A project by
NTU School of Computer Science and Engineering and PayPal
Motivation
With the proliferation of mobile technology and digitalisation of mobile devices, cyber-attacks on the mobile devices are also increasing significantly. Amongst the various attacks, malware infection accounts for the largest portion, resulting in compromised devices. Using unsafe devices may lead to private information leakage, causing economic losses to the user.
While many studies were carried out to determine Android based malware, few were performed to detect and examine iOS malware.
This project builds an iOS malware analysis framework to study the existing iOS malware. The framework will first collect the critical iOS malware and build a database. Then, it will extract features, and group the malware based on their different attack types. Subsequently, the framework will classify the malware into different groups, analyse and assess each of them to output a security score. Lastly, possible solutions will be recommended by the framework.
Achievements
The team have collected 50 iOS malware from iTunes and conducted manual profiling of the malicious behavior. The attack models are constructed by modeling commonly observed malicious behaviors in a graph, including access to clipboard, insecure data storage, risk of hot patches, access to keychain, screen capture, and access to notification.
The team have implemented an automated risk assessment tool (CodeKnife) to identify weaknesses or malicious behaviors contained in iOS apps (.ipa or .app), supporting app reverse engineering, API extraction, code abstraction (CFG, DFG), and vulnerability detection. The tool can be used via a web interface, and has been tested on more than 3,000 iOS apps.