VenomAttack: automated and adaptive activity hijacking in Android  

作　　者：Pu SUN Sen CHEN Lingling FAN Pengfei GAO Fu SONG Min YANG 

机构地区：[1]School of Information Science and Technology,ShanghaiTech University,Shanghai 201210,China [2]Shanghai Institute of Microsystem and Information Technology,Chinese Academy of Sciences,Shanghai 200050,China [3]University of Chinese Academy of Sciences,Beijing 100049,China [4]College of Intelligence and Computing,Tianjin University,Tianjin 300350,China [5]College of Cyber Science,Nankai University,Tianjin 300350,China [6]School of Computer Science,Fudan University,Shanghai 200438,China

出　　处：《Frontiers of Computer Science》2023年第1期187-204,共18页中国计算机科学前沿（英文版）

基　　金：supported by the National Natural Science Foundation of China (Grant Nos. 62072309 and 6171101225).

摘　　要：Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google.

关 键 词：ANDROID activity hijacking Android security mobile security 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]