S-Space College of Engineering/Engineering Practice School (공과대학/대학원) Dept. of Computer Science and Engineering (컴퓨터공학부) Theses (Master's Degree_컴퓨터공학부)
Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps
안드로이드 금융 어플리케이션들의 임기응변적인 실행환경 무결성 검사 분석
- 공과대학 컴퓨터공학부
- Issue Date
- 서울대학교 대학원
- 학위논문 (석사)-- 서울대학교 대학원 : 컴퓨터공학부, 2017. 2. 전병곤.
- To protect customers' sensitive information, many mobile financial applications include steps to probe the runtime environment and abort their execution if the environment is deemed to have been tampered with. This paper investigates the security of such self-defense mechanisms used in 76 popular financial Android apps in Republic of Korea. Our investigations found that existing tools fail to analyze these Android apps effectively because of their highly obfuscated code and complex, non-traditional control flows. We overcome this challenge by extracting a call graph with a self-defense mechanism, from a detailed runtime trace record of a target app’s execution to generate. To generate the call graph, we use the causality between the Android APIs and system calls used for integrity checks and for alert dialogs, or to kill the app itself. Our analysis of 76 apps shows that once we obtain a causality graph, we can pinpoint methods to bypass most self-defense mechanisms. We successfully bypassed 67 out of 73 apps that check the platform integrity and 39 out of 44 apps that check the binary integrity of the host app, which shows the inefficiency of checking the integrity at the app level. We also present in-depth studies of the top five security libraries used in the aforementioned apps to provide their self-defense mechanisms and their weaknesses. Because financial mobile applications should not run during tampered runtimes, our results clearly demonstrate the necessity of a platform-level solution for integrity checks.