Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections

The “Red Fox”

For years, the Internet community has been haunted by increasingly sophisticated and organized cybercrimes, ranging from exploits on vulnerable systems (e.g., drive-by downloads) to all kinds of frauds and social engineering. Such criminal activities have developed into mass underground businesses, costing the world hundreds of billions of dollars every year and victimizing hundreds of millions of Internet users.…

App Guardian: An App Level Protection Against RIG Attacks

Stealing of sensitive information from apps is always considered to be one of the most critical threats to Android security. Recent studies show that this can happen even to the apps without explicit implementation flaws, through exploiting some design weaknesses of the operating system, e.g., shared communication channels such as Bluetooth, and side channels such as memory and network-data usages. In all these attacks, a malicious app needs to run side-by-side with the target app (the victim) to collect its runtime information.…

Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations

This paper is to appear at the 22nd ACM Conference on Computer and Communications Security 2015 (CCS), authored by Yangyi Chen, Tongxin Li, XiaoFeng Wang, Kai Chen and Xinhui Han.


In this paper, we report the first large-scale, systematic study on the security qualities of emerging push-messaging services, focusing on their app-side service integrations. We identified a set of security properties different push-messaging services (e.g.,…

Unauthorized Cross-App Resource Access on Mac OS X and iOS

This paper is to appear at the 22nd ACM Conference on Computer and Communications Security 2015 (CCS), authored by Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-min Hu, Xinhui Han.

XARA Vulnerabilities on Mac OS X and iOS

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs.…

Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale

Our malware detection platform, MassVet, detected over 100,000 potentially harmful apps (PHA). Among them, 10,000 PHAs are missed by VirusTotal. MassVet can also detect app piracy in a large scale, over millions of apps, in seconds. For more details, please refer to our paper. Or you can use MassVet to analyze Android apps at Android Malware Detection Platform.…

Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating

Pileup Vulnerabilities in OS Updating

People tend to believe that an OS upgrade makes their mobile devices much securer and more reliable, because the new OS version presumably fixes security loopholes and enhances the system’s security protection. However, our recent study on the current Android upgrade mechanism brings to light a whole new set of vulnerabilities pervasively existing in almost all Android versions, which allow a seemingly harmless malicious app (“unprivileged app” in the security term) running on a version of Android to automatically acquire significant capabilities without users’ consent once they upgrade to newer versions!