DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kim, Yongdae | - |
dc.contributor.advisor | 김용대 | - |
dc.contributor.author | Hwang, Sung Jae | - |
dc.contributor.author | 황성재 | - |
dc.date.accessioned | 2017-03-29T02:41:18Z | - |
dc.date.available | 2017-03-29T02:41:18Z | - |
dc.date.issued | 2014 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=657512&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/221946 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2014.2 ,[v, 38 p. :] | - |
dc.description.abstract | It has been known that insecure software update causes serious security problems. Even though soft-ware updates in various systems such as medical devices, automobiles, and femtocells have been studied in deeply, little is understood update mechanisms in Android applications. In this thesis, I manually analyze self-update mechanisms in Android applications with most popular 225 real-world Android applications collected from Google Play. With careful analysis, two vulnerabilities have been found in self-updating mechanisms, i) distribution methods of updated files ii) usage of shared storage. By manually analyze 225 Android applica-tions, 37% of applications distribute updated files in insecure manner, and 33% of applications utilize shared storage for saving updated files. By exploiting self-update vulnerabilities, I have demonstrated that malware can be installed on vic-tim’s mobile devices. Moreover, I also show that injecting malicious code into updated files is also possible. As the adversaries can install malware on victim’s mobile devices, many attacks are possible including steal-ing user’s private data such as contact, SMS, and friend lists. Furthermore, by installing a malicious applica-tion, the mobile devices can be rooted and as a consequence, the adversaries can have root privilege. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Software Update | - |
dc.subject | Android Application | - |
dc.subject | Self-Update | - |
dc.subject | Malware | - |
dc.subject | Code Injection | - |
dc.subject | 소프트웨어 업데이트 | - |
dc.subject | 안드로이드 어플리케이션 | - |
dc.subject | 악성코드 | - |
dc.subject | 코드 인젝션 공격 | - |
dc.title | Self-update vulnerability in android | - |
dc.title.alternative | 안드로이드 업데이트 취약점 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.