Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Chuqing He. Android Overview - Purchased by Google in 2005 - First Android Phone was sold in Oct. 2008 - Linux-based - Holds 75% of the worldwide.

Published byErika Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "By: Chuqing He. Android Overview - Purchased by Google in 2005 - First Android Phone was sold in Oct. 2008 - Linux-based - Holds 75% of the worldwide."— Presentation transcript:

1 By: Chuqing He

2 Android Overview - Purchased by Google in 2005 - First Android Phone was sold in Oct. 2008 - Linux-based - Holds 75% of the worldwide smartphone market

3

4

5 CVE Entries for Android

6 Use-After-Free Remote ShellCode Execution on WebKit Discovered by MJ Keith CVE-2010-1807 Cvss: 9.3 Allows Remote attacker to execute arbitrary code or cause a denial of service via crafted HTML document Affects Android 2.1 and earlier

7 WebKit Layout engine software designed to allow web browsers to render web pages Default browser in Apple iOS, Android, BlackBerry, etc.

8 Background Remote Shellcode provide the attacker access to the target machine across the network Use after free  A pointer to memory that was deallocated, reallocating the memory can lead to control Android protects stack from being overwritten Randomized stack layout prevents attacker relying on specific addresses We target the heap

9 Attack Overview Make references to the element in 2 different ways Remove the element using our second reference, unlocking the memory. First reference retains its pointer to the de- allocated spot in memory We can reallocate the memory to the first reference. Using a for loop we can create the same string over and over until we collect garbage and refill the memory with our new data We can now request data from our original variable

10

11 Continued Break before we crash.

12

13 Continued We control the address in r0 We need to send it to an address that will point to our shellcode We need to control heap memory

14

15 Android Data Stealing Vulnerability  Discovered by Thomas Cannon  CVE-2010-4804  Cvss Score 4.3  Allows remote attackers to obtain SD contents via crafted URL  Affects Android 2.3.3 and earlier

16 Attack Overview: The Android Browser doesn’t prompt the user when downloading a file  for file “payload.html”, it automatically downloads to /sdcard/download/payload.html It is possible to automatically open this payload using JavaScript, causing the browser to render the local file.

17 Attack Overview When opening an HTML within this local context, the Android browser will run Javascript without prompting the user. While in this local context, the Javascript is able to read the contents of files

18 Mitigation Disable Javascript in the browser Use another browser: it prompts you before downloading the payload Watch for HTML file sent through email

Download ppt "By: Chuqing He. Android Overview - Purchased by Google in 2005 - First Android Phone was sold in Oct. 2008 - Linux-based - Holds 75% of the worldwide."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky Chang Oct 13, 2014 The Hong Kong Polytechnic University Information Security.

Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky Chang Oct 13, 2014 The Hong Kong Polytechnic University Information Security.
Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.

Dynamic Memory Allocation (also see pointers lectures) -L. Grewe.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.

Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:

Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Indirect File Leaks in Mobile Applications Daoyuan Wu and Rocky K. C. Chang The Hong Kong Polytechnic University May 21, 2015 1 MoST’15, in conjunction.

Indirect File Leaks in Mobile Applications Daoyuan Wu and Rocky K. C. Chang The Hong Kong Polytechnic University May 21, MoST’15, in conjunction.
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,

Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
Researcher Finds Google Android Data Stealing Vulnerability 報告者:劉旭哲.

Researcher Finds Google Android Data Stealing Vulnerability 報告者:劉旭哲.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Forms, Validation Week 7 INFM 603. Announcements Try placing today’s example in htdocs (XAMPP). This will allow you to execute examples that rely on PHP.

Forms, Validation Week 7 INFM 603. Announcements Try placing today’s example in htdocs (XAMPP). This will allow you to execute examples that rely on PHP.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
IT 210 The Internet & World Wide Web introduction.

IT 210 The Internet & World Wide Web introduction.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google