Abusing notification services on smartphones for phishing and spamming
作者: Sencun Zhu , Zhi Xu
DOI:
关键词:
摘要: Notification service is a popular functionality provided by almost all modern smartphone platforms. To facilitate customization for developers, many platforms support highly customizable notifications, which allow the third party applications to specify trigger events, notification views be displayed, and allowed user operations on views. In this paper, we show that may an installed trojan application launch phishing attacks or anonymously post spam notifications. Through our studies four major platforms, both Android BlackBerry OS are vulnerable under attacks. iOS Windows Phone little customization, thus launching will expose identity of application. Attack demonstrations presented. To prevent while still allowing propose Semi-OS-Controlled view design principle Logging service. Moreover, protect from fraudulent views, authentication framework, named SecureView, enables add image text their sensitive (e.g. account login view). The implementation proposed defense approaches also presented in paper.
elsevier.com参考文章(7)
Ickin Vural, Hein Venter, Detecting Mobile Spam Botnets Using Artificial immune Systems international conference on digital forensics. pp. 183- 192 ,(2011) , 10.1007/978-3-642-24212-0_14
Philippe Golle, Markus Jakobsson, Elaine Shi, Richard Chow, Implicit authentication for mobile devices usenix conference on hot topics in security. pp. 9- 9 ,(2009)
Yuan Niu, Francis Hsu, Hao Chen, iPhish: phishing vulnerabilities on consumer electronics UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security. pp. 10- ,(2008)
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning, Detecting repackaged smartphone applications in third-party android marketplaces Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12. pp. 317- 326 ,(2012) , 10.1145/2133601.2133640
Gordon V. Cormack, José María Gómez Hidalgo, Enrique Puertas Sánz, Feature engineering for mobile (SMS) spam filtering international acm sigir conference on research and development in information retrieval. pp. 871- 872 ,(2007) , 10.1145/1277741.1277951
Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, Stefan Savage, Spamalytics Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 3- 14 ,(2008) , 10.1145/1455770.1455774
Rachna Dhamija, J. D. Tygar, Marti Hearst, Why phishing works human factors in computing systems. pp. 581- 590 ,(2006) , 10.1145/1124772.1124861