed without any modification to the operating system. The proposed methodology relies on the repackaging of a compiled application and the injection of a reporter at bytecode level. Thus, such a methodology enables the user to audit suspicious applications that ask permissions to access private data and to know if such an access has occurred. We show that the proposed methodology can also be implemented as an IPS, in order to prevent such accesses. Experimental results show the efficiency of the methodology on a set of 18 regular applications of the Android market that deal with contacts. Our prototype detected 66% of the accesses to the user's contacts. We also experimented the detection of privacy violations with 5 known malware that send premium-rate SMS.
Google: Android app downloads have crossed 50 billion, over 1M apps in Play | The Vergegoogle-50-billion- android-app-downloads-1m-apps-available
  • C Welch
C. Welch, " Google: Android app downloads have crossed 50 billion, over 1M apps in Play | The Verge. " [Online]. Available: http://www.theverge.com/2013/7/24/4553010/google-50-billion- android-app-downloads-1m-apps-available. [Accessed: 10-Feb-2014].
Apple announces 1 million apps in the App Store, more than 1 billion songs played on iTunes radio | The Vergeapple- announces-1-million-apps-in-the-app-store
  • I Nathan
I. Nathan, " Apple announces 1 million apps in the App Store, more than 1 billion songs played on iTunes radio | The Verge. " [Online]. Available: http://www.theverge.com/2013/10/22/4866302/apple- announces-1-million-apps-in-the-app-store. [Accessed: 10-Feb-2014].
The Bearer of BadNews | The Official Lookout Blog
  • R Marc
R. Marc, "The Bearer of BadNews | The Official Lookout Blog," 2013. [Online]. Available: https://blog.lookout.com/blog/2013/04/19/thebearer-of-badnews-malware-google-play/. [Accessed: 14-Sep-2014].
jon.oberheide.org -blog -dissecting the android bouncer
  • O Jon
O. Jon, "jon.oberheide.org -blog -dissecting the android bouncer," 2012. [Online].
Android.Fakenotify | Symantec
  • C Beannie
C. Beannie, "Android.Fakenotify | Symantec." [Online]. Available: http://www.symantec.com/security_response/writeup.jsp?docid=2012-011302-3052-99. [Accessed: 10-Feb-2014].
Apple announces 1 million apps in the App Store, more than 1 billion songs played on iTunes radio | The Verge
  • I Nathan
I. Nathan, "Apple announces 1 million apps in the App Store, more than 1 billion songs played on iTunes radio | The Verge." [Online]. Available: http://www.theverge.com/2013/10/22/4866302/appleannounces-1-million-apps-in-the-app-store. [Accessed: 10-Feb-2014].
org-blog-dissecting the android bouncer
  • O Jon
Google: Android app downloads have crossed 50 billion, over 1M apps in Play | The Verge
  • C Welch
C. Welch, "Google: Android app downloads have crossed 50 billion, over 1M apps in Play | The Verge." [Online]. Available: http://www.theverge.com/2013/7/24/4553010/google-50-billionandroid-app-downloads-1m-apps-available. [Accessed: 10-Feb-2014].