SlideShare a Scribd company logo

Security Issues in Android Custom Rom

n|u - The Open Security Community
n|u - The Open Security Community

Security Issues in android Custom Rom by Anant Shrivastava @ c0c0n, October 2011

Technology
1 of 23
Download to read offline
Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
Android Architecture
ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
Are you Insecure Demo
About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info

Recommended

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IOpersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDKAdnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground UpOpersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIOpersys inc.
 

Recommended

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IOpersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDKAdnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground UpOpersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIOpersys inc.
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VIOpersys inc.
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UIOpersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia FrameworkOpersys inc.
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OSJimmy Software
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Screencasting
ScreencastingScreencasting
ScreencastingRex Tsai
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentKarim Yaghmour
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3Opersys inc.
 
Rooting android
Rooting androidRooting android
Rooting androidMatt Vieyra
 
Social media security
Social media securitySocial media security
Social media securityn|u - The Open Security Community
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOvern|u - The Open Security Community
 

More Related Content

What's hot

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VIOpersys inc.
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UIOpersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia FrameworkOpersys inc.
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Screencasting
ScreencastingScreencasting
ScreencastingRex Tsai
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentKarim Yaghmour
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3Opersys inc.
 

What's hot (20)

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about it
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UI
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Screencasting
ScreencastingScreencasting
Screencasting
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3
 
Rooting android
Rooting androidRooting android
Rooting android
 

Viewers also liked

Viewers also liked (6)

Social media security
Social media securitySocial media security
Social media security
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
 
Dissecting exploit activity
Dissecting exploit activityDissecting exploit activity
Dissecting exploit activity
 
Metapwn
MetapwnMetapwn
Metapwn
 
Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 

Similar to Security Issues in Android Custom Rom

Rooting Android Devices
Rooting Android DevicesRooting Android Devices
Rooting Android DevicesLokendra Rawat
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Opersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux DevelopersOpersys inc.
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel HackingDeveler S.r.l.
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Ron Munitz
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVOpersys inc.
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)ClubHack
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Ron Munitz
 
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Ron Munitz
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIOpersys inc.
 

Similar to Security Issues in Android Custom Rom (20)

Rooting Android Devices
Rooting Android DevicesRooting Android Devices
Rooting Android Devices
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux Developers
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IV
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
 
Headless Android
Headless AndroidHeadless Android
Headless Android
 
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VI
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 

Recently uploaded (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

Security Issues in Android Custom Rom

  • 1. Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
  • 2. Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
  • 3. What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
  • 5. ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
  • 6. Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
  • 7. Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
  • 8. Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
  • 9. Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
  • 10. Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
  • 11. Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
  • 12. USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
  • 13. Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
  • 14. ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
  • 15. System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
  • 16. Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
  • 17. Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
  • 18. Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
  • 19.
  • 20. Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
  • 21. Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
  • 23. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info