Published on March 2, 2014
Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)
Overview • • • • • Architecture of the Android Scope of Vulnerabilities for the Android Known Vulnerabilities for the Android General Vulnerabilities of Mobile Devices Organizations Supporting the Android
Architecture • It is a software stack which performs several OS functions. • The Linux kernel is the base of the software stack. • Core Java libraries are on the same level as other libraries. • The virtual machine called the Dalvik Virtual Machine is on this layer as well. • The application framework is the next level.
Parts of Applications • Activity An activity is needed to create a screen for a user application. • Intents Intents are used to transfer control from one activity to another. • Services It doesn't need a user interface. It continues running in the background with other processes run in the foreground.
• Content Provider This component allows the application to share information with other applications.
Security Architecture - Overview
Scope of Vulnerabilities Refinements to MAC Model • • • • Delegation Public and Private Components Provision - No Security Access to Public Elements Permission Granting Using User's Confirmation Solutions ??? Precautions by Developers Special Tools for Users
Known Vulnerabilities • Image Vulnerablities o GIF o PNG o BMP • Web Browser
GIF Image Vulnerability • Decode function uses logical screen width and height to allocate heap • Data is calculated using actual screen width and height • Can overflow the heap buffer allowing hacker can allow a hacker to control the phone
PNG Image Vulnerability • Uses an old libpng file • This file can allow hackers to cause a Denial of Service (crash)
BMP Image Vulnerability • Negative offset integer overflow • Offset field in the image header used to allocate a palette • With a negative value carefully chosen you can overwrite the address of a process redirecting flow
Web Browser Vulnerability • Vulnerability is in the multimedia subsystem made by PacketVideo • Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device • Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic • Confined to the "sandbox"
General Mobile Phone Vulnerabilities • GSM o SMS o MMS • CDMA • Bluetooth • Wireless vulnerabilities
GSM Vulnerabilities • GSM o Largest Mobile network in the world o 3.8 billion phones on network • David Hulton and Steve Muller Developed method to quickly crack GSM encryption Can crack encryption in under 30 seconds Allows for undetectable evesdropping • Similar exploits available for CDMA phones o o o
SMS Vulnerabilities • SMS Short Messaging System Very commonly used protocol Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive. o o o • • • •
MMS Vulnerabilities • MMS Unsecure data protocol for GSM Extends SMS, allows for WAP connectivity • Exploit of MMS can drain battery 22x faster o Multiple UDP requests are sent concurrently, draining the battery as it responds to request • Does not expose data • Does make phone useless o o
Bluetooth Vulnerabilities • Bluetooth Short range wireless communication protocol Used in many personal electronic devices Requires no authentication • An attack, if close enough, could take over Bluetooth device. • Attack would have access to all data on the Bluetooth enabled device • Practice known as bluesnarfing o o o
Organizations Supporting Android • • • • • Google Open Handset Alliance 3rd Parties (ex: Mocana) Users Hackers
Organizations Supporting Android
Open Handset Alliance
Open Handset Alliance Objective: To build a better mobile phone to enrich the lives of countless people across the globe.
3rd Party Partners Mocana -- NanoPhone • Secure Web Browser • VPN • FIPS Encryption • Virus & Malware Protection • Secure Firmware Updating • Robust Certificate Authentication
Hackers for Android • Hackers make Android stronger • White hats want to plug holes • Example o Browser Threat reported by Independent Security Evaluators o Jailbreak hole fixed by Google over-the-air
Conclusion • Android is New & Evolving • Openness of Android o Good in the long-run o Strong Community • Robust Architecture • Powerful Computing Platform
Submit vulnerability; AndroidVulnerabilities.org. Scores out of ten. Nexus devices: ... Study confirms Android devices vulnerable due to lack of patches;
Thursday 8th October 2015 87% of Android devices insecure Manufacturers fail to provide security updates. A new study by researchers at the University of ...
I’ve spoken before on Forbes about the inability of the Android ecosystem to cope with the vulnerabilities and malicious exploits that are ...
NCSU study says Android vulnerabilities are mostly from ... a vulnerability was defined as ... said the study is a warning to Android users that ...
1. Vulnerability Study of the AndroidRyan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8) 2. Overview ...
A study of vulnerabilities on Android systems Author: Vicente Javier Mozos Pérez Directors: Dr. David de Andrés Martínez DISCA-UPV, Spain Dr. Jesús ...
Security Metrics for the Android Ecosystem Daniel R. Thomas Alastair R. Beresford Computer Laboratory University of Cambridge Cambridge, United Kingdom
Nearly 90 percent of Google's Android devices have been exposed to critical vulnerabilities, according a new study. Unfortunately something has gone wrong ...
Android handset makers’ failure to deliver timely security updates leaves almost everyone open to attack. That’s among the conclusions of a study from ...