Abstract
Mobile devices have become an indispensable component of our daily life. New applications published by developers help users to do their daily activities easier and faster. As the market leader of mobile OS, Android provides numerous applications in official and other application markets. However the simplified access model to mobile applications makes malicious applications more accessible to sensitive data that users store on their mobile devices. For instance, mobile banking applications are lucrative targets of the hackers to access user data without authorization. Current security structure of the Android OS makes trivial for hackers to acquire source codes of legitimate applications and republish them after injecting malicious codes into the original source codes. This process of acquiring legitimate application codes, modifying them with malicious intents and then republishing on available application stores is often known as Repackaging attack. The main focus of this study is to analyze popular security attacks to mobile applications, conduct preliminary experiments to evaluate the feasibility and difficulty in implementing security attacks to a mission critical mobile application, identify existing solutions and research gaps, and propose research directions. We successfully conduct three repackaging attacks to access victim's data by by using different hacking tools and techniques. By analyzing these scenarios, we evaluate their level of risks and propose technical mitigation.
Original language | English |
---|---|
Title of host publication | ACSW 2017 |
Subtitle of host publication | Proceedings of the Australasian Computer Science Week Multiconference |
Place of Publication | New York, NY |
Publisher | Association for Computing Machinery |
Number of pages | 9 |
ISBN (Electronic) | 9781450347686 |
DOIs | |
Publication status | Published - 2017 |
Externally published | Yes |
Event | Australasian Computer Science Week 2017 - Geelong, Australia Duration: 31 Jan 2017 → 3 Feb 2017 |
Other
Other | Australasian Computer Science Week 2017 |
---|---|
Country/Territory | Australia |
City | Geelong |
Period | 31/01/17 → 3/02/17 |
Keywords
- Mobile Applications
- Security Vulnerabilities
- APK Tamper Detection
- Repackaging Attack
- Code Obfuscation
- Reverse Engineering
- Security vulnerabilities
- Reverse engineering
- APK tamper detection
- Code obfuscation
- Mobile applications
- Repackaging attack