Speaker: Xiaojiang Du Authors: Xiali Hei, Xiaojiang Du and Shan Lin Temple University.

Slides:

Advertisements

Similar presentations

1.A tool helps us mange the state of an emulator instance or Android-powered device 2.It is client-sever program that include three comopnents: 1). A.

Advertisements

Lecture 6 Testing and Debugging on a Physical Android Device and other Power User Stuff.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

EEE 435 Principles of Operating Systems Operating System Concepts (Modern Operating Systems 1.5)

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

CMPTR1 CHAPTER 3 COMPUTER SOFTWARE Application Software – The programs/software/apps that we run to do things like word processing, web browsing, and games.

Web server security Dr Jim Briggs WEBP security1.

UFCFX5-15-3Mobile Device Development Android Development Environments and Windows.

For PROLiNK TA8 Honeycomb 3.2 Upgrade

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

Test Automation For Web-Based Applications Portnov Computer School Presenter: Ellie Skobel.

Presentation By Deepak Katta

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

ConfidentialPA Testing Mobile Applications A Model for Mobile Testing.

1 Setuid Demystified Hao Chen David Wagner UC Berkeley Drew Dean SRI International.

Researchers turn USB cable into attack tool 報告人：劉旭哲.

Secure Operating Systems Lesson B: Let’s go break something.

Java Android-8 Imran Shafi. Lecture Contents  Debugging Android Projects  Java/XML Errors  Debugger  Logcat Utility  Android Debug Bridge (adb) 

TEMPLATE DESIGN © Android Data Confidentiality Alex Mayer University of Houston Abstract Employees are increasingly relying.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

How Hardware and Software Work Together

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

System Software CSCI-N 100 Department of Computer and Information Science.

Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

Android Security Auditing Slides and projects at samsclass.info.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.

Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.

Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.

1 Setuid Demystified Hao Chen David Wagner UC Berkeley Drew Dean SRI International Proceedings of the 11th USENIX Security Symposium San Francisco, California,

Xiali Hei, Xiaojiang Du, Shan Lin Temple University

Privilege Escalation Two case studies. Privilege Escalation To better understand how privilege escalation can work, we will look at two relatively recent.

VMM Based Rootkit Detection on Android

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Android Root and its Providers: A double-edged sword Presented by: Peter Huang Paper written by: Hang Zhang, Dongdong She, Zhiyun Qian.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.

Full Review of Jihosoft Android Data Recovery

How to root Android Phone and Tablet for free and safe.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

Computer System Structures

Module 51 (Mobile Device Fundamentals - Android)

Mobile Device Development

Mobile Hacking - Fundamentals

WELCOME Mobile Applications Testing

A Presentation on Paper:

Rooting Android Created By : Mayank Talwar.

Defending Binder Attack Surfaces in Android

Binder Attack Surface in Android

Common Operating System Exploits

NEED OF JAILBREAKING IN IOS PENETRATION TESTING

What is an Operating System?

Nessus Vulnerability Scanning

Mobile Pen Testing w/ drozer

Preventing Performance Degradation on Operating System Reboots

Return-to-libc Attacks

IT Management, Simplified

Presentation transcript:

Speaker: Xiaojiang Du Authors: Xiali Hei, Xiaojiang Du and Shan Lin Temple University

Problem and Background 1. Goal and Contributions 2. Methods 3. Results 4. Conclusions 5.

 The Android operation system is widely used in smartphones and tablet devices.  There is no antivirus to protect the kernel of Android because its kernel is not open to security software company.  Tegra 2 CPU is a dual core and widely used in mobile devices [1]. If the driver of them has vulnerability, it will affect a lot of devices. And this kind of vulnerability is difficult to detected.

 Find 0-day vulnerabilities in Android OS. One 0- day vulnerability costs the government $ $ Also, it probably caused huge losses.  We revealed a security pitfall in the Tegra 2 CPU driver program on the Android operating system. Several severe security vulnerabilities are exposed by exploiting this pitfall.  We demonstrated how to perform system privilege escalation and denial-of-service attack using a real Samsung Galaxy Tablet.  We proposed a solution to fix the pitfall, our report to the problem has been accepted by Google.

 We examine the source codes of two packages: GTP7500 OpenSource.zip and GT-P7510 OpenSource.zip [1], and we find two vulnerabilities in the nvhost ioctl ctrl module regrdwr function in the file dev.c.  Vulnerability 1: Get user(offs, offsets) in Line 561 is used to get the offset from users. There is no boundary check on “offs”.  Vulnerability 2: Line 598: BUG ON( IOC SIZE(cmd)- >NVHOST IOCTL CTRL MAX ARG SIZE). The program fails to check the size of IOC SIZE(cmd).

 Fuzzy test  Fuzz testing is a automated or semi-automated software testing technique. We use it to find the first the vulnerability and exploit the second vulnerability.

 ADB  Android Debug Bridge (ADB) is a command line tool that allows your local computer to communicate with a connected Android-powered device or an emulator.  The attacker can use ADB’s push command to implant an exploit on the device, and use ADB’s shell command to launch the exploit and escalate his privilege.  After run adb get-serialno on the computer, the attack can get the serial number of a device.

 We conducted experiments on Android Honeycomb 3.1 using the Samsung Galaxy Tab 10.1 with Nvidia Tegra CPU.  And the results show that we can easily exploit these vulnerabilities and we can solve them with our fix methods.  We will present our results later. Note that, many android devices with Nvidia Tegra CPU suffer these vulnerabilities.

 Android is based on a modified Linux kernel and it applies the Discretionary Access Control (DAC) on the file system level.  If the uid = 0, this means that the user get root-level privilege, which is the goal of exploiting privilege escalation vulnerabilities.  We can scan the kallsyms log and find the offset of the sys-setuid function. This means that we can find out the address of the sys-setuid function.  We overwrite the code of setuid using newvalues[0] = 0 to get the root privilege, then setuid = 0.

 Logs for Experiment 1-Kernel privileges escalation vulnerability

Logs for Experiment 1-Kernel privileges escalation vulnerability Uid was changed to 0 from 7d0.

Kernel was panic and system was reset.

 We presented two new vulnerabilities in Tegra driver programs located in Android kernel.  The first vulnerability can be used to escalate the kernel privileges.  The second vulnerability can be used to launch the deny of service (DoS) attack.  We successfully exploited the two vulnerabilities on several versions of Android by using a real device - a Galaxy tablet device.  Furthermore, we provided security patches to fix the two vulnerabilities and we confirmed that the patches work.

Question?