引用本文: |
-
周立博,梁彬,游伟,黄建军,石文昌.基于异常利用的安卓应用重打包对抗技术[J].信息安全学报,2022,7(4):44-54 [点击复制]
- ZHOU Libo,LIANG Bin,YOU Wei,HUANG Jianjun,SHI Wenchang.Countering Android Application Repackaging Attacks via Exception Exploitation[J].Journal of Cyber Security,2022,7(4):44-54 [点击复制]
|
|
摘要: |
应用重打包是安卓生态中的一种严重的安全威胁。借助应用重打包技术,攻击者可以向原始应用插入恶意代码以实现不同的恶意功能,如窃取用户隐私数据、发送收费短信及替换应用广告SDK等。有研究表明,85%以上的恶意应用通过应用重打包的方式产生。对抗安卓重打包攻击,主要有三种防御方式:一是在应用开发过程中,由开发者对应用进行加固,实施重打包防御策略;二是在应用上传到应用市场时,进行静态应用重打包检测;三是在终端设备上进行动态重打包应用检测。其中,利用重打包工具解析安卓应用程序安装包的缺陷对应用进行加固来提高攻击者生成重打包应用的技术门槛被证明是一种有效的缓解措施。但距今为止,已有工作并未提出一种系统化的方法来发现可用于保护应用的重打包工具缺陷。本文提出了一种系统化的面向重打包对抗的重打包工具可利用缺陷检测方法。首先,我们通过代码扫描定位重打包工具中的潜在异常点;其次,使用模糊测试的方式来尝试触发被定位的异常;最后,监测触发异常的变异应用在目标安卓设备上的运行情况,并进行进一步的模糊测试来最终构建能被用于对抗重打包攻击的异常触发向量。在以应用广泛的重打包工具Apktool为实验对象的测试中,我们总共发现了12个未知的可利用的缺陷,这些缺陷都已被证明可用于实际应用来对抗重打包攻击。 |
关键词: 安卓应用重打包 模糊测试 异常 |
DOI:10.19363/J.cnki.cn10-1380/tn.2022.07.04 |
投稿时间:2021-05-14修订日期:2021-07-16 |
基金项目:本课题得到国家自然科学基金(No.U1836209,No.61802413,No.62002361)资助。 |
|
Countering Android Application Repackaging Attacks via Exception Exploitation |
ZHOU Libo, LIANG Bin, YOU Wei, HUANG Jianjun, SHI Wenchang
|
(School of Information, Renmin University of China, Beijing 100872, China) |
Abstract: |
Android ecosystem has faced a serious security threat of repackaging. With application repackaging, an attacker can insert malicious codes into the original application to implement various malicious functions, such as stealing the user privacy data, sending messages to a number that charged a premium fee, replacing the advertising SDK, and so on. An existing study shows that more than 85% of malicious applications are generated through Android application repackaging. There are three main defense methods against Android application repackaging: implementing the self-protection mechanisms to reinforce the target application by the developer during the development process; performing the static repackaging detection in the application market; enforcing the dynamic repackaging detection in the end devices. Among the above methods, exploiting APK parsing defects of repackaging tools to reinforce application to increase the threshold of application repackaging has been proved to be effective. However, there is lack of a systematic method to discover defects of repackaging tools that can be used to protect applications. In this paper, we propose a systematic method to detect the exploitable implementation defects of the repackaging tool in parsing APK files. First, code scanning is performed to locate potential exception points in the repackaging tool. Secondly, a fuzzing test is employed to trigger the located exception points. Finally, the execution of the mutation application that has triggered the exception points during the fuzzing test on the target Android device is monitored. And further mutation tests to eventually construct an exception trigger vector that can be used to combat repackaging attacks are conducted. In the test of using the repackaging tool Apktool as the experimental object, a total of 12 unknown exploitable defects have been found. All these defects have been proved to be useful in practical applications to counter android application repackaging attacks. |
Key words: android application repackaging fuzzing exception |