Automated Cash Mining Attacks on Mobile Advertising Networks

Woojoong Ji; Taeyun Kim; Kuyju Kim; Hyoungshick Kim

doi:10.1007/978-3-030-21548-4_40

Automated Cash Mining Attacks on Mobile Advertising Networks

Woojoong Ji, Taeyun Kim, Kuyju Kim, Hyoungshick Kim

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Rewarded advertisements are popularly used in the mobile advertising industry. In this paper, we analyze several rewarded advertisement applications to discover security weaknesses, which allow malicious users to automatically generate in-app activities for earning cash rewards on advertisement networks; we call this attack automated cash mining. To show the risk of this attack, we implemented automated cashing attacks on four popularly used Android applications (Cash Slide, Fronto, Honey Screen and Screen Stash) with rewarded advertisements through reverse engineering and demonstrated that all the tested reward apps are vulnerable to our attack implementation.

Original language	English
Title of host publication	Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings
Editors	Julian Jang-Jaccard, Fuchun Guo
Publisher	Springer Verlag
Pages	679-686
Number of pages	8
ISBN (Print)	9783030215477
DOIs	https://doi.org/10.1007/978-3-030-21548-4_40
State	Published - 2019
Event	24th Australasian Conference on Information Security and Privacy, ACISP 2019 - Christchurch, New Zealand Duration: 3 Jul 2019 → 5 Jul 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11547 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th Australasian Conference on Information Security and Privacy, ACISP 2019
Country/Territory	New Zealand
City	Christchurch
Period	3/07/19 → 5/07/19

Access to Document

10.1007/978-3-030-21548-4_40

Cite this

Ji, W., Kim, T., Kim, K., & Kim, H. (2019). Automated Cash Mining Attacks on Mobile Advertising Networks. In J. Jang-Jaccard, & F. Guo (Eds.), Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings (pp. 679-686). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11547 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-21548-4_40

Ji, Woojoong ; Kim, Taeyun ; Kim, Kuyju et al. / Automated Cash Mining Attacks on Mobile Advertising Networks. Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings. editor / Julian Jang-Jaccard ; Fuchun Guo. Springer Verlag, 2019. pp. 679-686 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a4b1697ce6a6427e98b17a14a908d071,

title = "Automated Cash Mining Attacks on Mobile Advertising Networks",

abstract = "Rewarded advertisements are popularly used in the mobile advertising industry. In this paper, we analyze several rewarded advertisement applications to discover security weaknesses, which allow malicious users to automatically generate in-app activities for earning cash rewards on advertisement networks; we call this attack automated cash mining. To show the risk of this attack, we implemented automated cashing attacks on four popularly used Android applications (Cash Slide, Fronto, Honey Screen and Screen Stash) with rewarded advertisements through reverse engineering and demonstrated that all the tested reward apps are vulnerable to our attack implementation.",

author = "Woojoong Ji and Taeyun Kim and Kuyju Kim and Hyoungshick Kim",

note = "Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 24th Australasian Conference on Information Security and Privacy, ACISP 2019 ; Conference date: 03-07-2019 Through 05-07-2019",

year = "2019",

doi = "10.1007/978-3-030-21548-4\_40",

language = "English",

isbn = "9783030215477",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "679--686",

editor = "Julian Jang-Jaccard and Fuchun Guo",

booktitle = "Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings",

}

Ji, W, Kim, T, Kim, K & Kim, H 2019, Automated Cash Mining Attacks on Mobile Advertising Networks. in J Jang-Jaccard & F Guo (eds), Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11547 LNCS, Springer Verlag, pp. 679-686, 24th Australasian Conference on Information Security and Privacy, ACISP 2019, Christchurch, New Zealand, 3/07/19. https://doi.org/10.1007/978-3-030-21548-4_40

Automated Cash Mining Attacks on Mobile Advertising Networks. / Ji, Woojoong; Kim, Taeyun; Kim, Kuyju et al.
Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings. ed. / Julian Jang-Jaccard; Fuchun Guo. Springer Verlag, 2019. p. 679-686 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11547 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automated Cash Mining Attacks on Mobile Advertising Networks

AU - Ji, Woojoong

AU - Kim, Taeyun

AU - Kim, Kuyju

AU - Kim, Hyoungshick

PY - 2019

Y1 - 2019

N2 - Rewarded advertisements are popularly used in the mobile advertising industry. In this paper, we analyze several rewarded advertisement applications to discover security weaknesses, which allow malicious users to automatically generate in-app activities for earning cash rewards on advertisement networks; we call this attack automated cash mining. To show the risk of this attack, we implemented automated cashing attacks on four popularly used Android applications (Cash Slide, Fronto, Honey Screen and Screen Stash) with rewarded advertisements through reverse engineering and demonstrated that all the tested reward apps are vulnerable to our attack implementation.

AB - Rewarded advertisements are popularly used in the mobile advertising industry. In this paper, we analyze several rewarded advertisement applications to discover security weaknesses, which allow malicious users to automatically generate in-app activities for earning cash rewards on advertisement networks; we call this attack automated cash mining. To show the risk of this attack, we implemented automated cashing attacks on four popularly used Android applications (Cash Slide, Fronto, Honey Screen and Screen Stash) with rewarded advertisements through reverse engineering and demonstrated that all the tested reward apps are vulnerable to our attack implementation.

UR - https://www.scopus.com/pages/publications/85068714760

U2 - 10.1007/978-3-030-21548-4_40

DO - 10.1007/978-3-030-21548-4_40

M3 - Conference contribution

AN - SCOPUS:85068714760

SN - 9783030215477

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 679

EP - 686

BT - Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings

A2 - Jang-Jaccard, Julian

A2 - Guo, Fuchun

PB - Springer Verlag

T2 - 24th Australasian Conference on Information Security and Privacy, ACISP 2019

Y2 - 3 July 2019 through 5 July 2019

ER -

Ji W, Kim T, Kim K, Kim H. Automated Cash Mining Attacks on Mobile Advertising Networks. In Jang-Jaccard J, Guo F, editors, Information Security and Privacy - 24th Australasian Conference, ACISP 2019, Proceedings. Springer Verlag. 2019. p. 679-686. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-21548-4_40

Automated Cash Mining Attacks on Mobile Advertising Networks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this