Abstract— Currently, there are many attacks and exploitation to Android smartphones by the attackers all over the world. These attacks are based on profit and caused loss of money and productivity to the victim. This exploitation can be done via camera, SMS, call, audio, image or location exploitation by attacking the system call, permission or API inside the Android smartphone. Therefore, this paper presents 32 mobile malware classification based on system call and permission to detect camera exploitation for Android smartphone. The experiment was conducted in a controlled lab environment, by applying reverse engineering with 5560 training dataset from Drebin, where both static and dynamic analyses were used to identify and extract the permission and system call from the mobile applications (apps). These 32 classification have been evaluated with 500 mobile apps from Google Play Store and 19 mobile apps matched with the classification. This new classification can be used as the database and input for the development of new mobile malware detection model for camera exploitation. Index Terms— Android, camera exploitation, mobile malware, permission, system call. I. INTRODUCTION ndroid is an operating system that acts as platform between user and his smartphone. Due to its technology, it has been widely used by many users all over the world. Unfortunately, many users out there have lack of security awareness about malicious mobile application and mobile malware implication and how to detect it. Mobile malware is defined as malicious software that attacks smartphone systems without user’s consent. There are so many techniques have been used by the cyber-criminals to attack Android smartphone. In early year 2017, the cybercriminals have used social chat mobile app known as WhatsApp to access personal data on the phone including banking credentials and pin codes [1]. This can be done by Manuscript received July 17, 2017; revised Aug 8, 2017. This work was funded by Ministry of Higher Education (Malaysia), FRGS grant: [USIM/FRGS/FST/32/50114]. Madihah Mohd Saudi is a senior IAENG member and works as an associate professor with the Information Security and Assurance (ISA) programme, Faculty of Science and Technology (FST), Universiti Sains Islam Malaysia (USIM), 71800 Nilai, Malaysia. (E-mail: [email protected]). Luqman Hakim Zahari graduated from Information Security and Assurance (ISA) programme, Faculty of Science & Technology (FST), Universiti Sains Islam Malaysia (USIM), 71800 Nilai, Malaysia. Farida Ridzuan, Nurlida Basir, Sakinah Ali Pitchay, N.F.Nabila are senior lecturer with the Information Security and Assurance (ISA) programme, Faculty of Science and Technology (FST), Universiti Sains Islam Malaysia (USIM), 71800 Nilai, Malaysia. sending embedded file with virus in word, excel or PDF file as the attachment in WhatsApp message. Even worst, the cybercriminals use social engineering technique to convince the victim to open the file attachment by including name of trusted and major organizations in their country in the message. While on April 2017, Eset security researcher, Lukas Stefanko has revealed his finding on an app named as Flashlight LED Widget [2]. This app has Trojan.Android/Charger.B embedded in it. It works as a normal flashlight but the truth is, it has much other hidden functionality once it is executed. It has command and control (C&C) capability where it will able to control victim’s smartphone remotely. It is known as Trojan.Android/Charger.B, where it can display fake screen that mimics exactly like a legitimate app. Even worst, it can also lock the infected smartphone and bypass two-factor authentication by intercepting SMS and display fake notification. This app was uploaded to Google Play on March 30, 2017 and up to 5,000 users have downloaded it. It has been taken out from the Google Play on April 10, 2017. This Trojan has evolved from Android/Charger Trojan, which was first discovered on January 2017 [3]. In contrast with Android/Charger, where it has the capability to lock the smartphone and ask as for ransom, the Trojan.Android/Charger.B is more sophisticated type of banking malware. There are lots of mobile malwares out there ready to attack end user’s smartphone. Yet other examples are Trojan-Ransom.AndroidOS.Pletor.d and Trojan- Banker.AndroidOS.Gugi. As for Trojan- Banker.AndroidOS.Gugi, this Trojan is able to bypass Android’s permission by integrating social engineering to trick end user. No hard-core coding or vulnerability exploitation is needed to infect the victim. For the past few years, cybercriminals trends have changed. In earlier year, it is more for fun and recognition. Currently, the mobile malwares exploit the Android smartphone to gain super-user right or also known as root exploitation with the aim to steal money and confidential information from the victim. It spreads via Google Play store or third party untrusted source, mimics legitimate apps, turns as mobile banking malware and using advanced threat persistent to defeat security features in Android smartphone [4]. Hence, a good solution is needed to overcome all these issues and threats. Therefore based on the mobile malwares threats, issues and challenges, this paper objective is to develop a new mobile malware classification for camera exploitation of Android smartphone based on system call and permission. This new classification is useful as a database and input to A New Mobile Malware Classification for Camera Exploitation based on System Call and Permission Madihah Mohd Saudi, Luqman Hakim Zahari, Farida Ridzuan, Nurlida Basir, Sakinah Ali Pitchay, N.F. Nabila A Proceedings of the World Congress on Engineering and Computer Science 2017 Vol I WCECS 2017, October 25-27, 2017, San Francisco, USA ISBN: 978-988-14047-5-6 ISSN: 2078-0958 (Print); ISSN: 2078-0966 (Online) WCECS 2017
6
Embed
A New Mobile Malware Classification for Camera ... · PDF file32 mobile malware classification based on system call and permission to detect camera exploitation for Android smartphone.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Abstract— Currently, there are many attacks and
exploitation to Android smartphones by the attackers all over
the world. These attacks are based on profit and caused loss of
money and productivity to the victim. This exploitation can be
done via camera, SMS, call, audio, image or location
exploitation by attacking the system call, permission or API
inside the Android smartphone. Therefore, this paper presents
32 mobile malware classification based on system call and
permission to detect camera exploitation for Android
smartphone. The experiment was conducted in a controlled lab
environment, by applying reverse engineering with 5560
training dataset from Drebin, where both static and dynamic
analyses were used to identify and extract the permission and
system call from the mobile applications (apps). These 32
classification have been evaluated with 500 mobile apps from
Google Play Store and 19 mobile apps matched with the
classification. This new classification can be used as the
database and input for the development of new mobile
malware detection model for camera exploitation.
Index Terms— Android, camera exploitation, mobile
malware, permission, system call.
I. INTRODUCTION
ndroid is an operating system that acts as platform
between user and his smartphone. Due to its
technology, it has been widely used by many users all over
the world. Unfortunately, many users out there have lack of
security awareness about malicious mobile application and
mobile malware implication and how to detect it. Mobile
malware is defined as malicious software that attacks
smartphone systems without user’s consent. There are so
many techniques have been used by the cyber-criminals to
attack Android smartphone. In early year 2017, the
cybercriminals have used social chat mobile app known as
WhatsApp to access personal data on the phone including
banking credentials and pin codes [1]. This can be done by
Manuscript received July 17, 2017; revised Aug 8, 2017. This work was
funded by Ministry of Higher Education (Malaysia), FRGS grant:
[USIM/FRGS/FST/32/50114].
Madihah Mohd Saudi is a senior IAENG member and works as an
associate professor with the Information Security and Assurance (ISA)
programme, Faculty of Science and Technology (FST), Universiti Sains
Islam Malaysia (USIM), 71800 Nilai, Malaysia. (E-mail: