【2016年度】移动安全研究资料总结

[转载来源] http://www.droidsec.cn/移动安全研究资料总结（2016年度）/

Research & Papers & Presentations
MANIFEST FILES CLASSIFICATION OF ANDROID MALWARE –pdf
DroidNative: Semantic-Based Detection of Android Native Code Malware –http://arxiv.org/pdf/1602.04693.pdf
Metaphor – Exploitation ofCVE-2015-3864
and ASLR bypass.
Exploit
Android CVE-2015-1805 – Local elevation of privilege vulnerability in Android kernel
(versions 3.4, 3.10 and 3.14)
Pwn a Nexus device with a single vulnerability
An Android Malware Detection Method Based on Feature Code –http://www.atlantis-press.com/php/paper-details.php?from=session+results&id=25845065&querystr=id%3D661
Technical Report:
DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android –http://www.icri-sc.org/publications/einzelansicht/?tx_bibtex_pi1%5Bpub_id%5D=TUD-CS-2016-0025&no_cache=1
Evaluation of Android Malware Detection Based on System Calls –http://soarlab.org/2016/01/iwspa2016-daur/
strace– to trace system calls related to the operating system process of the application

https://github.com/soarlab/maline
AspectDroid: Android App Analysis System –https://dl.acm.org/citation.cfm?id=2857739
SEMANTICS-AWARE ANDROID MALWARE CLASSIFICATION 
ANDROID MALWARE CLASSIFICATION USING PARALLELIZED MACHINE LEARNING METHODS
Static Analysis of Android Apps: A Systematic Literature Review
R-Droid: Leveraging Android App Analysis with Static Slice Optimization
BinderCracker: Assessing the Robustness of Android System Services
A study on obfuscation techniques on Android malware – http://midlab.diag.uniroma1.it/articoli/matteo_pomilia_master_thesis.pdf MITRE Android Security Analysis Final Report
Ransomware
Steals your phone. Formal methods to rescue it.
Download
Malware? No,thanks. How Formal Methods can Block Update Attacks
Following Devil’s Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android
and iOS
Attacks and Defence on Android Free Floating Windows
Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
Evading Android Runtime Analysis Through Detecting Programmed Interactions
Secure Containers in Android: the Samsung KNOX Case Study
Detecting Android malware campaigns via application similarity analysis
AndroZoo:
Collecting Millions of Android Apps for the Research Community
AndroZoo – https://androzoo.uni.lu
Andro-profiler: Detecting and Classifying Android Malware based on Behavioral Profiles
Mitigating Stagefright Attacks with the ARM Performance Monitoring
Unit
https://www.youtube.com/watch?v=spxm-eZIpKQ
http://www.slideshare.net/EndgameInc/hardwareassisted-rootkits-instrumentation
The Analysis and Classification
of Android Malware
Includes Binderexamples

Understanding Application Behaviours for Android
Security: A Systematic Characterization
Analyzing security flaws of wireless routers and enhancing security violation of
remote code execution on android devices
On the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android
Malware
Finding Bugs in Android Application using Genetic Algorithm and Apriori Algorithm
CREDROID: Android malware detection by network traffic analysis
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware. ShakaCon, Honolulu,
Jul 2016
Android IPC firewall – Research into developing a linux kernel firewall for android via binder –https://github.com/dxwu/AndroidBinder 
MCE^3 – Scott Alexander-Bown – Android App Security on a Budget
MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention
Android Compiler Fingerprinting
TrafficAV: An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic
Identifying unsoundness of call graphs in android static analysis tools
Fingerprinting Android packaging: Generating DNAs for malware detection (http://www.sciencedirect.com/science/article/pii/S1742287616300469)
A Peek Under the Hood of iOS Malware
Paper: https://webdiis.unizar.es/~ricardo/files/papers/GR-WMA-16.pdf Samples: https://webdiis.unizar.es/~ricardo/software-tools/supplementary-research-material/ios-malware-samples/
Linux Security Summit Videos (https://www.linux.com/news/linux-security-summit-videos)
File-Based Encryption in Android 7 (https://source.android.com/security/encryption/file-based.html)
How My Rogue Android App Could Monitor & Brute-force Your App’s Sensitive Metadata (https://www.arneswinnen.net/2016/09/how-my-rogue-android-app-could-monitor-brute-force-your-apps-sensitive-metadata/)
Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB (https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/)
XDroid: An Android Permission Control Using Hidden Markov Chain and Online Learning (http://www.people.vcu.edu/~rashidib/Pub_files/CNS16/CNS16.pdf)
Analyzing Android Repackaged Malware by Decoupling Their Event Behaviors (https://link.springer.com/chapter/10.1007/978-3-319-44524-3_1)
Comparative Evaluation of Machine Learning-based Malwar eD etection on Android (https://pdfs.semanticscholar.org/e45f/e32cfffd3a6200081fc6df8c837ee846f2ac.pdf)
DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware (http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0162627)
Android full-disk encryption: a security assessment (https://www.royalholloway.ac.uk/isg/documents/pdf/technicalreports/2016/rhul-isg-2016-8-oliver-kunz.pdf)
KNOXout (CVE-2016-6584) – Bypassing Samsung KNOX –http://www.vsecgroup.com/single-post/2016/09/16/KNOXout—Bypassing-Samsung-KNOX
Samsung Pay NFC flaw –https://salmg.net/2016/10/11/samsung-pay-nfc-flaw
A Framework for Third Party Android Marketplaces to Identify Repackaged Apps –http://ieeexplore.ieee.org/abstract/document/7588889/
Characterization of Android Malware Families by a Reduced Set of Static Features –https://link.springer.com/chapter/10.1007/978-3-319-47364-2_59
Using Rowhammer bitflips to root Android phones is now a thing
https://www.vusec.net/projects/drammer/
https://vvdveen.com/publications/drammer.pdf
Based on this
paper from 2014
Repeatedly accessing data stored in memory chips could flip certain bits
http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
https://github.com/vusec/drammer
https://www.youtube.com/watch?v=x6hL-obNhAw

An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks –http://isyou.info/jowua/papers/jowua-v7n3-3.pdf
Evaluation of Resource-based App Repackaging Detection in Android –https://github.com/zyrikby/FSquaDRA2
On App-based Matrix Code Authentication in Online Banking
New Reliable Android Kernel Root Exploitation Techniques –http://powerofcommunity.net/poc2016/x82.pdf
DE-GUARD – http://apk-deguard.com – http://www.srl.inf.ethz.ch/papers/deguard.pdf Patent: Detecting malware on mobile devices based on mobile behavior analysis –https://www.google.com/patents/US9479357
Automatically Learning Android Malware Signatures from Few Samples –http://apps.cs.utexas.edu/tech_reports/reports/tr/TR-2237.pdf
AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph –https://link.springer.com/chapter/10.1007/978-3-319-49145-5_9
Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016 –https://github.com/secmob/BadKernel
BitUnmap: Attacking Android Ashmem –https://googleprojectzero.blogspot.cz/2016/12/bitunmap-attacking-android-ashmem.html
ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy –https://www.youtube.com/watch?v=9KsnFWejpQg
New Flavor of
Dirty COW Attack Discovered, Patched – http://blog.trendmicro.com/trendlabs-security-intelligence/new-flavor-dirty-cow-attack-discovered-patched/ Toward dynamic analysis of obfuscated android malware –http://www.slideshare.net/ZongShenShen/toward-dynamic-analysis-of-obfuscated-android-malware
*droid: Assessment and Evaluation of Android Application Analysis Toolshttp://www.cise.ufl.edu/~traynor/papers/reaves-csur2016.pdf
ICCDetector: ICC-Based malware detection on Android –http://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=4298&context=sis_research
Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions –https://arxiv.org/pdf/1611.10231.pdf

Machine Learning

A static Android malware Detection based on actual used permissions combination and API calls –http://www.waset.org/publications/10005499
Android Malware Classification by Applying Online Machine Learning –https://link.springer.com/chapter/10.1007/978-3-319-47217-1_8/fulltext.html
An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features –https://link.springer.com/article/10.1007/s00521-016-2708-7
MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models –https://arxiv.org/pdf/1612.04433.pdf

Articles

Autopwn
every Android < 4.2 device on your network using BetterCap and the “addJavascriptInterface” vulnerability.
Android Deobfuscation Tools and Techniques
Dalvik Virtual Execution with SmaliVM
Android Anti-Hooking Techniques in Java
Android internals
Introduction to Fridump
Hardening the media stack by Google
What’s new in Android security (M and N Version) – Google I/O 2016 –https://www.youtube.com/watch?v=XZzLjllizYs
Mobile Security News Update July 2016
Android WebView exploit vulnerabilities, limitations and End
Strictly Enforced Verified Boot with Error Correction (new in Android N) –http://android-developers.blogspot.cz/2016/07/strictly-enforced-verified-boot-with.html
How to View TLS Traffic in Android’s Logs (https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-logs-6a42ca7a6e55#.6c6ayv5r4)
Mobile Threat Catalogue –https://pages.nist.gov/mobile-threat-catalogue/
CVE-2016-3918: E-mail Information Disclosure Vulnerability Analysis –http://blogs.360.cn/360mobile/2016/10/14/cve_2016_3918/
(Chinese)

Tools & Frameworks & Source Code

Androl4b –AndroL4b
is an android security virtual machine based on ubuntu-Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis.
SmaliEx Deoptimize odex from oat.
Android Crackmes –https://play.google.com/store/apps/developer?id=DEFENDIO
SSLUnpinning_Xposed Android Xposed Module to bypass SSL
certificate validation (Certificate Pinning).
AppMon–
http://dpnishant.github.io/appmon/ * AppMon is an automated framework for monitoring and tampering system API calls of native iOS and Android apps (upcoming)
fsmon– FileSystem Monitor utility that runs on Linux, Android, iOS an d OSX –https://github.com/nowsecure/fsmon
Android Tamer Version 4
Droid-ff: Android Fuzzing Framework
jniostorlab – JNI method enumeration in ELF files
DexExtractor – Android dex file extractor, anti-bangbang (Bangcle)
Android CVE-2015-1805 PoCs[1][2]
selfmodify–
https://github.com/leonnewton/selfmodify http://drops.wooyun.org/mobile/16677

AppTroy– An Online Analysis System for Packed Android Malware
https://github.com/CvvT/AppTroy
Java Deobfuscator (https://javadeobfuscator.com)
APKiD– Android Application Identifier for Packers, Protectors, Obfuscators and Oddities –https://github.com/rednaga/APKiD
Droid-Hunter – Android Application Vulnerability Analysis And Android Pentest Tool (http://www.kitploit.com/2016/09/droid-hunter-android-application.html
Stagefright Metasploit Module (https://github.com/rapid7/metasploit-framework/pull/7357)
Native binary for testing Android phones for the Rowhammer bug –https://github.com/vusec/drammer
avmdbg– a lightweight debugger for android virtual machine –
https://github.com/cheetahsec/avmdbg
Evaluation of Resource-based App Repackaging Detection in Android –https://github.com/zyrikby/FSquaDRA2
Dirty COW vulnerability test added to the VTS App –https://github.com/AndroidVTS/android-vts/pull/139#issuecomment-264213745
XposedGadget–
https://github.com/ZSShen/XposedGadget