| Cloning attack is an emerging application attack method,it can be a huge threat to the user’s account and privacy security.Research on application cloning attacks in recent years has shown the great harm of such attacks,and also found that most software has insufficient defense capabilities in the face of such cloning attacks.Existing application cloning attack cases all come from the Android system.The attacker steals user credentials and other information from the victim’s Android device through physical contact or exploiting remote vulnerabilities,and then uses cloning and transplantation method to log in victim’s account on the attacker’s device,gaining actual control of the victim account.For this type of application cloning attack,some Android APPs have been defended by adding device consistency checks during the automatic login verification.However,this method is still unable to deal with more extreme attack situations.In view of the existing cloning attack problems and more cloning attacks that may exist in real scenarios,this paper proposes two novel cloning attack methods.At the same time,we also formulate an effective defense plan for the existing cloning attacks.The main work of this paper is as follows:(1)This paper proposes two new cloning attack methods.The first one is a cloning attack method aimed at stealing credentials for mobile game simulators.This method is similar to the previous application cloning attack in principle,but the attack scenarios and methods are different;The second is the cloning attack method targeting the virtual environment.This method is a brand-new cloning attack method.It uses the method of packaging and cloning virtual environments such as emulators,virtual machines,or containers to attack the virtual environment and the applications running in it.attack.For general programs running in a virtual environment,the attack occurs in a higher dimension,so it is difficult to defend through existing methods.(2)For the two types of cloning attacks,this paper proves the effectiveness and harmfulness of the attacks through experiments.The cloning attack experiment of stealing credentials in the emulator proves that mainstream mobile game emulators and most game APPs cannot effectively defend against such attacks;the cloning attack experiment against virtual environments proves that various common virtual environments such as emulators,virtual machines,and containers are all subject to such attacks.(3)This paper proposes specific defense measures against two types of cloning attack methods.For cloning attacks that steal credentials in the emulator,existing cloning attack defense ideas can be used for reference.For cloning attacks against virtual environments,a defense scheme based on hardware and network characteristics can be adopted.This scheme is implemented at the application level.The performance characteristics of real physical devices are collected through the side channel method,and then combined with network characteristic information to form an environmental fingerprint.Different physical devices will produce different fingerprints due to differences in hardware and network conditions.The software can determine whether a cloning attack has occurred by comparing the difference in environmental fingerprints between the two startups before and after,and decide whether to take defensive measures accordingly.This paper formulates defense schemes in various virtual environments and operating systems,and proves through experiments that defense schemes based on hardware and network characteristics can well defend against cloning attacks. |
