This document discusses security vulnerabilities in the Android operating system. It describes several attack scenarios that were simulated, including phone recording without consent, eavesdropping on conversations, spoofing GPS locations, stealing photos and videos, and intercepting SMS messages. The document warns that Android poses high risks if apps are given certain permissions and urges users to carefully review permission requests when installing apps. In conclusion, it demonstrates how vulnerable Android can be if the wrong permissions are granted.

1. Android Secuirty
National Taiwan University ANTS Lab
李士暄
6/7/2017 1

2. 2015 CES
6/7/2017 2

3. 6/7/2017 3
All Roads to the Digital Future
Lead through Security
-- Gartner 2014

4. Android Phone
6/7/2017 4

5. 6/7/2017 5

6. 6/7/2017 6

7. Attack Study & Implementation
We simulate some attack scenarios under
Android System
• IMEI、IMSI
• Eavesdropping
• Phone Recording
• Forged GPS Locations
• Photoshot
• Video
• SMS Stealing
6/7/2017 7

8. Wifi
Scenario 1
Phone Recording
6/7/2017 8
Phone_record.mp3

9. Command :
Audio_now_5
6/7/2017 9
Scenario 2
Eavesdropping
Wifi
Audio_record.mp3

10. Command :
GPSLocation_forged_201
408010900_1 1
6/7/2017 10
Scenario 3
GPS Location
3G/4G

11. Photoshot_2014
08010900_5_5
6/7/2017 11
Scenario 4
Photoshot
Wifi
201408010925_1.jpg

12. Scenario 5
Video
Video_now_10
6/7/2017 12
3G/4G
Video_2015020031120.avi

13. Scenario 6
SMS Stealing SMS_stolen
6/7/2017 13
3G/4G
SMS_stolen.txt

14. Conclusion
• Android is highly dangerous !
• We demonstrates how dangerous Android could
be if given proper permission(s)
• Pay attention to those unrelated permissions that
are requested when installing app.
6/7/2017 14

15. 6/7/2017 15
Q & A