<span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition
Vishing, a blend of “voice” and “phishing”, has evolved to include techniques like Call Redirection and Display Overlay Attacks, causing significant financial losses. Existing research has largely focused on user behavior and awareness, leaving gaps in addressing attacks originating from vishing app...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/17/1/24 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832588404118781952 |
|---|---|
| author | Daegyeom Kim Sehwan O Younghoon Ban Jungsoo Park Kyungho Joo Haehyun Cho |
| author_facet | Daegyeom Kim Sehwan O Younghoon Ban Jungsoo Park Kyungho Joo Haehyun Cho |
| author_sort | Daegyeom Kim |
| collection | DOAJ |
| description | Vishing, a blend of “voice” and “phishing”, has evolved to include techniques like Call Redirection and Display Overlay Attacks, causing significant financial losses. Existing research has largely focused on user behavior and awareness, leaving gaps in addressing attacks originating from vishing applications. In this work, we present <span style="font-variant: small-caps;">Ventinel</span>, an Android-based defense system designed to detect these attacks without requiring OS modifications. <span style="font-variant: small-caps;">Ventinel</span> employs Optical Character Recognition (OCR) to compare phone numbers during calls, effectively preventing Call Redirection and Display Overlay Attacks. Additionally, it safeguards against Duplicated Contacts Attacks by cross-referencing call logs and SMS records. <span style="font-variant: small-caps;">Ventinel</span> achieves 100% detection accuracy, surpassing commercial applications, and operates with minimal data collection to ensure user privacy. We also describe malicious API behavior and demonstrate that the same behavior is possible for API levels 29 and higher. Furthermore, we analyze the limitations of existing solutions and propose new attack and defense strategies. |
| format | Article |
| id | doaj-art-365b634c60d4464fa052c16d306713b9 |
| institution | Kabale University |
| issn | 1999-5903 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Future Internet |
| spelling | doaj-art-365b634c60d4464fa052c16d306713b92025-01-24T13:33:36ZengMDPI AGFuture Internet1999-59032025-01-011712410.3390/fi17010024<span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character RecognitionDaegyeom Kim0Sehwan O1Younghoon Ban2Jungsoo Park3Kyungho Joo4Haehyun Cho5Graduate School of Software, Soongsil University, Seoul 06978, Republic of KoreaGraduate School of Software, Soongsil University, Seoul 06978, Republic of KoreaGraduate School of Software, Soongsil University, Seoul 06978, Republic of KoreaDepartment of ICT Convergence Science, Kangnam University, Yongin 16979, Republic of KoreaGraduate School of Software, Soongsil University, Seoul 06978, Republic of KoreaGraduate School of Software, Soongsil University, Seoul 06978, Republic of KoreaVishing, a blend of “voice” and “phishing”, has evolved to include techniques like Call Redirection and Display Overlay Attacks, causing significant financial losses. Existing research has largely focused on user behavior and awareness, leaving gaps in addressing attacks originating from vishing applications. In this work, we present <span style="font-variant: small-caps;">Ventinel</span>, an Android-based defense system designed to detect these attacks without requiring OS modifications. <span style="font-variant: small-caps;">Ventinel</span> employs Optical Character Recognition (OCR) to compare phone numbers during calls, effectively preventing Call Redirection and Display Overlay Attacks. Additionally, it safeguards against Duplicated Contacts Attacks by cross-referencing call logs and SMS records. <span style="font-variant: small-caps;">Ventinel</span> achieves 100% detection accuracy, surpassing commercial applications, and operates with minimal data collection to ensure user privacy. We also describe malicious API behavior and demonstrate that the same behavior is possible for API levels 29 and higher. Furthermore, we analyze the limitations of existing solutions and propose new attack and defense strategies.https://www.mdpi.com/1999-5903/17/1/24Androidmobile securityvoice phishingvishing |
| spellingShingle | Daegyeom Kim Sehwan O Younghoon Ban Jungsoo Park Kyungho Joo Haehyun Cho <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition Future Internet Android mobile security voice phishing vishing |
| title | <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition |
| title_full | <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition |
| title_fullStr | <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition |
| title_full_unstemmed | <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition |
| title_short | <span style="font-variant: small-caps">Ventinel</span>: Automated Detection of Android Vishing Apps Using Optical Character Recognition |
| title_sort | span style font variant small caps ventinel span automated detection of android vishing apps using optical character recognition |
| topic | Android mobile security voice phishing vishing |
| url | https://www.mdpi.com/1999-5903/17/1/24 |
| work_keys_str_mv | AT daegyeomkim spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition AT sehwano spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition AT younghoonban spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition AT jungsoopark spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition AT kyunghojoo spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition AT haehyuncho spanstylefontvariantsmallcapsventinelspanautomateddetectionofandroidvishingappsusingopticalcharacterrecognition |