Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day...
Transcript of Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day...
![Page 1: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/1.jpg)
Android SecurityTransforming Perception Using Reality
![Page 2: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/2.jpg)
Android Security & Privacy StrategyProtect every Android user
Each part of the Android ecosystem works together
to build a strong defense that runs smoothly and effectively.
We’re transparent in everything we do. From
our open source platform to keeping users informed,
we share knowledge across our community.
We partner with expert teams across Google to help
keep over 2 billion Android users safe.
![Page 3: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/3.jpg)
Android Security & Privacy TeamTransparency Measurability
Defend against Internet-borne threats
User experience that offers security & privacy CCC
(comprehension, control, confidence)
Google Play Protect
Feature development
OS hardening, leverage HW, permissions, TEEs
Ecosystem
Platform Engineering
Vulnerability management
Full cycle, e.g. fuzzing and SPUR reviews,
for AOSP and partners
Assurance
![Page 4: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/4.jpg)
Three myths in Android enterprise deployments
Platform vulnerability risk
Malware risk Fragmentation(e.g. patching)
![Page 5: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/5.jpg)
1. Vulnerability Risk
![Page 6: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/6.jpg)
It all starts with secure hardware
SOC
TEESE
TEE (Trusted execution environment) used for key generation, key import, signing and verification services are executed in hardware.
Secure Lock Screen, PIN verification & Data encryption (PIN+HW key) used to derive encryption keys.
Version binding ensures keys created with a newer OS cannot be used by older OS versions.
Rollback prevention (8.0+) prevents downgrading OS to an older less secure version or patch level.
Verified Boot provides cryptographic verification of OS to ensure devices have not been compromised.
Tamper-resistant hardware (Android Pie) offers support to execute cryptographic functions in dedicated hardware.
![Page 7: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/7.jpg)
SELinux, process isolation and sandboxing
Android is built on SELinux where If an exploit is found, the attack vector is limited to the domain the exploit is able to execute in.
Application sandboxing ensures that application and system data is inaccessible from other apps.
Each process runs in its own user ID (UID) - limiting exposure of apps to get data from one another.
Work profile apps are prevented from communicating with personal apps by default.
Work profile apps run in a separate user space with separate encryption keys from personal apps, further limiting exposure,
EMMs cannot manage the personal device when the device is managed only via the Work Profile.
Personal app 1
Personal app 2
Workapp 1
Workapp 2
Work profile
Android device Primary profile
![Page 8: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/8.jpg)
Anti-exploitation
ASLR/KASLR
Hardened ucopy
ASAN/Fuzzing
IOSan
CFI/KCFI
PAN
LTS
Bug = Exploit
Linux Kernel
HAL
Android Runtime
Native Libraries
Android Framework
Applications
![Page 9: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/9.jpg)
Measuring exploitation difficulty: 0-day pricing
$200,000.00
$150,000.00
$100,000.00
$50,000.00
$0.00
Verified Boot TEE/Enclave Remote Kernel Kernel
Android
iOS
![Page 10: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/10.jpg)
Measuring exploitation difficulty: 0-day pricing
$125,000.00
$75,000.00
$50,000.00
$25,000.00
$0.00
iPhone Nexus
Sandbox
Unuath App Install
$150,00.00
$100,00.00
$50,00.00
$0.00
iPhone X
Browser
Short distance wireless
$100,000.00
$50,000.00
$30,000.00
$20,000.00
$10,000.00
$0.00
iPhone
Browser
Kernel Bonus
$40,000.00
Mobile Pwn2Own 2016 Mobile Pwn2Own 2017 Mobile Pwn2Own 2018
Pixel
Persistence Bonus
Pixel 2
Messaging (SMS/MMS)
Baseband
Kernel Bonus
![Page 11: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/11.jpg)
2. Malware Risk
![Page 12: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/12.jpg)
Malware is a universal risk
![Page 13: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/13.jpg)
Malware protection should be built-in
Windows Chrome/Chrome OSAndroid/Play
![Page 14: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/14.jpg)
World’s most widely used Anti-Malware solution
Security protection for everyone (Play and off-Play).
Always updating to provide the latest protections from Google AI.
Scans apps daily - from both within Google Play and outside of it.
Remediates by removing potentially harmful apps (PHA).
50BApps verified
per day
2+BDevices
protected
500KApps analyzed
per day
![Page 15: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/15.jpg)
In 2018, downloading a PHA from Google Play was 0.04%, and outside of Google Play was 0.92%.
Android PHA install rates over time
Google Play
Outside of Google Play
Q1, 2017 Q2, 2017 Q3, 2017 Q4, 2017 Q1, 2018 Q2, 2018 Q3, 2018 Q4, 2018
20180.04%
2018 0.92%
PHA
inst
all r
ate
0%
1%
2%
3%
![Page 16: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/16.jpg)
3. Fragmentation (e.g. patching)
![Page 17: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/17.jpg)
Better abstraction with Project Treble
As of Android 8.0 we’ve separated the firmware.
NEW
Firmware
OLD
OS
Firmware
OS
HAL (hardware abstraction layer)
This has resulted in faster upgrades to Android Pie for OEMs.
![Page 18: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/18.jpg)
Android has many security defenders
Device manufacturers
SOC vendors
Mobile operators
Academic institutions
Independent security
researchers
The worldwide Linux
community
![Page 19: Android Security - techiecheng.files.wordpress.com · Measuring exploitation difficulty: 0-day pricing $125,000.00 $75,000.00 $50,000.00 $25,000.00 $0.00 iPhone Nexus Sandbox Unuath](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed3cf2b558ce84bfe1d432a/html5/thumbnails/19.jpg)
Source: Gartner, Inc., “Mobile OSs and Device Security:
A Comparison of Platforms” Dec 2017
Setting the pace of security innovation
Video