Android Vulnerabilities


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Question - Have you ever thought of how security is implemented in OS? 2 levels Describe figure and MAC model
  • Android Vulnerabilities

    1. 1. Vulnerability Study  of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)
    2. 2.  
    3. 3. Overview <ul><ul><li>Architecture of the Android </li></ul></ul><ul><ul><li>Scope of Vulnerabilities for the Android </li></ul></ul><ul><ul><li>Known Vulnerabilities for the Android </li></ul></ul><ul><ul><li>General Vulnerabilities of Mobile Devices </li></ul></ul><ul><ul><li>Organizations Supporting the Android </li></ul></ul>
    4. 4. Architecture <ul><ul><li>It is a software stack which performs several OS functions. </li></ul></ul><ul><li>  </li></ul><ul><ul><li>The Linux kernel is the base of the software stack.   </li></ul></ul><ul><li>  </li></ul><ul><ul><li>  Core Java libraries are on the same level as other libraries. </li></ul></ul><ul><li>  </li></ul><ul><ul><li>  The virtual machine called the Dalvik Virtual Machine is on this layer as well. </li></ul></ul><ul><ul><li>The application framework is the next level. </li></ul></ul><ul><li>  </li></ul>
    5. 6. Parts of Applications <ul><ul><li>Activity An activity is needed to create a screen for a user application.   </li></ul></ul><ul><li>  </li></ul><ul><ul><li>Intents Intents are used to transfer control from one activity to another. </li></ul></ul><ul><li>  </li></ul><ul><ul><li>Services It doesn't need a user interface. It continues running in the background with other processes run in the foreground. </li></ul></ul>
    6. 7.   <ul><ul><li>Content Provider This component allows the application to share information with other applications. </li></ul></ul>
    7. 8. Security Architecture - Overview
    8. 9. Scope of Vulnerabilities <ul><li>Refinements to MAC Model </li></ul><ul><ul><li>Delegation </li></ul></ul><ul><ul><li>Public and Private Components </li></ul></ul><ul><ul><li>Provision - No Security Access to Public Elements </li></ul></ul><ul><ul><li>Permission Granting Using User's Confirmation </li></ul></ul><ul><li>    Solutions ??? </li></ul><ul><li>           Precautions by Developers </li></ul><ul><li>  Special Tools for Users </li></ul>
    9. 10. Known Vulnerabilities <ul><ul><li>Image Vulnerablities </li></ul></ul><ul><ul><ul><li>GIF </li></ul></ul></ul><ul><ul><ul><li>PNG </li></ul></ul></ul><ul><ul><ul><li>BMP </li></ul></ul></ul><ul><ul><li>Web Browser </li></ul></ul>
    10. 11. GIF Image Vulnerability <ul><ul><li>Decode function uses logical screen width and height to allocate heap </li></ul></ul><ul><ul><li>Data is calculated using actual screen width and height </li></ul></ul><ul><ul><li>Can overflow the heap buffer allowing hacker can allow a hacker to control the phone </li></ul></ul>
    11. 12. PNG Image Vulnerability <ul><ul><li>Uses an old libpng file </li></ul></ul><ul><ul><li>This file can allow hackers to cause a Denial of Service (crash) </li></ul></ul>
    12. 13. BMP Image Vulnerability <ul><ul><li>Negative offset integer overflow </li></ul></ul><ul><ul><li>Offset field in the image header used to allocate a palette </li></ul></ul><ul><ul><li>With a negative value carefully chosen you can overwrite the address of a process redirecting flow </li></ul></ul>
    13. 14. Web Browser Vulnerability <ul><ul><li>Vulnerability is in the multimedia subsystem made by PacketVideo </li></ul></ul><ul><ul><li>Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device </li></ul></ul><ul><ul><li>Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic </li></ul></ul><ul><ul><li>Confined to the &quot;sandbox&quot; </li></ul></ul>
    14. 15. General Mobile Phone Vulnerabilities <ul><ul><li>GSM </li></ul></ul><ul><ul><ul><li>SMS </li></ul></ul></ul><ul><ul><ul><li>MMS </li></ul></ul></ul><ul><ul><li>CDMA </li></ul></ul><ul><ul><li>Bluetooth </li></ul></ul><ul><ul><li>Wireless vulnerabilities </li></ul></ul>
    15. 16. GSM Vulnerabilities <ul><ul><li>GSM </li></ul></ul><ul><ul><ul><li>Largest Mobile network in the world </li></ul></ul></ul><ul><ul><ul><li>3.8 billion phones on network </li></ul></ul></ul><ul><ul><li>David Hulton and Steve Muller </li></ul></ul><ul><ul><ul><li>Developed method to quickly crack GSM encryption </li></ul></ul></ul><ul><ul><ul><li>Can crack encryption in under 30 seconds </li></ul></ul></ul><ul><ul><ul><li>Allows for undetectable evesdropping </li></ul></ul></ul><ul><ul><li>Similar exploits available for CDMA phones </li></ul></ul>
    16. 17. SMS Vulnerabilities <ul><ul><li>SMS </li></ul></ul><ul><ul><ul><li>Short Messaging System </li></ul></ul></ul><ul><ul><ul><li>Very commonly used protocol </li></ul></ul></ul><ul><ul><ul><li>Used to send &quot;Text Messages&quot; </li></ul></ul></ul><ul><ul><li>GSM uses 2 signal bands, 1 for &quot;control&quot;, the other for &quot;data&quot;. </li></ul></ul><ul><ul><li>SMS operates entirely on the &quot;control&quot; band. </li></ul></ul><ul><ul><li>High volume text messaging can disable the &quot;control&quot; band, which also disables voice calls. </li></ul></ul><ul><ul><li>Can render entire city 911 services unresponsive. </li></ul></ul>
    17. 18. MMS Vulnerabilities <ul><ul><li>MMS </li></ul></ul><ul><ul><ul><li>Unsecure data protocol for GSM </li></ul></ul></ul><ul><ul><ul><li>Extends SMS, allows for WAP connectivity </li></ul></ul></ul><ul><ul><li>Exploit of MMS can drain battery 22x faster </li></ul></ul><ul><ul><ul><li>Multiple UDP requests are sent concurrently, draining the battery as it responds to request </li></ul></ul></ul><ul><ul><li>Does not expose data </li></ul></ul><ul><ul><li>Does make phone useless </li></ul></ul>
    18. 19. Bluetooth Vulnerabilities <ul><ul><li>Bluetooth </li></ul></ul><ul><ul><ul><li>Short range wireless communication protocol </li></ul></ul></ul><ul><ul><ul><li>Used in many personal electronic devices </li></ul></ul></ul><ul><ul><ul><li>Requires no authentication </li></ul></ul></ul><ul><ul><li>An attack, if close enough, could take over Bluetooth device. </li></ul></ul><ul><ul><li>Attack would have access to all data on the Bluetooth enabled device </li></ul></ul><ul><ul><li>Practice known as bluesnarfing </li></ul></ul>
    19. 20. Organizations Supporting Android <ul><ul><li>Google </li></ul></ul><ul><ul><li>Open Handset Alliance </li></ul></ul><ul><ul><li>3rd Parties (ex: Mocana) </li></ul></ul><ul><ul><li>Users </li></ul></ul><ul><ul><li>Hackers </li></ul></ul>
    20. 21. Organizations Supporting Android <ul><li>  </li></ul>
    21. 22. Open Handset Alliance <ul><li>  </li></ul>
    22. 23. Open Handset Alliance <ul><li>Objective: </li></ul><ul><li>  </li></ul><ul><li>       To build a better mobile phone to enrich </li></ul><ul><li>       the lives of countless people across the globe. </li></ul>
    23. 24. 3rd Party Partners <ul><li>Mocana -- NanoPhone </li></ul><ul><ul><li>Secure Web Browser </li></ul></ul><ul><ul><li>VPN </li></ul></ul><ul><ul><li>FIPS Encryption </li></ul></ul><ul><ul><li>Virus & Malware Protection </li></ul></ul><ul><ul><li>Secure Firmware Updating </li></ul></ul><ul><ul><li>Robust Certificate Authentication </li></ul></ul><ul><li>  </li></ul><ul><li>  </li></ul><ul><li>  </li></ul>
    24. 25. Hackers for Android <ul><ul><li>Hackers make Android stronger </li></ul></ul><ul><ul><li>White hats want to plug holes </li></ul></ul><ul><ul><li>Example </li></ul></ul><ul><ul><ul><li>Browser Threat reported by Independent Security Evaluators </li></ul></ul></ul><ul><ul><ul><li>Jailbreak hole fixed by Google over-the-air </li></ul></ul></ul><ul><li>  </li></ul><ul><li>  </li></ul><ul><li>  </li></ul>
    25. 26. Conclusion <ul><ul><li>Android is New & Evolving </li></ul></ul><ul><ul><li>Openness of Android </li></ul></ul><ul><ul><ul><li>Good in the long-run </li></ul></ul></ul><ul><ul><ul><li>Strong Community </li></ul></ul></ul><ul><ul><li>Robust Architecture </li></ul></ul><ul><ul><li>Powerful Computing Platform </li></ul></ul><ul><li>  </li></ul><ul><li>  </li></ul><ul><li>  </li></ul>