CN107992745A - Kidnap countermeasure in a kind of interface based on Android platform - Google Patents
Kidnap countermeasure in a kind of interface based on Android platform Download PDFInfo
- Publication number
- CN107992745A CN107992745A CN201711226580.6A CN201711226580A CN107992745A CN 107992745 A CN107992745 A CN 107992745A CN 201711226580 A CN201711226580 A CN 201711226580A CN 107992745 A CN107992745 A CN 107992745A
- Authority
- CN
- China
- Prior art keywords
- interface
- bag
- kidnapped
- trusted
- countermeasure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of interface based on Android platform to kidnap countermeasure, and step is as follows:S1, the interface stack for obtaining present procedure, know activity class by activity stack top:S2, know bag name according to interface class and be shown in user interface;S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, return to step S1, otherwise, goes to next step S4;S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering operation;S5, using the trusted interface cover present user interface, return to step S1.This method, then by the interface built in Android, creates a new former interface of trusted interface covering when checking abduction behavior.By covering interface, the interface that malice is kidnapped will be hidden, and ensured the privacy information of user and will not be revealed because interface is kidnapped.
Description
Technical field
The present invention relates to computer to answer technical field of network security, and in particular to kidnaps at a kind of interface based on Android platform
Countermeasure.
Background technology
Android interface assembly brief introduction:Interface is an application component of Android, there is provided one piece of region, user can use
A certain task is completed to interact, such as dials, take pictures, browse.Interface generally takes up whole screen, but might be less that screen
And float on window.
A usual Android application program is made of multiple interfaces, they are typically loose coupling relation.Often start one newly
Interface, interface originally just stops, and new interface is pushed to stack top, obtains user focus.For different application programs it
Between switching, Android is substantially seamless in order not to influencing user experience, and this has also given some attackers to implement attack
Chance.
Kidnap process brief introduction in interface:In Android system, rogue program can pass through the api functions such as broadcast, daily record, system
Key message when obtaining system operation, after user opens target program, inserts stack top by itself interface, is handed over user
Mutually, complete to steal the malicious acts such as user account password, privacy of user.Specifically, attack process can be expressed as:The first step,
Malware is mounted on the mobile phone of user by certain mode.Second step, Malware monitor aggrieved target, monitor aggrieved
The starting operation of software.Here, any sensitive permission can be not required in rogue program during attack, so that it may obtain current
Process list, and then enumerate currently running process.Malware can also be by registering a receiver response
Android.intent.action.BOOT_COMPLETED broadcast events, detection service is switched in start, continuous piece
Lift the presence for whether thering is goal-selling to apply in current process list.3rd step, Malware are opened listening to victim's software
After dynamic, start itself, by adding flag bit FLAG_ACTIVITY_NEW_TASK so that itself interface top set, and then kidnap
Interface.
The content of the invention
The purpose of the present invention is to solve drawbacks described above of the prior art, there is provided a kind of interface based on Android platform
Kidnap countermeasure.
The purpose of the present invention can be reached by adopting the following technical scheme that:
Countermeasure is kidnapped at a kind of interface based on Android platform, and countermeasure is kidnapped at the interface includes following step
Suddenly:
S1, the interface stack for obtaining present procedure, know activity class by activity stack top:
S2, know bag name according to interface class and be shown in user interface;
S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, returns
Step S1, otherwise, goes to next step S4;
S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering
Operation;
S5, using the trusted interface cover present user interface, return to step S1.
Further, activity class is known by reading stack top interface class in the step S1.
Further, check whether the bag name is that a correct bag name is specific as follows in the step S3:
Before the Bao Mingyu being currently located at where the interface class of stack top that step S2 is obtained once it is legal check leave it is slow
Deposit and compare, if bag name does not change, then it is assumed that do not kidnap, judged inside the entitled present procedure of the bag by interface
Bag, otherwise, it is determined that the bag name is not a correct bag name.
Further, the trusted interface created in the step S4 derive from before legal inspection, by inspection
History obtains a trusted interface.
Further, present user interface cover specifically such as using the trusted interface in the step S5
Under:
The trusted interface of establishment is subjected to a pop down, the trusted interface of the establishment is located at interface after pop down
Stack stack top, and then recapture focus from the interface class being held as a hostage.
The starting point of the present invention is asked primarily to tackling the safety kidnapped present in current Android system on interface
Topic, compared with similar technique, has following gain effect:
1. its audience covers all users using Android system.
2. method flow is simple, the workable of realization is developed.
3. coupling is low, specific defense mechanism can variation.
The advantage of current two ways can be expressed as:
1) sufficient interface information is provided a user, user is possessed the autonomous ability for judging interface and kidnapping situation, so that
Reduce the trust dependence that user kidnaps anti-interface method.
2) user is prevented to the interface input data being held as a hostage using the method for covering, because user is possible to for some
Reason ignores prompt message, so needing some enforceable measures to safeguard the data safety of user.
Brief description of the drawings
Fig. 1 is the flow chart that countermeasure is kidnapped at a kind of interface based on Android platform provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
All other embodiments obtained without making creative work, belong to the scope of protection of the invention.
Embodiment
Present embodiment discloses a kind of interface based on Android platform to kidnap countermeasure, and as shown in Figure 1, which robs
Countermeasure is held to comprise the following steps:
Step S1, the interface stack of present procedure is obtained.Because the purpose that interface is kidnapped is to gain the input of user by cheating, and
The input of user is obtained, which must remain on state, that is, be present in the stack top of interface stack.So first have to take out position
In the interface class of stack top.
Step S2, analysis is located at the interface class of stack top, because the class of a normal program can all deposit in one jointly
Bag under one's name, so the key point whether bag name can be kidnapped as interface.By obtaining such bag name and on boundary
User oriented is shown, user can be allowed to have the ability voluntarily judged.Avoid what user trusted the blindness of anti-hijacking method
Need.
Step S3, check whether the bag name is a correct bag name.The method of inspection is worked as what is obtained in step S2
It is once legal before Bao Mingyu where interface class of the anteposition in stack top to check that the caching left compares.If bag name does not occur
Change, it may be considered that not kidnapped by interface.Return to step S1 at this time, is ready to check next time.Due to same
Bag name is only shared by the interface class inside program, so the more change for causing bag name is all detected by any abduction behavior.
Step S4, this step can just perform in the case of only being kidnapped detecting interface.In order to avoid user is being robbed
Inputted on the interface held.An interface that can be trusted is needed to cover it, a believable interface can be with source
In legal inspection before.By check history, the interface that can a be trusted class can be obtained, herein create one such
Example, is ready for covering operation.
Step S5, the purpose of covering operation, is to recapture focus from the interface class being held as a hostage.Because being only located at interface
Just there is focus at the interface of stack stack top, so covering operation is that step S4 is created, the interface class example that can be trusted carries out one
Secondary pop down.After pop down, focus will be obtained by the interface that can be trusted, and the data safety of user is protected at this time.This
When return to step S1, for next time check be ready.
Above-described embodiment is the preferable embodiment of the present invention, but embodiments of the present invention and from above-described embodiment
Limitation, other any Spirit Essences without departing from the present invention with made under principle change, modification, replacement, combine, simplification,
Equivalent substitute mode is should be, is included within protection scope of the present invention.
Claims (5)
1. countermeasure is kidnapped at a kind of interface based on Android platform, it is characterised in that kidnaps countermeasure bag in the interface
Include the following steps:
S1, the interface stack for obtaining present procedure, know activity class by activity stack top:
S2, know bag name according to interface class and be shown in user interface;
S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, return to step
S1, otherwise, goes to next step S4;
S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering behaviour
Make;
S5, using the trusted interface cover present user interface, return to step S1.
2. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described
Know activity class by reading stack top interface class in step S1.
3. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described
Check whether the bag name is that a correct bag name is specific as follows in step S3:
It is once legal before the Bao Mingyu being currently located at where the interface class of stack top that step S2 is obtained to check the caching phase left
Compare, if bag name does not change, then it is assumed that do not kidnap, judged inside the entitled present procedure of the bag by interface
Bag, otherwise, it is determined that the bag name is not a correct bag name.
4. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described
The trusted interface created in step S4 derive from before legal inspection, by check history obtain a trusted interface.
5. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described
Using the trusted interface present user interface cover in step S5 specific as follows:
The trusted interface of establishment is subjected to a pop down, the trusted interface of the establishment is located at interface stack stack after pop down
Top, and then recapture focus from the interface class being held as a hostage.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711226580.6A CN107992745A (en) | 2017-11-29 | 2017-11-29 | Kidnap countermeasure in a kind of interface based on Android platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711226580.6A CN107992745A (en) | 2017-11-29 | 2017-11-29 | Kidnap countermeasure in a kind of interface based on Android platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107992745A true CN107992745A (en) | 2018-05-04 |
Family
ID=62034462
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711226580.6A Pending CN107992745A (en) | 2017-11-29 | 2017-11-29 | Kidnap countermeasure in a kind of interface based on Android platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107992745A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
WO2019220241A1 (en) * | 2018-05-15 | 2019-11-21 | International Business Machines Corporation | Malware detection |
CN111027053A (en) * | 2019-10-28 | 2020-04-17 | 深圳市跨越新科技有限公司 | Detection method and system for Android application program with Activity hijacking prevention function |
WO2020134033A1 (en) * | 2018-12-24 | 2020-07-02 | 中国银联股份有限公司 | Method used to determine security of application program when running, and device for same |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104123498A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for determining safety of Activity of Android system |
CN104182686A (en) * | 2013-05-23 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Method and device for detecting Activity hijacking risk of Android system |
CN106503555A (en) * | 2016-10-21 | 2017-03-15 | 维沃移动通信有限公司 | A kind of method for ensureing safety of payment and mobile terminal |
CN106713246A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method and apparatus for detecting application program page hijacking, and mobile terminal |
-
2017
- 2017-11-29 CN CN201711226580.6A patent/CN107992745A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104182686A (en) * | 2013-05-23 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Method and device for detecting Activity hijacking risk of Android system |
CN104123498A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for determining safety of Activity of Android system |
CN106713246A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method and apparatus for detecting application program page hijacking, and mobile terminal |
CN106503555A (en) * | 2016-10-21 | 2017-03-15 | 维沃移动通信有限公司 | A kind of method for ensureing safety of payment and mobile terminal |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019220241A1 (en) * | 2018-05-15 | 2019-11-21 | International Business Machines Corporation | Malware detection |
GB2586195A (en) * | 2018-05-15 | 2021-02-10 | Ibm | Malware detection |
WO2020134033A1 (en) * | 2018-12-24 | 2020-07-02 | 中国银联股份有限公司 | Method used to determine security of application program when running, and device for same |
CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
CN110309647B (en) * | 2019-06-28 | 2022-02-25 | 北京乐蜜科技有限责任公司 | Processing method and device for application program, electronic equipment and storage medium |
CN111027053A (en) * | 2019-10-28 | 2020-04-17 | 深圳市跨越新科技有限公司 | Detection method and system for Android application program with Activity hijacking prevention function |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3706022B1 (en) | Permissions policy manager to configure permissions on computing devices | |
EP3455778B1 (en) | Electronic device based security management background | |
EP2562673B1 (en) | Apparatus and method for securing mobile terminal | |
US9825977B2 (en) | System and method for controlling access to data of a user device using a security application that provides accessibility services | |
CN107992745A (en) | Kidnap countermeasure in a kind of interface based on Android platform | |
US20200311277A1 (en) | Method, system and device for security configurations | |
EP3610404B1 (en) | Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time | |
US20200259791A1 (en) | Method and system for controlling internet browsing user security | |
KR20160042110A (en) | Operating system integrated domain management | |
CN1869927B (en) | Device controller, method for controlling a device, and program therefor | |
CN109040419A (en) | Record screen method, apparatus, mobile terminal and storage medium | |
CN104767713A (en) | Account binding method, server and account binding system | |
CN103036852B (en) | A kind of method and device realizing network entry | |
US9973527B2 (en) | Context-aware proactive threat management system | |
CN108694329B (en) | Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware | |
CN107070878B (en) | System and method for virus isolation of monitored application | |
KR20160145574A (en) | Systems and methods for enforcing security in mobile computing | |
CN109981573B (en) | Security event response method and device | |
KR101716690B1 (en) | Unauthorized data access blocking method and computing apparatus having Unauthorized data access blocking function | |
Sasi et al. | A Comprehensive Survey on IoT Attacks: Taxonomy, Detection Mechanisms and Challenges | |
Zlatanov | Computer security and mobile security challenges | |
CN106022105B (en) | A kind of command processing method and device | |
KR101946569B1 (en) | Method and apparatus for preventing outgoing call spoofing in mobile operating system, computer readable medium and computer program | |
Walls et al. | A study of the effectiveness abs reliability of android free anti-mobile malware apps | |
CN105930729A (en) | Keyboard focus changing method and device and terminal equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180504 |