ASurveyofMobileMalwareintheWild资源-CSDN文库

需积分: 10 168 浏览量 2014-01-16 16:15:33 上传评论收藏 924KB PDF 举报

Mobile malware is rapidly becoming a serious threat. In this paper, we survey the current state of mobile malware in the wild. We analyze the incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011. We also use this data set to evalu- ate the eectiveness of techniques for preventing and iden- tifying mobile malware. After observing that 4 pieces of malware use root exploits to mount sophisticated attacks on Android phones, we also examine the incentives that cause non-malicious smartphone tinkerers to publish root exploits and survey the availability of root exploits. 在分析移动恶意软件在野生环境中的威胁时，本综述首先强调了智能手机在功能和普及程度上的增长为恶意活动带来了新的目标。文章指出，智能手机不仅在使用目的上与台式计算机相似，例如网络浏览、社交网络、在线银行等，还提供了独特的手机功能，例如短信消息发送、实时位置数据更新和随时随地的访问权限。由于这些特性，智能手机成为了恶意软件攻击的主要目标。智能手机安全问题的研究已经持续了数年，起初移动恶意软件只是作为概念验证而存在，但随着时间的推移，移动恶意软件已经变成了真实威胁。研究者们通过分析2009年到2011年间野生环境中传播的iOS、Android和Symbian恶意软件的动机，共46个样本，来审视当前移动恶意软件的状态。这不仅帮助理解了恶意软件作者的动机，也评估了现有技术在预防和识别移动恶意软件方面的有效性。通过分析数据集，作者们发现有4个恶意软件样本使用了root漏洞在Android手机上发动了复杂的攻击。这类攻击对设备安全构成了严重威胁，因为root漏洞允许恶意软件获得系统的最高权限，进而执行任何操作，包括绕过安全限制、安装恶意应用、窃取用户数据等。文章进一步探讨了非恶意智能手机爱好者发布root漏洞的动机。这些“手机爱好者”可能是出于对技术的探索或炫耀技术能力，有时无意中为恶意软件作者提供了帮助。此外，文章还对root漏洞的可用性进行了调查，以了解恶意软件作者获得这些危险工具的难易程度。在技术层面，该综述还涉及到移动设备安全的关键技术，如沙箱机制、加密技术、权限控制和应用程序签名等。这些技术在阻止恶意软件获取关键权限、保护用户数据和限制恶意行为等方面发挥着作用。该文指出，随着智能手机安全问题的日益严重，开发者、安全研究人员和政府机构都需要采取行动以应对新出现的威胁。例如，开发更为智能化的安全软件，研究更为复杂的用户认证机制，以及制定有关智能手机使用和数据保护的公共政策。文章的结论部分建议，对抗移动恶意软件的关键在于多方面的努力，包括但不限于用户教育、系统安全漏洞的及时修补、应用程序的安全性审查以及法律和政策的支持。通过上述措施，才能在智能手机安全领域取得持续进步。文章最后呼吁，需要有更多针对移动设备安全的研究，以便更好地理解和应对移动恶意软件带来的威胁。这不仅要求对现有安全机制进行不断改进，还需要采取预防措施，从而保障智能手机用户的利益。

资源推荐

资源详情

资源评论

A Survey of Mobile Malware in the Wild

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner

University of California, Berkeley

{apf,ﬁnifter,emc,sch,daw}@cs.berkeley.edu

ABSTRACT

Mobile malware is rapidly becoming a serious threat. In

this paper, we survey the current state of mobile malware

in the wild. We analyze the incentives behind 46 pieces

of iOS, Android, and Symbian malware that spread in the

wild from 2009 to 2011. We also use this data set to evalu-

ate the eﬀectiveness of techniques for preventing and iden-

tifying mobile malware. After observing that 4 pieces of

malware use root exploits to mount sophisticated attacks on

Android phones, we also examine the incentives that cause

non-malicious smartphone tinkerers to publish root exploits

and survey the availability of root exploits.

Categories and Subject Descriptors

D.4.6 [Operating Systems]: Security and Protection; K.4.1

[Public Policy Issues]: Abuse and Crime Involving Com-

puters

General Terms

Security

Keywords

Mobile devices, smartphones, malware

1. INTRODUCTION

People use smartphones for many of the same purposes

as desktop computers: web browsing, social networking,

online banking, and more. Smartphones also provide fea-

tures that are unique to mobile phones, like SMS messaging,

constantly-updated location data, and ubiquitous access. As

a result of their popularity and functionality, smartphones

are a burgeoning target for malicious activities.

Researchers have been studying mobile phone security for

several years [32, 36]. At ﬁrst, mobile malware was proof-

of-concept. Over time, however, mobile malware has be-

come a real threat. We survey the state of modern mobile

Permission to make digital or hard copies of all or part of this work for

personal or classroom use is granted without fee provided that copies are

not made or distributed for proﬁt or commercial advantage and that copies

bear this notice and the full citation on the ﬁrst page. To copy otherwise, to

republish, to post on servers or to redistribute to lists, requires prior speciﬁc

permission and/or a fee.

SPSM’11, October 17, 2011, Chicago, Illinois, USA.

malware in the wild to illuminate the current threat model

and suggest future directions. Our survey encompasses all

known iOS, Symbian, and Android malware that spread be-

tween January 2009 and June 2011. We collected informa-

tion about 46 pieces of malware in this time period: 4 for

iOS, 24 for Symbian, and 18 for Android.

In order to understand the motives of real mobile mal-

ware, we classify the malware in our data set by behavior.

We ﬁnd that the most common malicious activities are col-

lecting user information (61%) and sending premium-rate

SMS messages (52%), in addition to malware that was writ-

ten for novelty or amusement, credential theft, SMS spam,

search engine optimization fraud, and ransom. We describe

the incentives that promote each type of malicious behavior

and present defenses that disincentivize some of the behav-

iors. In particular, malware that abuses SMS messages could

be prevented with small changes to the Android and Sym-

bian platforms. We also discuss incentives that we believe

will motivate future mobile malware.

iOS, Symbian, and Android use application permissions

or review processes to prevent the spread of malware. We

consider whether these mechanisms are eﬀective defenses

against the malware in our data set. First, we investi-

gate whether a simple classiﬁer could use the permission

requests of Android malware to identify malicious applica-

tions; we ﬁnd that the permission to send SMS messages

is the most promising feature. Next, we determine that

Apple’s review process has successfully avoided approving

malware, but Symbian’s review-and-sign process failed to

prevent almost a third of the Symbian malware.

Smartphone OS security mechanisms can be circumvented

using root exploits. Unfortunately, smartphone owners are

currently motivated to seek and publish root exploits that

can be leveraged by attackers. 4 pieces of malware in our

data set use root exploits which were originally published for

the purpose of smartphone customization. We discuss the

incentives that encourage the publication of root exploits by

non-malicious smartphone owners. Our survey of root ex-

ploits for 6 Android phones demonstrates that root exploits

are publicly available more than 74% of the time, rendering

phones vulnerable to sophisticated malware.

Contributions. In this paper, we:

• Survey the behavior of current mobile malware, present

defenses, and discuss the future of mobile malware.

• Evaluate whether existing defense mechanisms are ef-

fective at identifying current mobile malware.

• Examine the incentives that encourage the publication

of root exploits and survey the availability of exploits.

2. THREAT MODEL

We present three types of threats posed by third-party

smartphone applications and discuss the security measures

that are intended to detect and prevent them.

2.1 Threat Types

The mobile threat model includes three types of threats:

malware, grayware, and personal spyware. We distinguish

between the three based on their delivery method, legal-

ity, and notice to the user. This paper focuses speciﬁcally

on malware; personal spyware and grayware use diﬀerent

attack vectors, have diﬀerent motivations, and require dif-

ferent defense mechanisms.

Malware. Malware gains access to a device for the pur-

pose of stealing data, damaging the device, or annoying the

user, etc. The attacker defrauds the user into installing the

malicious application or gains unauthorized remote access

by taking advantage of a device vulnerability. Malware pro-

vides no legal notice to the aﬀected user. This threat in-

cludes Trojans, worms, botnets, and viruses. Malware is

illegal in many countries, including the United States, and

the distribution of it may be punishable by jail time.

Personal Spyware. Spyware collects personal informa-

tion such as location or text message history over a period

of time. With personal spyware, the attacker has physical

access to the device and installs the software without the

user’s knowledge. Personal spyware sends the victim’s in-

formation to the person who installed the application onto

the victim’s device, rather than to the author of the applica-

tion. For example, a person might install personal spyware

onto a spouse’s phone. It is legal to sell personal spyware in

the U.S. because it does not defraud the purchaser (i.e., the

attacker). Personal spyware is honest about its purpose to

the person who purchases and installs the application. How-

ever, it may be illegal to install personal spyware on another

person’s smartphone without his or her authorization.

Grayware. Some legitimate applications collect user data

for the purpose of marketing or user proﬁling. Grayware

spies on users, but the companies that distribute grayware

do not aim to harm users. Pieces of grayware provide real

functionality and value to the users. The companies that

distribute grayware may disclose their collection habits in

their privacy policies, with varying degrees of clarity. Gray-

ware sits at the edge of legality; its behavior may be legal

or illegal depending on the jurisdiction of the complaint and

the wording of its privacy policy. Unlike malware or per-

sonal spyware, illegal grayware is punished with corporate

ﬁnes rather than personal sentences. Even when the activity

of grayware is legal, users may object to the data collection if

they discover it. Application markets may choose to remove

or allow grayware when detected on a case-by-case basis.

2.2 Security Measures

Smartphone operating system vendors use curated mar-

kets and/or application permissions to protect users. We

focus on iOS, Android, and Symbian 9.x.

We limit our consideration of Symbian malware to Symbian

9.x. Earlier versions of the Symbian OS do not have all of

the security measures discussed in this paper.

Markets. Smartphone users are encouraged to download

and purchase applications from centralized application mar-

kets. Apple, Google, and Nokia promote the use of central-

ized markets with decreasing strictness.

Apple iOS devices allow the user to install applications

only from the Apple App Store [4], and applications in the

App Store are reviewed by Apple for security. If iOS users

want to install applications from other sources, then they

must jailbreak their devices, which involves exploiting a vul-

nerability in iOS to gain superuser access. This process car-

ries the risk of rendering the phone inoperable, and it voids

the phone’s warranty. Apple’s review process is intended to

prevent malware from being distributed through the App

Store. Their review standards also disallow personal spy-

ware, but an attacker with physical access to the victim’s

device could jailbreak the phone without the victim’s knowl-

edge to install personal spyware. The App Store is known to

have included grayware [31, 24]; in some cases, the grayware

has been removed from the App Store.

Android also provides users with an oﬃcial application

store, the Android Market [2]. Most Android phones allow

users to also install applications from unoﬃcial markets, al-

though the user is warned that installing non-Market appli-

cations may expose the user to malware. Google does not

review applications prior to listing them in the Android Mar-

ket, although they may review some applications later. Per-

sonal spyware (e.g., GPS Spy Plus) and grayware are listed

in the Android Market [25]. The Android security team has

removed malware from the Android Market following user

complaints, and they are able to remotely uninstall known

malware from users’ devices [17].

Nokia runs Ovi [5], which is currently the oﬃcial Symbian

application market. Like the Apple App Store, all applica-

tions are reviewed prior to being listed in Ovi. Symbian does

not prevent or discourage users from installing applications

from other sources. Several popular alternative markets are

available, and they lack review processes. However, Sym-

bian oﬀers an application signing service that incorporates

security reviewing. Only Symbian Signed applications are

allowed to access dangerous privileges. All Symbian Signed

applications must undergo an automated security review.

Applications that use the most dangerous privileges are ad-

ditionally reviewed by humans, and some number of other

Symbian Signed applications are also human-reviewed. As

a consequence of the signing process, many applications in

third-party Symbian markets have undergone review.

Permissions. Smartphone operating systems may also pro-

tect users by requiring user consent before an application

can access sensitive information or dangerous capabilities.

User-approved permissions can alert users to the activities

of grayware or malware, although malware may seek to cir-

cumvent permission systems. Permissions do not prevent

the installation of personal spyware because the attacker

can grant all necessary permissions during installation.

Android informs users of an application’s desired permis-

sions during installation. The Android permission system

is extensive; user-approved install-time permissions control

access to the phone’s number, list of contacts, camera, Blue-

tooth, etc. The iOS permission system is much less compre-

hensive than the Android permission system, likely because

Apple primarily relies on the App Store review process for

security. iOS requires user approval only to access location

and send notiﬁcations, and permission is requested at run-

剩余11页未读，继续阅读

评论收藏

内容反馈

Edward-liang

粉丝: 14
资源: 22

A Survey of Mobile Malware in the Wild

The Art of Memory Forensic

“Andromaly” a behavioral malware detection

A_Review_on_The_Use_of_Deep_Learning_in_Android_Malware_Detection.pdf

AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection

藏经阁-Fighting-Targeted-Malware-In-The-Mobile-Ecosystem.pdf

Mobile.Device.Exploitation.Cookbook.1783558725

Cuckoo Malware Analysis

Practical Malware Analysis

The Art of Memory Forensics

恶意软件分析中的对抗性攻击综述_A Survey on Adversarial Attacks for Malware Anal

Detecting Mobile Malware with TMSVM

No.Starch.Press.Foundations.of.Information.Security.1718500041.epub

Mobile Device Exploitation Cookbook(PACKT,2016)

实用的移动取证：取证研究和分析iOS，Android和Windows 10设备

藏经阁-FIGHTING TARGETED MALWARE IN.pdf

Malware_in_the_Time_of_COVID.pdf

3568 Android 11 GMS包

适用于某音27.8版本64位的libsscronet.so

Xvideos.apk

AndroidStudio登录注册(Sqlite)

VisualGDB 5.6 R9//支持VS2008-VS2022

Android Studio 3.5下载安装包

最近很火植物大战僵尸杂交版2.08苹果+安卓+PC+防闪退工具V2+修改工具+高清工具+通关存档整合包更新

安卓期末大作业（AndroidStudio开发），垃圾分类助手app，分为前台后台，代码有注释，均能正常运行

安卓手表ADB实用工具箱

RE浏览器 RootExplorer.apk

Android Studio 3.5安装包

最新资源