<span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition
Vishing, a blend of “voice” and “phishing”, has evolved to include techniques like Call Redirection and Display Overlay Attacks, causing significant financial losses. Existing research has largely focused on user behavior and awareness, leaving gaps in addressing attacks originating from vishing app...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/1/24 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Vishing, a blend of “voice” and “phishing”, has evolved to include techniques like Call Redirection and Display Overlay Attacks, causing significant financial losses. Existing research has largely focused on user behavior and awareness, leaving gaps in addressing attacks originating from vishing applications. In this work, we present <span style="font-variant: small-caps;">Ventinel</span>, an Android-based defense system designed to detect these attacks without requiring OS modifications. <span style="font-variant: small-caps;">Ventinel</span> employs Optical Character Recognition (OCR) to compare phone numbers during calls, effectively preventing Call Redirection and Display Overlay Attacks. Additionally, it safeguards against Duplicated Contacts Attacks by cross-referencing call logs and SMS records. <span style="font-variant: small-caps;">Ventinel</span> achieves 100% detection accuracy, surpassing commercial applications, and operates with minimal data collection to ensure user privacy. We also describe malicious API behavior and demonstrate that the same behavior is possible for API levels 29 and higher. Furthermore, we analyze the limitations of existing solutions and propose new attack and defense strategies. |
|---|---|
| ISSN: | 1999-5903 |