ShanghaiTech University Knowledge Management System
VenomAttack: automated and adaptive activity hijacking in Android | |
2023-02 | |
发表期刊 | FRONTIERS OF COMPUTER SCIENCE (IF:3.4[JCR-2023],3.1[5-Year]) |
ISSN | 2095-2228 |
EISSN | 2095-2236 |
卷号 | 17期号:1 |
发表状态 | 已发表 |
DOI | 10.1007/s11704-021-1126-x |
摘要 | Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google. © 2023, Higher Education Press. |
关键词 | Android (operating system) Automation Network security Activity hijacking Android Android securities Attack capability Defence mechanisms Large-scales Phishing Security threats Spectra's State of the art |
URL | 查看原文 |
收录类别 | SCI ; SCOPUS ; EI |
语种 | 英语 |
资助项目 | National Natural Science Foundation of China[ |
WOS研究方向 | Computer Science |
WOS类目 | Computer Science, Information Systems ; Computer Science, Software Engineering ; Computer Science, Theory & Methods |
WOS记录号 | WOS:000837701000009 |
出版者 | Higher Education Press Limited Company |
EI入藏号 | 20223312559731 |
EI主题词 | Mobile security |
EI分类号 | 723 Computer Software, Data Handling and Applications ; 723.2 Data Processing and Image Processing ; 731 Automatic Control Principles and Applications |
原始文献类型 | Journal article (JA) |
Scopus 记录号 | 2-s2.0-85135608495 |
来源库 | Scopus |
文献类型 | 期刊论文 |
条目标识符 | https://kms.shanghaitech.edu.cn/handle/2MSLDSTB/214831 |
专题 | 信息科学与技术学院_博士生 信息科学与技术学院_PI研究组_宋富组 |
通讯作者 | Song, Fu |
作者单位 | 1.School of Information Science and Technology,ShanghaiTech University,Shanghai,201210,China 2.Shanghai Institute of Microsystem and Information Technology,Chinese Academy of Sciences,Shanghai,200050,China 3.University of Chinese Academy of Sciences,Beijing,100049,China 4.College of Intelligence and Computing,Tianjin University,Tianjin,300350,China 5.College of Cyber Science,Nankai University,Tianjin,300350,China 6.School of Computer Science,Fudan University,Shanghai,200438,China |
第一作者单位 | 信息科学与技术学院 |
通讯作者单位 | 信息科学与技术学院 |
第一作者的第一单位 | 信息科学与技术学院 |
推荐引用方式 GB/T 7714 | Sun, Pu,Chen, Sen,Fan, Lingling,et al. VenomAttack: automated and adaptive activity hijacking in Android[J]. FRONTIERS OF COMPUTER SCIENCE,2023,17(1). |
APA | Sun, Pu,Chen, Sen,Fan, Lingling,Gao, Pengfei,Song, Fu,&Yang, Min.(2023).VenomAttack: automated and adaptive activity hijacking in Android.FRONTIERS OF COMPUTER SCIENCE,17(1). |
MLA | Sun, Pu,et al."VenomAttack: automated and adaptive activity hijacking in Android".FRONTIERS OF COMPUTER SCIENCE 17.1(2023). |
条目包含的文件 | ||||||
文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 |
个性服务 |
查看访问统计 |
谷歌学术 |
谷歌学术中相似的文章 |
[Sun, Pu]的文章 |
[Chen, Sen]的文章 |
[Fan, Lingling]的文章 |
百度学术 |
百度学术中相似的文章 |
[Sun, Pu]的文章 |
[Chen, Sen]的文章 |
[Fan, Lingling]的文章 |
必应学术 |
必应学术中相似的文章 |
[Sun, Pu]的文章 |
[Chen, Sen]的文章 |
[Fan, Lingling]的文章 |
相关权益政策 |
暂无数据 |
收藏/分享 |
修改评论
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。