Upload File

having fun with secure messengers and android wear€¦ · • scada strangelove team • rdot.org...

  • Home
  • Documents
  • Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is
38
Having fun with secure messengers and Android Wear (and Android Auto) Artem Chaykin Positive Technologies CanSecWest’16

Upload: others

Post on 13-Jul-2020

8 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Having fun with secure messengers and Android Wear (and Android Auto)

Artem Chaykin

Positive Technologies

CanSecWest’16

Page 2: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Who I am? •  Russian hacker / Putin’s agent •  Mobile application security team lead •  SCADA Strangelove Team •  RDot.Org team member

Page 3: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android IPC basics •  Private memory for each process •  Data is passed through kernel module – Binder •  Intent-based

Page 4: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Intents •  Intent is an object •  App1 can send intents to exported components of App2

Intent

Packagename

Componentname

Ac0on Data

Page 5: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android IPC basics

Binder

App1

AppN

App2

Page 6: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android IPC basics

App1

Binder

IAc/vityManager

Page 7: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android IPC basics

App1

Binder

IAc/vityManager

App2

Page 8: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x1: MobiDM

Page 9: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x1: MobiDM

Page 10: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x1: MobiDM

Page 11: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent

Intent

Iden/ty Permissions

•  getActivity() •  getService() •  getBroadcast()

Page 12: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent App1

Page 13: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent App1

App2

pIntent

Page 14: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent App1

App2pIntent

Page 15: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent App1

App2pIntent

Page 16: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

PendingIntent

•  AlarmManager •  NotificationManager •  Identity confirmation

Page 17: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x2 – PendingIntent hijacking

•  3rd party push services •  Identity confirmation

Victims:

Page 18: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x2 – Victim:

Page 19: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x2 – Victim:

•  Exploit:

Page 20: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android Wear & Android Auto •  Remote Input class is based on PendingIntent

Page 21: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android Wear & Android Auto •  Remote Input class is based on PendingIntent

Page 22: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android Wear & Android Auto

Page 23: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android Wear & Android Auto

Page 24: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Android Wear & Android Auto

Voicereply

Page 25: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Spam Victim:

•  Bug:

Page 26: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Spam Victim:

•  Bug:

Page 27: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Spam Victim:

•  Exploit:

Page 28: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Spam Victim:

•  Result:

Page 29: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Spam •  Victims:

Page 30: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Intercepting Victim: •  Bug:

Page 31: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Intercepting Victim: •  Exploit:

Page 32: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Example 0x3: Intercepting

•  Android Auto victims:

•  Android Wear victims:

Page 33: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Detecting with Xposed module

Page 34: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Fixes Still no thanks

•  Signal – emailed Moxie – fixed same day – got “thanks” •  Telegram – emailed security@ - partial fix after ~ 45 days -

Page 35: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Microsoft

Page 36: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Microsoft

Page 37: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Fin! Questions?

Page 38: Having fun with secure messengers and Android Wear€¦ · • SCADA Strangelove Team • RDot.Org team member . Android IPC basics • Private memory for each process • Data is

Filmanalyse: Kubriks Dr. Strangelove und Lumets Fail Safe

Kubrick's Dr. Strangelove: Desire and the Fragmenting of ... · Kubrick's Dr. Strangelove 69 is the only one who reacts, proposing his mine shaft plan. He tries to fight the moment

Dr. Strangelove or: How I Learned to Stop Worrying and ... · Dr. Strangelove or: How I Learned to Stop Worrying and Love Malware Matthias Schmidt. Quid est Malware? 06/03/14 Matthias

Dr Strangelove Jan27 63 Numbered Revised

TEAM JOCH vs. Android › talks › shmoo11-teamjoch_v4.pdf · TEAM JOCH vs. Android - ShmooCon 2011 Slide # 12 Android Native Code • Dalvik VM != sandbox –Not limited to executing

StrangeLove Social Media Strategy

SCADA Strangelove: взлом во имя

Teamwork Learnings by the Android Wear Team at ustwo

Android Enterprise Essentials · 2020. 12. 1. · Android Enterprise Essentials Built by the Android team at Google, Android Enterprise Essentials is a simple and secure management

The Script of the Film Dr. Strangelove

SCADA StrangeLove Practical security assessment of European Smartgrid

How to Find Out the Right Android App Development Team

Team Tracker App - Team Communication app for iOS & Android

SCADA StrangeLove Kaspersky SAS 2014 - LHC

Dr. Strangelove Neg ADI

A TEAM COMPUTING IMPLEMENTATION ON THE ANDROID …

SCADA StrangeLove 2: We already know

WOR(L)DS OF DR. STRANGELOVE: The …L)DS OF DR. STRANGELOVE: The Persuasiveness and Institutionalization of Defense Rationalist Ideas on Nuclear Strategy, 1948-1963 By András Szalai

Dr. Strangelove, or how I learned to love plugin development

The Real Dr. Strangelove program

Platform Presentation Second Week Android Platform Team 27 / March / 2009

Kubrick's Dr. Strangelove: Desire and the …rua.ua.es/dspace/bitstream/10045/6041/1/RAEI_07_06.pdfKubrick's Dr. Strangelove: Desire and the Fragmenting ... preestablished system of

Dr. Strangelove: A Continuity Transcript Dr. Strangelove: or, How I

DR. STRANGELOVE by Stanley Kubrick Terry Southern … Acrobat... · DR. STRANGELOVE by Stanley Kubrick Terry Southern ... That goes for every last one of you, ... personally. Second,

Android Attack Team Thursday January 21, 2016Bootcamp 2016 ... · Google Proprietary + Confidential Bootcamp 2016 Proactive bug finding Android Attack Team Thursday January 21, 2016

SCADA Strangelove: Hacking in the Name

Dr. Strangelove Background PDF - · PDF fileclassroom analysis of Dr. Strangelove can help launch lively discus- sions about the Cold War and the nuclear arms race

Researcher & Android Developer iOS Developer & Team Leader …princetonacm.acm.org/tcfpro/Universal_User_Interface... · 2015-04-11 · Researcher & Android Developer Seidenberg School

Dr. Strangelove or: How I Learned to Stop Worrying and Love Malware

Android Team Awareness Kit (ATAK) and ArcGIS•The Android Team Awareness Kit (ATAK) is an extensible moving map display with an open Application Programming Interface (API) for Android

Dr. Strangelove, la crítica paródica del horror nuclear

Malicious For Android Smartphones Dialer For Android... · Malicious Dialer For Android Smartphones Team members: Dina Atia, 100020242 Fatma Mohamed, 100020254 Mervat Hafez, 100020292

Sergey Gordeychik @scadasl  · •Visiting Professor, Harbour.Space University, Barcelona • Program Director, PHDays Conference, Moscow • SCADA Strangelove Research Team • Cyber-physical

A-Card Android App Final Presentation TEAM SIMPLICITY

Dr. Strangelove or: How I Learned to Stop Worrying and Love the BeEF