Android的Security Hole

作者 | 2011-11-15 10:50 | 类型 行业动感 | 10条用户评论 »

Sina WeiboBaiduLinkedInQQGoogle+RedditEvernote分享




(7个打分, 平均:2.86 / 5)

工具箱
本文链接 | | 打印此页 | 10条用户评论 »

雁过留声

“Android的Security Hole”有10个回复

  1. cc 于 2011-11-15 3:23 下午

    笑而不语

  2. dp 于 2011-11-15 7:54 下午

    竟然有专业的配音…

  3. wenjianhn 于 2011-11-15 11:35 下午

    apk文件能直接从浏览器中下载下来?

  4. kevint 于 2011-11-16 2:08 上午

    不可以?

  5. Morbius 于 2011-11-16 4:11 上午

    当然不可以… android market上安装是直接通过c2dm直接安装到手机上的.. 不过确实一堆恶意软件就往manfiest里面加一个恶意的service然后注册一堆intent

  6. kevint 于 2011-11-16 10:46 上午

    。。。先搞清楚问题
    apk文件本来就可以单独下载单独安装。未必要经过market。

  7. Morbius 于 2011-11-17 2:28 上午

    哦,我以为他问的是直接点android market网站的话,那是不能直接下载的,不然这么多人用market api做啥

  8. James 于 2011-11-17 9:11 上午

    NDSS 2012 program
    http://www.isoc.org/isoc/conferences/ndss/12/program.shtml

    Session 7: Smartphones

    Guess Who’s Texting You? Evaluating the Security of Smartphone Messaging Applications

    Sebastian Schrittwieser, Peter Frühwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber and Edgar Weippl
    Recently, a new generation of Internet-based messaging applications for smartphones was introduced. While user numbers are estimated in the millions, little attention has so far been paid to the security of these applications. Our experimental results revealed major security flaws, allowing attackers to hijack accounts, spoof sender-IDs, or enumerate subscribers.

    MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

    Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger and Ahmad-Reza Sadeghi
    Control-flow attacks constitute severe threats to software programs on various computing platforms. While control-flow integrity (CFI), a general approach to prohibit these attacks, exist for Intel x86, there is no such a solution for smartphones. We present a novel framework, MoCFI (Mobile CFI) that enforces CFI on-the-fly at runtime on smartphones without requiring source code.

    Towards Taming Privilege-Escalation Attacks on Android

    Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi and Bhargava Shastry
    Android is vulnerable to application-level privilege escalation attacks (confused deputy and colluding applications). We present the design and implementation of a security framework for Android towards mitigating these attacks through a system-centric and policy-driven approach with runtime monitoring of communication channels between applications at multiple layers (middleware IPC, file-system, and network).

    Systematic Detection of Capability Leaks in Stock Android Smartphones

    Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang
    In this research, we systematically analyze eight flagship Android smartphones from leading manufacturers and discover that the stock phone images do not properly enforce the Android permission model. Sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not have the proper permission, a security violation we term a capability leak.

    Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets

    Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang
    We developed a system called DroidRanger to detect known or unknown malicious Android applications. The evaluation with 204,040 applications collected from five different Android marketplaces in May-June 2011 reveals 211 malicious ones: 32 from the official Android Market and179 from alternative markets. DroidRanger also successfully uncoveredtwo zero-day malware families in the collection.

  9. Morbius 于 2011-11-17 9:04 下午

    Xuxian Jiang~~~

  10. wchyan 于 2011-11-28 11:26 下午

    这位神仙manager你智商可以再低点么?一个apk解开放进源代码编译,编译你妹儿啊!Android要这么容易攻击,google早关门了。