Vulnerability Study of the Android

Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson

(Group 8)

 

Overview

• Architecture of the Android• Scope of Vulnerabilities for the Android• Known Vulnerabilities for the Android• General Vulnerabilities of Mobile Devices• Organizations Supporting the Android

Architecture

• It is a software stack which performs several OS functions. • The Linux kernel is the base of the software stack.  

 •  Core Java libraries are on the same level as other libraries.

 •  The virtual machine called the Dalvik Virtual Machine is on

this layer as well.

• The application framework is the next level. 

Parts of Applications

• ActivityAn activity is needed to create a screen for a user application. 

 • Intents

Intents are used to transfer control from one activity to another. • Services

It doesn't need a user interface. It continues running in the background with other processes run in the foreground.

 

• Content Provider

This component allows the application to share information with other applications.

Security Architecture - Overview

Scope of Vulnerabilities

Refinements to MAC Model

• Delegation• Public and Private Components• Provision - No Security Access to Public Elements• Permission Granting Using User's Confirmation

   Solutions ???          Precautions by Developers Special Tools for Users

Known Vulnerabilities

• Image Vulnerablitieso GIFo PNGo BMP

• Web Browser

GIF Image Vulnerability

• Decode function uses logical screen width and height to allocate heap

• Data is calculated using actual screen width and height• Can overflow the heap buffer allowing hacker can allow a

hacker to control the phone

PNG Image Vulnerability

• Uses an old libpng file• This file can allow hackers to cause a Denial of Service

(crash)

BMP Image Vulnerability

• Negative offset integer overflow• Offset field in the image header used to allocate a palette• With a negative value carefully chosen you can overwrite

the address of a process redirecting flow

Web Browser Vulnerability

• Vulnerability is in the multimedia subsystem made by PacketVideo

• Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device

• Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic

• Confined to the "sandbox"

General Mobile Phone Vulnerabilities

• GSMo SMSo MMS

• CDMA• Bluetooth• Wireless vulnerabilities

GSM Vulnerabilities

• GSMo Largest Mobile network in the worldo 3.8 billion phones on network

• David Hulton and Steve Mullero Developed method to quickly crack GSM encryptiono Can crack encryption in under 30 secondso Allows for undetectable evesdropping

• Similar exploits available for CDMA phones

SMS Vulnerabilities

• SMSo Short Messaging Systemo Very commonly used protocolo Used to send "Text Messages"

• GSM uses 2 signal bands, 1 for "control", the other for "data".

• SMS operates entirely on the "control" band.• High volume text messaging can disable the "control" band,

which also disables voice calls.• Can render entire city 911 services unresponsive.

MMS Vulnerabilities

• MMSo Unsecure data protocol for GSMo Extends SMS, allows for WAP connectivity

• Exploit of MMS can drain battery 22x fastero Multiple UDP requests are sent concurrently, draining the

battery as it responds to request• Does not expose data• Does make phone useless

Bluetooth Vulnerabilities

• Bluetootho Short range wireless communication protocolo Used in many personal electronic deviceso Requires no authentication

• An attack, if close enough, could take over Bluetooth device.• Attack would have access to all data on the Bluetooth

enabled device• Practice known as bluesnarfing

Organizations Supporting Android

• Google• Open Handset Alliance• 3rd Parties (ex: Mocana) • Users• Hackers

Organizations Supporting Android

 

Open Handset Alliance

 

Open Handset Alliance

Objective:        To build a better mobile phone to enrich       the lives of countless people across the globe.

3rd Party Partners

Mocana -- NanoPhone• Secure Web Browser• VPN• FIPS Encryption• Virus & Malware Protection• Secure Firmware Updating• Robust Certificate Authentication

   

Hackers for Android

• Hackers make Android stronger• White hats want to plug holes• Example

o Browser Threat reported by Independent Security Evaluators

o Jailbreak hole fixed by Google over-the-air   

Conclusion

• Android is New & Evolving• Openness of Android

o Good in the long-runo Strong Community

• Robust Architecture• Powerful Computing Platform