Upload
-
View
300
Download
1
Embed Size (px)
DESCRIPTION
Discuss the threat about android system
Citation preview
Android System Security
C.K.Chen 2014/09/02
Outline
• Some news about android threat • Android Threat Model – AAack from Computer – AAack from Firmware – NFC Security – Bluetooth Security
• Malicious APP • Summary
Vulnerability
Android Threat Model
AAack from Computer
• Gaining root access – Official: simulate screen tap event to the oem unlock menu on selected devices.
– Universal: linux local root exploit (CVE-‐2009-‐1185 RLIMIT_NPROC exhausZon) send via USB
• Insert malicious payload – Kernel: disassemble boot parZZon, replace kernel zimage with malicious
• OpZonally unroot back to avoid detecZon
AAack from Computer
• Kernel manipulaZon • NaZve ARM ELF binary, bypassed Android framework permission checking.
• In sum, a complete phone provisioning process fully automated with evil payload.
AAack from Firmware
• Customize firmware – Distributed by Network – Pay to manufacturers for including the malware – Some manufacturers used firmware image from internet
NFC Security
• Near field communicaZon (NFC) is a set of standards – Smartphones and similar devices to establish radio communicaZon
– By touching them together or bringing them into proximity, usually no more than a few cenZmeters.
NFC Security
• No link level security (wireless not encrypted) – Eavesdropping (sniffing) – Man-‐in-‐the-‐middle – Data: ModificaZon, CorrupZon, InserZon
• Tamper with NFC/RFID tags – Modify original tag – Replace with malicious tag
Bluetooth Security
• Bluetooth is a wireless technology standard for exchanging data over short distances
Bluetooth Security • General so`ware vulnerabiliZes • Eavesdropping
– older Bluetooth devices use versions of the Bluetooth protocol that have more security holes
• Denial of service • Bluetooth range is greater than you think
– Bluetooth is designed to be a “personal area network.” – Hackers have been known to use direcZonal, high-‐gain antennae to successfully communicate over much greater distances.
– For example, security researcher Joshua Wright demonstrated the use of such an antenna to hack a Bluetooth device in a Starbucks from across the street.
AAack Webkit
• WebKit is a layout engine so`ware component for rendering web pages in web browsers.
• Basic of web-‐based applicaZon
AAack Webkit
•
1. connect
2. Send malicious content
Malicious Website
Do something bad
AAack Webkit
• hAps://www.youtube.com/watch?v=czx_AKdj8ug
MMS
• MulZmedia Messaging Service – A standard way to send messages that include mulZmedia content to and from mobile phones
– It extends the core SMS (Short Message Service) capability that allowed exchange of text messages
MMS Flow (Intra-‐carrier)
•
MMS AAack Vectors
• MMS AAack Vectors – Message Headers – MMS uses many types of messages SMS, WAP, WSP
• Message contents – SMIL
• Markup language to describe content – Rich content – Images – Audio/Video
MMS Security • Mobile phone messaging is unique aAack surface – Always on
• FuncZonality becoming more feature rich – Ringtones – Videos – Pictures
• Technical hurdles for aAackers are dropping – Easily modified phones
• FuncZonality at higher layers
ImplementaZon Vulnerability
• Android flaw in parsing UDH for concatenated messages – Concatenated messages have a sequence number. Valid range is 01-‐FF.
• Selng sequence to 00 triggers an unhandled invalid array excepZon.
• Impact: Crashed com.android.phone process on Android G1 – Disables all radio acZvity on the phone.
MMS AAack
•
Malicious APP
• Many aAack method must though malicious APP
APP Permission
• Malicious app o`en declare more permissions
android.permission.SEND_SMS / RECEIVE_SMS android.permission.SYSTEM_ALERT_WINDOW android.permission.READ_CONTACTS / WRITE_CONTACTS android. permission.READ_CALENDAR / WRITE_CALENDAR android.permission.CALL_PHONE android.permission.READ_LOGS android.permission.ACCESS_FINE_LOCATION android.permission.GET_TASKS android.permission.RECEIVE_BOOT_COMPLETED android.permission.CHANGE_WIFI_STATE com.android.browser.permission.READ_HISTORY_BOOKMARKS /WRITE_HISTORY_BOOKMARKS
Confused Deputy AAack
Repackage APK
• Fake app which clone the code from the original one – And add some malicious code – Change the ad library
Repackage APK
Privilege EscalaZon
• Two or more malicious app – Has less permission and seem not harmful – With communicate though intent, these apps achieve malicious behaviors which require higher permission
MiZgate the Threat
• For the user – Update to the newest version
• Android • APP
– Close unused service – Install APP that you trust
MiZgate the Threat
• For the Developer – Basic Security Concept – Code Review – PenetraZon Test – Keep up to the newest aAack
Summary
• First, we share some security new in android • With so many interface for communicaZon, the aAack vector is become more wide
• The threat model of android is discuss • Numerous aAack method is introduced • Some easy guideline is proposed for user and developer
Q&A
The New AAack
• While we already talk about some general aAack – But aAacker’s methods change with Zme, more special and more sophisZcated
– Current, numerous android security flaws are proposed in security conference
UI State Inference AAack
• AAacker can guest what AcZvity is current viewed by user – Try to hijack the AcZvity – Do something bad
• Demo video
Recognizing Speech From Gyroscope Signals
• Gyroscope is the device is a device for measuring or maintaining orientaZon
Recognizing Speech From Gyroscope Signals
• Gyroscope is low level permission for app – User may ignore it
• While speech record is dangerous permission • Researchers show that it is possible to recover the speech from Gyroscope informaZon
Exploit Update Mechanism
• New OS version presumably fixes security loopholes and enhances the system’s security protecZon
• AutomaZcally acquire significant capabiliZes without users’ consent once they upgrade to newer versions! – automaZcally obtaining all new permissions added by the newer version OS
– replacing system-‐level apps with malicious ones – injecZng malicious scripts into arbitrary webpages
Exploit Update Mechanism • It exploits the flaws in the updaZng mechanism of the “future” OS, which the current system will be upgraded to
• Demo video
Security Risks in CustomizaZons
• For each new Android version, Google first releases it to mobile phone vendors, allowing them to add their apps, device drivers and other new features to their corresponding Android branches.
• Recent studies show that many pre-‐loaded apps on those images are vulnerable, leaking system capabiliZes or sensiZve user informaZon to unauthorized parZes.
2014/5/19 42
Security Risks in CustomizaZons
• The security risks here, however, go much deeper than those on the app layer.
• ParZcularly, they almost always need to modify a few device drivers (e.g., for camera, audio, etc.) and related system selngs to support their hardware.
2014/5/19 43
Security Risks in CustomizaZons
• Device drivers work on the Linux layer and communicate with Android users through framework services.
• Therefore, any customizaZon on an Android device needs to make sure that it remains well protected at both the Linux and framework layers.
• However, vendors usually doesn't have the Zme to properly address such problems.
2014/5/19 44
The Peril of FragmentaZon
• Android devices contain a large piece which is customize by vender – Kernel – Firmware
• For ease of programming, some security policies are broken
• DEMO Video