Bypass cell-phone-verification through a smartphone-based botnet

Fu Hau Hsu, Chi Hsien Hsu, Chuan Sheng Wang, Pei Hsun Lee, Ruei Min Jiang, Jia Sian Jhang

研究成果: 雜誌貢獻期刊論文同行評審


Due to the trend that more and more web services, such as Google, Facebook, and many auction websites, require users to open their new accounts or to login to their accounts through cell-phone-verification, cell-phone-verification has become an important function of cellular phones. However, our research shows that cell-phone-verification is not always reliable. This study proposes a new attack method named MAC-YURI (My ACcount, YoUr ResponsIbility) against cell-phone-verification to show people one possible abuse of smartphones. Through MAC-YURI, an attacker can utilize a compromised smartphone as a steppingstone to accept and forward account verification code to finish cell-phone-verification when applying a new account or logging in to an account. We have implemented MAC-YURI on an Android smartphone. Experimental results show that MAC-YURI can successfully assist an attacker in obtaining the verification code of an account without the awareness of a steppingstone smartphone owner. Besides, MAC-YURI also develops an SMS-based mechanism to create a smartphone-based botnet. After such a botnet is created, it is difficult to locate the bot master or the machine a bot will contact in the future. Finally, this paper proposes some recommendations to protect a smartphone against MAC-YURI.

頁(從 - 到)1097-1111
期刊Journal of Information Science and Engineering
出版狀態已出版 - 1 5月 2015


深入研究「Bypass cell-phone-verification through a smartphone-based botnet」主題。共同形成了獨特的指紋。