Since the concept of IoT (Internet of Things) was proposed, it has digitized the real world and has a wide range of applications. However, with tremendous evolution in data acquisition and transfer, a new type of attack represented by advanced persistent threat (APT) has attracted wide attention. APT organization identification for malware is a method to detect APT attacks. However, most of malware is tailored to the goal, it is complex and changeable, or can be updated very quickly. The traditional analysis method is difficult to obtain the source information of APT organization from the malware in the IoT. To this end, we propose a software genes method to solve this problem. Software gene is binary fragment of specific function or information in the software body. In this paper, different from traditional data flow and instruction flow, a new gene model is proposed which combine with knowledge graph of malware behavior. We fill the processed malware information into the gene model to obtain the APT organization gene pool. Of course, the gene pool should be optimized to include the genetic characteristics of APT. In theory, there genetic characteristics can help us identify malware and APT accurately in the IoT. However, biological genetic similarity algorithms cannot be used directly. A genetic similarity algorithm for APT organization identification of malware will be designed instead. Simulations on real-world dataset corroborate theoretical analysis and reveal the possibility of using genes for malware traceability.
Android system attackers have proposed various attack schemes to invade users' privacy. One way is to use ADB (Android Debug Bridge) with advanced permissions but low protection. In order to set up an ADB connection successfully, the USB debugging option of the target device must be turned on. However, the existing ADB-based attack schemes have not proposed how to enable the USB debugging, so it couldn't be considered that their attack chain is completable. This paper presents an approach for attacking Android devices by exploiting JavaScript to enable USB debugging automatically in the device's system settings, which fills in the gaps of existing solutions. This method can bypass the security mechanism of USB debugging mode and obtain an ADB connection without the user's authorization. It can also bypass the alerts that ADB Action Monitor displays when sensitive behaviors are detected. Based on AccessibilityService, Auto.js and Scrcpy, an application called Salaxy is designed and implemented to demonstrate the effectiveness of this method. Besides, Salaxy can monitor and manipulate Android devices remotely.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.