Mysterious Crypto in Android Biometrics

•

1 like•759 views

หัวข้อ: Mysterious Crypto in Android Biometrics วิทยากร: Pongsakorn Sommalai งาน: 2600 Thailand Meeting #51 Date: Wednesday, October 2, 2019 at 6:30 PM – 8:30 PM Event URL: https://www.facebook.com/events/559009754638956/

Technology

Mysterious Crypto in Android
Biometrics
Responsible: Mr. Pongsakorn Sommalai
Version (Date): 1.0 (2019-10-02)
Confidentiality class: Public
บจก.สยามถนัดแฮก

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Mr. Pongsakorn (Bongtrop) Sommalai
Penetration Tester
Siam Thanat Hack Company Limited
Whoami
It’s me.

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Overview
3
- Introduction
- Android Biometrics (Authentication) Security
- Android Keystore
- Cryptographic Library in Android
- Biometric Prompt
- Example Applications
- AndroidKeyStore
- The better way (let's discuss)

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
What is Biometrics (Authentication)?
5
http://fintechnews.sg/18096/mobile-payment/singaporeans-interested-in-biometrics-authentication-and-payments/

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Password & PIN

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Password & PIN
000000

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
8
1 2
Celeb’s Opinion

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Today’s Scenario
10
Scenario: The sophisticated threat actors or APT malware with access to the
victim’s device.
Not these:

Android Biometric
Implementation
บจก.สยามถนัดแฮก

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
What is Keystore ?
12
A safe box which can store cryptographic keys.

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
FriendZone Technology and the Trusted Execution Environment (TEE)
13

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
TrustZone Technology and the Trusted Execution Environment (TEE)
14

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
AndroidKeyStore and his Friend
15

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Key Material in AndroidKeyStore
16
- Generate in secure world
- Encrypt in secure world
- Decrypt in secure world
- XXX in secure world
Can you gimme a key? Can you decrypt for me?

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Cryptographic Library in Android
17
https://developer.android.com/guide/topics/security/cryptography

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Biometric Prompt
18
https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #1
19
// For the "insecure" method, the app relies on onAuthenticationSucceeded function being called
btInsecureActivity.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() {
@Override
public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) {
super.onAuthenticationSucceeded(result);
i = new Intent(MainActivity.this, InsecureActivity.class);
startActivity(i);
}
}).authenticate(promptInfo);
}
});
Let’s play !!

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #1
20

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #2
21
KeyStore + Cryptographic + BiometricPrompt

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #2
22
Generate Key
Init Phrase
Encrypt a Secret Store it Somewhere
Fetch Key
Access Phrase
Authenticate Decrypt a Secret
Secure
World
Secure
World
Secure
World
Only
Object

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #2
23
Take a Look at the Source Code !!

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Interesting Property of a Key
24
- isInsideSecureHardware
- isInvalidatedByBiometricEnrollment
- isUserAuthenticationRequired
- isUserAuthenticationRequirementEnforcedBySecureHardware
- isUserAuthenticationValidWhileOnBody
- userAuthenticationValidityDurationSeconds

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Example Application #SDHMobile
25
Let’s play with this scenario !!

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Store encrypted PIN or TOKEN for authentication.
Is it secure ?
26

Possible Attacks on
AndroidKeyStore
บจก.สยามถนัดแฮก

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
AndroidKeyStore Recap
28
- Generate in secure world
- Encrypt in secure world
- Decrypt in secure world
- XXX in secure world
Can you gimme a key? Can you decrypt it for me?
However, the key must be stored in somewhere right?

The better ways (let’s discuss)
บจก.สยามถนัดแฮก

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Challenge Response Authentication (Symmetric)
30

บจก.สยามถนัดแฮก
Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02)
Confidentiality class: Public
Challenge Response Authentication (Asymmetric)
31

Q & A
บจก.สยามถนัดแฮก
Contact us:
pentest@sth.sh

You will learn the art of analyzing Malware in a Real Environment. The course is Divided into Two Parts, In the first Half you will learn to analyze Malware’s Behavior with all Core tools and we follow a Simple Approach, In the Second half, you will learn something Different from the first half, You will learn to analyze Microsoft Office Documents for Embedded malware and Macros. See More: https://bit.ly/2Fpkgr1

Trends and transients_2019_cigdem_sengul

Cigdem Sengul

DEF CON 27 - workshop - POLOTO - hacking the android apk

Felipe Prado

How to perform an Infrastructure Security Gap Analysis

Carlo Dapino

This presentation was designed to share and propose a methodology across the cyber security community, to perform Infrastructure Security Architecture Gap Analysis. This methodology is adopting a threat analysis model to infrastructure design, allowing a reusable process to score the infrastructure security controls maturity and overall security maturity posture. This methodology was crafted by Carlo Dapino, aka Acklost , for more information visit my website https://carlo.dapino.info

Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps

Priyanka Aash

This presentation will address all the relevant information about default security postures achieved by using the -aaS model. This session will be a unique opportunity to hear from Murray Goldschmidt, renowned DevSecOps expert, explaining the key items to achieve a secure deployment from build through ongoing continuous deployment, particularly for CI/CD DevOps environments Key Points To Be Discussed: -Learn the no-cost or low-cost measures to put in place immediately to secure their -aaS deployments. -Understand where commercial products provide capability, particularly for container security. -Understand the weaknesses of public cloud PaaS defaults—examples provided for AWS and Azure. Pre-Requisites:AWS and Azure PaaS offerings.

U2F in Dashlane

Dashlane

Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference

NSC42 Ltd

Recently, services that provide remote control and acquire vehicle location information (GPS) is increasing. (As far as we know, it has been especially popular in the EV cars.) These services are the challenging business for the automotive industry and OEMs because these have a potentially huge market or an additional value to their products in the future. On the other hands, these services may lead to new threats and risks for the automobiles. This is because the Internet connection did not consider it was not necessary for automobiles so far. Further, some researchers have already reported vulnerabilities in the remote services that are provided by various OEMs. These issues are all reported in a foreign territory. Then, how about in Japan? Therefore, we analyze the client apps for Japan provided by the various OEMs. But we also targeted analyzing apps for the US because apps for Japan is not many yet. Specifically, we analyzed vulnerabilities (cooperation between apps, certificate verification, etc...) and whether these apps are using anti-analysis techniques such as obfuscation. In this talk, we'll introduce about a potential for abusing of remote service apps in the future and countermeasures for these risks. --- Naohide Waguri Naohide Waguri joined FFRI in 2013. Before he joined FFRI, he had participated in software quality assurance, software development and promotion of test automation of network equipment (Gigabit Ethernet or Multilayer switches) as a network engineer. After joined FFRI, he participated in penetration testing, analysis and investigating the trend of cyber attacks. He is currently researching threat/risk analysis and evaluation method for a security of embedded systems such as in-vehicle devices. He was a speaker at CODE BLUE 2015.

Secure Multi-Party Computation

Ashutosh Satapathy

Check Point Consolidation

Group of company MUK

Secured home with 3 factor authentication using android application

Iliyas Khan

Smart maintenance of security has emerged as a cardinal concern for any personnel systems, especially for an individuals dwelling place. Over the last decade, the rapid rise of burglary and theft all over the world is threatening due to the vulnerability of traditional home security systems. According to Knoema.com, a company which deals with data. Netherland is the top most country with highest rate of burglary. Looking at the statistics, It is very important to create a safe and secured home environment to avoid theft and burglary. The only thing that is with us all time in today’s world is our smartphone. We can carry out Remote monitoring and security of house using a mobile application. It will help us to check security and monitor our homes from any corner of the world just using an internet connection.

IRJET- A Survey on Android Ransomware and its Detection Methods

IRJET Journal

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-

JM code group

주최 : 한국전기연구원 전문가 자문 발표 발표장소 : 한국전기연구원 발표주제 :전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로- 발표일:2009년 10월 20일 발표자 : 강장묵(세종대학교 정보통신공학과 BK사업단 소속 교수) redsea@sejong.ac.kr mooknc@gmail.com

IoT, arquitectura de solución y cómo enriquecerlo con Confluent

mimacom

Security In The Public Cloud

nine

Cyber Security Workshop @SPIT- 3rd October 2015

Nilesh Sapariya

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...

Cyber Security Alliance

La mission de Cryptocat pour faire les conversations cryptées accessible aux masses a été couronnée de succès – mais quels sont les dangers cryptographiques et les limitations techniques? Avec plus que 65,000 utilisateurs réguliers, Cryptocat a réussi à rendre le chat crypté accessible à toute personne qui sait comment utiliser Facebook Chat ou Skype. Mais avec l’accessibilité, nous avons rencontré de nombreux problèmes de sécurité que nous avons besoin de répondre. Cette conférence traite de ces défis et pourquoi la poursuite des travaux sur Cryptocat est nécessaire, compte tenu d’eux.

PROGRAMMING AND CYBER SECURITY

Sylvain Martinez

Android Security Internals

Opersys inc.

2010: Mobile Security - WHYMCA Developer Conference

Fabio Pietrosanti

Contents

ElmerPineda9

BYOD and Security TrendsCisco Russia

SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity

South Tyrol Free Software Conference

Sophos Security Threat Report 2014

- Mark - Fullbright

ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...

Pichaya Morimoto

งาน "SEC Cyber Club Q" การประชุมของ "สำนักงานคณะกรรมการกำกับหลักทรัพย์และตลาดหลักทรัพย์ หรือ ก.ล.ต." ในหัวข้อ "ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platform" วันที่ 26 กันยายน 2566

Securing and Hacking LINE OA Integration

Pichaya Morimoto

Similar to Mysterious Crypto in Android Biometrics

2018 android-security-udacity-morrison chang

mjchang

Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin

Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem

[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...

CODE BLUE

Secure Multi-Party Computation

Ashutosh Satapathy

Check Point Consolidation

Group of company MUK

Secured home with 3 factor authentication using android application

Iliyas Khan

IRJET- A Survey on Android Ransomware and its Detection Methods

IRJET Journal

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-

JM code group

IoT, arquitectura de solución y cómo enriquecerlo con Confluent

mimacom

Security In The Public Cloud

nine

Cyber Security Workshop @SPIT- 3rd October 2015

Nilesh Sapariya

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...

Cyber Security Alliance

PROGRAMMING AND CYBER SECURITY

Sylvain Martinez

Android Security Internals

Opersys inc.

2010: Mobile Security - WHYMCA Developer Conference

Fabio Pietrosanti

Contents

ElmerPineda9

BYOD and Security TrendsCisco Russia

SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity

South Tyrol Free Software Conference

Sophos Security Threat Report 2014

- Mark - Fullbright

Similar to Mysterious Crypto in Android Biometrics (20)

2018 android-security-udacity-morrison chang

Droidcon2013 key2 share_dmitrienko_fraunhofer

Smart Cards & Devices Forum 2012 - Smart Phones Security

[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...

Secure Multi-Party Computation

Check Point Consolidation

Secured home with 3 factor authentication using android application

IRJET- A Survey on Android Ransomware and its Detection Methods

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-

IoT, arquitectura de solución y cómo enriquecerlo con Confluent

Security In The Public Cloud

Cyber Security Workshop @SPIT- 3rd October 2015

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...

PROGRAMMING AND CYBER SECURITY

Android Security Internals

2010: Mobile Security - WHYMCA Developer Conference

Contents

BYOD and Security Trends

SFScon19 - Igor Falcomatà - Smart Cities vs Cybersecurity

Sophos Security Threat Report 2014

More from Pichaya Morimoto

ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...

Pichaya Morimoto

Securing and Hacking LINE OA Integration

Pichaya Morimoto

Docker Plugin For DevSecOps

Pichaya Morimoto

Web Hacking with Object Deserialization

Pichaya Morimoto

Burp Extender API for Penetration Testing

Pichaya Morimoto

Bug Bounty แบบแมว ๆ

Pichaya Morimoto

Pentest 101 @ Mahanakorn Network Research Laboratory

Pichaya Morimoto

Security Misconfiguration (OWASP Top 10 - 2013 - A5)

Pichaya Morimoto

Event: OWASP Thailand Meeting 7/2016 (Free Event) Topic: Security Misconfiguration (OWASP Top 10 2013 – A5) Date & Time: Thursday, July 28 at 6 PM - 9 PM Location: Securities and Exchange Commission, Thailand (SEC, a government organization) 16th floor, Room No. 1601 333/3, 333/3 Vibhavadi Rangsit Rd, Chom Phon, Chatuchak, Bangkok 10900 Link Map: https://goo.gl/0akY6d Agenda 18.00 - 18.30 Registration 18.30 - 18.45 Welcome speech 18.45 - 20.45 Topic: Security Misconfiguration (OWASP Top 10 2013 – A5) Pichaya Morimoto IT Security Consultant SEC Consult (Thailand) Co., Ltd. 20.45 - 21.00 Closing Session

Exploiting Blind Vulnerabilities

Pichaya Morimoto

From Web Vulnerability to Exploit in 15 minutes

Pichaya Morimoto

Exploiting WebApp Race Condition Vulnerability 101

Pichaya Morimoto

CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?

Pichaya Morimoto

Vulnerable Active Record: A tale of SQL Injection in PHP Framework

Pichaya Morimoto

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

Pichaya Morimoto

Art of Web Backdoor - Pichaya Morimoto

Pichaya Morimoto

More from Pichaya Morimoto (15)

ยกระดับศักยภาพของทีม IT Security องค์กรด้วย CTF & Cybersecurity Online Platfo...

Securing and Hacking LINE OA Integration

Docker Plugin For DevSecOps

Web Hacking with Object Deserialization

Burp Extender API for Penetration Testing

Bug Bounty แบบแมว ๆ

Pentest 101 @ Mahanakorn Network Research Laboratory

Security Misconfiguration (OWASP Top 10 - 2013 - A5)

Exploiting Blind Vulnerabilities

From Web Vulnerability to Exploit in 15 minutes

Exploiting WebApp Race Condition Vulnerability 101

CTF คืออะไร เรียนแฮก? ลองแฮก? แข่งแฮก?

Vulnerable Active Record: A tale of SQL Injection in PHP Framework

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

Art of Web Backdoor - Pichaya Morimoto

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

The Future of Platform Engineering

Jemma Hussein Allen

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

When stars align: studies in data quality, knowledge graphs, and machine lear...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Accelerate your Kubernetes clusters with Varnish Caching

How world-class product teams are winning in the AI era by CEO and Founder, P...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

The Future of Platform Engineering

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

JMeter webinar - integration with InfluxDB and Grafana

FIDO Alliance Osaka Seminar: Overview.pdf

Connector Corner: Automate dynamic content and events by pushing a button

Bits & Pixels using AI for Good.........

Monitoring Java Application Security with JDK Tools and JFR Events

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Mysterious Crypto in Android Biometrics

1. Mysterious Crypto in Android Biometrics Responsible: Mr. Pongsakorn Sommalai Version (Date): 1.0 (2019-10-02) Confidentiality class: Public บจก.สยามถนัดแฮก

2. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Mr. Pongsakorn (Bongtrop) Sommalai Penetration Tester Siam Thanat Hack Company Limited Whoami It’s me.

3. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Overview 3 - Introduction - Android Biometrics (Authentication) Security - Android Keystore - Cryptographic Library in Android - Biometric Prompt - Example Applications - AndroidKeyStore - The better way (let's discuss)

4. Introduction บจก.สยามถนัดแฮก

5. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public What is Biometrics (Authentication)? 5 http://fintechnews.sg/18096/mobile-payment/singaporeans-interested-in-biometrics-authentication-and-payments/

6. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Password & PIN

7. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Password & PIN 000000

8. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public 8 1 2 Celeb’s Opinion

9. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public

10. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Today’s Scenario 10 Scenario: The sophisticated threat actors or APT malware with access to the victim’s device. Not these:

11. Android Biometric Implementation บจก.สยามถนัดแฮก

12. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public What is Keystore ? 12 A safe box which can store cryptographic keys.

13. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public FriendZone Technology and the Trusted Execution Environment (TEE) 13

14. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public TrustZone Technology and the Trusted Execution Environment (TEE) 14

15. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public AndroidKeyStore and his Friend 15

16. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Key Material in AndroidKeyStore 16 - Generate in secure world - Encrypt in secure world - Decrypt in secure world - XXX in secure world Can you gimme a key? Can you decrypt for me?

17. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Cryptographic Library in Android 17 https://developer.android.com/guide/topics/security/cryptography

18. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Biometric Prompt 18 https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html

19. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #1 19 // For the "insecure" method, the app relies on onAuthenticationSucceeded function being called btInsecureActivity.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View view) { new BiometricPrompt(MainActivity.this, executor, new BiometricPrompt.AuthenticationCallback() { @Override public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) { super.onAuthenticationSucceeded(result); i = new Intent(MainActivity.this, InsecureActivity.class); startActivity(i); } }).authenticate(promptInfo); } }); Let’s play !!

20. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #1 20

21. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 21 KeyStore + Cryptographic + BiometricPrompt

22. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 22 Generate Key Init Phrase Encrypt a Secret Store it Somewhere Fetch Key Access Phrase Authenticate Decrypt a Secret Secure World Secure World Secure World Only Object

23. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #2 23 Take a Look at the Source Code !!

24. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Interesting Property of a Key 24 - isInsideSecureHardware - isInvalidatedByBiometricEnrollment - isUserAuthenticationRequired - isUserAuthenticationRequirementEnforcedBySecureHardware - isUserAuthenticationValidWhileOnBody - userAuthenticationValidityDurationSeconds

25. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Example Application #SDHMobile 25 Let’s play with this scenario !!

26. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Store encrypted PIN or TOKEN for authentication. Is it secure ? 26

27. Possible Attacks on AndroidKeyStore บจก.สยามถนัดแฮก

28. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public AndroidKeyStore Recap 28 - Generate in secure world - Encrypt in secure world - Decrypt in secure world - XXX in secure world Can you gimme a key? Can you decrypt it for me? However, the key must be stored in somewhere right?

29. The better ways (let’s discuss) บจก.สยามถนัดแฮก

30. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Challenge Response Authentication (Symmetric) 30

31. บจก.สยามถนัดแฮก Responsible / Version: Mr. Pongsakorn Sommalai / 1.0 (2019-10-02) Confidentiality class: Public Challenge Response Authentication (Asymmetric) 31

32. Q & A บจก.สยามถนัดแฮก Contact us: pentest@sth.sh

Mysterious Crypto in Android Biometrics

Recommended

Recommended

More Related Content

Similar to Mysterious Crypto in Android Biometrics

Similar to Mysterious Crypto in Android Biometrics (20)

More from Pichaya Morimoto

More from Pichaya Morimoto (15)

Recently uploaded

Recently uploaded (20)

Mysterious Crypto in Android Biometrics