摘要
网络语音电话(Voice over Internet Protocol,VoIP)技术在Android平台上的广泛使用为大众提供了更多的语音通信手段,对其安全性的研究,尤其是漏洞挖掘和漏洞成因的分析尤为重要。考虑到Android VoIP实现的复杂性,漏洞挖掘方法采用了模糊测试和代码审计两种方法,系统性地挖掘潜在漏洞。研究中共发现9个安全漏洞,涵盖了多种类型,且均得到厂商确认与致谢。分析表明,这些漏洞源于代码实现的复杂性和不一致性。研究结果强调了对Android VoIP安全性进行审查的必要性,为后续的安全增强提供了指导,同时也对研究中的改进方向进行了展望。
The widespread use of VoIP(Voice over Internet Protocol)technology on the Android platform provides the public with more voice communication methods.Research on its security,especially vulnerability mining and analysis of vulnerability causes,is particularly important.Considering the complexity of Android VoIP implementation,the vulnerability mining method adopts both fuzz testing and code auditing to systematically mine potential vulnerabilities.A total of 9 security vulnerabilities are found in the research,which cover a wide range of types and are all confirmed and acknowledged by the manufacturers.Analysis indicates that these vulnerabilities stem from the complexity and inconsistency of the code implementation.The research results emphasize the need for a review of Android VoIP security,which provides guidance for subsequent security enhancements,and also provides prospects for improvement directions in the research.
作者
杨鹏
何恩
YANG Peng;HE En(China Electronic Technology Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China;Chengdu Opper Communication Technology Co.,Ltd.,Chengdu Sichuan 610095,China)
出处
《信息安全与通信保密》
2024年第8期112-120,共9页
Information Security and Communications Privacy
