INVESTIGATION OF ATTACK TYPES IN ANDROID OPERATING SYSTEM

Yıl 2021, Sayı: 046, 34 - 58, 30.06.2021

Durmuş Özdemir Hande Çavşi Zaim

Öz

With the widespread use of mobile technologies, the importance of cybersecurity is increasing in our country as well as all over the world. Android operating system-based smartphones and tablets used in mobile technologies are frequently in use for communication, social networking, banking, and payment transactions and become an important part of developing technology. Although the Android operating system is among the most popular operating systems, one of the biggest challenges faced by android users and developers is to ensure the security of the operating system. In this research, the security mechanism was examined with the android operating system architecture, and the exploitation of android vulnerabilities scenarios was created. These scenarios were carried out on various examples using the Smart Pentester Framework (SPF) tool. Also, by examining the sources in the literature, exploitations of android vulnerabilities are classified into categories. Based on the created classification and the exploitation methods scenarios taking place in the virtual environment built on Kali Linux, it is aimed to raise awareness of android operating system users and developers against possible risks.

Anahtar Kelimeler

Android Operating System, Cyber Security, Mobile Attack Methods, Smartphone Pentester Framework (SPF)

Kaynakça

• [1] Kim, D., Shin, D., Shin, D., & Kim, Y. H. (2019). Attack detection application with attack tree for mobile system using log analysis. Mobile Networks and Applications, 24(1), 184-192.
• [2] Stergiopoulos, G., Gritzalis, D., Vasilellis, E., & Anagnostopoulou, A. (2021). Dropping malware through sound injection: A comparative analysis on Android operating systems. Computers & Security, 105, 102228
• [3] Liu, X., Du, X., Zhang, X., Zhu, Q., Wang, H., & Guizani, M. (2019), Adversarial Samples on Android Malware Detection Systems for IoT Systems. Sensors, 19(4).
• [4] Sheikh H., Cyril C., Thomas O., (2019), An analysis of the robutness and stability of the network stack in symbian based smartphones , Vol No 10.
• [5] Moore, S. R., Ge, H., Li, N., & Proctor, R. W. (2019). Cybersecurity for android a applications: Permissions in android 5 and 6. International Journal of Human–Computer Interaction, 35(7), 630-640.
• [6] Kumar, S., & Shukla, S. K. (2020). The state of Android security. In Cyber Security in India (pp. 17-22). Springer, Singapore.
• [7] Li, C., Mills, K., Niu, D., Zhu, R., Zhang, H., & Kinawi, H. (2019). Android malware detection based on factorization machine. IEEE Access, 7, 184008-184019.
• [8] Martín, A., Lara-Cabrera, R., & Camacho, D. (2019). Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion, 52, 128-142.
• [9] Garg, S., & Baliyan, N. (2020, December). Machine Learning Based Android Vulnerability Detection: A Roadmap. In International Conference on Information Systems Security (pp. 87-93). Springer, Cham.
• [10] Yildirim, N., & Varol, A. (2019, June). A research on security vulnerabilities in online and mobile banking systems. In 2019 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-5). IEEE.
• [11] Nilsson, R. (2020). Penetration testing of Android applications.
• [12] Sheluhin, O. I., Erokhin, S. D., Osin, A. V., & Barkov, V. V. (2019, March). Experimental Studies of Network Traffic of Mobile Devices with Android OS. In 2019 Systems of Signals Generating and Processing in the Field of on Board Communications (pp. 1-4). IEEE.
• [13] Khan F.H., Haris M.,Yousaf M., F., (2017), Evolution of android operating system: A review national university of sciences of technology, Second International Conference and Advanced Research , Malbourne, Australia.
• [14] Shaheen J.A., F.H., Asghar M.A., Hussain A., (2017), Android OS with its architecture and android application with Dalvik virtual machine review, International Journal Of Multimedia and Ubiquitous Enginerring, Vol No 12.
• [15] Romero O.J, Akaju S.A.., (2018), An efficient mobile based middle ware architecture for building robust, high performance apps, International Conference on software architecture, ICSA.
• [16] Chinetha K., F.H., Joan J.D., Shalini A.., (2015), An evolution of android operating system and it’s version, International Journal of Engineering and Apllied Sciences, 2346-3661.
• [17] Idrees F., Rajarahan M.., Conti, Chen T.M., Rahulamanhavan Y., (2017), A novel android mallware detection system using ensemble learning methods, Computers & Security, Vol No 76, 71-79.
• [18] Meng H., Thing, Cheng V.L.L., Y., Dai Z.., Zhang L., (2018), A survey of android exploits in the whild, Elsevier, 71-91.
• [19] Weidman G., (2014), Penetration testing, San Fransisco, No starch press, 361-421.
• [20] Konteleon D., (2018), Penetration testing in android OS, Master’s Thesis, University of Piraeus, Department of Digital Systems.
• [21] Yubo S., Zhiwei Z., Yunfeng X., (2014), Using short mesaage service (SMS) to deploy android exploits, International Conference on Cyberspace Technology (CCT).
• [22] Vila J., Rodriguez R. J., (2015), Radio frequency identifications, Lecture Notes In Computer Science, Vol 9440, Springer, Cham.
• [23] Yao H., Shin D., (2013), Towards pretending QR code based attacks on android phone using warnings, Proceedings of The 8th ACM SIGSAG Symposiumon Information, Computer and Communications Security.
• [24] Khan M.A.R., Tripathi R.C., Kumar A., (2019), A malicious attacks and defense technoques on android-based smartphone platform, International Jurnal of Innovative Technology and Exploring Engineering (IJITEE), Vol No 8.
• [25] Internet: https:// www.cvedetails.com, 2019.
• [26] Jhaveri R.H., Patel S.J., (2012), Jinwala D.C., DOS attacks in mobile ad hoc networks: a survey, Second International Conference on Advanced Computing & Communication.
• [27] Biswas S., Sajal M.M.H.K., Afrin T., Bhuiyan T., Hassan M.M., (2018), A study on remote code execution vulnerability in web applications, International Conference on Cyber Security and Computer Science (ICONC’S18), Safranbolu, Turkey.
• [28] Cowan C., Wagle F., Pu C., Beattie S., Walpole J., (2000), Buffer overflows: Attacks and defences for the vulnerability of decade, Proceedings DARPA Information Survivability Conference and Exposition (DISCEX’00).
• [29] Hamandi K., Salman A., Chehab A., Elhajj I.H., Kayssi A., (2020), Messaging attacks on android: vulnerabilities and intrusion detection, American University of Beirut.
• [30] Bozic K., Penevski N., Adamovic S., (2019), Penetration testing and vulnerability assesment introduction phases, tools and methods, Information security and digital forensics & e-commerce systems.
• [31] Crockett, E., Paquin, C., & Stebila, D. (2019). Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. IACR Cryptol. ePrint Arch., 2019, 858.
• [32] İnternet: OpenSSH Project, http://www.openssh.org/, 2021...................
• [33] Bui, T., Rao, S., Antikainen, M., & Aura, T. (2019, November). Client-Side Vulnerabilities in Commercial VPNs. In Nordic Conference on Secure IT Systems (pp. 103-119).Springer,Cham.
• [34] Qamar, A., Karim, A., & Chang, V. (2019). Mobile malware attacks: Review, taxonomy & future directions. Future Generation Computer Systems, 97, 887-909.
• [35] Xu, F., Diao, W., Li, Z., Chen, J., & Zhang, K. (2019). BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. In NDSS.
• [36] Marczak, B., Hulcoop, A., Maynier, E., Abdul Razzak, B., Crete-Nishihata, M., Scott-Railton, J., & Deibert, R. (2019). Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits.
• [37] Weidman G., (2014), Penetration Testing: A Hands-on Introduction to Hacking, No starch press.