Vulnerability Study
of the Android

Ryan Selley, Swapnil Shinde, Michael Tanner,
Madhura Tipnis, Colin Vinson
(Group 8)
Overview
•
•
•
•
•

Architecture of the Android
Scope of Vulnerabilities for the Android
Known Vulnerabilities for the And...
Architecture
• It is a software stack which performs several OS functions.
• The Linux kernel is the base of the software ...
Parts of Applications
• Activity
An activity is needed to create a screen for a user
application.

• Intents
Intents are u...
• Content Provider
This component allows the application to share information
with other applications.
Security Architecture - Overview
Scope of Vulnerabilities
Refinements to MAC Model
•
•
•
•

Delegation
Public and Private Components
Provision - No Securit...
Known Vulnerabilities
• Image Vulnerablities
o GIF
o PNG
o BMP
• Web Browser
GIF Image Vulnerability
• Decode function uses logical screen width and height to
allocate heap
• Data is calculated using...
PNG Image Vulnerability
• Uses an old libpng file
• This file can allow hackers to cause a Denial of Service
(crash)
BMP Image Vulnerability
• Negative offset integer overflow
• Offset field in the image header used to allocate a palette
•...
Web Browser Vulnerability
• Vulnerability is in the multimedia subsystem made by
PacketVideo
• Due to insufficient boundar...
General Mobile Phone Vulnerabilities
• GSM
o SMS
o MMS
• CDMA
• Bluetooth
• Wireless vulnerabilities
GSM Vulnerabilities
• GSM
o Largest Mobile network in the world
o 3.8 billion phones on network
• David Hulton and Steve M...
SMS Vulnerabilities
• SMS
Short Messaging System
Very commonly used protocol
Used to send "Text Messages"
GSM uses 2 signa...
MMS Vulnerabilities
• MMS
Unsecure data protocol for GSM
Extends SMS, allows for WAP connectivity
• Exploit of MMS can dra...
Bluetooth Vulnerabilities
• Bluetooth
Short range wireless communication protocol
Used in many personal electronic devices...
Organizations Supporting Android
•
•
•
•
•

Google
Open Handset Alliance
3rd Parties (ex: Mocana)
Users
Hackers
Organizations Supporting Android
Open Handset Alliance
Open Handset Alliance
Objective:

To build a better mobile phone to enrich
the lives of countless people across the globe.
3rd Party Partners
Mocana -- NanoPhone
• Secure Web Browser
• VPN
• FIPS Encryption
• Virus & Malware Protection
• Secure ...
Hackers for Android
• Hackers make Android stronger
• White hats want to plug holes
• Example
o Browser Threat reported by...
Conclusion
• Android is New & Evolving
• Openness of Android
o Good in the long-run
o Strong Community
• Robust Architectu...
Android vulnerability study
Android vulnerability study
Upcoming SlideShare
Loading in …5
×

Android vulnerability study

541 views

Published on

A keynote on Vulnerability study

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
541
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Android vulnerability study

  1. 1. Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)
  2. 2. Overview • • • • • Architecture of the Android Scope of Vulnerabilities for the Android Known Vulnerabilities for the Android General Vulnerabilities of Mobile Devices Organizations Supporting the Android
  3. 3. Architecture • It is a software stack which performs several OS functions. • The Linux kernel is the base of the software stack. • Core Java libraries are on the same level as other libraries. • The virtual machine called the Dalvik Virtual Machine is on this layer as well. • The application framework is the next level.
  4. 4. Parts of Applications • Activity An activity is needed to create a screen for a user application. • Intents Intents are used to transfer control from one activity to another. • Services It doesn't need a user interface. It continues running in the background with other processes run in the foreground.
  5. 5. • Content Provider This component allows the application to share information with other applications.
  6. 6. Security Architecture - Overview
  7. 7. Scope of Vulnerabilities Refinements to MAC Model • • • • Delegation Public and Private Components Provision - No Security Access to Public Elements Permission Granting Using User's Confirmation Solutions ??? Precautions by Developers Special Tools for Users
  8. 8. Known Vulnerabilities • Image Vulnerablities o GIF o PNG o BMP • Web Browser
  9. 9. GIF Image Vulnerability • Decode function uses logical screen width and height to allocate heap • Data is calculated using actual screen width and height • Can overflow the heap buffer allowing hacker can allow a hacker to control the phone
  10. 10. PNG Image Vulnerability • Uses an old libpng file • This file can allow hackers to cause a Denial of Service (crash)
  11. 11. BMP Image Vulnerability • Negative offset integer overflow • Offset field in the image header used to allocate a palette • With a negative value carefully chosen you can overwrite the address of a process redirecting flow
  12. 12. Web Browser Vulnerability • Vulnerability is in the multimedia subsystem made by PacketVideo • Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device • Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic • Confined to the "sandbox"
  13. 13. General Mobile Phone Vulnerabilities • GSM o SMS o MMS • CDMA • Bluetooth • Wireless vulnerabilities
  14. 14. GSM Vulnerabilities • GSM o Largest Mobile network in the world o 3.8 billion phones on network • David Hulton and Steve Muller Developed method to quickly crack GSM encryption Can crack encryption in under 30 seconds Allows for undetectable evesdropping • Similar exploits available for CDMA phones o o o
  15. 15. SMS Vulnerabilities • SMS Short Messaging System Very commonly used protocol Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive. o o o • • • •
  16. 16. MMS Vulnerabilities • MMS Unsecure data protocol for GSM Extends SMS, allows for WAP connectivity • Exploit of MMS can drain battery 22x faster o Multiple UDP requests are sent concurrently, draining the battery as it responds to request • Does not expose data • Does make phone useless o o
  17. 17. Bluetooth Vulnerabilities • Bluetooth Short range wireless communication protocol Used in many personal electronic devices Requires no authentication • An attack, if close enough, could take over Bluetooth device. • Attack would have access to all data on the Bluetooth enabled device • Practice known as bluesnarfing o o o
  18. 18. Organizations Supporting Android • • • • • Google Open Handset Alliance 3rd Parties (ex: Mocana) Users Hackers
  19. 19. Organizations Supporting Android
  20. 20. Open Handset Alliance
  21. 21. Open Handset Alliance Objective: To build a better mobile phone to enrich the lives of countless people across the globe.
  22. 22. 3rd Party Partners Mocana -- NanoPhone • Secure Web Browser • VPN • FIPS Encryption • Virus & Malware Protection • Secure Firmware Updating • Robust Certificate Authentication
  23. 23. Hackers for Android • Hackers make Android stronger • White hats want to plug holes • Example o Browser Threat reported by Independent Security Evaluators o Jailbreak hole fixed by Google over-the-air
  24. 24. Conclusion • Android is New & Evolving • Openness of Android o Good in the long-run o Strong Community • Robust Architecture • Powerful Computing Platform

×