Title

Android系統上的滲透測試

Translated Titles

Penetration test on Android

DOI

10.6842/NCTU.2011.00874

Authors

盧艷銘

Key Words

智慧手機 ; 滲透測試 ; 安全 ; Android ; smart phone ; penetration test ; security

PublicationName

交通大學資訊科學與工程研究所學位論文

Volume or Term/Year and Month of Publication

2011年

Academic Degree Category

碩士

Advisor

曾文貴

Content Language

繁體中文

Chinese Abstract

近年來智慧型手機在手機市場上大幅嶄露頭角,尤其又以Android系統為主的手機更是普及。無論是收發電子郵件、GPS導航系統、甚至是玩遊戲、聽音樂、看影片...等,都能在小小一台智慧型手機上完成。Android系統秉持著開放原始碼策略,讓每個人都能自行撰寫應用程式,來自四面八方的應用軟體在Android Market上不斷的增長,更不用提其他網站自行提供的應用軟體。其中,隨之而來的是有心人士開始散佈惡意軟體,竊取使用者個人隱私資料,或是擅自使用付費服務,造成使用者金錢損失。Android Market並沒有對上載的應用程式提供嚴格的審查機制,加上Android手機允許安裝非Market上的應用程式,這些都會讓使用者容易下載到惡意軟體仍渾然不覺。因此,如何保障Android手機上的安全,是我們研究的主要目標。我們的滲透測試系統蒐集各種Android系統上的漏洞,並提供檢測和相應的建議,並透過Wi-Fi攻擊途徑來實現這些檢測。

English Abstract

In recent years smart phone has been more and more popularization in handset market, especially the Android system. Regardless of being receives and sends the email, playing the game, listening to music, watching the movie…and so on, which can work on the smart phones completely. Android is an open-source software stack for mobile devices, enables each people to develop the application. For this reason, hackers can spread the malicious software, like steals the user personal privacy material, and uses the payment service. Android Market has no the strict examination mechanism for the applications on the market, in addition Android applications can be acquired from any third party alternatives to "official" market. These could let the user easily download the malicious software without consciously. Therefore, how to safeguard on the Android handset's security, is essential target which we study. Our penetration test system collects each kind of Android system's exploits, and provides the examination with the corresponding suggestion.

Topic Category 基礎與應用科學 > 資訊科學
資訊學院 > 資訊科學與工程研究所
Reference
  1. 〔1〕 Android Developers (2011年3月),
    連結:
  2. 〔3〕 Eclipse Integrated Development Environment (2011年3月),
    連結:
  3. 〔4〕 Android Market (2011年3月),
    連結:
  4. http://developer.android.com/index.html
  5. 〔2〕 Java.sun.com (2011年3月),
  6. http://www.oracle.com/technetwork/java/index.html
  7. http://www.eclipse.org/
  8. http://www.android.com/market/
  9. 〔5〕 Google Mobile Blog (2011年3月),
  10. http://googlemobile.blogspot.com/
  11. 〔6〕 Exploit Database (2011年3月),
  12. http://www.exploit-db.com/
  13. 〔7〕 ARM (2011年3月),
  14. http://www.arm.com/index.php
  15. 〔8〕 JavaWorld (2011年3月),
  16. http://www.javaworld.com/
  17. 〔9〕 Eloi Sanflix,Javier Moreno,"Seguridad y explotacin nativa en Android",Rooted CON,Madrid,Spain,2010
  18. 〔10〕 Asaf Shabtai,Yuval Fledel,Uri Kanonov,Yuval Elovici,Shlomi Dolev,Chanan Glezer,"Google Android: A Comprehensive Security Assessment",THE IEEE COMPUTER AND RELIABILITY SOCIETIES,pp. 35-44,MARCH/APRIL 2010
  19. 〔11〕 Aubrey-Derrick Schmidt, Rainer Bye, Hans-Gunther Schmidt, Jan Clausen, Osman Kiraz ,Kamer A. Yuksel, Seyit A. Camtepe,Sahin Albayrak,"Static Analysis of Executables for Collaborative Malware Detection on Android",IEEE Communications Society,2009
  20. 〔12〕 Roy Want,"Android: Changing the Mobile Landscape",IEEE Computer Society,pp. 4-7,January/March 2011
  21. 〔13〕 Asaf Shabtai,Yuval Fledel,Yuval Elovici,"Securing Android-Powered Mobile Devices Using SELinux",IEEE COMPUTER AND RELIABILITY SOCIETIES,pp. 36-44,MAY/JUNE 2010
  22. 〔14〕 佘志龍、陳昱勛、鄭名傑、陳小鳳、郭秩均,Google Android SDK 開發範例大全2,第二版,台北,悅知文化,2010年2月