ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,

Slides:

Advertisements

Similar presentations

Review of Chapter 2. Important concepts – The Internet is a worldwide collection of networks that links millions of businesses, government agencies, educational.

Advertisements

Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.

1 Multimedia on the Web: Issues of Bandwidth Bandwidth is a measure of the amount of data that can be sent through a communication pipeline each second.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.

Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

Simulation 1: Calculate the total bandwidth required for a VoIP call

HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to Site supports: Internet.

TEL500-Voice Communications Session initiation protocol improvement using inter- asterisk exchange Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication.

Discovering Computers: Chapter 1

Mastering the Internet, XHTML, and JavaScript Chapter 2 Web Browsers.

James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.

K. Salah 1 Chapter 28 VoIP or IP Telephony. K. Salah 2 VoIP Architecture and Protocols Uses one of the two multimedia protocols SIP (Session Initiation.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Group #2 - Rebecca Patton, Cecilia Macris, Elizabeth Dunne Google Bookmarks, Google Books, & Google Play.

PowerPoint Presentation to Accompany GO! with Internet Explorer 9 Getting Started Chapter 3 Exploring the World Wide Web with Internet Explorer 9.

With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.

Your storage on the ground; Your files in the cloud.

INTERNET CHAPTER 12 Information Available The INTERNET contains a huge amount of information a huge amount of information information on any topic you.

Internet Standard Grade Computing. Internet a wide area network spanning the globe. consists of many smaller networks linked together. Service a way of.

Going Mobile the In’s and Out’s of an Academic Library Mobile Site Ronda Holt, Information Technology Librarian Butler Community College Mary Walker, Electronic.

Objectives Overview Discuss the evolution of the Internet

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 5: Multimedia on the Web.

Voice Over IP (VoIP) “On A Shoe String “

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Ben Miller. Shawn “Jay Z” Carter  Rapper, Producer, Entrepreneur, Investor and Sports Agent  Worth nearly $500 Million  Arguably the most successful.

Objectives Overview Discuss the evolution of the Internet Briefly describe various broadband Internet connections Describe the purpose of an IP address.

P2P VoIP Speaker : Ching Chen Chang Date: 2007/09/27.

Chapter 3 (HW02) Exploring the World Wide Web with Internet Explorer 9.

Chapter 8 Browsing and Searching the Web. Browsing and Searching the Web FAQs: – What’s a Web page? – What’s a URL? – How does a browser work? – How do.

ﺑﺴﻢﺍﷲﺍﻠﺭﺣﻣﻥﺍﻠﺭﺣﻳﻡ. Group Members Nadia Malik01 Malik Fawad03.

Mobile web Sebastian Lopienski IT Technical Forum 29 June 2012.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Quick Start Guide (en) Communote 2.2. Communote GmbH· Kleiststraße 10 a · D Dresden/Germany · +49 (351) · ·

MODULE 3 Internet Basics © Paradigm Publishing, Inc.1.

What is the Internet? A world-wide computer network made up of tens of thousands of smaller networks. It’s the biggest network of all! So, what is a network?

Restricted © Siemens AG All rights reserved A Developer’s Insights Into Performance Optimizations for Mobile Web Apps CT DC AA EM LP2 | June 2015.

Poster Print Size: This poster template is 50” high by 30” wide and is printed at 120% for a 60” high by 36” wide poster. It can be used to print any poster.

Copyright © 2002 Pearson Education, Inc. Slide 3-1 Internet II A consortium of more than 180 universities, government agencies, and private businesses.

Chapter 11 Panko and Panko Business Data Networks and Security, 10 th Edition, Global Edition Copyright © 2015 Pearson Education, Ltd. Panko and Panko.

Matthew Baillie, Luke Day THE INTERNET. HISTORY OF THE INTERNET J.C.R. Licklider authored a series of memos concerning theoretical network structures.

Communication Methods

Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

5 Free Online Video Downloader for Android Google Android is the most popular phone system on the world, and the Android phone screen is becoming bigger.

丁建文國立高雄應用科大資管系副教授兼任計網中心軟體發展組組長跨平台行動應用軟體開發技術 : HTML5 & Mobile JavaScript Framework 暨南大學.

Chapter 11 Panko and Panko Business Data Networks and Security, 11 th Edition Copyright © 2016 Pearson Finally, Layer 5!

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.

What mobile ads know about mobile users

Distributed Control and Measurement via the Internet

Objectives Create a folder in Google Drive.

Instructor Materials Chapter 5 Providing Network Services

An Introduction to Office 365: OneDrive For Business

CaRT eCapacity Initiative Ghana Productivity Apps

An Introduction to Office 365: OneDrive For Business

Software Applications for end-users

What Mobile Ads Know About Mobile Users

What is the World Wide Web (www)

Introduction to Networks

Chapter 3 – part2.

E-commerce Infrastructure Web Servers / Web Clients / Web Browsers

Learn on the Move with the Moodle Mobile App

Yale Digital Conference 2019

Presentation transcript:

ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo, Dr. Jixue Liu

Why Android: Share of Total Smartphone Market: 82.8%  iOS: 13.9% (up to Quarter 2, 2015; Source: idc.com) Number of Apps in Google Play: 1.6 million  App Store: 1.5 million (up to July, 2015; Source: statista.com) Share of Mobile attack Target: 99% - as January, 2014; Source: Kaspersky Lab

Focus:  Study popular Android communication apps  An adversary model  Case study apps

Communication Apps: VoIP Apps:  Growing popularity  Free app to app call, Cheaper app to phone call  Voice Call, Video Call, Conference Call, Text messages  Cross-Platform Mobile Browsers  Application to browse web pages in Mobile

VoIP Communication Encoding/Decoding : Analog Voice > Digital data > Analog Voice Characteristics of Codecs  Bit rate (Kbps)  Sample Size (Byte)  Sample Interval (ms)  Packet Per second (PPS) Constant Bit Rate (CBR) or Variable Bit Rate(VBR) Proprietary Codecs

Parts of VoIP Communication Signalling Control Session (SIP)  Session establishment  Codec negotiation RTP session  Voice data transfer

Identify Codec from intercepted packets If Signalling Control Session is not encrypted.

VoIP communication security  Encryption  Signalling Control Session Encryption  RTP packets Encryption  Proprietary Codec

Identify Codec from intercepted packets If Signalling Control Session is encrypted:  Calculate bit rate for each seconds from RTP payload  If (bitrate is constant)  Constant Bit rate(CBR) codec is used  Select matching or closest bitrate codecs  If (bitrate is dynamic)  Variable Bit rate (VBR) codec is used  Select “opus” decoder tool for decoding

Formula 1: Calculate Bit rate from RTP payload

Identify Codec from intercepted packets

Decoder Tools For CBR codec: RTP to wave decoders are freely available:  G.711, G.722, GSM : decoded by CloudShark  G.729, ILBC : decoder tool available for download  For VBR: we created a java applications  Takes each RTP packet from captured file  Decodes using official native libraries  Add header for linear wave sound  Save as wave file

Result

Part 2: Mobile Browser Lightweight Browsers:  Faster for web page loading  Growing popularity  Limited Plugins

Selected Browsers for Experiment

Browser Cache  Saves web resources when downloaded for the first time  Are loaded to the browser, when user access the same site  Contain: HTML file, CSS, JavaScript and media files

Android File System for applications Internal Storage: MODE_PRIVATE; accessible only by creator application, by default External Storage: Accessible to all applications

Cache Storage of the browsers Dolphin:  Cache resources: /sdcard/TunnyBrowser/Cache/webViewCache  Screenshots of tabs: /sdcard/TunnyBrowser/Cache/tablist_cache  Speed dial URLs: /sdcard/TunnyBrowser/Cache/speeddial_covers UC Browser:  Cache resources: sdcard/UCDownloads/cache/com.UCMobile.inti/  Data Traffic detail: /sdcard/UCDownloads/config/TrafficStats.db  Detailed browsing data: /sdcard/UCDownloads/offline/ApplicationCache.db

Cache Storage of the browsers Samsung Stock Browser:  Cache resources: /data/data/com.sec.android.app.sbrowser/cache/Cache/  Screenshots : /data/data/com.sec.android.app.sbrowser/files/thumbnail.bmp1 (Permission: Mode 644) CM Browser:  Cache Resources: /data/data/com.ksmobile.cb/app_webview/Cache  Browser History: /sdcard/CheetahBrowser/.data/

Why use External storage ? Larger Cache storage Capability Avoid risk of file deletion by System

Proposed adversary model Adversary Capability: Install application in user’s device Goals:  Know URLs visited by user  Know searched items : searched by user  Know the content of the webpage, visited by user

Application User Permission required:  WRITE_EXTERNAL_STORAGE  ACCESS_NETWORK_STATE Permission granted by Android, without users approval  READ_EXTERNAL_STORAGE  INTERNET

Targeted activities of application Know, when user started using browser Copy cache files to the Internal storage Upload files to the server Change content (Poison) in cache

Work Flow of the application

Result

Video: Getting Browsed content From Samsung Stock browser.

Conclusion Many Android users private information is at risk Adversary can:  Listen What the user is talking  See what the user is Browsing

Thank You