CN110659504A - Vulnerability attack verification method, vulnerability attack verification system and storage medium - Google Patents
Vulnerability attack verification method, vulnerability attack verification system and storage medium Download PDFInfo
- Publication number
- CN110659504A CN110659504A CN201910897694.6A CN201910897694A CN110659504A CN 110659504 A CN110659504 A CN 110659504A CN 201910897694 A CN201910897694 A CN 201910897694A CN 110659504 A CN110659504 A CN 110659504A
- Authority
- CN
- China
- Prior art keywords
- attack
- basic information
- mobile terminal
- vulnerability
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention relates to a vulnerability attack verification method, a vulnerability attack verification system and a storage medium, wherein the vulnerability attack verification method firstly collects basic information of a mobile terminal, secondly matches a tool kit containing an attack sample and a label according to the collected basic information, and then installs the matched tool kit to the mobile terminal and runs the tool kit on the mobile terminal; and finally, determining whether a security vulnerability exists according to the operation result of the tool kit and/or the returned abnormal data. The vulnerability attack verification method provided by the invention can directly match the tool kit which is most suitable for the mobile terminal, attack the mobile terminal through the attack sample in the tool kit, and determine whether the security vulnerability really exists according to the final result (such as error restart of the system or software in the system, and the like) and/or return abnormal data information.
Description
Technical Field
The invention relates to the technical field of mobile terminal security, in particular to a vulnerability attack verification method, a vulnerability attack verification system and a storage medium.
Background
With the rapid development of internet technology and mobile terminal technology, the more services and applications that can be installed on a mobile terminal, the more and more services and applications that can be installed on the mobile terminal, and the worse development of synchronization with the services and applications, the more and more diversified hacking means are available, so that the mobile terminal has a plurality of hidden problems, such as: data corruption, unauthorized malicious access, data loss, active execution of malware, and the like.
Moreover, unlike the conventional PC operating system, the operating system of the mobile terminal has a significant fragmentation phenomenon, for example, although most mobile terminals use the Android system, the Android systems used by different manufacturers are different (the operating systems are usually implemented by the terminal manufacturers independently). This leads to a more complex challenge for the security of the mobile terminal operating system, and the security vulnerabilities are more varied, such as signature vulnerabilities, privilege-giving vulnerabilities, horse-hanging vulnerabilities, silent installation/uninstallation vulnerabilities, short message fraud vulnerabilities, vulnerabilities of sending messages at the background, vulnerabilities of making calls at the background, and the like, which have occurred in the Android system; for example, a character string leak, a screen locking leak, a charger leak and the like which occur in the iOS system.
Vulnerability detection and vulnerability verification are important bases for correcting vulnerabilities of subsequent terminal manufacturers, wherein vulnerability verification specifically includes: and verifying whether the attack sample (obtained by analyzing the target code in the attack event) utilizes the software vulnerability to attack.
The existing vulnerability verification method is usually completed based on a security public-testing platform, firstly, a security vulnerability submitted by a user is received, and then, whether the security vulnerability really exists is verified in a manual verification and verification mode, so that the method is low in convenience.
Therefore, the prior art has yet to be improved.
Disclosure of Invention
Therefore, it is necessary to provide a vulnerability attack verification method, a vulnerability attack verification system and a storage medium for solving the above technical problems, and the problem in the prior art that the way of manually performing auditing and vulnerability verification is low in convenience is solved.
The technical scheme of the invention is as follows:
a vulnerability attack verification method is used for verifying at least one security vulnerability of a mobile terminal and comprises the following steps:
acquiring basic information of a mobile terminal, wherein the basic information comprises: at least one of a system version, a CPU type and a mobile terminal brand of the mobile terminal;
matching a tool kit comprising an attack sample and a label according to the collected basic information, wherein the label stores at least one of the following information: the applicable system version, the applicable CPU type and the applicable mobile terminal brand, and the information in the tag is matched with the basic information;
installing the matched tool kit to the mobile terminal and running the tool kit on the mobile terminal;
and determining whether a security vulnerability exists according to the operation result of the tool kit and/or the returned abnormal data.
In a further preferred embodiment, the step of matching the tool pack including the attack sample and the tag according to the collected basic information further includes: receiving a security vulnerability type input by a user;
the step of matching the tool pack containing the attack sample and the label according to the acquired basic information specifically comprises the following steps: matching a tool kit containing an attack sample and a label according to the collected basic information and the received security vulnerability type, wherein the label further comprises: the type of security breach applicable.
In a further preferred aspect, the basic information includes: the system version, the CPU type and the mobile terminal brand of the mobile terminal; the tag stores: an applicable system version, an applicable CPU type, and an applicable mobile terminal brand;
the step of matching the tool kit containing the attack sample and the label according to the collected basic information and the received security vulnerability type specifically comprises the following steps: and according to the collected basic information and the received security vulnerability type, matching a unique tool kit containing the attack sample and the label.
In a further preferred embodiment, the step of matching the tool pack including the attack sample and the tag according to the collected basic information specifically includes: and matching a plurality of tool packages containing attack samples and labels according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities.
In a further preferred aspect, the basic information includes: the system version, the CPU type and the mobile terminal brand of the mobile terminal; the tag stores: an applicable system version, an applicable CPU type, and an applicable mobile terminal brand;
the step of matching a plurality of tool packs containing attack samples and labels according to the acquired basic information specifically comprises the following steps: and matching a plurality of tool packages containing attack samples and labels in batches according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities.
In a further preferred scheme, the step of acquiring the basic information of the mobile terminal specifically includes: and acquiring basic information of the mobile terminal through the adb command.
In a further preferred embodiment, the step of matching the tool pack including the attack sample and the tag according to the collected basic information specifically includes: and matching a tool kit containing the attack sample and the label according to the collected basic information through the adb command.
In a further preferred embodiment, the step of matching the tool pack including the attack sample and the tag according to the collected basic information specifically includes: and matching an apk file containing the attack sample and the label according to the acquired basic information, wherein the apk file is an attack verification module packaged by an Android plug-in technology.
The invention also provides a vulnerability attack verification system, which comprises a memory and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs are configured to be executed by one or more processors, and the vulnerability attack verification system comprises a vulnerability attack verification method for executing the vulnerability attack verification method. Therefore, the vulnerability attack verification system can have the technical characteristics and the technical effects of the vulnerability attack verification method, and is not described in detail.
A storage medium having a vulnerability attack verification program stored thereon, wherein the vulnerability attack verification program, when executed by a processor, implements the steps of the vulnerability attack verification method as described in any one of the above.
Compared with the prior art, the vulnerability attack verification method provided by the invention comprises the steps of firstly collecting basic information of the mobile terminal, secondly matching a tool kit containing an attack sample and a label according to the collected basic information, then installing the matched tool kit to the mobile terminal, and operating the tool kit on the mobile terminal; and finally, determining whether a security vulnerability exists according to the operation result of the tool kit and/or the returned abnormal data. The vulnerability attack verification method provided by the invention can directly match the tool kit which is most suitable for the mobile terminal, attack the mobile terminal through the attack sample in the tool kit, and determine whether the security vulnerability really exists according to the final result (such as error restart of the system or software in the system, and the like) and/or return abnormal data information.
Drawings
Fig. 1 is a flowchart of a vulnerability attack verification method in a preferred embodiment of the present invention.
Fig. 2 is a functional block diagram of a vulnerability attack verification system in a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the present invention provides a vulnerability attack verification method, which can verify at least whether a certain security vulnerability exists in a mobile terminal of a certain type (by enriching the number and types of toolkits in a vulnerability attack verification system, the type of the mobile terminal and/or the type of the security vulnerability to which the vulnerability attack verification method can be applied can be increased).
The vulnerability attack verification method comprises the following steps: s100, collecting basic information of the mobile terminal, wherein the basic information comprises: at least one of a system version, a CPU type, and a mobile terminal brand on which the mobile terminal operates.
A plurality of Android system names, version numbers and API levels can be visually checked through the following tables:
name (R) | Version number | API level |
Android Q | Is unknown | 29 |
Android Pie | 9.0 | 28 |
Android Oreo | 8.0-8.1 | 26-27 |
Android Nougat | 7.0-7.1.2 | 24-25 |
Android Marshmallow | 6.0-6.0.1 | 23 |
Android Lollipop | 5.0-5.1.1 | 21-22 |
Android KitKat | 4.4-4.4.4 | 19-20 |
... | ... | ... |
Different system versions of the mobile terminal are operated, the security vulnerabilities existing on the mobile terminal may be different, and attack samples suitable for the same security vulnerability may be different; the same principle is also as follows: different CPU types may cause different applicable attack samples; different mobile terminal brands (different system developers used by different mobile terminal brands, different levels and habits) may have different applicable attack samples.
S200, matching a tool kit containing an attack sample and a label according to the collected basic information, wherein the label stores at least one of the following information: applicable system version, applicable CPU type and applicable mobile terminal brand, and the information in the label is adapted with the basic information.
The toolkit used in the present invention carries a tag for noting which system version, which CPU type and/or which mobile terminal brand the toolkit corresponding thereto is applicable to. Through the matching of the basic information and the label, part of tool packages which are not suitable for the corresponding mobile terminal can be screened out, all tool packages do not need to be executed once, and the verification time is saved.
It can be understood that the more conditions are used for matching, the more toolkits are screened out, the less toolkits are left, and the less time is spent for verification, therefore, the invention preferably selects the basic information including the system version, the CPU type and the mobile terminal brand of the mobile terminal, and the tag stores the following information: applicable system version, applicable CPU type and applicable mobile terminal brand. However, the present invention does not limit the basic information to include all the above information, and as long as any one information exists, a part of the toolkit can be screened out, so as to save the verification time.
In the early stage of Android development, various root tools exist, and the root tools are rudiments of attack verification modules. However, these tools cannot separate a single attack verification module, so that a user can know which module is functioning, and cannot accurately infer which vulnerabilities exist in the system.
Therefore, the tool kit is preferably an apk file, and the apk file is an attack verification module packaged by the Android plug-in technology. When the security vulnerability attack verification of the mobile terminal is carried out, a certain toolkit can be independently operated, and the toolkits can be called in batches to carry out the attack verification of a plurality of security vulnerabilities.
S300, installing the matched tool kit to the mobile terminal, and operating the tool kit on the mobile terminal.
S400, determining whether a security vulnerability exists according to the operation result of the tool kit and/or the returned abnormal data.
After the attack packet runs on the mobile terminal, the attack packet can affect an operating system with a corresponding security vulnerability, such as restarting and returning abnormal data information after an error occurs; therefore, whether the mobile terminal has a security vulnerability can be determined according to the influence caused by the operation of the tool kit.
As an improvement of the above preferred embodiment, the step of matching the tool kit including the attack sample and the tag according to the collected basic information further includes: receiving a security vulnerability type input by a user;
the step of matching the tool pack containing the attack sample and the label according to the acquired basic information specifically comprises the following steps: matching a tool kit containing an attack sample and a label according to the collected basic information and the received security vulnerability type, wherein the label further comprises: the type of security breach applicable.
The step of matching the tool kit containing the attack sample and the label according to the collected basic information and the received security vulnerability type specifically comprises the following steps: and according to the collected basic information and the received security vulnerability type, matching a unique tool kit containing the attack sample and the label. Namely, a certain tool kit is independently called by the system to carry out attack verification of a certain security vulnerability of a certain type of mobile terminal.
As another improvement of the above preferred embodiment, the step of matching the tool pack including the attack sample and the tag according to the collected basic information specifically includes: and matching a plurality of tool packages containing attack samples and labels according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities.
The step of matching a plurality of tool packs containing attack samples and labels according to the acquired basic information specifically comprises the following steps: and matching a plurality of tool packages containing attack samples and labels in batches according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities. Namely, the tool kit is called in batch by the system, and the attack verification of a plurality of security vulnerabilities is carried out sequentially or simultaneously.
According to another aspect of the present invention, the step of collecting the basic information of the mobile terminal specifically comprises: and acquiring basic information of the mobile terminal through the adb command. Similarly, the step of matching the tool pack including the attack sample and the label according to the collected basic information specifically includes: and matching a tool kit containing the attack sample and the label according to the collected basic information through the adb command. The adb command is an adb shell command, namely a terminal shell connected to an operating system.
As shown in FIG. 2, the present invention also provides a vulnerability attack verification system, which comprises a memory 10, and one or more programs, wherein the one or more programs are stored in the memory 10, and are configured to be executed by the one or more processors 20, including the vulnerability attack verification method for executing the vulnerability attack. Therefore, the vulnerability attack verification system can have the technical characteristics and the technical effects of the vulnerability attack verification method, and is not described in detail.
The invention also provides a storage medium on which the vulnerability attack verification program is stored, wherein the vulnerability attack verification program realizes the steps of the vulnerability attack verification method when being executed by a processor.
It can be understood by those skilled in the art that all or part of the processes in the method according to the above embodiments may be implemented by instructing related hardware through a vulnerability attack verification program, where the vulnerability attack verification program may be stored in a readable storage medium of a non-volatile vulnerability attack verification method, and when executed, the vulnerability attack verification program may include the processes according to the above embodiments. Any reference to memory, storage, databases, or other media used in embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (SyNchlinNk) DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A vulnerability attack verification method is used for verifying at least one security vulnerability of a mobile terminal, and is characterized by comprising the following steps:
acquiring basic information of a mobile terminal, wherein the basic information comprises: at least one of a system version, a CPU type and a mobile terminal brand of the mobile terminal;
matching a tool kit comprising an attack sample and a label according to the collected basic information, wherein the label stores at least one of the following information: the applicable system version, the applicable CPU type and the applicable mobile terminal brand, and the information in the tag is matched with the basic information;
installing the matched tool kit to the mobile terminal and running the tool kit on the mobile terminal;
and determining whether a security vulnerability exists according to the operation result of the tool kit and/or the returned abnormal data.
2. The vulnerability attack verification method of claim 1, wherein the step of matching a toolkit comprising attack samples and tags according to the collected basic information further comprises: receiving a security vulnerability type input by a user;
the step of matching the tool pack containing the attack sample and the label according to the acquired basic information specifically comprises the following steps: matching a tool kit containing an attack sample and a label according to the collected basic information and the received security vulnerability type, wherein the label further comprises: the type of security breach applicable.
3. The vulnerability attack verification method of claim 2, wherein the basic information comprises: the system version, the CPU type and the mobile terminal brand of the mobile terminal; the tag stores: an applicable system version, an applicable CPU type, and an applicable mobile terminal brand;
the step of matching the tool kit containing the attack sample and the label according to the collected basic information and the received security vulnerability type specifically comprises the following steps: and according to the collected basic information and the received security vulnerability type, matching a unique tool kit containing the attack sample and the label.
4. The vulnerability attack verification method of claim 1, wherein the step of matching a toolkit comprising attack samples and tags according to the collected basic information specifically comprises: and matching a plurality of tool packages containing attack samples and labels according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities.
5. The vulnerability attack verification method of claim 4, wherein the basic information comprises: the system version, the CPU type and the mobile terminal brand of the mobile terminal; the tag stores: an applicable system version, an applicable CPU type, and an applicable mobile terminal brand;
the step of matching a plurality of tool packs containing attack samples and labels according to the acquired basic information specifically comprises the following steps: and matching a plurality of tool packages containing attack samples and labels in batches according to the acquired basic information, wherein the tool packages are used for attacking and verifying different security vulnerabilities.
6. The vulnerability attack verification method according to any one of claims 1 to 5, wherein the step of collecting the basic information of the mobile terminal specifically comprises: and acquiring basic information of the mobile terminal through the adb command.
7. The vulnerability attack verification method according to any one of claims 1 to 5, wherein the step of matching the toolkit including the attack sample and the tag according to the collected basic information specifically comprises: and matching a tool kit containing the attack sample and the label according to the collected basic information through the adb command.
8. The vulnerability attack verification method according to any one of claims 1 to 5, wherein the step of matching the toolkit including the attack sample and the tag according to the collected basic information specifically comprises: and matching an apk file containing the attack sample and the label according to the acquired basic information, wherein the apk file is an attack verification module packaged by an Android plug-in technology.
9. A vulnerability attack verification system, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs configured to be executed by the one or more processors comprise a computer program for executing the vulnerability attack verification method according to any one of claims 1 to 8.
10. A storage medium having a vulnerability attack verification program stored thereon, wherein the vulnerability attack verification program, when executed by a processor, implements the steps of the vulnerability attack verification method according to any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910897694.6A CN110659504A (en) | 2019-09-23 | 2019-09-23 | Vulnerability attack verification method, vulnerability attack verification system and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910897694.6A CN110659504A (en) | 2019-09-23 | 2019-09-23 | Vulnerability attack verification method, vulnerability attack verification system and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110659504A true CN110659504A (en) | 2020-01-07 |
Family
ID=69038767
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910897694.6A Pending CN110659504A (en) | 2019-09-23 | 2019-09-23 | Vulnerability attack verification method, vulnerability attack verification system and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110659504A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818042A (en) * | 2020-07-07 | 2020-10-23 | 国家计算机网络与信息安全管理中心 | Detection method of car networking vulnerability public-survey platform |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104751056A (en) * | 2014-12-19 | 2015-07-01 | 中国航天科工集团第二研究院七〇六所 | Vulnerability verification system and method based on attack library |
US20170132419A1 (en) * | 2014-06-24 | 2017-05-11 | Virsec Systems, Inc. | System And Methods For Automated Detection Of Input And Output Validation And Resource Management Vulnerability |
CN107480531A (en) * | 2017-07-18 | 2017-12-15 | 北京计算机技术及应用研究所 | Automated software validating vulnerability system and method based on vulnerability database |
-
2019
- 2019-09-23 CN CN201910897694.6A patent/CN110659504A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170132419A1 (en) * | 2014-06-24 | 2017-05-11 | Virsec Systems, Inc. | System And Methods For Automated Detection Of Input And Output Validation And Resource Management Vulnerability |
CN104751056A (en) * | 2014-12-19 | 2015-07-01 | 中国航天科工集团第二研究院七〇六所 | Vulnerability verification system and method based on attack library |
CN107480531A (en) * | 2017-07-18 | 2017-12-15 | 北京计算机技术及应用研究所 | Automated software validating vulnerability system and method based on vulnerability database |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818042A (en) * | 2020-07-07 | 2020-10-23 | 国家计算机网络与信息安全管理中心 | Detection method of car networking vulnerability public-survey platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9081967B2 (en) | System and method for protecting computers from software vulnerabilities | |
CN108491321B (en) | Method and device for determining test case range and storage medium | |
CN108400978B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
US20120191963A1 (en) | BIOS Updating System, BIOS Updating Method, and Related Computer Program Product | |
KR101972825B1 (en) | Method and apparatus for automatically analyzing vulnerable point of embedded appliance by using hybrid analysis technology, and computer program for executing the method | |
CN110995825B (en) | Intelligent contract issuing method, intelligent node equipment and storage medium | |
CN113177001A (en) | Vulnerability detection method and device for open source component | |
CN106843947B (en) | Method and device for processing code defects | |
CN112363937A (en) | Method and device for testing differential coverage rate, computer equipment and storage medium | |
CN110659504A (en) | Vulnerability attack verification method, vulnerability attack verification system and storage medium | |
CN110414218B (en) | Kernel detection method and device, electronic equipment and storage medium | |
CN108829575B (en) | Test case recommendation method, electronic device and readable storage medium | |
CN110502900B (en) | Detection method, terminal, server and computer storage medium | |
CN110610091A (en) | Security PXE method based on domestic network platform | |
CN116541847A (en) | Security detection method and device for application program | |
CN115455414A (en) | Safety detection method and device | |
CN111597101B (en) | SDK access state detection method, computer equipment and computer readable storage medium | |
CN114237665A (en) | Patch updating method and device, computing equipment and storage medium | |
CN113918384A (en) | Data saving method, device, equipment and storage medium | |
CN113902458A (en) | Malicious user identification method and device and computer equipment | |
CN113791808A (en) | Bottom layer program upgrading method and device, computer equipment and storage medium | |
CN112887328A (en) | Sample detection method, device, equipment and computer readable storage medium | |
CN115373717B (en) | Method for realizing process plug-in by user-defined microkernel | |
CN113343222B (en) | Java project engineering safety verification method and device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |