Lange
Upcoming SlideShare
Loading in...5
×
 

Lange

on

  • 851 views

 

Statistics

Views

Total Views
851
Views on SlideShare
696
Embed Views
155

Actions

Likes
0
Downloads
30
Comments
0

3 Embeds 155

http://de.droidcon.com 140
http://eventifier.co 14
http://eventifier.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Lange Lange Presentation Transcript

    • State of the Union: Android Security OverviewMatthias Lange, Steffen Liebergeld, April 9th, 2013, Droidcon 2013
    • Why should I care?
    • Mobile OS Market Share (2012) 2 % 4 % 4 % 5 % 17 % 68 % Android iOS Blackberry Symbian Windows Linuxhttp://www.idc.com/getdoc.jsp?containerId=prUS23638712#.UUL-GaVW6-U
    • Malware Distribution 2010F-Secure Mobile Threat Report Q4/2012
    • Malware Distribution 2011F-Secure Mobile Threat Report Q4/2012
    • Malware Distribution 2012F-Secure Mobile Threat Report Q4/2012
    • No!
    • High Level Overview
    • Agenda• Secure Boot• Memory Management Security Enhancements• Android Application Security• Android Security Problems• Future Improvements
    • Secure Boot
    • Boot Process1. Initial Bootloader2. Bootloader3. Kernel4. Android init5. Android platform boot
    • Boot ArchitectureSoC DRAM DRAM CPU Controller Security Controller Boot Device Subsystem NAND Bootloader Signature SD/MMC ROM eMMC Kernel IBL USB OTG SignatureOM Pin
    • Signature Check SHA1 Image Digest/ Image Hash Compare Check with Public KeySignature Signature Digest/ Hash
    • Memory Protection
    • Protection Against Memory Corruption• Since 2.3 Gingerbread • Android >= 4.1 • eXecute Never (XN) • Position Independent Executable (PIE) • mmap_min_addr • Read-only Relocations (RELro)• Android >= 4.0 • Address Space Layout Randomization (ASLR)
    • ASLR• Randomize mapping location of memory • Stack, heap, libs, executable• Primarily provided by Linux kernel• Usually combined with NX
    • Randomization in Gingerbread• cat /proc/PID/maps (vold) 00008000-00028000 r-xp 00000000 b3:09 450 /system/bin/vold 00028000-00029000 rw-p 00020000 b3:09 450 /system/bin/vold afd00000-afd40000 r-xp 00000000 b3:09 743 /system/lib/libc.so afd40000-afd43000 rw-p 00040000 b3:09 743 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 b3:09 375 /system/bin/linker b0009000-b000a000 rw-p 00009000 b3:09 375 /system/bin/linker bebcc000-bebed000 rw-p 00000000 00:00 0 [stack] 00029000-00032000 rw-p 00000000 00:00 0 [heap] 00008000-00028000 r-xp 00000000 b3:09 450 /system/bin/vold 00028000-00029000 rw-p 00020000 b3:09 450 /system/bin/vold afd00000-afd40000 r-xp 00000000 b3:09 743 /system/lib/libc.so afd40000-afd43000 rw-p 00040000 b3:09 743 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 b3:09 375 /system/bin/linker b0009000-b000a000 rw-p 00009000 b3:09 375 /system/bin/linker becf2000-bed13000 rw-p 00000000 00:00 0 [stack] 00029000-00032000 rw-p 00000000 00:00 0 [heap]
    • Randomization in ICS• cat /proc/PID/maps (vold) 00008000-0001f000 r-xp 00000000 103:01 436 /system/bin/vold 0001f000-00020000 rw-p 00017000 103:01 436 /system/bin/vold 400b7000-400f9000 r-xp 00000000 103:01 891 /system/lib/libc.so 400f9000-400fc000 rw-p 00042000 103:01 891 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 103:01 357 /system/bin/linker b0009000-b000a000 rw-p 00009000 103:01 357 /system/bin/linker beabc000-beadd000 rw-p 00000000 00:00 0 [stack] 00020000-0002f000 rw-p 00000000 00:00 0 [heap] 00008000-0001f000 r-xp 00000000 103:01 436 /system/bin/vold 0001f000-00020000 rw-p 00017000 103:01 436 /system/bin/vold 400bc000-400fe000 r-xp 00000000 103:01 891 /system/lib/libc.so 400fe000-40101000 rw-p 00042000 103:01 891 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 103:01 357 /system/bin/linker b0009000-b000a000 rw-p 00009000 103:01 357 /system/bin/linker bee36000-bee57000 rw-p 00000000 00:00 0 [stack] 00020000-0002f000 rw-p 00000000 00:00 0 [heap]
    • Randomization in Jelly Bean• cat /proc/PID/maps (sleep 1000) 400e8000-40100000 r-xp 00000000 103:01 429       /system/bin/toolbox 40101000-40102000 r--p 00018000 103:01 429       /system/bin/toolbox 40102000-40104000 rw-p 00019000 103:01 429       /system/bin/toolbox 40093000-400d6000 r-xp 00000000 103:01 86        /system/lib/libc.so 400d6000-400d9000 rw-p 00043000 103:01 86        /system/lib/libc.so 40195000-401a8000 r-xp 00000000 103:01 889       /system/bin/linker 401a8000-401a9000 r--p 00012000 103:01 889       /system/bin/linker beb87000-beba8000 rw-p 00000000 00:00 0          [stack] 40046000-4005e000 r-xp 00000000 103:01 429       /system/bin/toolbox 4005f000-40060000 r--p 00018000 103:01 429       /system/bin/toolbox 40060000-40062000 rw-p 00019000 103:01 429       /system/bin/toolbox 40067000-400aa000 r-xp 00000000 103:01 86        /system/lib/libc.so 400aa000-400ad000 rw-p 00043000 103:01 86        /system/lib/libc.so 4011c000-4012f000 r-xp 00000000 103:01 889       /system/bin/linker 4012f000-40130000 r--p 00012000 103:01 889       /system/bin/linker bef0d000-bef2e000 rw-p 00000000 00:00 0          [stack]
    • Application Security
    • Bouncer• Scans and detects malware while uploading App to Market • App gets executed in emulator• Detection of emulator is easy• Since Jelly Bean 4.2 local version • Scans Apps from alternative app stores
    • App Encryption• Introduced in Jelly Bean 4.1• Encrypt paid Apps with device specific key• Disabled after bugs have been found
    • Android Security Problems
    • Missing Updates• At least three parties involved • Google/OHA, OEM, Carrier• Fast product cycle• Carrier can block updates• Millions of devices with well known vulnerabilities
    • Android Version Distribution Donut Eclair Froyo Gingerbread Honeycomb Ice Cream Sandwich Jelly Bean 4.1 Jelly Bean 4.2 0 12,5 25 37,5 50http://developer.android.com/about/dashboards/index.html, March, 4th 2013
    • OEM Extensions• Modifications of the Android core • Samsung (/dev/exynos-mem, USSD)• Rootkits in OEM Apps• Bad software quality • Linux drivers
    • Android Security Improvements
    • New Features in Jelly Bean >= 4.2• Secure USB debugging (whitelist for adb)• Better random number generator based on OpenSSL• SMS confirmation
    • SEAndroid• Android combined with SELinux• Rumor has it: may in Android 5.0• Samsung Knox
    • Thank you! Q&A