| As application usage scenarios become more and more complex these years,some new authentication mechanisms have been deployed except for the origin one based on username and password.There come two authentication mechanisms,namely gesture-based lock and third-party login which is based on OAuth 2.0 protocol(by default,OAuth in this paper represents OAuth 2.0 protocol),that have been widely deployed due to the popularity of mobile Internet and social network.These two authentication mechanisms have introduced some new security threats despite its improvements on user experience.For example,gesture-based lock can be bypassed in some case.As a result,attackers can make some evil deals using the application-remembered credentials.Moreover,user account can be fully compromised in some case thanks to the vulnerability in the application's third-party login mechanism.To our astonishment,most application developers do not have any knowledge on the security of these two authentication mechanisms even though they have deployed them in their applications.Due to developers' poor awareness of the security of these two authentication mechanisms,we'd like to have a research on the security of them,including having a security analysis,disclosing root cause of relevant vulnerabilities,etc.We conclude our main contributions as follows:1.To the best of our knowledge,we are the first to systematically study the security of gesture-based lock authentication mechanism in Android platform.We formally analyzed the influence of Android system property on gesture-based lock,and disclosed the root cause that leads to the bypass of gesture-based lock.That is,improper Activity launch mode may lead to the destroying of gesture Activity by Activity Manager Service.We propose some valuable advice on avoiding and fixing the vulnerabilities for application developers to enhance the security of gesture-based lock authentication mechanism based on our research findings.2.Benefited from our findings,we design and implement a tool named Lock-Breaker to automatically detect vulnerabilities of gesture-based lock.Lock-Breaker judges whether a gesture-based lock is bypassed by constantly starting exported Activities.We find 28 Apps have security threats in their gesture-based lock implementations by putting Lock-Breaker into practice.Moreover,10 out of these 28 Apps are affirmed to have the vulnerability using which can bypass its gesture-based lock authentication mechanism.3.We analyze security threats in OAuth implementations from a unique perspective since third-party login authentication mechanism is based on OAuth.We conclude 8(2 from third-party login service provider,6 from application itself)kinds of vulnerabilities have influence on application's third-party authentication mechanism.Our analyses may help developers of third-party login service providers and application themselves have a better understanding on the security of third-party login authentication mechanism.4.In order to help application developers easily detect vulnerabilities in their application's third-party login authentication mechanism,we developed a vulnerability detection system named OAuth Login Vul Detector.Within that 6 kinds of vulnerabilities generated by application itself,one kind of vulnerability can be detected by XSS(Cross Site Script)vulnerability detection tool.So,OAuth Login Vul Detector would detect another 5 kinds of vulnerabilities.OAuth Login Vul Detector simulates some attack procedures and judges whether a third-party login mechanism has a vulnerability based on 3 kinds of methods,namely cookie difference,redirect address difference and characters of response content.We test 85 applications using OAuth Login Vul Detector and confirm them manually.As a result,we find 58 of them have at least one vulnerability in their third-party login authentication mechanisms,and OAuth Login Vul Detector has a correct rate of 85.88% in detecting vulnerabilities in application third-party login authentication mechanism. |
PDF Full Text Request