AUTOMATIC DETECTION SYSTEM FOR ANDROID DEX INJECTION VULNERABILITY CAUSED BY HOT UPDATE

During the process of pushing patch packages for Android application hot updates, as no digital signature is added, attackers can hijack and tamper with the dex file, leading to dex injection with serious consequences. To address the above problems, an automatic detection system Homide based on mitmproxy is proposed. It used mitmproxy to obtain all the packets interacted between the client and the server, while locating the dex file. It injected code into the dex and pushed it to the client for execution using a man-in-the-middle attack. The log information output by the application was used to verify whether there was a dex injection vulnerability. For 513 applications in the application market, Homide successfully detected 17 new applications with dex injection. The experimental results show that Homide can effectively detect real-world applications with dex injection due to hot updates.