[1]高迪,陈伟,吴震雄. 一种针对AOSP公开签名漏洞的快速检测方法[J].计算机技术与发展,2015,25(09):149-153.
 GAO Di,CHEN Wei,WU Zhen-xiong. A Fast Detection Method for Public AOSP Signature Vulnerability[J].,2015,25(09):149-153.
点击复制

 一种针对AOSP公开签名漏洞的快速检测方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
25
期数:
2015年09期
页码:
149-153
栏目:
安全与防范
出版日期:
2015-09-10

文章信息/Info

Title:
 A Fast Detection Method for Public AOSP Signature Vulnerability
文章编号:
1673-629X(2015)09-0149-05
作者:
 高迪陈伟吴震雄
 南京邮电大学 计算机学院
Author(s):
 GAO DiCHEN Wei WU Zhen-xiong
关键词:
 安卓固件AOSP签名隐私泄露快速检测
Keywords:
 Android ROMAOSP signatureprivacy leakagefast detection
分类号:
TP309
文献标志码:
A
摘要:
 随着Andorid手机越来越流行,Android系统的安全问题也越来越受到重视。对于Android系统,隐私泄露是一种重要的安全问题。文中发现一种潜在的获取手机中隐私信息的攻击方法。该方法针对Android应用程序自签名的机制,利用AOSP( Android Open Source Project)公开签名漏洞,获取预装软件权限,窃取手机的隐私信息。针对此漏洞,文中提出了一种快速检测方法,可以同时逆向多个应用程序,并检查签名信息,快速检测漏洞。实验结果表明,在市场上较为流行的Android ROM中,几款重要的系列均存在AOSP漏洞,如CM、MIUI等。文中提出的方法,检测一个ROM仅需9~10分钟,可以快速有效地检测出ROM是否存在漏洞,并且通过有效的方法,证明漏洞可以被直接利用。
Abstract:
 With the growing popularity of smartphones in Android,the issues on Android system security attracts more and more atten-tion. For Android system,privacy leakage is an important security problem. In this paper,find a potential attacking method to get privacy information from smartphones. This attack utilizes the self-signed mechanism for Android application,takes advantage of public AOSP ( Android Open Source Project) signature vulnerability,gets permissions of pre-installed software and steals the users’ private informa-tion. Against this vulnerability,propose a fast detection method,which can reverse multiple applications at the same time,and check the signature information. The vulnerability can be detected quickly. The results find that the popular Android ROM in the market,a few im-portant series have AOSP vulnerability,such as CM,MIUI,etc. The method proposed in this paper only needs 9~10 minutes to detect a ROM,which can quickly and efficiently detect the ROM. And the holes can be used directly through the effective method.

相似文献/References:

[1]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(09):1.
[2]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(09):5.
[3]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(09):13.
[4]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(09):21.
[5]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(09):25.
[6]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(09):29.
[7]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(09):34.
[8]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(09):38.
[9]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
 YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(09):43.
[10]余松平[][],蔡志平[],吴建进[],等. GSM-R信令监测选择录音系统设计与实现[J].计算机技术与发展,2014,24(07):47.
 YU Song-ping[][],CAI Zhi-ping[] WU Jian-jin[],GU Feng-zhi[]. Design and Implementation of an Optional Voice Recording System Based on GSM-R Signaling Monitoring[J].,2014,24(09):47.

更新日期/Last Update: 2015-10-16