Post on 15-Jan-2015
description
transcript
Vulnerability Study of the Android
Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson
(Group 8)
Overview
• Architecture of the Android• Scope of Vulnerabilities for the Android• Known Vulnerabilities for the Android• General Vulnerabilities of Mobile Devices• Organizations Supporting the Android
Architecture
• It is a software stack which performs several OS functions. • The Linux kernel is the base of the software stack.
• Core Java libraries are on the same level as other libraries.
• The virtual machine called the Dalvik Virtual Machine is on
this layer as well.
• The application framework is the next level.
Parts of Applications
• ActivityAn activity is needed to create a screen for a user application.
• Intents
Intents are used to transfer control from one activity to another. • Services
It doesn't need a user interface. It continues running in the background with other processes run in the foreground.
• Content Provider
This component allows the application to share information with other applications.
Security Architecture - Overview
Scope of Vulnerabilities
Refinements to MAC Model
• Delegation• Public and Private Components• Provision - No Security Access to Public Elements• Permission Granting Using User's Confirmation
Solutions ??? Precautions by Developers Special Tools for Users
Known Vulnerabilities
• Image Vulnerablitieso GIFo PNGo BMP
• Web Browser
GIF Image Vulnerability
• Decode function uses logical screen width and height to allocate heap
• Data is calculated using actual screen width and height• Can overflow the heap buffer allowing hacker can allow a
hacker to control the phone
PNG Image Vulnerability
• Uses an old libpng file• This file can allow hackers to cause a Denial of Service
(crash)
BMP Image Vulnerability
• Negative offset integer overflow• Offset field in the image header used to allocate a palette• With a negative value carefully chosen you can overwrite
the address of a process redirecting flow
Web Browser Vulnerability
• Vulnerability is in the multimedia subsystem made by PacketVideo
• Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device
• Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic
• Confined to the "sandbox"
General Mobile Phone Vulnerabilities
• GSMo SMSo MMS
• CDMA• Bluetooth• Wireless vulnerabilities
GSM Vulnerabilities
• GSMo Largest Mobile network in the worldo 3.8 billion phones on network
• David Hulton and Steve Mullero Developed method to quickly crack GSM encryptiono Can crack encryption in under 30 secondso Allows for undetectable evesdropping
• Similar exploits available for CDMA phones
SMS Vulnerabilities
• SMSo Short Messaging Systemo Very commonly used protocolo Used to send "Text Messages"
• GSM uses 2 signal bands, 1 for "control", the other for "data".
• SMS operates entirely on the "control" band.• High volume text messaging can disable the "control" band,
which also disables voice calls.• Can render entire city 911 services unresponsive.
MMS Vulnerabilities
• MMSo Unsecure data protocol for GSMo Extends SMS, allows for WAP connectivity
• Exploit of MMS can drain battery 22x fastero Multiple UDP requests are sent concurrently, draining the
battery as it responds to request• Does not expose data• Does make phone useless
Bluetooth Vulnerabilities
• Bluetootho Short range wireless communication protocolo Used in many personal electronic deviceso Requires no authentication
• An attack, if close enough, could take over Bluetooth device.• Attack would have access to all data on the Bluetooth
enabled device• Practice known as bluesnarfing
Organizations Supporting Android
• Google• Open Handset Alliance• 3rd Parties (ex: Mocana) • Users• Hackers
Organizations Supporting Android
Open Handset Alliance
Open Handset Alliance
Objective: To build a better mobile phone to enrich the lives of countless people across the globe.
3rd Party Partners
Mocana -- NanoPhone• Secure Web Browser• VPN• FIPS Encryption• Virus & Malware Protection• Secure Firmware Updating• Robust Certificate Authentication
Hackers for Android
• Hackers make Android stronger• White hats want to plug holes• Example
o Browser Threat reported by Independent Security Evaluators
o Jailbreak hole fixed by Google over-the-air
Conclusion
• Android is New & Evolving• Openness of Android
o Good in the long-runo Strong Community
• Robust Architecture• Powerful Computing Platform