计算机应用 ›› 2018, Vol. 38 ›› Issue (9): 2549-2553.DOI: 10.11772/j.issn.1001-9081.2018020449

• 网络空间安全 • 上一篇    下一篇

基于Android应用程序安装包隐蔽下载劫持漏洞

朱珠, 傅晓, 王志坚   

  1. 河海大学 计算机与信息学院, 南京 211100
  • 收稿日期:2018-03-07 修回日期:2018-04-25 出版日期:2018-09-10 发布日期:2018-09-06
  • 通讯作者: 傅晓
  • 作者简介:朱珠(1993—),女,江苏盐城人,硕士研究生,主要研究方向:信息安全;傅晓(1985—),男,江苏南京人,讲师,博士,主要研究方向:信息安全;王志坚(1958—),男,江苏泰州人,教授,博士,主要研究方向:数据挖掘、软件重用。

Stealth download hijacking vulnerability of Android application package

ZHU Zhu, FU Xiao, WANG Zhijian   

  1. College of Computer and Information, Hohai University, Nanjing Jiangsu 211100, China
  • Received:2018-03-07 Revised:2018-04-25 Online:2018-09-10 Published:2018-09-06
  • Contact: 傅晓

摘要: 在Android应用程序安装包的发布、下载过程中,往往很容易受到下载劫持攻击。受到常规下载劫持攻击的服务器往往能够通过流量分析发现攻击行为,但是,隐蔽下载劫持攻击则无法通过该方法进行发现。通过对真实案例的发现和分析,提出一种Android应用程序安装包隐蔽下载劫持漏洞。攻击者利用该漏洞在用户与服务器之间部署中间人设备,隐蔽下载劫持攻击,使受到劫持的服务器难以通过现有的分析方法发现该攻击行为。对该漏洞的产生原因、危害范围、利用机制等进行了分析,并试图从分布式检测、集中分析和主动预防方面提出解决方案。

关键词: 中间人攻击, 下载劫持, 应用程序安装包, 流量分析, 拦截过滤

Abstract: During the distributing and downloading of Android application packages, it is always be vulnerable to download hijacking attacks. Traffic analysis could be used by sites to detect if they are under this kind of regular download hijacking attacks. But the stealth download hijacking attacks cannot be discovered by using such a method. Based on the discovery and analysis of an actual case, a vulnerability of Android application package stealth download hijacking was proposed. Attackers exploited this vulnerability to implement a stealth download hijacking through deploying bypass devices between the downloaders and the publishers. And the victim sites can hardly notice it by using current methods. The cause, influence and mechanism of the vulnerability were discussed, and a solution was tried to put forward in respects of distributed detection, centralized analysis and active prevention.

Key words: man-in-the-middle attack, download hijacking, application package, traffic analysis, intercepting filter

中图分类号: