iOS恶意应用分析综述

朱易翔; 张慷; 王渭清

doi:10.11959/j.issn.1000-0801.2017048

您当前的位置：

首页 >

文章列表页 >

iOS恶意应用分析综述

专题：智能终端与网络安全 | 更新时间：2024-06-05

- iOS恶意应用分析综述
- Review of iOS malicious application analysis
- 电信科学 2017年33卷第2期页码：42-47
- 作者机构：
  
  1. 移动互联网系统与应用安全国家工程实验室，上海 201315
  2. 中国电信股份有限公司上海研究院，上海 200122
  3. 中国电信股份有限公司上海分公司，上海 200120
  4. 中国电信集团公司，北京 100033
- 作者简介：
  
  [ "朱易翔（1979-），男，中国电信股份有限公司上海研究院互联网安全部副主任，负责移动互联网系统与应用安全国家工程实验室技术研发工作，主要研究方向为安全体系与架构、安全攻防与漏洞发掘、移动应用安全检测等。" ]
  [ "张慷（1969-），男，中国电信股份有限公司上海分公司信息网络部经理、高级工程师，主要研究方向为信息安全管理、云安全。" ]
  [ "王渭清（1980-），男，中国电信集团公司工程师，主要研究方向为信息安全管理、大数据安全。" ]
- 基金信息：
- DOI：10.11959/j.issn.1000-0801.2017048
  中图分类号： TP309
- 网络出版日期：2017-02，
  
  纸质出版日期：2017-02-20
- 稿件说明：
移动端阅览
朱易翔, 张慷, 王渭清. iOS恶意应用分析综述[J]. 电信科学, 2017,33(2):42-47.

Yixiang ZHU, Kang ZHANG, Weiqing WANG. Review of iOS malicious application analysis[J]. Telecommunications science, 2017, 33(2): 42-47.
朱易翔, 张慷, 王渭清. iOS恶意应用分析综述[J]. 电信科学, 2017,33(2):42-47. DOI： 10.11959/j.issn.1000-0801.2017048.

Yixiang ZHU, Kang ZHANG, Weiqing WANG. Review of iOS malicious application analysis[J]. Telecommunications science, 2017, 33(2): 42-47. DOI： 10.11959/j.issn.1000-0801.2017048.

摘要

介绍了iOS的安全架构和应用程序的分发模式，分析了iOS 平台上恶意应用程序对用户数据安全和隐私构成的威胁，讨论了iOS上恶意应用少于Android系统恶意应用的原因，总结了已出现的iOS恶意应用的攻击方法，并对未来的缓解和对抗策略进行了展望。

Abstract

The security architecture and distribution of iOS were introduced.The threats to user's data security and privacy from iOS malicious applications were analyzed.The reasons that the number of iOS malicious applications is less than Android malicious applications were discussed.The attacking methods of emerging iOS malicious applications were summed up.And prospect for future mitigation and confrontation strategies were given.

关键词

Keywords

references

国家计算机病毒应急处理中心 . 第十四次全国信息网络安全状况暨计算机和移动终端病毒疫情调查分析报告 [R ] . 2015 .

National Computer Virus Emergency Response Center . 14th analysis of national security situation of information network and investigation report on computer and mobile terminal virus [R ] . 2015 .

iOS 9.3 or later.iOS security-white paper [S/OL ] . ( 2016 - 05 - 01 ) [ 2016 - 10 - 10 ] . https://www.Apple.com/business/docs/iOS_Security_Guide.pdf https://www.Apple.com/business/docs/iOS_Security_Guide.pdf .

Apple's app store has passed 100 billion app downloads [EB/OL ] . ( 2016 - 06 - 08 ) [ 2016 - 10 - 10 ] . http://www.theverge.com/2015/6/8/8739611/Apple-wwdc-2015-stats-update http://www.theverge.com/2015/6/8/8739611/Apple-wwdc-2015-stats-update .

CHARLIE M , DION B , DINO D , et al . iOS hacker's handbook [M ] . NewYork ： Wiley , 2012 .

AppBuyer:new iOS malware steals apple ID and password to buy apps [EB/OL ] . ( 2014 - 09 - 12 ) [ 2016 - 10 - 10 ] . http://researchcenter.paloaltonetworks.com/2014/09/APPbuyer-new-ios-% malware-steals-%Apple-id-password-buy-APPs/ http://researchcenter.paloaltonetworks.com/2014/09/APPbuyer-new-ios-% malware-steals-%Apple-id-password-buy-APPs/ .

WANG T , JANG Y , CHEN Y , et al . On the feasibility of large-scale infections of iOS devices [C ] // The 23rd USENIX Security Symposium (Security) , August 20 - 22 , 2014 , San Diego,CA,USA . New Jersey : IEEE Press , 2014 : 79 - 95 .

Wirelurker:a new era in iOS and os x malware [EB/OL ] . ( 2014 - 11 - 05 ) [ 2016 - 10 - 10 ] . https://www.paloaltonetworks.com/resources/research/unit42-wirelurker-a-new-era-in-ios-and-os-x-malware.html https://www.paloaltonetworks.com/resources/research/unit42-wirelurker-a-new-era-in-ios-and-os-x-malware.html .

NICOLAS S . iPhone privacy [S/OL ] . ( 2012 - 04 - 07 ) [ 2016 - 10 - 10 ] . http://revenews.com/files/iPhonePrivacydoc.pdf http://revenews.com/files/iPhonePrivacydoc.pdf .

LAU B , JANG Y , SONG C , et al . Mactans:injecting malware into iOS devices via malicious chargers [C ] // Black Hat USA , July 27 Aug - 1 , 2013 , Las Vegas,NV,USA . New Jersey : IEEE Press , 2013 .

WANG T , LU K , LU L , et al . Usenix Conference on Security [C ] // Black Hat USA , August 12 - 13 , 2013 , Washington D C,USA . New Jersey : IEEE Press , 2013 : 559 - 572 .

安天实验室 . Xcode 非官方版本恶意代码污染事件（XcodeGhost）的分析与综述 [R/OL ] . ( 2015 - 09 - 20 ) [ 2016 - 10 - 10 ] . http://www.antiy.com/response/xcode/xcodeghost.pdf http://www.antiy.com/response/xcode/xcodeghost.pdf .

YiSpecter:first iOS malware that attacks non-jailbroken apple iOS devices by abusing private APIs [EB/OL ] . ( 2015 - 10 - 04 ) [ 2016 - 10 - 10 ] . http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-%by-abusing-private-apis/ http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-%by-abusing-private-apis/ .

Pegasus-针对iOS设备的APT攻击分析 [EB/OL ] . ( 2016 - 08 - 26 ) [ 2016 - 10 - 10 ] . http://blog.pangu.io/pegasus-apt/ http://blog.pangu.io/pegasus-apt/ .

Pegasus-analysis of APT attacks on iOS devices [EB/OL ] . ( 2016 - 08 - 26 ) [ 2016 - 10 - 10 ] . http://blog.pangu.io/pegasus-apt/ http://blog.pangu.io/pegasus-apt/ .

浏览量

537

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据