Please enable JavaScript.
Coggle requires JavaScript to display documents.
EXAMPLE OF MALICIOUS APPLICATION - Coggle Diagram
EXAMPLE OF MALICIOUS APPLICATION
Introduction
In order to demonstrate how malicious content could
be spread and used to extract sensitive information, we
present a simple malicious application for the Android
platform. We focus on the permission based security
model implemented by the Android since one of the key
security factors is the user himself. Since the Android is
an open platform, which enforces security by sandboxing
applications, it provides the users with the opportunity to
install applications from various untrusted sources.
Therefore, fooling a user into installing malicious content
is an important attack strategy to consider.
As stated in the threat model presented in Section 2,
multiple attack vectors for mobile devices exist. In context
of modern smart-phone devices we focus on the Internet
connection as the delivery path for malware. An example
scenario for delivery of malicious content to Android
devices via Internet is presented in Figure 2.
The scenario consists out of four entities: the attacker,
social network sites, application hosting sites and the user
community. First, the attacker deploys the malicious
application at a hosting site (1). Since the Android
applications do not undergo a code review, the attacker
can place them on the Android Market. The attacker then
places a link pointing to his application on popular social
networks, like Tweeter or Facebook (2). In case that the
attacker decided to host the malicious application at a
location other than the Market, the true address can be
masked by using shortened URLs. When the user clicks
on the link (3) he gets redirected to the site from which the
application can be downloaded (4). Finally, the user
downloads the application and accepts the requested
permissions (5).
hoijo
In Figure 3 a fictive example malicious application
World Weather is presented. The World Weather is a
Trojan horse designed to provide weather forecasts
depending on the user‟s location, while in the background
periodically sending location information to a remote
server. Upon installation the application requests the
permissions to access the Internet, location information
and phone state and identity. Since the application did not
go through a code review and is potentially harmful, the
user has to decide upon his best judgment on whether
application‟s permission requests are well funded. In this
case, it is logical to expect the application to request
network access since it is necessary to fetch the forecast.
conclusion
To conclude, the presented Trojan commits malicious
actions by using permissions that are reasonable for its
supposed functionality, i.e. weather forecast retrieval.
Therefore, the user cannot detect the malware by
observing the requested permissions but rather by
monitoring the application‟s activity or by consulting
other sources, like security reports and alerts.