secureme - droid' android security application by vishal asthana
TRANSCRIPT
![Page 1: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/1.jpg)
SecureMe - Droid
![Page 2: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/2.jpg)
About Us
Security Consultant at Security Compass Inc.
Active in…• Web, Mobile & Infrastructure Security• Research & Development, IoT (new!)• Quick-n-Dirty coder• Proud OSCP
![Page 3: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/3.jpg)
About Us
Director India Ops at Security Compass Inc.
• Researching in SDLC and Agile Security• SafeCode TLC representative• Co-leading the Delhi chapters– Null (since March 2014)– OWASP (since June 2014)
• Founder member of (ISC)² Delhi Chapter
![Page 4: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/4.jpg)
Where it started?
![Page 5: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/5.jpg)
Where it started?
![Page 6: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/6.jpg)
![Page 7: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/7.jpg)
• SMD: SecureMe – Droid• Android security application• Scan installed/updating apps• NVD CVE database as source
SecureMe – Droid Overview
![Page 8: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/8.jpg)
• No other app providing this feature• Some similar ideas:– Android OS security apps– Privacy apps
http://cmuchimps.org/– Trustable– Belarc
Birth of SMD
![Page 9: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/9.jpg)
SecureMe – Design Consideration
![Page 10: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/10.jpg)
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
SecureMe – Design Consideration
![Page 11: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/11.jpg)
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data
SecureMe – Design Consideration
![Page 12: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/12.jpg)
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data– Post scanning actions
• Uninstall unsafe app• Update app using Google Play
Store• Keep using app
– Why not disable app?
SecureMe – Design Consideration
![Page 13: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/13.jpg)
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data– Post scanning actions
• Uninstall unsafe app• Update app using Google Play Store• Keep using app
– Why not disable app?– Active over Mobile Data and WiFi
SecureMe – Design Consideration
![Page 14: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/14.jpg)
• App Scanning– Pre/Already installed apps– Just installed app– Updated app
• Scan depth– Low, Normal, Medium– High, Intense
• Scheduled Scan
SecureMe Droid Internals
![Page 15: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/15.jpg)
• Install SecureMe Droid– Google Play Store– Download from https://secureme.securitycompass.com/
SMD: Internals
![Page 16: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/16.jpg)
• SecureMe Droid detects– New app installation– Existing app update– Scan any installed app
• No sensitive information
SMD: Internals (contd.)
![Page 17: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/17.jpg)
• SecureMe Android Client and Server– HTTPS Communication
• Find security issues:– NVD CVE database
SMD: Internals (contd.)
![Page 18: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/18.jpg)
• SecureMe Scan Results– App is safe – App is unsafe
• Uninstall App• Keep App• Update app using Play Store
SMD: Internals (contd.)
![Page 19: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/19.jpg)
![Page 20: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/20.jpg)
• Am I Vulnerable (AIV)• Re-branded to SecureMe – Droid (SMD)• AIV + ReBranding = SMD
Where is AIV?
![Page 21: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/21.jpg)
Demo Time
![Page 22: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/22.jpg)
Conclusion• Fun side project• First ever conference acceptance and rollout• You MUST use it and provide feedback!
![Page 23: SecureMe - Droid' Android Security Application by Vishal Asthana](https://reader033.vdocuments.mx/reader033/viewer/2022051300/58ee55cc1a28ab6f358b4593/html5/thumbnails/23.jpg)
Abhineet JayarajSecurity Consultant
Vishal AsthanaRegional Director, India Operations
THANK YOU!
[email protected] [email protected]
W W W . S E C U R I T Y C O M P A S S . C O M