- 學位論文
AHA: An Event-Driven Solution to Activity Hijacking Attacks
AHA: An Event-Driven Solution to Activity Hijacking Attacks
摘要
隨著人們漸漸進入了無線通訊產品的時代,智慧型手機因為它的輕巧、便利以及行動運算能力的改良,大多數的人都選擇隨身攜帶智慧型手機來讓工作或者查詢資訊更加方便,使用者的個人資訊甚至是公司機密就會被保留在使用者的手機上面。因此攻擊者也漸漸將目標轉移到手機平台上,用以竊取個人資訊或者機密。 近年來,Android系統中的Component Hijacking Attacks被廣泛的討論。當攻擊者主要針對Android元件中的Activity做挾持或者置換攻擊時,這種攻擊被稱為Activity Hijacking Attacks。可能造成的問題為影響應用程式正常功能,亦或者使使用者在不知情的情況,將個人資訊或者機密洩漏出去。 在這篇論文中,著重在分析Activity Hijacking Attacks的行為,設計出一套防止攻擊者利用Activity Hijacking Attacks來竊取使用者的帳號密碼的機制-AHA。AHA 將會動態的分析系統中的Activity Manager,記錄目前整個系統所有Activities的運作狀況,佐以分析Activities的Layout、View System,比對是否有攻擊者想對於目前前景的Activity進行Activity Hijacking攻擊。一旦發現有此行為即會提醒使用者。
並列摘要
In recent years, the Android Component Hijacking Vulnerabilities are widely discussed. This kind of vulnerabilities may cause tremendous problem in the system. If any of the Android Components has been hijacked, it may disclose user’s personal information or private data to the attacker. To be more precisely, those attacks will redirect or hijack the Android Component’s original workflow to malicious code or even to the extent that execute a malware. One of the Android Components is Activity, it construct the UI frames for the user. In this paper, we focus on Activity Hijacking Attacks. As the name implies, Activity Hijacking Attacks is to hijack the original activity workflow while users are using. We construct our solution in Android framework called AHA to keep track of every activity workflow and knowing the layout about the activity. Our solution AHA can stop the attack which using the Activity Hijacking Attacks to steal user’s personal information. Furthermore, AHA can easily patched into existing Android system and with ignorable overhead.