SiteWatcher on Android

Abstract

Phishing is a serious threat in the Internet. Recent versions of desktop browsers like Firefox 2.0, Internet Explorer 7 and email clients provide phishing and malware protection. However, many of these improvements have not yet added to the mobile devices. According to the research from Trusteer, compared with desktop users, mobile users are three times more susceptible to phishing attacks. People commonly use mobile devices to check emails and browse the Internet these days. This pattern of use makes smart phones become extremely attractive targets, particularly when consumers use them for online shopping and banking. Among all smart phone platforms, Android OS-based devices even become the most popular target of the attackers due to the "open" aspects of operation system. In addition, the use of QR codes has posed the potential dangers to mobile users as scanning QR codes can infect their smart phones. QR (quick response) codes can store alphanumeric characters in the form of text or URLs. It allows mobile user to use a smart phone's camera to read a barcode. With growing use of smart phone technology, QR codes can be captured and converted into information easily by free apps. However, cyber criminals can use those malicious QR codes to redirect the unsuspecting smart phone users to web page or install malware on their mobile devices. So, they can get the contacts and credit card information easily from victims. To address the security problems of phishing and the use of QR codes on smart phones, SiteWatcher on Android will make use of online anti-phishing service provided by the Anti-Phishing Group at City University of Hong Kong to protect mobile users against phishing threats. The application can examine the suspicious URLs and scan QR codes to check if they are fake or malicious sites to scam user. Beside, the application will warn user if they are visiting any phishing sites, so that the personal information of victims can be kept secure.