The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded multipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themselves from their competitors. However, vendor customizations will inherently impact overall Android security and such impact is still largely unknown.In this paper, we analyze ten representative stock Android images from five popular smartphone vendors (with two models from each vendor). Our goal is to assess the extent of security issues that may be introduced from vendor customizations and further determine how the situation is evolving over time. In particular, we take a three-stage process: First, given a smartphone's stock image, we perform provenance analysis to classify each app in the image into three categories: apps originating from the AOSP, apps customized or written by the vendor, and third-party apps that are simply bundled into the stock image. Such provenance analysis allows for proper attribution of detected security issues in the examined Android images. Second, we analyze permission usages of pre-loaded apps to identify overprivileged ones that unnecessarily request more Android permissions than they actually use. Finally, in vulnerability analysis, we detect buggy pre-loaded apps that can be exploited to mount permission re-delegation attacks or leak private information.Our evaluation results are worrisome: vendor customizations are significant on stock Android devices and on the whole responsible for the bulk of the security problems we detected in each device. Specifically, our results show that on average 85.78% of all preloaded apps in examined stock images are overprivileged with a majority of them directly from vendor customizations. In addition, 64.71% to 85.00% of vulnerabilities we detected in examined images from every vendor (except for Sony) arose from vendor customizations. In general, this pattern held over time -newer smartphones, we found, are not necessarily more secure than older ones.
Abstract-"Botnet" is a network of computers that are compromised and controlled by an attacker. Botnets are one of the most serious threats to today's Internet. Most current botnets have centralized command and control (C&C) architecture. However, peer-to-peer (P2P) structured botnets have gradually emerged as a new advanced form of botnets. Without central C&C servers, P2P botnets are more resilient to defenses and countermeasures than traditional centralized botnets. In this paper, we systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction, C&C mechanisms and communication protocols, and mitigation approaches. We carefully study two defense approaches: index poisoning and sybil attack. According to the common idea shared by them, we are able to give analytical results to evaluate their performance. We also propose possible counter techniques which might be developed by attackers against index poisoning and sybil attack defenses. In addition, we obtain one interesting finding: compared to traditional centralized botnets, by using index poisoning technique, it is easier to shut down or at least effectively mitigate P2P botnets that adopt existing P2P protocols and rely on file index to disseminate commands.
Botnets have become one of the major attacks in current Internet due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defense systems. Since honeypots set up by security defenders can attract botnet compromises and become spies in exposing botnet membership and botnet attacker behaviors, they are widely used by security defenders in botnet defense. Therefore, attackers constructing and maintaining botnets will be forced to find ways to avoid honeypot traps. In this paper, we present a hardware and software independent honeypot detection methodology based on the following assumption: security professionals deploying honeypots have liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint. Attackers could detect honeypots in their botnets by checking whether compromised machines in a botnet can successfully send out unmodified malicious traffic. Based on this basic detection principle, we present honeypot detection techniques to be used in both centralized botnets and peer-to-peer structured botnets. Experiments show that current standard honeypot and honeynet programs are vulnerable to the proposed honeypot detection techniques. In the end, we discuss some guidelines for defending against general honeypot-aware attacks.
The present study aimed to investigate the effect of hydrogen sulfide (H2S) on kidney injury induced by urinary-derived sepsis. Rabbits were randomly divided into control, sham, sepsis, NaHS 2.8 μmol/kg and NaHS 8.4 μmol/kg groups, with six rabbits in each group. Upper urinary tract obstruction and acute infection was induced to establish the sepsis model. Blood was collected to carry out a white blood cell (WBC) count, and creatinine (Cr) and blood urea nitrogen (BUN) analysis. Morphological changes were observed by hematoxylin and eosin (H&E) staining and transmission electron microscopy. Immunohistochemical staining was used to detect the expression levels of tumor necrosis factor (TNF)-α, interleukin (IL)-10 and nuclear factor κ-light-chain-enhancer of activated B cells (NF-κB). Cystathionine-γ-lyase (CSE) activity was measured by the spectrophotometric methylene blue method and the blood H2S concentration was measured by deproteinization. WBC, Cr and BUN levels were significantly elevated in the sepsis group compared with those in the control group (P<0.05). Following treatment with NaHS, the WBC, Cr and BUN levels were significantly decreased in the NaHS groups compared with those in the sepsis group (P<0.05). The pathological features of kidney injury were also alleviated by NaHS. In the sepsis group, the levels of TNF-α, IL-10 and NF-κB were significantly increased compared with those in the control group (P<0.05). In the NaHS groups, the TNF-α and NF-κB levels were significantly reduced whereas the IL-10 level was significantly increased compared with the respective levels in the sepsis group (P<0.05). The H2S concentration was significantly decreased in the sepsis group and this reduction was attenuated in the NaHS groups (P<0.05). Furthermore, the NaHS 8.4 μmol/kg dose revealed a more potent effect than the NaHS 2.8 μmol/kg dose. Thus, exogenous H2S reduced kidney injury from urinary-derived sepsis by decreasing the levels of NF-κB and TNF-α, and increasing the level of IL-10.
In this paper, we present the first large-scale and systematic study to characterize the code reuse practice in the Ethereum smart contract ecosystem. We first performed a detailed similarity comparison study on a dataset of 10 million contracts we had harvested, and then we further conducted a qualitative analysis to characterize the diversity of the ecosystem, understand the correlation between code reuse and vulnerabilities, and detect the plagiarist DApps. Our analysis revealed that over 96% of the contracts had duplicates, while a large number of them were similar, which suggests that the ecosystem is highly homogeneous. Our results also suggested that roughly 9.7% of the similar contract pairs have exactly the same vulnerabilities, which we assume were introduced by code clones. In addition, we identified 41 DApps clusters, involving 73 plagiarized DApps which had caused huge financial loss to the original creators, accounting for 1/3 of the original market volume.
Developers often integrate third-party services into their apps. To access a service, an app must authenticate itself to the service with a credential. However, credentials in apps are often not properly or adequately protected, and might be easily extracted by attackers. A leaked credential could pose serious privacy and security threats to both the app developer and app users.In this paper, we propose CredMiner to systematically study the prevalence of unsafe developer credential uses in Android apps. CredMiner can programmatically identify and recover (obfuscated) developer credentials unsafely embedded in Android apps. Specifically, it leverages data flow analysis to identify the raw form of the embedded credential, and selectively executes the part of the program that builds the credential to recover it. We applied CredMiner to 36, 561 apps collected from various Android markets to study the use of free email services and Amazon AWS. There were 237 and 196 apps that used these two services, respectively. CredMiner discovered that 51.5% (121/237) and 67.3% (132/196) of them were vulnerable. In total, CredMiner recovered 302 unique email login credentials and 58 unique Amazon AWS credentials, and verified that 252 and 28 of these credentials were still valid at the time of the experiments, respectively.
Objective: Aimed to investigate the epidemiological characteristics, clinical features, treatment, and short-term prognosis of COVID-19 in children.Methods: Retrospective analysis was conducted in 48 children with COVID-19 admitted to 12 hospitals in eight cities in Hunan province, China, from January 26, 2020 to June 30, 2020.Results: Of the 48 cases, Familial clusters were confirmed for 46 children (96%). 16 (33%) were imported from other provinces. There were 11 (23%) asymptomatic cases. only 2 cases (4%) were severe. The most common symptom was fever (n = 20, 42%). Other symptoms included cough (n = 19, 40%), fatigue (n = 8, 17%), and diarrhea (n = 5, 10%). In the early stage, the total peripheral blood leukocytes count increased in 3(6%) cases and the lymphocytes count decreased in 5 (10%) cases. C-reactive protein and procalcitonin were elevated respectively in 3 (6%) cases and 2 (4%) cases. There were abnormal chest CT changes in 22 (46%) children, including 15 (68%) with patchy ground glass opacity, 5 (22%) with consolidation, and 2 (10%) with mixed shadowing. In addition to supportive treatment, antiviral therapy was received by 41 (85%) children, 11 (23%) patients were treated with antibiotics, and 2 (4%) were treated with methylprednisolone and intravenous immunoglobulin. Compared to 2 weeks follow-up, one child developed low fever and headache during the 4 weeks follow-up, 3 (6%) children had runny noses, one of them got mild cough, and 4 (12%) children had elevated white blood cells and lymphocytes. However, LDH and CK increased at 2 weeks and 4 weeks follow-up. 2 weeks follow-up identified normal chest radiographs in 33 (69%) pediatric patients. RT-PCR detection of SARS-CoV-2 was negative in all follow-up patients at 2 and 4 weeks follow-up. All 48 pediatric patients were visited by calling after 1 year of discharge.Conclusions: Most cases of COVID-19 in children in Hunan province were asymptomatic, mild, or moderate. Close family contact was the main route of infection. It appeared that the younger the patient, the less obvious their symptoms. Epidemiological history, nucleic acid test, and chest imaging were important tools for diagnosis in children.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.