Android系統上的滲透測試

Abstract

近年來智慧型手機在手機市場上大幅嶄露頭角，尤其又以Android系統為主的手機更是普及。無論是收發電子郵件、GPS導航系統、甚至是玩遊戲、聽音樂、看影片...等，都能在小小一台智慧型手機上完成。Android系統秉持著開放原始碼策略，讓每個人都能自行撰寫應用程式，來自四面八方的應用軟體在Android Market上不斷的增長，更不用提其他網站自行提供的應用軟體。其中，隨之而來的是有心人士開始散佈惡意軟體，竊取使用者個人隱私資料，或是擅自使用付費服務，造成使用者金錢損失。Android Market並沒有對上載的應用程式提供嚴格的審查機制，加上Android手機允許安裝非Market上的應用程式，這些都會讓使用者容易下載到惡意軟體仍渾然不覺。因此，如何保障Android手機上的安全，是我們研究的主要目標。我們的滲透測試系統蒐集各種Android系統上的漏洞，並提供檢測和相應的建議，並透過Wi-Fi攻擊途徑來實現這些檢測。

In recent years smart phone has been more and more popularization in handset market, especially the Android system. Regardless of being receives and sends the email, playing the game, listening to music, watching the movie…and so on, which can work on the smart phones completely. Android is an open-source software stack for mobile devices, enables each people to develop the application. For this reason, hackers can spread the malicious software, like steals the user personal privacy material, and uses the payment service. Android Market has no the strict examination mechanism for the applications on the market, in addition Android applications can be acquired from any third party alternatives to "official" market. These could let the user easily download the malicious software without consciously. Therefore, how to safeguard on the Android handset's security, is essential target which we study. Our penetration test system collects each kind of Android system's exploits, and provides the examination with the corresponding suggestion.