Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.1.177

A Study on the Vulnerability of Security Keypads in Android Mobile Using Accessibility Features  

Lee, Jung-Woong (Graduate School of Information Security, Korea University)
Kim, In-Seok (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.1, 2016 , pp. 177-185 More about this Journal
Abstract
As the fintech industry is growing at an incredible rate, mobile phones are positioned as the most important tool for financial transaction. However, with a rising number of malware applications, the types of attack and illegal access to mobile device are becoming more diverse and sophisticated. This paper studies the potential keylogger attack by exploiting the Accessibility Service in Android framework. This type of attack allows the malicious individual to use keylogger on the victim's Android mobile phone to steal passwords during mobile financial transaction regardless of security keypad setting. Lastly the paper proposes solutions to counter these types of attack by verifying the accessibility usage and amending the application guideline for accessibility.
Keywords
Accessibility Service; Smartphone Security; Security Keypads;
Citations & Related Records
연도 인용수 순위
  • Reference
1 "Android and iOS Squeeze the Competition", IDC, 2015.2.24., http://www.idc.com/ getdoc.jsp?containerId=prUS25450615
2 "2015 Mobile Security Threat Expectation Trend Big 4", Ahnlab, 2015.1.6., http://asec.ahnlab.com/1018
3 Yunho Lee, "An Analysis on the Vulnerabi lity of Secure Keypads for Mobile Device," Journal of Korean Society for Internet Information, 14(3), pp.15-21, June. 2013
4 Android Accessibility, https://support.google.com/accessibility/android/answer/6006564?hl=ko
5 Web Standards Darum, "Android Accessi bility-TalkBack" http://darum.daum.net/accessibility/tools/android
6 Android Developers, "Building Accessibil ity Services" https://developer.android.com/guide/topics/ui/accessibility/services.html
7 Accessibility Service, https://developer. android.com/reference/android/accessibilityservice/AccessibilityService.html
8 Accessibility Event, http://developer.an droid.com/reference/android/view/accessibility/AccessibilityEvent.html
9 Kakao Talk, https://play.google.com/store/apps/details?id=com.kakao.talk
10 360 Security, https://play.google.com/store/apps/details?id=com.qihoo.security
11 MSIP Framework Act on National Informatization, http://www.law.go.kr/lsInfo P.do?lsiSeq=162070&efYd=20141119# AJAX
12 MSIP Mobile Application Accessibility Guideline, http://www.law.go.kr/conAd mrulByLsPop.do?&lsiSeq=162070&joNo=0032&joBrNo=00&datClsCd=010102&dguBun=DEG&#AJAX