基于Android应用程序安装包隐蔽下载劫持漏洞

Stealth download hijacking vulnerability of Android application package

在Android应用程序安装包的发布、下载过程中,往往很容易受到下载劫持攻击。受到常规下载劫持攻击的服务器往往能够通过流量分析发现攻击行为,但是,隐蔽下载劫持攻击则无法通过该方法进行发现。通过对真实案例的发现和分析,提出一种Android应用程序安装包隐蔽下载劫持漏洞。攻击者利用该漏洞在用户与服务器之间部署中间人设备,隐蔽下载劫持攻击,使受到劫持的服务器难以通过现有的分析方法发现该攻击行为。对该漏洞的产生原因、危害范围、利用机制等进行了分析,并试图从分布式检测、集中分析和主动预防方面提出解决方案。

During the distributing and downloading of Android application packages,it is always be vulnerable to download hijacking attacks.Traffic analysis could be used by sites to detect if they are under this kind of regular download hijacking attacks.But the stealth download hijacking attacks cannot be discovered by using such a method.Based on the discovery and analysis of an actual case,a vulnerability of Android application package stealth download hijacking was proposed.Attackers exploited this vulnerability to implement a stealth download hijacking through deploying bypass devices between the downloaders and the publishers.And the victim sites can hardly notice it by using current methods.The cause,influence and mechanism of the vulnerability were discussed,and a solution was tried to put forward in respects of distributed detection,centralized analysis and active prevention.