AUSERA
1.0.0
Ausera是一種用於檢測Android應用中安全漏洞的自動化工具。我們已公開使用該工具和相應的基準數據集。我們希望該項目可以使Android應用程序安全分析領域的其他研究人員或實踐者受益。如果您有任何疑問和問題,請隨時與我們聯繫([email protected])。我們將繼續維護這個項目。感謝您的反饋。
export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_45安裝安裝Android SDK,參考:SDKMANAGER。在Mac上,SDK將保存在~/Library/Android/sdk/platforms中 export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_45
export JAVA_BIN=/usr/lib/jvm/jdk1.8.0_45/bin
export CLASSPATH=.:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar
export PATH=$PATH:${JAVA_HOME}/bin
export PATH=$PATH:/home/dell/Android/Sdk/tools
export PATH=$PATH:/home/dell/Android/Sdk/platform-tools
export PATH=$PATH:/home/dell/Android/Sdk/emulator
export JAVA_HOME JAVA_BIN CLASSPATH PATH
https://youtu.be/sfuk3b3iueu
請將目標APK文件放在
apks文件夾中輸出報告可以在
engine-result/engine-report/apk_sha256_output.json中找到
命令格式:
python apk-engine.py [Repo_Path] [JAVA_HOME_Path] [SDK_Platform_Path]
例子:
python2.7 apk-engine.py /media/dell/49fff1d2-ef19-4e4d-855b-4eca95be873a/dell/Tools/ausera-main/ /usr/lib/jvm/jdk1.8.0_45/ /media/dell/49fff1d2-ef19-4e4d-855b-4eca95be873a/dell/Tools/ausera-main/engine-configuration/libs/android-platforms/
Public Id: BUG-A003-0001;
Type: Security Bug;
Risk Level: High;
Risk Score: 8;
Sub Type: SMS data leakage; // App vulnerability type
Description: The app sends an SMS attached with the sensitive data (in plaintext) to authenticate that user, but the data is stored in the SMS outbox unexpectedly. If an adversary registers a content observer to the SMS outbox on the mobile device with some permissions, the user's sensitive data can be easily intercepted by the adversary who impersonates that user to manipulate her legitimate banking account.
Location: Found a flow to sink virtualinvoke $r10.<android.telephony.SmsManager: void sendTextMessage(), from the following sources: $r5 = virtualinvoke $r4.<android.widget.EditText: android.text.Editable getText()>() (in <com.globe.gcash.android.activity.transaction.RegistrationTransactionActivity: void doNext()>)
=> RegistrationTransactionActivity;doNext();$r4;$r5 // Activity, Method, Variables logging
==> pin;firstName;lastName;addr // Sensitive data tagging
Patch Method: Avoid sending sensitive data via SMS and store the sensitive data in the SMS outbox accordingly.
[1] Ausera:Android應用中漏洞檢測的自動安全風險評估
@inproceedings{chen2022ausera,
title={AUSERA: Automated Security Risk Assessment for Vulnerability Detection in Android Apps},
author={Chen, Sen and and Zhang, Yuxin and Fan, Lingling and Li, Jiaming and Liu, Yang},
booktitle={ASE},
year={2022}
}
[2]對全球Android銀行應用程序安全風險的經驗評估
@inproceedings{chen2019ausera,
title={An Empirical Assessment of Security Risks of Global {Android} Banking Apps},
author={Chen, Sen and Fan, Lingling and Meng, Guozhu and Su, Ting and Xue, Minhui and Xue, Yinxing and Liu, Yang and Xu, Lihua},
booktitle={ICSE},
year={2020}
}
[3]移動銀行應用程序是否安全?什麼可以改善?
@inproceedings{chen2018mobile,
title={Are mobile banking apps secure? {What} can be improved?},
author={Chen, Sen and Su, Ting and Fan, Lingling and Meng, Guozhu and Xue, Minhui and Liu, Yang and Xu, Lihua},
booktitle={ESEC/FSE},
year={2018}
}
Sen Chen保留所有版權。
