Attack Analysis And Protection On Mobile Terminal GUI

With the rapid growth of the popularity of Android devices,Android applications provide a wealth of features for people’s lives and learning.Now the popular Android applications have billions of downloads,so once the download Android applications have security issues,it will bring immeasurable losses.In Android mobile terminal attacks,GUI attacks are particularly serious since they collect or control information at the end point closest to the user.Once a malicious application gets a foothold on a mobile device,it is possible for it to steal credentials and cause the user to grant additional privileges,totally compromising the device.Firstly,this thesis analyzes the GUI attacks on Android mobile terminal,designs and realizes a GUI attack program on the mobile terminal.On the whole,the attack scheme uses the Android side channel information to carry out attack.The program is mainly divided into two parts: PC and mobile side.On the PC side,we realized an application to collect and analyze the log information that exposed during the running of the Android application,the application of GUI attack and defense in the mobile terminal.On the mobile side,we implemented application to carry out GUI attack.These schemes first uses the ADB tool to gain the applications’ running log information,and establishes the correspondence between the applications’ running log information and the user interface,and supply the preparation for subsequent GUI attacks.After the victim connects the mobile device to the PC through USB interface,the evil application in PC side will access log information of the Android operation in real-time,and according to the preset label to filter the log information,then uses the Boyer-Moore algorithm to deal with a matching of the filtered log information,if matching to the target application,then we will carry out a GUI attack.We selected five common applications as the target application for Activity hijacking attacks.Through the experiment,we found that if attackers access the exposed running log information of android application,they can carry out the GUI attack effectively,and will not cause the user’s suspicion.Then,this thesis puts forward a static GUI protection scheme against the security problem of Android mobile terminal GUI.The main idea of the scheme is preprocessing the Android application apk file firstly,using open source tools Apktool,dex2 jar and jd-gui to decompile the apk file.And then carry out permission analysis to the anti-compiled Android Manifest.xml file.If there is no dangerous permission associated with GUI attack in the file,it indicates that the application does not have the GUI attack thread.If the file contains the dangerous permission associated with GUI attack,we need to decompile the apk files to get Java file for further behavior analysis.If there is a GUI attack behavior,the user is prompted to perform a delete or quarantine operation on the apk file.By static permission and behavior analysis of 4 types of applications,we verified the effectiveness of the proposed static protection scheme,and we carried a detail behavior analysis on a detected sample.Finally,we also made some other suggestions for GUI security protection.