Security TestingAndroidwith MercuryDaniel Bradberry9th April 2013
Who is this guy?Daniel BradberryHead of Security Tools Development at MWRWe build tools for security assessment andassuran...
Agenda•   Introduction•   Android (In)Security•   Mercury•   Performing an Assessment•   Summary
Android Security• Code runs in a Dalvik VM• Apps are constrained by a “Sandbox”:  – one Unix user per app  – granular perm...
Android Insecurity•   ‘Normal’ Coding Issues•   Use of Native Code•   Use of the SD Card•   Misuse of IPC•   Apps shipped ...
Android IPC• Apps export features to  share:                                        com.ex.app1   –   activities   –   bro...
Android IPC<activity android:name=“.MainActivity”          android:exported=“true”>   <intent-filter>     <action       na...
Tools to Help•   adb•   aapt•   Custom Scripts•   Decompilers
MercurySecurity AssessmentFramework for Android• Dynamic Analysis• Rapid Iteration• Does not require  debugging• Can be us...
mwr.to/mercury
How it Works• Agent  – single permission                  Mobile    Android app              Agent                        ...
Performing an Assessment                   Investigate  Identify the                         Find                     Pote...
Let’s Do It!• Sieve is a Password Manager• It’s installed in an Android 4.1.2 emulator,  along with the Mercury Agent.
Demo Time
Summary• We seem to have largely forgotten security  when developing Android apps.• These vulnerabilities expose our users...
mwr.to/mercuryQuestions?               @droidhg
Mwri security testing-android-with-mercury-2013-04-02
Upcoming SlideShare
Loading in...5
×

Mwri security testing-android-with-mercury-2013-04-02

834

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
834
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mwri security testing-android-with-mercury-2013-04-02

  1. 1. Security TestingAndroidwith MercuryDaniel Bradberry9th April 2013
  2. 2. Who is this guy?Daniel BradberryHead of Security Tools Development at MWRWe build tools for security assessment andassurance.
  3. 3. Agenda• Introduction• Android (In)Security• Mercury• Performing an Assessment• Summary
  4. 4. Android Security• Code runs in a Dalvik VM• Apps are constrained by a “Sandbox”: – one Unix user per app – granular permissions.• Apps interact through Inter-Process Communication (IPC)
  5. 5. Android Insecurity• ‘Normal’ Coding Issues• Use of Native Code• Use of the SD Card• Misuse of IPC• Apps shipped with Debugging enabled
  6. 6. Android IPC• Apps export features to share: com.ex.app1 – activities – broadcast receivers – content providers Binder – services• The ‘Binder’ routes com.ex.app2 messages between apps.
  7. 7. Android IPC<activity android:name=“.MainActivity” android:exported=“true”> <intent-filter> <action name="android.search.action.MAIN" /> <category name="android.intent.category .LAUNCHER" /> </intent-filter></activity>
  8. 8. Tools to Help• adb• aapt• Custom Scripts• Decompilers
  9. 9. MercurySecurity AssessmentFramework for Android• Dynamic Analysis• Rapid Iteration• Does not require debugging• Can be used over the Internet
  10. 10. mwr.to/mercury
  11. 11. How it Works• Agent – single permission Mobile Android app Agent Device – runs on your device or emulator.• Console – command-line interface to interact with the Console PC Agent – runs on your PC.
  12. 12. Performing an Assessment Investigate Identify the Find Potential Exploit Attack Surface Vulnerabilities Attack Vectors
  13. 13. Let’s Do It!• Sieve is a Password Manager• It’s installed in an Android 4.1.2 emulator, along with the Mercury Agent.
  14. 14. Demo Time
  15. 15. Summary• We seem to have largely forgotten security when developing Android apps.• These vulnerabilities expose our users and businesses to risk.• We can use Mercury to discover all sorts of Android vulnerabilities.
  16. 16. mwr.to/mercuryQuestions? @droidhg
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×