移动安全研究资料总结(2016年度)

Research & Papers & Presentations

  1. MANIFEST FILES CLASSIFICATION OF ANDROID MALWARE –pdf
  2. DroidNative: Semantic-Based Detection of Android Native Code Malware –http://arxiv.org/pdf/1602.04693.pdf
  3. Metaphor – Exploitation of CVE-2015-3864 and ASLR bypass. Exploit
  4. Android CVE-2015-1805 – Local elevation of privilege vulnerability in Android kernel (versions 3.4, 3.10 and 3.14)
  5. Pwn a Nexus device with a single vulnerability
  6. An Android Malware Detection Method Based on Feature Code – http://www.atlantis-press.com/php/paper-details.php?from=session+results&id=25845065&querystr=id%3D661
  7. Technical Report: DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android – http://www.icri-sc.org/publications/einzelansicht/?tx_bibtex_pi1%5Bpub_id%5D=TUD-CS-2016-0025&no_cache=1
  8. https://github.com/soarlab/maline
  9. AspectDroid: Android App Analysis System – https://dl.acm.org/citation.cfm?id=2857739
  10. SEMANTICS-AWARE ANDROID MALWARE CLASSIFICATION 
  11. ANDROID MALWARE CLASSIFICATION USING PARALLELIZED MACHINE LEARNING METHODS
  12. Static Analysis of Android Apps: A Systematic Literature Review
  13. R-Droid: Leveraging Android App Analysis with Static Slice Optimization
  14. BinderCracker: Assessing the Robustness of Android System Services
  15. A study on obfuscation techniques on Android malware – http://midlab.diag.uniroma1.it/articoli/matteo_pomilia_master_thesis.pdf
  16. MITRE Android Security Analysis Final Report
  17. Ransomware Steals your phone. Formal methods to rescue it.
  18. Download Malware? No,thanks. How Formal Methods can Block Update Attacks
  19. Following Devil’s Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS
  20. Attacks and Defence on Android Free Floating Windows
  21. Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
  22. StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
  23. Evading Android Runtime Analysis Through Detecting Programmed Interactions
  24. Secure Containers in Android: the Samsung KNOX Case Study
  25. Detecting Android malware campaigns via application similarity analysis
  26. AndroZoo: Collecting Millions of Android Apps for the Research Community
  27. Andro-profiler: Detecting and Classifying Android Malware based on Behavioral Profiles
  28. Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
  29. https://www.youtube.com/watch?v=spxm-eZIpKQ
  30. http://www.slideshare.net/EndgameInc/hardwareassisted-rootkits-instrumentation
  31. The Analysis and Classification of Android Malware
    • Includes Binder examples
  32. Understanding Application Behaviours for Android Security: A Systematic Characterization
  33. Analyzing security flaws of wireless routers and enhancing security violation of remote code execution on android devices
  34. On the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware
  35. Finding Bugs in Android Application using Genetic Algorithm and Apriori Algorithm
  36. CREDROID: Android malware detection by network traffic analysis
  37. Fruit vs Zombies: Defeat Non-jailbroken iOS Malware. ShakaCon, Honolulu, Jul 2016
  38. Android IPC firewall – Research into developing a linux kernel firewall for android via binder –https://github.com/dxwu/AndroidBinder 
  39. MCE^3 – Scott Alexander-Bown – Android App Security on a Budget
  40. MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention
  41. Android Compiler Fingerprinting
  42. TrafficAV: An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic
  43. Identifying unsoundness of call graphs in android static analysis tools
  44. Fingerprinting Android packaging: Generating DNAs for malware detection (http://www.sciencedirect.com/science/article/pii/S1742287616300469)
  45. A Peek Under the Hood of iOS Malware
  46. Linux Security Summit Videos (https://www.linux.com/news/linux-security-summit-videos)
  47. File-Based Encryption in Android 7 (https://source.android.com/security/encryption/file-based.html)
  48. How My Rogue Android App Could Monitor & Brute-force Your App’s Sensitive Metadata (https://www.arneswinnen.net/2016/09/how-my-rogue-android-app-could-monitor-brute-force-your-apps-sensitive-metadata/)
  49. Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB (https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/)
  50. XDroid: An Android Permission Control Using Hidden Markov Chain and Online Learning (http://www.people.vcu.edu/~rashidib/Pub_files/CNS16/CNS16.pdf)
  51. Analyzing Android Repackaged Malware by Decoupling Their Event Behaviors (https://link.springer.com/chapter/10.1007/978-3-319-44524-3_1)
  52. Comparative Evaluation of Machine Learning-based Malwar eD etection on Android (https://pdfs.semanticscholar.org/e45f/e32cfffd3a6200081fc6df8c837ee846f2ac.pdf)
  53. DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware (http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0162627)
  54. Android full-disk encryption: a security assessment (https://www.royalholloway.ac.uk/isg/documents/pdf/technicalreports/2016/rhul-isg-2016-8-oliver-kunz.pdf)
  55. KNOXout (CVE-2016-6584) – Bypassing Samsung KNOX – http://www.vsecgroup.com/single-post/2016/09/16/KNOXout—Bypassing-Samsung-KNOX
  56. Samsung Pay NFC flaw – https://salmg.net/2016/10/11/samsung-pay-nfc-flaw
  57. A Framework for Third Party Android Marketplaces to Identify Repackaged Apps –http://ieeexplore.ieee.org/abstract/document/7588889/
  58. Characterization of Android Malware Families by a Reduced Set of Static Features –https://link.springer.com/chapter/10.1007/978-3-319-47364-2_59
  59. Using Rowhammer bitflips to root Android phones is now a thing
  60. An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks –http://isyou.info/jowua/papers/jowua-v7n3-3.pdf
  61. Evaluation of Resource-based App Repackaging Detection in Android –https://github.com/zyrikby/FSquaDRA2
  62. On App-based Matrix Code Authentication in Online Banking
  63. New Reliable Android Kernel Root Exploitation Techniques – http://powerofcommunity.net/poc2016/x82.pdf
  64. DE-GUARD – http://apk-deguard.comhttp://www.srl.inf.ethz.ch/papers/deguard.pdf
  65. Patent: Detecting malware on mobile devices based on mobile behavior analysis –https://www.google.com/patents/US9479357
  66. Automatically Learning Android Malware Signatures from Few Samples –http://apps.cs.utexas.edu/tech_reports/reports/tr/TR-2237.pdf
  67. AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph – https://link.springer.com/chapter/10.1007/978-3-319-49145-5_9
  68. Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016 –https://github.com/secmob/BadKernel
  69. BitUnmap: Attacking Android Ashmem – https://googleprojectzero.blogspot.cz/2016/12/bitunmap-attacking-android-ashmem.html
  70. ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy –https://www.youtube.com/watch?v=9KsnFWejpQg
  71. New Flavor of Dirty COW Attack Discovered, Patched – http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/
  72. Toward dynamic analysis of obfuscated android malware –http://www.slideshare.net/ZongShenShen/toward-dynamic-analysis-of-obfuscated-android-malware
  73. *droid: Assessment and Evaluation of Android Application Analysis Toolshttp://www.cise.ufl.edu/~traynor/papers/reaves-csur2016.pdf
  74. ICCDetector: ICC-Based malware detection on Android – http://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=4298&context=sis_research
  75. Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions –https://arxiv.org/pdf/1611.10231.pdf

 

Machine Learning

 

  1. A static Android malware Detection based on actual used permissions combination and API calls –http://www.waset.org/publications/10005499
  2. Android Malware Classification by Applying Online Machine Learning –https://link.springer.com/chapter/10.1007/978-3-319-47217-1_8/fulltext.html
  3. An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features – https://link.springer.com/article/10.1007/s00521-016-2708-7
  4. MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models –https://arxiv.org/pdf/1612.04433.pdf

 

Articles

 

  1. Autopwn every Android < 4.2 device on your network using BetterCap and the “addJavascriptInterface” vulnerability.
  2. Android Deobfuscation Tools and Techniques
  3. Dalvik Virtual Execution with SmaliVM
  4. Android Anti-Hooking Techniques in Java
  5. Android internals
  6. Introduction to Fridump
  7. Hardening the media stack by Google
  8. What’s new in Android security (M and N Version) – Google I/O 2016 – https://www.youtube.com/watch?v=XZzLjllizYs
  9. Mobile Security News Update July 2016
  10. Android WebView exploit vulnerabilities, limitations and End
  11. Strictly Enforced Verified Boot with Error Correction (new in Android N) – http://android-developers.blogspot.cz/2016/07/strictly-enforced-verified-boot-with.html
  12. How to View TLS Traffic in Android’s Logs (https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-logs-6a42ca7a6e55#.6c6ayv5r4)
  13. Mobile Threat Catalogue – https://pages.nist.gov/mobile-threat-catalogue/
  14. CVE-2016-3918: E-mail Information Disclosure Vulnerability Analysis –http://blogs.360.cn/360mobile/2016/10/14/cve_2016_3918/ (Chinese)

Tools & Frameworks & Source Code

  1. Androl4bAndroL4b is an android security virtual machine based on ubuntu-Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis.
  2. SmaliEx Deoptimize odex from oat.
  3. Android Crackmeshttps://play.google.com/store/apps/developer?id=DEFENDIO
  4. SSLUnpinning_Xposed Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).
  5. AppMon http://dpnishant.github.io/appmon/ * AppMon is an automated framework for monitoring and tampering system API calls of native iOS and Android apps (upcoming)
  6. fsmon – FileSystem Monitor utility that runs on Linux, Android, iOS an d OSX –https://github.com/nowsecure/fsmon
  7. Android Tamer Version 4
  8. Droid-ff: Android Fuzzing Framework
  9. jniostorlab – JNI method enumeration in ELF files
  10. DexExtractor – Android dex file extractor, anti-bangbang (Bangcle)
  11. Android CVE-2015-1805 PoCs [1] [2]
  12. selfmodify https://github.com/leonnewton/selfmodify
  13. AppTroy – An Online Analysis System for Packed Android Malware https://github.com/CvvT/AppTroy
  14. Java Deobfuscator (https://javadeobfuscator.com)
  15. APKiD – Android Application Identifier for Packers, Protectors, Obfuscators and Oddities –https://github.com/rednaga/APKiD
  16. Droid-Hunter – Android Application Vulnerability Analysis And Android Pentest Tool (http://www.kitploit.com/2016/09/droid-hunter-android-application.html
  17. Stagefright Metasploit Module (https://github.com/rapid7/metasploit-framework/pull/7357)
  18. Native binary for testing Android phones for the Rowhammer bug – https://github.com/vusec/drammer
  19. avmdbg – a lightweight debugger for android virtual machine – https://github.com/cheetahsec/avmdbg
  20. Evaluation of Resource-based App Repackaging Detection in Android –https://github.com/zyrikby/FSquaDRA2
  21. Dirty COW vulnerability test added to the VTS App – https://github.com/AndroidVTS/android-vts/pull/139#issuecomment-264213745
  22. XposedGadget https://github.com/ZSShen/XposedGadget

转载自:http://www.virqdroid.com/2017/03/mobile-security-research-recap-2016.html    原文作者:virqdroid