Stealthy Information Leakage from Android Smartphone through Screenshot and OCR
- DOI
- 10.2991/cmfe-15.2015.184How to use a DOI?
- Keywords
- DroidBox; TaintDroid; Taint; Android Application analysis; Anti-taint;
- Abstract
A large number of malicious apps focus on stealing personal and financial information. It is very important to detect such apps as early as possible in order to prevent subsequent crimes. DroidBox incorporating TaintDroid detects leakage of private information, IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity). DroidBox covers many possible information leakage paths, but it is also known that there are several paths to leak the information without detection. We utilized one attack path, screen bitmap memory, in order to propose a collection system that retrieves IMEI and IMSI information through screenshot image and extracts the information from the image by OCR (Optical Character Recognition) automatically. Furthermore, we found out that sans font showed very low recognition rate while serif and mono showed relatively high recognition rate. We also hid a screenshot activity from users. Therefore, the proposed method can be used to leak any information without worry of detection by DroidBox, users, text-based packet inspections tools.
- Copyright
- © 2015, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Yeon-kyung Kim AU - Han- Jea Yoon AU - Man-Hee Lee PY - 2015/07 DA - 2015/07 TI - Stealthy Information Leakage from Android Smartphone through Screenshot and OCR BT - Proceedings of the International Conference on Chemical, Material and Food Engineering PB - Atlantis Press SP - 784 EP - 787 SN - 2352-5401 UR - https://doi.org/10.2991/cmfe-15.2015.184 DO - 10.2991/cmfe-15.2015.184 ID - Kim2015/07 ER -