Android system security
- 2. Outline
• Some
news
about
android
threat
• Android
Threat
Model
– AAack
from
Computer
– AAack
from
Firmware
– NFC
Security
– Bluetooth
Security
• Malicious
APP
• Summary
- 10. AAack
from
Computer
• Gaining
root
access
– Official:
simulate
screen
tap
event
to
the
oem
unlock
menu
on
selected
devices.
– Universal:
linux
local
root
exploit
(CVE-‐2009-‐1185
RLIMIT_NPROC
exhausZon)
send
via
USB
• Insert
malicious
payload
– Kernel:
disassemble
boot
parZZon,
replace
kernel
zimage
with
malicious
• OpZonally
unroot
back
to
avoid
detecZon
- 11. AAack
from
Computer
• Kernel
manipulaZon
• NaZve
ARM
ELF
binary,
bypassed
Android
framework
permission
checking.
• In
sum,
a
complete
phone
provisioning
process
fully
automated
with
evil
payload.
- 12. AAack
from
Firmware
•
Customize
firmware
– Distributed
by
Network
– Pay
to
manufacturers
for
including
the
malware
– Some
manufacturers
used
firmware
image
from
internet
- 13. NFC
Security
• Near
field
communicaZon
(NFC)
is
a
set
of
standards
– Smartphones
and
similar
devices
to
establish
radio
communicaZon
– By
touching
them
together
or
bringing
them
into
proximity,
usually
no
more
than
a
few
cenZmeters.
- 14. NFC
Security
• No
link
level
security
(wireless
not
encrypted)
– Eavesdropping
(sniffing)
– Man-‐in-‐the-‐middle
– Data:
ModificaZon,
CorrupZon,
InserZon
• Tamper
with
NFC/RFID
tags
– Modify
original
tag
– Replace
with
malicious
tag
- 15. Bluetooth
Security
• Bluetooth
is
a
wireless
technology
standard
for
exchanging
data
over
short
distances
- 16. Bluetooth
Security
• General
so`ware
vulnerabiliZes
• Eavesdropping
– older
Bluetooth
devices
use
versions
of
the
Bluetooth
protocol
that
have
more
security
holes
• Denial
of
service
• Bluetooth
range
is
greater
than
you
think
– Bluetooth
is
designed
to
be
a
“personal
area
network.”
– Hackers
have
been
known
to
use
direcZonal,
high-‐gain
antennae
to
successfully
communicate
over
much
greater
distances.
– For
example,
security
researcher
Joshua
Wright
demonstrated
the
use
of
such
an
antenna
to
hack
a
Bluetooth
device
in
a
Starbucks
from
across
the
street.
- 17. AAack
Webkit
• WebKit
is
a
layout
engine
so`ware
component
for
rendering
web
pages
in
web
browsers.
• Basic
of
web-‐based
applicaZon
- 18. AAack
Webkit
•
1.
connect
2.
Send
malicious
content
Malicious
Website
Do
something
bad
- 20. MMS
• MulZmedia
Messaging
Service
– A
standard
way
to
send
messages
that
include
mulZmedia
content
to
and
from
mobile
phones
– It
extends
the
core
SMS
(Short
Message
Service)
capability
that
allowed
exchange
of
text
messages
- 22. MMS
AAack
Vectors
• MMS
AAack
Vectors
– Message
Headers
– MMS
uses
many
types
of
messages
SMS,
WAP,
WSP
• Message
contents
– SMIL
• Markup
language
to
describe
content
–
Rich
content
– Images
– Audio/Video
- 23. MMS
Security
• Mobile
phone
messaging
is
unique
aAack
surface
– Always
on
• FuncZonality
becoming
more
feature
rich
– Ringtones
– Videos
– Pictures
• Technical
hurdles
for
aAackers
are
dropping
– Easily
modified
phones
• FuncZonality
at
higher
layers
- 24. ImplementaZon
Vulnerability
• Android
flaw
in
parsing
UDH
for
concatenated
messages
– Concatenated
messages
have
a
sequence
number.
Valid
range
is
01-‐FF.
• Selng
sequence
to
00
triggers
an
unhandled
invalid
array
excepZon.
• Impact:
Crashed
com.android.phone
process
on
Android
G1
– Disables
all
radio
acZvity
on
the
phone.
- 27. APP
Permission
• Malicious
app
o`en
declare
more
permissions
android.permission.SEND_SMS
/
RECEIVE_SMS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_CONTACTS
/
WRITE_CONTACTS
android.
permission.READ_CALENDAR
/
WRITE_CALENDAR
android.permission.CALL_PHONE
android.permission.READ_LOGS
android.permission.ACCESS_FINE_LOCATION
android.permission.GET_TASKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.CHANGE_WIFI_STATE
com.android.browser.permission.READ_HISTORY_BOOKMARKS
/
WRITE_HISTORY_BOOKMARKS
- 29. Repackage
APK
• Fake
app
which
clone
the
code
from
the
original
one
– And
add
some
malicious
code
– Change
the
ad
library
- 31. Privilege
EscalaZon
•
Two
or
more
malicious
app
– Has
less
permission
and
seem
not
harmful
– With
communicate
though
intent,
these
apps
achieve
malicious
behaviors
which
require
higher
permission
- 32. MiZgate
the
Threat
• For
the
user
– Update
to
the
newest
version
• Android
• APP
– Close
unused
service
– Install
APP
that
you
trust
- 33. MiZgate
the
Threat
• For
the
Developer
– Basic
Security
Concept
– Code
Review
– PenetraZon
Test
– Keep
up
to
the
newest
aAack
- 34. Summary
• First,
we
share
some
security
new
in
android
• With
so
many
interface
for
communicaZon,
the
aAack
vector
is
become
more
wide
• The
threat
model
of
android
is
discuss
• Numerous
aAack
method
is
introduced
• Some
easy
guideline
is
proposed
for
user
and
developer
- 36. The
New
AAack
• While
we
already
talk
about
some
general
aAack
– But
aAacker’s
methods
change
with
Zme,
more
special
and
more
sophisZcated
– Current,
numerous
android
security
flaws
are
proposed
in
security
conference
- 37. UI
State
Inference
AAack
• AAacker
can
guest
what
AcZvity
is
current
viewed
by
user
– Try
to
hijack
the
AcZvity
– Do
something
bad
• Demo
video
- 38. Recognizing
Speech
From
Gyroscope
Signals
• Gyroscope
is
the
device
is
a
device
for
measuring
or
maintaining
orientaZon
- 39. Recognizing
Speech
From
Gyroscope
Signals
• Gyroscope
is
low
level
permission
for
app
– User
may
ignore
it
• While
speech
record
is
dangerous
permission
• Researchers
show
that
it
is
possible
to
recover
the
speech
from
Gyroscope
informaZon
- 40. Exploit
Update
Mechanism
• New
OS
version
presumably
fixes
security
loopholes
and
enhances
the
system’s
security
protecZon
• AutomaZcally
acquire
significant
capabiliZes
without
users’
consent
once
they
upgrade
to
newer
versions!
– automaZcally
obtaining
all
new
permissions
added
by
the
newer
version
OS
– replacing
system-‐level
apps
with
malicious
ones
– injecZng
malicious
scripts
into
arbitrary
webpages
- 41. Exploit
Update
Mechanism
• It
exploits
the
flaws
in
the
updaZng
mechanism
of
the
“future”
OS,
which
the
current
system
will
be
upgraded
to
• Demo
video
- 42. Security
Risks
in
CustomizaZons
• For
each
new
Android
version,
Google
first
releases
it
to
mobile
phone
vendors,
allowing
them
to
add
their
apps,
device
drivers
and
other
new
features
to
their
corresponding
Android
branches.
• Recent
studies
show
that
many
pre-‐loaded
apps
on
those
images
are
vulnerable,
leaking
system
capabiliZes
or
sensiZve
user
informaZon
to
unauthorized
parZes.
2014/5/19
42
- 43. Security
Risks
in
CustomizaZons
• The
security
risks
here,
however,
go
much
deeper
than
those
on
the
app
layer.
• ParZcularly,
they
almost
always
need
to
modify
a
few
device
drivers
(e.g.,
for
camera,
audio,
etc.)
and
related
system
selngs
to
support
their
hardware.
2014/5/19
43
- 44. Security
Risks
in
CustomizaZons
• Device
drivers
work
on
the
Linux
layer
and
communicate
with
Android
users
through
framework
services.
• Therefore,
any
customizaZon
on
an
Android
device
needs
to
make
sure
that
it
remains
well
protected
at
both
the
Linux
and
framework
layers.
• However,
vendors
usually
doesn't
have
the
Zme
to
properly
address
such
problems.
2014/5/19
44
- 45. The
Peril
of
FragmentaZon
• Android
devices
contain
a
large
piece
which
is
customize
by
vender
– Kernel
– Firmware
• For
ease
of
programming,
some
security
policies
are
broken
• DEMO
Video