1 / 26

vulnerability study of the android

Jimmy
Télécharger la présentation

vulnerability study of the android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Vulnerability Studyof the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

    2.

    3. Overview Architecture of the Android Scope of Vulnerabilities for the Android Known Vulnerabilities for the Android General Vulnerabilities of Mobile Devices Organizations Supporting the Android

    4. Architecture It is a software stack which performs several OS functions. The Linux kernel is the base of the software stack. Core Java libraries are on the same level as other libraries. The virtual machine called the Dalvik Virtual Machine is on this layer as well. The application framework is the next level.

    6. Parts of Applications ActivityAn activity is needed to create a screen for a user application. IntentsIntents are used to transfer control from one activity to another. ServicesIt doesn't need a user interface. It continues running in the background with other processes run in the foreground.

    7. Content Provider

    8. Security Architecture - Overview Question - Have you ever thought of how security is implemented in OS? 2 levels Describe figure and MAC model Question - Have you ever thought of how security is implemented in OS? 2 levels Describe figure and MAC model

    9. Scope of Vulnerabilities Refinements to MAC Model Delegation Public and Private Components Provision - No Security Access to Public Elements Permission Granting Using User's Confirmation Solutions ??? Precautions by Developers Special Tools for Users

    10. Known Vulnerabilities Image Vulnerablities GIF PNG BMP Web Browser

    11. GIF Image Vulnerability Decode function uses logical screen width and height to allocate heap Data is calculated using actual screen width and height Can overflow the heap buffer allowing hacker can allow a hacker to control the phone

    12. PNG Image Vulnerability Uses an old libpng file This file can allow hackers to cause a Denial of Service (crash)

    13. BMP Image Vulnerability Negative offset integer overflow Offset field in the image header used to allocate a palette With a negative value carefully chosen you can overwrite the address of a process redirecting flow

    14. Web Browser Vulnerability Vulnerability is in the multimedia subsystem made by PacketVideo Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic Confined to the "sandbox"

    15. General Mobile Phone Vulnerabilities GSM SMS MMS CDMA Bluetooth Wireless vulnerabilities

    16. GSM Vulnerabilities GSM Largest Mobile network in the world 3.8 billion phones on network David Hulton and Steve Muller Developed method to quickly crack GSM encryption Can crack encryption in under 30 seconds Allows for undetectable evesdropping Similar exploits available for CDMA phones

    17. SMS Vulnerabilities SMS Short Messaging System Very commonly used protocol Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive.

    18. MMS Vulnerabilities MMS Unsecure data protocol for GSM Extends SMS, allows for WAP connectivity Exploit of MMS can drain battery 22x faster Multiple UDP requests are sent concurrently, draining the battery as it responds to request Does not expose data Does make phone useless

    19. Bluetooth Vulnerabilities Bluetooth Short range wireless communication protocol Used in many personal electronic devices Requires no authentication An attack, if close enough, could take over Bluetooth device. Attack would have access to all data on the Bluetooth enabled device Practice known as bluesnarfing

    20. Organizations Supporting Android Google Open Handset Alliance 3rd Parties (ex: Mocana) Users Hackers

    21. Organizations Supporting Android

    22. Open Handset Alliance

    23. Open Handset Alliance Objective: To build a better mobile phone to enrich the lives of countless people across the globe.

    24. 3rd Party Partners Mocana -- NanoPhone Secure Web Browser VPN FIPS Encryption Virus & Malware Protection Secure Firmware Updating Robust Certificate Authentication

    25. Hackers for Android Hackers make Android stronger White hats want to plug holes Example Browser Threat reported by Independent Security Evaluators Jailbreak hole fixed by Google over-the-air

    26. Conclusion Android is New & Evolving Openness of Android Good in the long-run Strong Community Robust Architecture Powerful Computing Platform

More Related