mobilethreatsandattacks

mobilethreatsandattacks内容摘要：

n horse in a word or pdf file. The downloaded may also be The keylogger which monitors mouse operations or keyboard strokes to steal personal data. • Maninthemiddle(MITM) Hacker may hijack a session by eavesdropping where the hacker makes independent connections with the victims and relays messages between two parties such that both parties thought they are talking directly to each other over. The MITM hacker intercepts all conversation and inject • Bot One attacker controls a group of sites(devices) to send a large volume of traffic to a victim resulted in a denial of service (DoS) attack. Afterwards, the hacker Demands the victim a payment to stop the attack. Malware detection and protection solution • Filtering with blacklisting and whitelisting • Many search engines place malicious website a blocked list “blacklist.” The search engine will warn to potential visitor who intends access such sites on the list. A enterprise or a personal can also setup their own blacklist. A whitelist filter only only access to these on the list if a whitelist is exclusive. The filter techniques are widely used for spam filtering. • View page source code Use Page Source (Firefox) or Source (IE) to view the actual source code to find out the injected malicious code Spyware detection techniques a. Static analysis Static analysis is a reverse engineering analysis approach to finding malicious characteristics code segments in an app without execution. The analysis focus on these obvious security threats which have been reported before. One lab in this module is given on the static analysis approach to detect spyware. b. b. Dynamic analysis Dynamic analysis will execute the suspicious mobile app in an isolated sandbox, such as a virtual machine or emulator to monitor and inspect the app’s dynamic behavior. c. c. App Permission analysis Android security uses permission to protect and detect by permissions in an Android mobile app’s intentions. The permissions are required to be clearly specified by app’s authors. Many spyware attacks make use of app’s vulnerability on the permission. Malware injection • Malware injection is the act of inserting malicious code into a vulnerable web server page with poor application input filtering such that their devices get infected with malware when users interact with such page via form or other GUI ponents. This injection can be detected by a filter deployed on web server to filter out invalid mands such as SQL injection mands. Malware injection works as: Malware injection 1. Inject a vulnerable website with malicious code that web browsers may request HTML: iframe src=” width=”1″ height=”1″ style=”visibility: hidden” /iframe JavaScript(iframe is generated dynamically): div style“visibility:hidden: position:absolute: 1。 top: 1” iframe src=” width=”1″。