AUB ScholarWorks
Application-based user and telecom targeted attacks on android-based smartphones :applicability, detection and mitigation -
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Hamandi, Khodor Mohamad Ali, |
| dc.date | 2013 |
| dc.date.accessioned | 2015-02-03T09:50:00Z |
| dc.date.available | 2015-02-03T09:50:00Z |
| dc.date.issued | 2013 |
| dc.date.submitted | 2013 |
| dc.identifier.other | b17911023 |
| dc.identifier.uri | http://hdl.handle.net/10938/9935 |
| dc.description | Thesis (M.E.)-- American University of Beirut, Department of Electrical and Computer Engineeering, 2013. |
| dc.description | Advisor : Dr. Ayman Kayssi, Professor, Electrical and Computer Engineering--Committee Members : Dr. Ali Chehab, Associate Professor, Electrical and Computer Engineering ; Dr. Imad Elhajj, Associate Professor, Electrical and Computer Engineering. |
| dc.description | Includes bibliographical references (leaves 64-66) |
| dc.description.abstract | Android is currently the world’s most popular smartphone platform with more than 60percent market share. From the security perspective, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for applications development. In this thesis, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly, the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. In particular, we study some messaging design decisions, which resulted in a set of vulnerabilities in the Android operating system, and we demonstrate how malware applications can be built to take advantage of these vulnerabilities. The permission subsystem, the broadcast receiver subsystem, and the message-sending mechanism contribute to forming a haven for SMS malware by granting them absolute control over sending, receiving, and hiding SMS messages. Since many operators worldwide provide services that allow users to transfer credits-units through SMS, we built an application that abuses this service by transferring credits from users illegally. This enables the malware to drain the balance of the attacked user and has the potential to cause damage to a large number of users as well as telecom operators. We also present an SMS-based Android botnet. Since all mobile phones have SMS services as a feature, we use SMS as the medium of propagation of Command and Control messages between the botnet controller and the victim devices. We demonstrate how this application and the associated botnet could have a drastic impact on SMS voting, Premium SMS services, and credit transfer. Finally, we present the architecture of an anomaly-based intrusion detection system (IDS) that promises to thwart SMS messaging attacks. The IDS tries to capture unsolicited SMS sending attempts by malicious apps. Our IDS testing shows a detection |
| dc.format.extent | viii, 66 leaves : colored illustrations ; 30 cm |
| dc.language.iso | eng |
| dc.relation.ispartof | Theses, Dissertations, and Projects |
| dc.subject.classification | ET:005917 AUBNO |
| dc.subject.lcsh | Androids. |
| dc.subject.lcsh | Smartphones -- Security measures. |
| dc.subject.lcsh | Telecommunication systems -- Security measures. |
| dc.subject.lcsh | Application software -- Security measures. |
| dc.subject.lcsh | Mobile communication systems -- Security measures. |
| dc.subject.lcsh | Computer crimes -- Prevention. |
| dc.title | Application-based user and telecom targeted attacks on android-based smartphones :applicability, detection and mitigation - |
| dc.type | Thesis |
| dc.contributor.department | American University of Beirut. Faculty of Engineering and Architecture. Department of Electrical and Computer Engineeering. |
