Lange

622 views
554 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
622
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Lange

  1. 1. State of the Union: Android Security OverviewMatthias Lange, Steffen Liebergeld, April 9th, 2013, Droidcon 2013
  2. 2. Why should I care?
  3. 3. Mobile OS Market Share (2012) 2 % 4 % 4 % 5 % 17 % 68 % Android iOS Blackberry Symbian Windows Linuxhttp://www.idc.com/getdoc.jsp?containerId=prUS23638712#.UUL-GaVW6-U
  4. 4. Malware Distribution 2010F-Secure Mobile Threat Report Q4/2012
  5. 5. Malware Distribution 2011F-Secure Mobile Threat Report Q4/2012
  6. 6. Malware Distribution 2012F-Secure Mobile Threat Report Q4/2012
  7. 7. No!
  8. 8. High Level Overview
  9. 9. Agenda• Secure Boot• Memory Management Security Enhancements• Android Application Security• Android Security Problems• Future Improvements
  10. 10. Secure Boot
  11. 11. Boot Process1. Initial Bootloader2. Bootloader3. Kernel4. Android init5. Android platform boot
  12. 12. Boot ArchitectureSoC DRAM DRAM CPU Controller Security Controller Boot Device Subsystem NAND Bootloader Signature SD/MMC ROM eMMC Kernel IBL USB OTG SignatureOM Pin
  13. 13. Signature Check SHA1 Image Digest/ Image Hash Compare Check with Public KeySignature Signature Digest/ Hash
  14. 14. Memory Protection
  15. 15. Protection Against Memory Corruption• Since 2.3 Gingerbread • Android >= 4.1 • eXecute Never (XN) • Position Independent Executable (PIE) • mmap_min_addr • Read-only Relocations (RELro)• Android >= 4.0 • Address Space Layout Randomization (ASLR)
  16. 16. ASLR• Randomize mapping location of memory • Stack, heap, libs, executable• Primarily provided by Linux kernel• Usually combined with NX
  17. 17. Randomization in Gingerbread• cat /proc/PID/maps (vold) 00008000-00028000 r-xp 00000000 b3:09 450 /system/bin/vold 00028000-00029000 rw-p 00020000 b3:09 450 /system/bin/vold afd00000-afd40000 r-xp 00000000 b3:09 743 /system/lib/libc.so afd40000-afd43000 rw-p 00040000 b3:09 743 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 b3:09 375 /system/bin/linker b0009000-b000a000 rw-p 00009000 b3:09 375 /system/bin/linker bebcc000-bebed000 rw-p 00000000 00:00 0 [stack] 00029000-00032000 rw-p 00000000 00:00 0 [heap] 00008000-00028000 r-xp 00000000 b3:09 450 /system/bin/vold 00028000-00029000 rw-p 00020000 b3:09 450 /system/bin/vold afd00000-afd40000 r-xp 00000000 b3:09 743 /system/lib/libc.so afd40000-afd43000 rw-p 00040000 b3:09 743 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 b3:09 375 /system/bin/linker b0009000-b000a000 rw-p 00009000 b3:09 375 /system/bin/linker becf2000-bed13000 rw-p 00000000 00:00 0 [stack] 00029000-00032000 rw-p 00000000 00:00 0 [heap]
  18. 18. Randomization in ICS• cat /proc/PID/maps (vold) 00008000-0001f000 r-xp 00000000 103:01 436 /system/bin/vold 0001f000-00020000 rw-p 00017000 103:01 436 /system/bin/vold 400b7000-400f9000 r-xp 00000000 103:01 891 /system/lib/libc.so 400f9000-400fc000 rw-p 00042000 103:01 891 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 103:01 357 /system/bin/linker b0009000-b000a000 rw-p 00009000 103:01 357 /system/bin/linker beabc000-beadd000 rw-p 00000000 00:00 0 [stack] 00020000-0002f000 rw-p 00000000 00:00 0 [heap] 00008000-0001f000 r-xp 00000000 103:01 436 /system/bin/vold 0001f000-00020000 rw-p 00017000 103:01 436 /system/bin/vold 400bc000-400fe000 r-xp 00000000 103:01 891 /system/lib/libc.so 400fe000-40101000 rw-p 00042000 103:01 891 /system/lib/libc.so b0001000-b0009000 r-xp 00001000 103:01 357 /system/bin/linker b0009000-b000a000 rw-p 00009000 103:01 357 /system/bin/linker bee36000-bee57000 rw-p 00000000 00:00 0 [stack] 00020000-0002f000 rw-p 00000000 00:00 0 [heap]
  19. 19. Randomization in Jelly Bean• cat /proc/PID/maps (sleep 1000) 400e8000-40100000 r-xp 00000000 103:01 429       /system/bin/toolbox 40101000-40102000 r--p 00018000 103:01 429       /system/bin/toolbox 40102000-40104000 rw-p 00019000 103:01 429       /system/bin/toolbox 40093000-400d6000 r-xp 00000000 103:01 86        /system/lib/libc.so 400d6000-400d9000 rw-p 00043000 103:01 86        /system/lib/libc.so 40195000-401a8000 r-xp 00000000 103:01 889       /system/bin/linker 401a8000-401a9000 r--p 00012000 103:01 889       /system/bin/linker beb87000-beba8000 rw-p 00000000 00:00 0          [stack] 40046000-4005e000 r-xp 00000000 103:01 429       /system/bin/toolbox 4005f000-40060000 r--p 00018000 103:01 429       /system/bin/toolbox 40060000-40062000 rw-p 00019000 103:01 429       /system/bin/toolbox 40067000-400aa000 r-xp 00000000 103:01 86        /system/lib/libc.so 400aa000-400ad000 rw-p 00043000 103:01 86        /system/lib/libc.so 4011c000-4012f000 r-xp 00000000 103:01 889       /system/bin/linker 4012f000-40130000 r--p 00012000 103:01 889       /system/bin/linker bef0d000-bef2e000 rw-p 00000000 00:00 0          [stack]
  20. 20. Application Security
  21. 21. Bouncer• Scans and detects malware while uploading App to Market • App gets executed in emulator• Detection of emulator is easy• Since Jelly Bean 4.2 local version • Scans Apps from alternative app stores
  22. 22. App Encryption• Introduced in Jelly Bean 4.1• Encrypt paid Apps with device specific key• Disabled after bugs have been found
  23. 23. Android Security Problems
  24. 24. Missing Updates• At least three parties involved • Google/OHA, OEM, Carrier• Fast product cycle• Carrier can block updates• Millions of devices with well known vulnerabilities
  25. 25. Android Version Distribution Donut Eclair Froyo Gingerbread Honeycomb Ice Cream Sandwich Jelly Bean 4.1 Jelly Bean 4.2 0 12,5 25 37,5 50http://developer.android.com/about/dashboards/index.html, March, 4th 2013
  26. 26. OEM Extensions• Modifications of the Android core • Samsung (/dev/exynos-mem, USSD)• Rootkits in OEM Apps• Bad software quality • Linux drivers
  27. 27. Android Security Improvements
  28. 28. New Features in Jelly Bean >= 4.2• Secure USB debugging (whitelist for adb)• Better random number generator based on OpenSSL• SMS confirmation
  29. 29. SEAndroid• Android combined with SELinux• Rumor has it: may in Android 5.0• Samsung Knox
  30. 30. Thank you! Q&A

×