Vulnerability Study of the Android

1
Vulnerability Study of the Android

• Ryan Selley, Swapnil Shinde, Michael Tanner,
  Madhura Tipnis, Colin Vinson
• (Group 8)

2
 
3
Overview

• Architecture of the Android
• Scope of Vulnerabilities for the Android
• Known Vulnerabilities for the Android
• General Vulnerabilities of Mobile Devices
• Organizations Supporting the Android

4
Architecture

• It is a software stack which performs several OS
  functions.
•  
• The Linux kernel is the base of the software
  stack.  
•  
•  Core Java libraries are on the same level as
  other libraries.
•  
•  The virtual machine called the Dalvik Virtual
  Machine is on this layer as well.
• The application framework is the next level.
•  

5
(No Transcript)
6
Parts of Applications

• ActivityAn activity is needed to create a screen
  for a user application. 
•  
• IntentsIntents are used to transfer control from
  one activity to another.
•  
• ServicesIt doesn't need a user interface. It
  continues running in the background with other
  processes run in the foreground.

7
 

• Content ProviderThis component allows the
  application to share information with other
  applications.

8
Security Architecture - Overview
9
Scope of Vulnerabilities

• Refinements to MAC Model
• Delegation
• Public and Private Components
• Provision - No Security Access to Public Elements
• Permission Granting Using User's Confirmation
•    Solutions ???
•           Precautions by Developers
•  Special Tools for Users

10
Known Vulnerabilities

• Image Vulnerablities
• GIF
• PNG
• BMP
• Web Browser

11
GIF Image Vulnerability

• Decode function uses logical screen width and
  height to allocate heap
• Data is calculated using actual screen width and
  height
• Can overflow the heap buffer allowing hacker can
  allow a hacker to control the phone

12
PNG Image Vulnerability

• Uses an old libpng file
• This file can allow hackers to cause a Denial of
  Service (crash)

13
BMP Image Vulnerability

• Negative offset integer overflow
• Offset field in the image header used to allocate
  a palette
• With a negative value carefully chosen you can
  overwrite the address of a process redirecting
  flow

14
Web Browser Vulnerability

• Vulnerability is in the multimedia subsystem made
  by PacketVideo
• Due to insufficient boundary checking when
  playing back an MP3 file, it is possible to
  corrupt the process's heap and execute arbitrary
  code on the device
• Can allow a hacker to see data saved on the phone
  by the web browser and to peek at ongoing traffic
• Confined to the "sandbox"

15
General Mobile Phone Vulnerabilities

• GSM
• SMS
• MMS
• CDMA
• Bluetooth
• Wireless vulnerabilities

16
GSM Vulnerabilities

• GSM
• Largest Mobile network in the world
• 3.8 billion phones on network
• David Hulton and Steve Muller
• Developed method to quickly crack GSM encryption
• Can crack encryption in under 30 seconds
• Allows for undetectable evesdropping
• Similar exploits available for CDMA phones

17
SMS Vulnerabilities

• SMS
• Short Messaging System
• Very commonly used protocol
• Used to send "Text Messages"
• GSM uses 2 signal bands, 1 for "control", the
  other for "data".
• SMS operates entirely on the "control" band.
• High volume text messaging can disable the
  "control" band, which also disables voice calls.
• Can render entire city 911 services unresponsive.

18
MMS Vulnerabilities

• MMS
• Unsecure data protocol for GSM
• Extends SMS, allows for WAP connectivity
• Exploit of MMS can drain battery 22x faster
• Multiple UDP requests are sent concurrently,
  draining the battery as it responds to request
• Does not expose data
• Does make phone useless

19
Bluetooth Vulnerabilities

• Bluetooth
• Short range wireless communication protocol
• Used in many personal electronic devices
• Requires no authentication
• An attack, if close enough, could take over
  Bluetooth device.
• Attack would have access to all data on the
  Bluetooth enabled device
• Practice known as bluesnarfing

20
Organizations Supporting Android

• Google
• Open Handset Alliance
• 3rd Parties (ex Mocana)
• Users
• Hackers

21
Organizations Supporting Android

•  

22
Open Handset Alliance

•  

23
Open Handset Alliance

• Objective
•  
•        To build a better mobile phone to enrich
•        the lives of countless people across the
  globe.

24
3rd Party Partners

• Mocana -- NanoPhone
• Secure Web Browser
• VPN
• FIPS Encryption
• Virus Malware Protection
• Secure Firmware Updating
• Robust Certificate Authentication
•  
•  
•  

25
Hackers for Android

• Hackers make Android stronger
• White hats want to plug holes
• Example
• Browser Threat reported by Independent Security
  Evaluators
• Jailbreak hole fixed by Google over-the-air
•  
•  
•  

26
Conclusion

• Android is New Evolving
• Openness of Android
• Good in the long-run
• Strong Community
• Robust Architecture
• Powerful Computing Platform
•  
•  
•