of the Android
Ryan Selley, Swapnil Shinde, Michael Tanner,
Madhura Tipnis, Colin Vinson
Architecture of the Android
Scope of Vulnerabilities for the Android
Known Vulnerabilities for the Android
General Vulnerabilities of Mobile Devices
Organizations Supporting the Android
• It is a software stack which performs several OS functions.
• The Linux kernel is the base of the software stack.
• Core Java libraries are on the same level as other libraries.
• The virtual machine called the Dalvik Virtual Machine is on
this layer as well.
• The application framework is the next level.
Parts of Applications
An activity is needed to create a screen for a user
Intents are used to transfer control from one activity to
It doesn't need a user interface. It continues running in the
background with other processes run in the foreground.
• Content Provider
This component allows the application to share information
with other applications.
Scope of Vulnerabilities
Refinements to MAC Model
Public and Private Components
Provision - No Security Access to Public Elements
Permission Granting Using User's Confirmation
Precautions by Developers
Special Tools for Users
• Image Vulnerablities
• Web Browser
GIF Image Vulnerability
• Decode function uses logical screen width and height to
• Data is calculated using actual screen width and height
• Can overflow the heap buffer allowing hacker can allow a
hacker to control the phone
PNG Image Vulnerability
• Uses an old libpng file
• This file can allow hackers to cause a Denial of Service
BMP Image Vulnerability
• Negative offset integer overflow
• Offset field in the image header used to allocate a palette
• With a negative value carefully chosen you can overwrite the
address of a process redirecting flow
Web Browser Vulnerability
• Vulnerability is in the multimedia subsystem made by
• Due to insufficient boundary checking when playing back an
MP3 file, it is possible to corrupt the process's heap and
execute arbitrary code on the device
• Can allow a hacker to see data saved on the phone by the
web browser and to peek at ongoing traffic
• Confined to the "sandbox"
General Mobile Phone Vulnerabilities
• Wireless vulnerabilities
o Largest Mobile network in the world
o 3.8 billion phones on network
• David Hulton and Steve Muller
Developed method to quickly crack GSM encryption
Can crack encryption in under 30 seconds
Allows for undetectable evesdropping
• Similar exploits available for CDMA phones
Short Messaging System
Very commonly used protocol
Used to send "Text Messages"
GSM uses 2 signal bands, 1 for "control", the other for
SMS operates entirely on the "control" band.
High volume text messaging can disable the "control" band,
which also disables voice calls.
Can render entire city 911 services unresponsive.
Unsecure data protocol for GSM
Extends SMS, allows for WAP connectivity
• Exploit of MMS can drain battery 22x faster
o Multiple UDP requests are sent concurrently, draining the
battery as it responds to request
• Does not expose data
• Does make phone useless
Short range wireless communication protocol
Used in many personal electronic devices
Requires no authentication
• An attack, if close enough, could take over Bluetooth device.
• Attack would have access to all data on the Bluetooth
• Practice known as bluesnarfing
Organizations Supporting Android
Open Handset Alliance
3rd Parties (ex: Mocana)
Open Handset Alliance
To build a better mobile phone to enrich
the lives of countless people across the globe.
3rd Party Partners
Mocana -- NanoPhone
• Secure Web Browser
• FIPS Encryption
• Virus & Malware Protection
• Secure Firmware Updating
• Robust Certificate Authentication
Hackers for Android
• Hackers make Android stronger
• White hats want to plug holes
o Browser Threat reported by Independent Security
o Jailbreak hole fixed by Google over-the-air
• Android is New & Evolving
• Openness of Android
o Good in the long-run
o Strong Community
• Robust Architecture
• Powerful Computing Platform