By: Chuqing He. Android Overview - Purchased by Google in 2005 - First Android Phone was sold in Oct. 2008 - Linux-based - Holds 75% of the worldwide.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky Chang Oct 13, 2014 The Hong Kong Polytechnic University Information Security.
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Indirect File Leaks in Mobile Applications Daoyuan Wu and Rocky K. C. Chang The Hong Kong Polytechnic University May 21, MoST’15, in conjunction.
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
Researcher Finds Google Android Data Stealing Vulnerability 報告者:劉旭哲.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Chapter Nine Maintaining a Computer Part III: Malware.
Forms, Validation Week 7 INFM 603. Announcements Try placing today’s example in htdocs (XAMPP). This will allow you to execute examples that rely on PHP.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
IT 210 The Internet & World Wide Web introduction.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
The Internet A Wide Area Network across the world The network of networks –Lots of smaller networks joined together.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Computer Security and Penetration Testing
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis Carsten Willems 1, Thorsten Holz 1, Felix Freiling 2 1 Ruhr-University.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)
Android WebKit browser exploit 報告者:劉旭哲. Nov, Alert Logic Researcher M.J.Keith show a exploit in the Webkit in the Android. This exploit could lead to.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Web Design and Development. World Wide Web  World Wide Web (WWW or W3), collection of globally distributed text and multimedia documents and files 
Processes and Virtual Memory
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Threads. Readings r Silberschatz et al : Chapter 4.
JavaScript and Ajax (Internet Background) Week 1 Web site:
GHOST 2.0: What you need to know about the glibc getaddrinfo vulnerability (CVE ) Johannes B. Ullrich, Ph.D, SANS
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
4.01 How Web Pages Work.
Module 51 (Mobile Device Fundamentals - Android)
Protecting Memory What is there to protect in memory?
Web Concepts Lesson 2 ITBS2203 E-Commerce for IT.
Protecting Memory What is there to protect in memory?
JavaScript and Ajax (Internet Background)
Protecting Memory What is there to protect in memory?
CNIT 131 Internet Basics & Beginning HTML
Download Instructions
PRESENTATION 1.0 BY – SAFEEBOOK Web browsers.
Software Security Lesson Introduction
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Client-Server Model: Requesting a Web Page
Understanding and Preventing Buffer Overflow Attacks in Unix
4.01 How Web Pages Work.
Introduction to JavaScript
Run-time environments
Cross Site Request Forgery (CSRF)
Presentation transcript:

By: Chuqing He

Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide smartphone market

CVE Entries for Android

Use-After-Free Remote ShellCode Execution on WebKit Discovered by MJ Keith CVE Cvss: 9.3 Allows Remote attacker to execute arbitrary code or cause a denial of service via crafted HTML document Affects Android 2.1 and earlier

WebKit Layout engine software designed to allow web browsers to render web pages Default browser in Apple iOS, Android, BlackBerry, etc.

Background Remote Shellcode provide the attacker access to the target machine across the network Use after free  A pointer to memory that was deallocated, reallocating the memory can lead to control Android protects stack from being overwritten Randomized stack layout prevents attacker relying on specific addresses We target the heap

Attack Overview Make references to the element in 2 different ways Remove the element using our second reference, unlocking the memory. First reference retains its pointer to the de- allocated spot in memory We can reallocate the memory to the first reference. Using a for loop we can create the same string over and over until we collect garbage and refill the memory with our new data We can now request data from our original variable

Continued Break before we crash.

Continued We control the address in r0 We need to send it to an address that will point to our shellcode We need to control heap memory

Android Data Stealing Vulnerability  Discovered by Thomas Cannon  CVE  Cvss Score 4.3  Allows remote attackers to obtain SD contents via crafted URL  Affects Android and earlier

Attack Overview: The Android Browser doesn’t prompt the user when downloading a file  for file “payload.html”, it automatically downloads to /sdcard/download/payload.html It is possible to automatically open this payload using JavaScript, causing the browser to render the local file.

Attack Overview When opening an HTML within this local context, the Android browser will run Javascript without prompting the user. While in this local context, the Javascript is able to read the contents of files

Mitigation Disable Javascript in the browser Use another browser: it prompts you before downloading the payload Watch for HTML file sent through

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.