Research On Penetration Testing Technology For Android Platform

In 2008,the first smart phone equipped with Android system appeared in front of consumers.With the rapid development of mobile Internet technology all over the world,smart phones equipped with intelligent operating system have gradually replaced the traditional function phones,occupying the main market of mobile phone consumption.The traditional Internet also has the trend of being replaced by the mobile Internet.Among the many intelligent mobile operating systems,Android system is widely recognized by consumers because of its open source characteristics,and gradually becomes the most popular mobile intelligent operating system.However,there are a lot of personal privacy information and important data in mobile intelligent devices,and their security is also concerned.Through the use of penetration testing technology,we can consider and analyze the security problems of smart phone system from the perspective of hackers,and find the loopholes of the system as soon as possible,so as to achieve the effect of protecting personal privacy.General penetration tests are mostly aimed at traditional networks and devices,and rarely applied to mobile Internet and Android mobile devices.As more and more traditional network security problems appear in the mobile Internet,penetration testing for mobile intelligent devices is becoming more and more important.This paper proposes an experimental method of penetration testing for Android network and applications,which uses denial of service attack technology to test the penetration of Android network and applications.The main research work of this paper is as follows:(1)analyzing the characteristics of Android mobile devices and the existing penetration testing technology,aiming at the three handshake vulnerability of TCP protocol used in Android network,the SYN Flood attack program is designed for Android network.Based on this program,two Android mobile phones are tested for denial of service attack,and the experimental data are analyzed,Verify the impact of this vulnerability on Android system in actual use(2)Aiming at the vulnerability of ARP protocol used in Android system network,ARP spoofing technology is used to attack two Android mobile phones,and the experimental results are analyzed to verify the impact of the vulnerability on Android system.(3)the communication mechanism used by Android system applications is analyzed,and four local denial of service vulnerabilities exist in Android applications,This paper designs a Java attack program for Android applications.Based on this program,50 selected applications are tested for denial of service attack in Android virtual machine system.The experimental results are analyzed to verify the impact of this vulnerability on Android applications.This paper tests the effectiveness of the proposed denial of service attack scheme against Android network and applications through multiple penetration tests on two Android mobile phones and Android virtual machine systems.The experimental results show that SYN Flood denial of service attack against Android network can affect the CPU utilization,energy consumption,network speed,network security of Android devices The success rate of the experiment was about 82.5%;ARP Spoofing experiment for Android network can successfully steal part of the information of Android devices,resulting in the information leakage of Android users.The success rate of the experiment is about 85%;The denial of service attack experiment for Android system applications can make some applications crash,which has a certain impact on the normal use of Android system users.In the experiment,the application crash rate is about 17.5%.