Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Pentesting iPhone Applications - It mainly focuses on the techniques and the tools that will help security testers while assessing the security of iPhone applications.
Fore more info visit - http://www.securitylearn.net
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This is a presentation I gave at DEF CON 23, in the Packet Hacking Village.
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
De nombreux entreprises, à travers leurs responsables informatiques et DSI ne reconnaissent toujours pas les logiciels malveillants mobiles comme une menace imminente. Selon une étude de Duo Security, un tiers des utilisateurs mobiles Android n'utilisent ne verrouillent pas l'écran de leurs appareils à l'aide d'un Mot de Passe, et la plupart ne prennent aucunes mesures de sécurité. En outre, les responsables informatiques et DSI déploient de nouvelles applications vers leurs clients et employés sans y intégrer de mesure de sécurité favorisant l'authentification et la mitigation des menaces.
Cependant, les logiciels malveillants mobiles ont évolué au fil des dernières années et constituent aujourd'hui des menaces réelle. Business Insider a noté que ces menaces sont désormais équivalentes à celles des PC en terme de distribution et de niveau de risque.
Attacking and Defending Apple iOS DevicesTom Eston
IT loves to use Apple iPhones and iPads, but hates supporting them. For most environments, they represent the exception, and are not subject to standard corporate controls. The reason the exception is allowed is usually the fact that the CEO bought an iPhone and iPad the day they were released, and then quickly filled them with sensitive corporate data. With their portability and popularity, it is only a matter of time before one of these devices ends up missing. How worried should you be? This presentation will cover the latest real-world attack techniques for compromising Apple’s iOS devices, introduce a new assessment methodology that can be used by penetration testers, and discuss the latest defensive techniques for securely deploying iOS devices within your enterprise.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
Dominic Chell presents "Breaking Secure Mobile Applications" at Hack In The Box 2014.
This presentation details common vulnerabilities that can be found in supposedly secure applications, including BYOD and MDM apps. It also provides an overview of the binary protections that can be implemented to complicate these types of attacks.
This presentation is based on the security and encryption measures adopted by Apple for its iPhones.
It was submitted to RTU, Kota during final year seminars.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This is a presentation I gave at DEF CON 23, in the Packet Hacking Village.
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Ch 1: Web Application (In)security
Ch 2: Core Defense Mechanisms
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
CNIT 121: 12 Investigating Windows Systems (Part 3)Sam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia".
Ch 1: Real-World Incidents
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
Željko je razvijalec pri podjetju INFINUM, kjer sodeluje pri razvoju različnih Android aplikacij. Na predavanju je detaljno predstavil kaj nam novega prinaša Android 5.0 kot so Material design, ART runtime, MultiDexSupport in drugo ter odgovoril na vprašanje, zakaj bo Android tudi v prihodnosti najbolj zastopljen operacijski sistem na področju mobilnih tehnologij.
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Android Application Development Training by NITIN GUPTA NITIN GUPTA
Android Application Development Please SUBSCRIBE TECH POINT Channel on YouTube.
Here's Channel Link
PLEASE SUBSCRIBE Our channel TECH POINT ..
FOLLOW US ON TWITTER:https://twitter.com/Nitin_TECHPOINT
Follow us on Facebook:https://www.facebook.com/NitinGupta1054.Official.PSIT
Follow us on Instagram:https://www.instagram.com/nitingupta_official
SUBSCRIBE Our channel:https://www.youtube.com/channel/UCj3XVydYG3oPVJeZscU4NIg?sub_confirmation=1
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
2. Android is #1
• 81.7% market share in 2016
• Links Ch 4z75, 76
3.
4. Open Source
• Android itself is open source (Link Ch 4b)
• But the Google apps included with most
Android phones are closed-source
• Many device manufacturers and carriers
modify Android
– Closed-source device drivers and apps
– Leads to fragmentation: two devices with the
same hardware but different carriers can be
running very different software
– More total sales, many different Android devices
5. Fragmentation
• Updates are essential for security
• Very big problem for Android
– Data from links Ch 1v, 1w
7. Linux Kernel
• A way for applications to interact with
devices
• Manages processes and memory
• Android versions prior to 4.0 used 2.6
Linux kernel (with modifications)
• Later versions based on 3.x or 4.x Linux
Kernels
• Link Ch 4z77
9. Libraries
– OpenGL (for 2D/3D graphics)
– SQLite for databases
– WebKit (for rendering Web pages)
– Others
• Written in C/C++
• Also Dalvik VM and core Java libraries
• All this together is called the "Android
Runtime" component
10. Application Framework
• A way for Android apps to access
– Telephone functionality
– Creating UI (User Interface) elements
– GPS
– File system
• Important in Android security model
11. Apps
• Usually Written in Java
– Compiled to Dalvik bytecode using the
Android Software Development Kit (SDK)
• Can also be written in C/C++
– Using Native Development Kit (NDK)
13. Permission Based
• Apps must be explicitly granted
permission to take action
• Permissions enforced in two places
– Kernel level
– Application Framework level
14. Kernel Permissions
• Each app has a unique user ID
– File ownership based on User ID
• Can only access the resources and
functionality it has explicit permissions
for
• This is "sandboxing"
– Apps cannot access resources of other apps
– Apps cannot access hardware components
they have not been given permission to use
16. Viewing Users with ps
• Apps run as u0_a1, u0_a2, etc.
• Permissions for data directories
17. Application Framework Access Control
• App must declare a
permission for each
component it accesses in its
manifest file
– AndroidManifest.xml
• Permissions are shown to the
user at install time
– User can chose whether to
allow the permissions
– If not, the app can't be installed
• Once installed, the app has
only those permissions, such
as
android.permission.INTERNET
19. Permission Categories
• Normal
– Low-risk
– Don't require explicit approval from users at
install time
• Dangerous
– Require explicit approval from users at install
time
20. Permission Categories
• Signature
– Defined by an application in its manifest
– Functionality exposed by applications that
declare this permission can only be accessed by
other applications that were signed by the
same certificate
• signatureOrSystem
– Same as Signature, but applications installed on
the /system partition can also access this
functionality
21. App Signing
• All apps must be signed to be installed
• Android allows self-signed certificates
– Developers can generate their own signing
certificates
• The only security mechanisms that use
signatures are the signature or
signatureOrSystem permissions
22. Address Space Layout Randomization
(ASLR)
• Added in Android 4.0
• Makes it more difficult to exploit memory
corruption issues
• Randomizes locations of key memory sections
– Such as stack and heap
• In 4.0, several locations, including the heap
were not randomized
• Android 4.1 has full ASLR
23. No eXecute (NX) Bit
• Added in Android 2.3
• Allows you to set the heap and stack as
nonexecutable
– Helps prevent memory corruption attacks
25. Four Components
• Activities, Content providers, Broadcast
receivers, Services
– Entry points: ways the user or another app on
the same device can enter
• The more components that are exported,
the larger the attack surface
– Component header will contain this line:
android:exported="true'
26. Intents
• Applications primarily use intents
– Asynchronous messages
• To perform interprocess, or
intercomponent, communication
27. Activities
• Define a single screen of an applications
user interface
• Android promotes reusability of activities
• This saves developers time and work
• Increases the attack surface of an app
28. Content Providers
• Exposes ability to query, insert, update, or
delete application-specific data
– to other apps and internal components
• App might store data in SQLite database or
a flat file
• Calling component won't know what
storage method is used
• Poorly written content providers may
expose data or be vulnerable to SQL
injection
29. Broadcast Receivers
• Respond to broadcast intents
• Apps should not blindly trust data from
broadcast intents
– It could be from a hostile app or a remote
system
30. Services
• Run in the background
• Perform lengthy operations
• Started by another component when it
sends an intent
• Services should not blindly trust the data
contained within the intent
31. Data Storage
• Internal storage in nonvolatile
memory (NAND flash)
– Private to one app
• External storage on an SD
card
– Also NAND flash, but removable
– Available to all apps
– Image from amazon.com
32. File Types
• Apps are free to create any type of file,
but the API comes with support for
– SQLite databases
– Shared preference files in an XML-based
format
• SQL injection attacks are a risk, via
intents or other input
33. NFC (Near Field Communication)
• Radio communication, including
– NFC tags
– Some RFID tag protocols
– Contactless smart cards
– Mobile devices
• Short range: a few cm
– image from newegg.com
34. NFC in Android
• Introduced in 2010 with Gingerbread
• Expanded in 2.3.3 to support a variety of
NFC formats
• Card Emulation mode came In 2.3.4
– An NFC reader can read data from the Secure
Element (SE) within the phone
– Card emulation is not exposed via the Android
SDK
– Only Google or carriers have this capability
35. Google Wallet
• Lets you use your phone
for a credit card
• Released with Android
2.3.4
36. NFC Peer-to-Peer
• Allows two NFC-enabled devices to
communicate directly
• Android Beam allows users to share data
by tapping their devices together
• NFC tags are also used in advertisements
38. SDK (Software Development Kit)
• Allows developers to build and debug
Android apps
– Runs on Windows, Mac OS X, or Linux
• In Dec., 2014, Google released Android
Studio
– A full IDE (Integrated Development
Environment)
– Links Ch 4e, 4f
39. Android Emulator
• Helps developers
test apps without
an actual mobile
device
• Simulates
common hardware
– ARMv5 CPU
– SIM card
– Flash memory
partitions
40. Value of the Emulator
• Allows developers and researchers to test
Android apps quickly in different versions of
Android
• Drawbacks
– Android Virtual Device (AVD) cannot send or
receive phone calls or SMS messages
– But it can emulate them, and send them to other
AVDs
• Can define an HTTP/HTTPS proxy to intercept
and manipulate Web traffic
41. Android Debug
Bridge
• Command-line tool
• Allows you to communicate with a mobile
device via a USB cable or an SVD running
within an emulator
• Connects to device's daemon running on
TCP port 5037
42. Useful ADB Commands
• push
– Copies a file from your computer to the mobile
device
• pull
– Copies a file from the mobile device to your
computer
• logcat
– Shows logging information on the console
– Useful to see if an app or the OS is logging
sensitive information
43. Useful ADB Commands
• install
– Copies an application package file (APK) to
the mobile device and installs the app
– Useful for side-loading apps (so you don't
have to use Google Play)
• shell
– Starts a remote shell on the mobile device
– Allows you to execute arbitrary commands
46. Root
• The root user can directly access system
resources
• Bypassing the permissions checks normally
required
• Giving the app that runs as root full
control over the device and other apps
running on it
48. How Gingerbreak Works
• Vulnerability in volume manager daemon
– /system/bin/vold
• Method
DirectVolume::handlePartitionAdded
– Sets an array index using an integer passed in
– Does not check for negative integers
– Using negative values, exploit can access
arbitrary memory locations
49. How Gingerbreak Works
• Exploit writes to vold's global offset table
(GOT)
• Overwrites several function calls
– such as strcmp() and atoi()
• With calls to system()
• Then another call to vold to execute an
app via system(), with vold's elevated
privileges
50. GingerBreak
• Packaged into several rooting tools
– Such as SuperOneClick
• And some one-click rooting APKs
– Malicious app could include GingerBreak as a
way to gain elevated privileges on a device
51. GingerBreak Countermeasures
• Update your device
– GingerBreak exploit was fixed in Android
2.3.4
• But some manufacturers/carriers don't
allow updates
• Antivirus apps should detect the presence
of GingerBreak
– An alternative
52. Ice Cream Sandwich
init chmod/chown Vuln
• Vuln introduced with Ice Cream Sandwich
(4.0.x) in init
• If the init.rc script has an entry like this
– mkdir /data/local/tmp 0771 shell shell
• Even if the mkdir failed, init would set
the ownership and permissions for the
shell user
– The ADB user
53. Symlink
• If /data/local is writable by the shell
user,
• Creating a symlink to /system there
allows the ADB user read/write access to
the /system partition
• ADB user can add files to /system, such as
su
• Thus gaining root access to a device
54. Ice Cream Sandwich
init chmod/chown Countermeasures
• Keep devices updated
• Make sure Android debugging is turned off
• And keep device locked, so attacker can't
turn it on
56. Static Analysis
• Source code is generally kept confidential
by app developers
• A binary, compiled app can be analyzed by
disassembling or decompiling them, into
– Smali assembly code (used by Dalvik VM), or
– Java code
61. Attacks via Decompiling and
Disassembly
• Insert Trojan code, like keyloggers
• Find encryption methods & keys
• Change variables to bypass client-side
authentication or input validation
• Cheat at games
63. Decompiling, Disassembly, and
Repackaging Countermeasures
• Every binary can be reverse-engineered
– Given enough time and effort
• Never store secrets on the client-side
• Never rely on client-side authentication or
client-side validation
• Obfuscate source code
– ProGuard (free) or Arxan (commercial)
67. HTTP Traffic
• Trivial to intercept
• No protections
• Any hacker in a coffeehouse can do it with
– ARP poisoning
– A rogue access point like the WiFi Pineapple
• Very difficult for the end user to detect
68. HTTPS
• Specifically designed to
prevent MITM attacks
• Only very powerful
adversaries like nation-
states or big
corporations can get real
Certificate Authority
certificates
• Without one, targets will
see a warning like this
69. Problems
• End-users are not often aware of the
difference between HTTP and HTTPS
• The mobile app may not display any
information about the connection
• Mobile apps don't always verify all the
security features in HTTPS, so users get
less protection
70. Auditing HTTPS
Traffic
• If you want to see
HTTPS traffic, you
must import your
proxy's certificate
into your test mobile
device
• With "Install from SD
Card" option in
Settings
71. Manipulating Network Traffic
Countermeasures
• Don't disable certificate verification and
validation
– Often done during development and
debugging for convenience
– May be left that way when app is distributed
• Example of trust chain
72. Certificate Pinning
• Adds another layer of verification to
certificates
• Browser knows which CA should validating
sites
– Either by consulting a whitelist maintained by
Google, or
– Remembering which CA was used the first time
the site was used
• Warns user if CA changes
– Link Ch 4z62
73. Don't Trust the Client
• Any data from the client may be malicious
• Perform strict input validation and output
encoding on the server side
75. Intents
• Primary inter-process communication
(IPC) method used by Android apps
• Intents can start internal components, or
pass data to them, or go to other apps
• Those are called "External Intents"
• Links Ch 4z62-64
76. Code to Send an SMS Intent
• Receiving app needs an "Intent Filter" like
– android.provider.Telephony.SMS_RECEIVED
• If an app is not running, receiving an Intent starts
it
• Malicious intents can launch other apps, and
inject data into them
78. Method to Create File
• Executes a shell command, injecting the
filename from the calling app
79. Command Injection
• Suppose the calling app sends a filename
of:
– "MyFIle.txt; cat /data/data/com.test/
secrets.xml > /sdcard/secrets.xml"
• The exploit will expose any secrets the
test app can access
80. Command Injection Countermeasures
• Don't make Intents "exported" unless they
are really needed by other apps
– Leave them internal to their own app
• Perform input validation on all data
received from intents
– Block special characters like ";" and ">" in a
filename
81. Command Injection Countermeasures
• Custom permissions will warn the user that
an App has permissions when it is installed
– Not much use, in practice
• Signature-level permissions
– Require any app that wants to send intents to be
signed with the same key as the receiving app
– That is, from the same company
– This can be defeated by re-signing the app
83. Malicious NFC Tags
• An NFC tag can contain a URL pointing to
a malicious site
– Such as a WebKit exploit
• Tags are cheap to buy online
• Can be written to by any NFC-enabled
phone
85. NFC Attacks
• Attackers can make poster with malicious
tags
• Or replace tags on existing posters
• Or overwrite NFC tags in place
– If the tag was not properly write-protected
• Tag could send user to Google Play
• Tag could directly attack an app that uses
NFC with unexpected input
86. Malicious NFC Tag Countermeasures
• Keep NFC disabled when you aren't using
it
• Unfortunately, there's no way to tell if a
tag is malicious without reading it
– Unless there is evidence of tampering
• Developers need to validate data from
NFC
• Tags must be write-protected
87. Attacking Apps via NFC Events
• Android allows apps to create fake NFC
Intents
– Creating a fake NFC tag
• There's an NFCDemo App
• So a vulnerable NFC-using app could be
exploited even without an NFC tag
88. NFC Event Countermeasures
• Validation of data received from NFC tags
• Custom permissions, or making the
Activity private, won't work here
– App must receive NFC intents from an
external source
90. Leakage via Internal Files
• Each app has a unique User Identifier (UID)
and Group Identifier (GID)
– App runs as that user
• But an app can create a file set to
– MODE_WORLD_READABLE or
– MODE_WORLD_WRITEABLE
• That file would be visible to all apps on the
device, and could be sent to the Internet
by any app with INTERNET permission
91. Android SQLite Journal Information
Disclosure (CVE-2011-3901)
• SQLite engine created its rollback journal
as globally readable and writeable
• Normally deleted after each transaction
• But setting improper permissions allows
hostile apps on the same device to read
– Personal info., session tokens, URL history,
etc.
93. SQLite Journal Information Disclosure
Countermeasures
• Install latest patches
• App developers should avoid creating
world-readable or world-writeable files
94. • Skype App stored personal data in world-
readable files
– Link Ch 4z65
95. Leakage via External Storage
• Files stored on the SD card
– Or the emulated SD card
• Are globally readable and writeable to
every app on the device
• Apps should only store data they want to
share on external storage
96. • App seems to never have been updated, and later
removed from the Google Play Store
– Links Ch 4z66-67
97. Nessus Information Disclosure
Countermeasures
• Credentials should not be stored in
plaintext
• They should be encrypted
– One good system is AES
– Key from Password-Based Key Derivation
Function 2 (PBKDF2)
– Using a password from the user and a device-
specific salt
98. Information Leakage via Logs
• Every app can read the logs, if it requests
the android.permission.READ_LOGS
permission at install time
• Some developers don't realize this and put
sensitive information into the logs
101. Facebook SDK Information Disclosure
Countermeasures
• Update Facebook SDK to latest version
• App developers should not log any
sensitive information
105. content:// URI Scheme Information
Disclosure Countermeasures
• Patched poorly in 2.3, and re-patched in
2.3.4
• End user can do these things:
– Use a different browser, such as Opera
– Disable JavaScript in the Android browser
(impractical)
– Unmount the SD card (impractical because
many apps need it)
106. General Mitigation v.
Information Leakage
• Logs
– Don't log sensitive info.
• Files, shared preferences, and SQLite
databases
– Don't store sensitive info. in plaintext
– Don't create globally readable or writeable files
– Don't store sensitive info. on SD card without
encrypting it properly
107. General Mitigation v.
Information Leakage
• WebKit (WebView)
– WebView is the Android class that displays
Web pages in WebKit
– Apps should clear the cache periodically if it's
used to view sensitive websites
– App can disable caching
108. General Mitigation v.
Information Leakage
• WebKit (WebView) continued
– WebKit stores sensitive data in the app's data
directory, including
• Previously entered form data
• HTTP authentication credentials
• Cookies
– On a non-rooted device, other apps won't be
able to steal data from the WebKit data store
– But if a phone is stolen and rooted, that data
can be taken
109. General Mitigation v.
Information Leakage
• Inter-Process Communication (IPC)
– Don't expose sensitive info. via broadcast
receivers, activities, and services exposed to
other apps
– Don't send sensitive data in intents to other
processes
– Make components nonexportable
110. General Mitigation v.
Information Leakage
• Networking
– Don't use network sockets for IPC
– Use TLS to transmit sensitive data
– CarrierIQ did this (next slide)
• Link Ch 4z72