Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

Slides:

Advertisements

Similar presentations

Android Application Development A Tutorial Driven Course.

Advertisements

Presentation by Amal Babu New OS of Google, initially designed for netbooks Released in second half of 2010 Google chrome browser on Linux kernel Inbuilt.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.

Android architecture overview

Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

DEPARTMENT OF COMPUTER ENGINEERING

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

Mobile and Wireless Security INF245 Guest lecture by Bjorn Jager Molde University College.

Mobile Application Development

Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.

Introduction to Android Platform Overview

To be Presented by, T.Sathishkumar [11mw07] 1. Synopsis Introduction Version Features License An Application Development Demo Possibilities Advantages.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Android Introduction Platform Overview.

Programming mobile devices Part II Programming Symbian devices with Symbian C++

Mobile Application Development with ANDROID Tejas Lagvankar UMBC 29 April 2009.

About me Yichuan Wang Android Basics Credit goes to Google and UMBC.

Mobile Application Development using Android

By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.

THREATS TO MOBILE NETWORK SECURITY

TBD Android Security and Privacy #2 Prabhaker Mateti.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

Copyright© Jeffrey Jongko, Ateneo de Manila University Android.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

Chapter 2: Operating-System Structures. 2.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 14, 2005 Operating System.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Android Security Auditing Slides and projects at samsclass.info.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.

Created By. Jainik B Patel Prashant A Goswami Gujarat Vidyapith Computer Department Ahmedabad.

Wireless and Mobile Security

Mobile Application Development with ANDROID Umang Patel(6537) LDCE.

1 Android Workshop Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.

Wireless Mesh Networking or Peer to Peer Technology Andre Lukito – Johnsonsu – Wednesday, 9.

Analysis And Research Of System Security Based On.

Android operating system N. Sravani M. Tech(CSE) (09251D5804)

By Adam Reimel. Outline Introduction Platform Architecture Future Conclusion.

By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.

Accelerometer based motion gestures for mobile devices Presented by – Neel Parikh Advisor Committee members Dr. Chris Pollett Dr. Robert Chun Dr. Mark.

Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.

Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.

Visit for more Learning Resources

Understanding Android Security

Architecture of Android

ANDROID AN OPEN HANDSET ALLIANCE PROJECT

Chapter 2: Operating-System Structures

CASE STUDY 1: Linux and Android

Android Security and Privacy #2

Contents: Introduction Different Mobile Operating Systems

CMPE419 Mobile Application Development

Application Development A Tutorial Driven Course

Android Introduction Platform Mihail L. Sichitiu.

Understanding Android Security

CMPE419 Mobile Application Development

Security in Mobile Computing

Chapter 10. Mobile Device Security

Presentation transcript:

Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

Overview Architecture of the Android Scope of Vulnerabilities for the Android Known Vulnerabilities for the Android General Vulnerabilities of Mobile Devices Organizations Supporting the Android

Architecture It is a software stack which performs several OS functions. The Linux kernel is the base of the software stack. Core Java libraries are on the same level as other libraries. The virtual machine called the Dalvik Virtual Machine is on this layer as well. The application framework is the next level.

Parts of Applications Activity An activity is needed to create a screen for a user application. Intents Intents are used to transfer control from one activity to another. Services It doesn't need a user interface. It continues running in the background with other processes run in the foreground.

Content Provider This component allows the application to share information with other applications.

Security Architecture - Overview

Scope of Vulnerabilities Refinements to MAC Model Delegation Public and Private Components Provision - No Security Access to Public Elements Permission Granting Using User's Confirmation Solutions ??? Precautions by Developers Special Tools for Users

Known Vulnerabilities Image Vulnerablities o GIF o PNG o BMP Web Browser

GIF Image Vulnerability Decode function uses logical screen width and height to allocate heap Data is calculated using actual screen width and height Can overflow the heap buffer allowing hacker can allow a hacker to control the phone

PNG Image Vulnerability Uses an old libpng file This file can allow hackers to cause a Denial of Service (crash)

BMP Image Vulnerability Negative offset integer overflow Offset field in the image header used to allocate a palette With a negative value carefully chosen you can overwrite the address of a process redirecting flow

Web Browser Vulnerability Vulnerability is in the multimedia subsystem made by PacketVideo Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic Confined to the "sandbox"

General Mobile Phone Vulnerabilities GSM o SMS o MMS CDMA Bluetooth Wireless vulnerabilities

GSM Vulnerabilities GSM o Largest Mobile network in the world o 3.8 billion phones on network David Hulton and Steve Muller o Developed method to quickly crack GSM encryption o Can crack encryption in under 30 seconds o Allows for undetectable evesdropping Similar exploits available for CDMA phones

SMS Vulnerabilities SMS o Short Messaging System o Very commonly used protocol o Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive.

MMS Vulnerabilities MMS o Unsecure data protocol for GSM o Extends SMS, allows for WAP connectivity Exploit of MMS can drain battery 22x faster o Multiple UDP requests are sent concurrently, draining the battery as it responds to request Does not expose data Does make phone useless

Bluetooth Vulnerabilities Bluetooth o Short range wireless communication protocol o Used in many personal electronic devices o Requires no authentication An attack, if close enough, could take over Bluetooth device. Attack would have access to all data on the Bluetooth enabled device Practice known as bluesnarfing

Organizations Supporting Android Google Open Handset Alliance 3rd Parties (ex: Mocana) Users Hackers

Organizations Supporting Android

Open Handset Alliance

Objective: To build a better mobile phone to enrich the lives of countless people across the globe.

3rd Party Partners Mocana -- NanoPhone Secure Web Browser VPN FIPS Encryption Virus & Malware Protection Secure Firmware Updating Robust Certificate Authentication

Hackers for Android Hackers make Android stronger White hats want to plug holes Example o Browser Threat reported by Independent Security Evaluators o Jailbreak hole fixed by Google over-the-air

Conclusion Android is New & Evolving Openness of Android o Good in the long-run o Strong Community Robust Architecture Powerful Computing Platform