Viktor Alyushin - Advanced exploitation of Android Master Key Vulnerability (bug 8219321)
Android Vulnerability Study
Transcript of Android Vulnerability Study
![Page 1: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/1.jpg)
Vulnerability Study of the Android
Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson
(Group 8)
![Page 2: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/2.jpg)
![Page 3: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/3.jpg)
Overview
• Architecture of the Android• Scope of Vulnerabilities for the Android• Known Vulnerabilities for the Android• General Vulnerabilities of Mobile Devices• Organizations Supporting the Android
![Page 4: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/4.jpg)
Architecture
• It is a software stack which performs several OS functions. • The Linux kernel is the base of the software stack.
• Core Java libraries are on the same level as other libraries.
• The virtual machine called the Dalvik Virtual Machine is on
this layer as well.
• The application framework is the next level.
![Page 5: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/5.jpg)
![Page 6: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/6.jpg)
Parts of Applications
• ActivityAn activity is needed to create a screen for a user application.
• Intents
Intents are used to transfer control from one activity to another. • Services
It doesn't need a user interface. It continues running in the background with other processes run in the foreground.
![Page 7: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/7.jpg)
• Content Provider
This component allows the application to share information with other applications.
![Page 8: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/8.jpg)
Security Architecture - Overview
![Page 9: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/9.jpg)
Scope of Vulnerabilities
Refinements to MAC Model
• Delegation• Public and Private Components• Provision - No Security Access to Public Elements• Permission Granting Using User's Confirmation
Solutions ??? Precautions by Developers Special Tools for Users
![Page 10: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/10.jpg)
Known Vulnerabilities
• Image Vulnerablitieso GIFo PNGo BMP
• Web Browser
![Page 11: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/11.jpg)
GIF Image Vulnerability
• Decode function uses logical screen width and height to allocate heap
• Data is calculated using actual screen width and height• Can overflow the heap buffer allowing hacker can allow a
hacker to control the phone
![Page 12: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/12.jpg)
PNG Image Vulnerability
• Uses an old libpng file• This file can allow hackers to cause a Denial of Service
(crash)
![Page 13: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/13.jpg)
BMP Image Vulnerability
• Negative offset integer overflow• Offset field in the image header used to allocate a palette• With a negative value carefully chosen you can overwrite
the address of a process redirecting flow
![Page 14: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/14.jpg)
Web Browser Vulnerability
• Vulnerability is in the multimedia subsystem made by PacketVideo
• Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device
• Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic
• Confined to the "sandbox"
![Page 15: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/15.jpg)
General Mobile Phone Vulnerabilities
• GSMo SMSo MMS
• CDMA• Bluetooth• Wireless vulnerabilities
![Page 16: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/16.jpg)
GSM Vulnerabilities
• GSMo Largest Mobile network in the worldo 3.8 billion phones on network
• David Hulton and Steve Mullero Developed method to quickly crack GSM encryptiono Can crack encryption in under 30 secondso Allows for undetectable evesdropping
• Similar exploits available for CDMA phones
![Page 17: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/17.jpg)
SMS Vulnerabilities
• SMSo Short Messaging Systemo Very commonly used protocolo Used to send "Text Messages"
• GSM uses 2 signal bands, 1 for "control", the other for "data".
• SMS operates entirely on the "control" band.• High volume text messaging can disable the "control" band,
which also disables voice calls.• Can render entire city 911 services unresponsive.
![Page 18: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/18.jpg)
MMS Vulnerabilities
• MMSo Unsecure data protocol for GSMo Extends SMS, allows for WAP connectivity
• Exploit of MMS can drain battery 22x fastero Multiple UDP requests are sent concurrently, draining the
battery as it responds to request• Does not expose data• Does make phone useless
![Page 19: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/19.jpg)
Bluetooth Vulnerabilities
• Bluetootho Short range wireless communication protocolo Used in many personal electronic deviceso Requires no authentication
• An attack, if close enough, could take over Bluetooth device.• Attack would have access to all data on the Bluetooth
enabled device• Practice known as bluesnarfing
![Page 20: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/20.jpg)
Organizations Supporting Android
• Google• Open Handset Alliance• 3rd Parties (ex: Mocana) • Users• Hackers
![Page 21: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/21.jpg)
Organizations Supporting Android
![Page 22: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/22.jpg)
Open Handset Alliance
![Page 23: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/23.jpg)
Open Handset Alliance
Objective: To build a better mobile phone to enrich the lives of countless people across the globe.
![Page 24: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/24.jpg)
3rd Party Partners
Mocana -- NanoPhone• Secure Web Browser• VPN• FIPS Encryption• Virus & Malware Protection• Secure Firmware Updating• Robust Certificate Authentication
![Page 25: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/25.jpg)
Hackers for Android
• Hackers make Android stronger• White hats want to plug holes• Example
o Browser Threat reported by Independent Security Evaluators
o Jailbreak hole fixed by Google over-the-air
![Page 26: Android Vulnerability Study](https://reader033.fdocuments.in/reader033/viewer/2022061203/546e92f2b4af9f671d8b4839/html5/thumbnails/26.jpg)
Conclusion
• Android is New & Evolving• Openness of Android
o Good in the long-runo Strong Community
• Robust Architecture• Powerful Computing Platform