1. All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21

2. Computer Security & OS Lab. ContentsContents 2  Introduction  Android Security Model  Android Security Model Analysis  Attack Classes  Mitigations  Conclusion

3. Computer Security & OS Lab. IntroductionIntroduction 3  Today’s smartphone has as much processing power and memory as a high end laptop computer  Smartphone always-on devices which phone network connect and GPS services  Mobile OS made for more efficient management and large-scale attacks  Introduce attack mitigation about current security model

4. Computer Security & OS Lab. Android Security Model 4  Android is a Linux-based operating system, with a layered structure of services Core native libraries(C) Application framework(JAVA)  Android permission model Application require permission for request system resource  Each application is sandboxed by the kernel Applications have different UID  Application cannot access other application space Application can request other application’s resource with IPC(Intent)

5. Computer Security & OS Lab. Android Security Model 5  Confirm installing an application Before installing an applications, the user is presented with a list of all  This method is difficult for most users to understand. IPC mechanism more difficult to understand  Android system provide only two choices Yes or no

6. Computer Security & OS Lab. Android Security Model 6  Android Market is self-signing mechanism Market without employing any kind of central authority versus Apple’s App Store  This open policy attractive for attacker

7. Computer Security & OS Lab. Android Security Model Analysis 7  Application model SMS event cause broadcast to be sent system wide. Application register the ability to take action when broadcast observed And can assign themselves a priority over the broadcast Application can prevent broadcast

8. Computer Security & OS Lab. Android Security Model Analysis 8  Patch cycle

9. Computer Security & OS Lab. Android Security Model Analysis 9  Trusted USB Connections ADB bypass android market (for installing/uninstalling application) Unprivileged remote shell Attacker can executing malicious tool for exploit vulnerability  Recovery mode and boot process Attacker can replace malicious recovery image file For privileged access to the user’s information  Uniform privilege separation Security application, such as anti-virus application, limited AV require root privilege in order to block malware, spyware and phishing apps

10. Computer Security & OS Lab. Attack Classes 10  No physical access Attacker remote attack rely heavily on social engineering Ex) phishing, farming Attacker must get some malicious software To run code remotely on user’s device  Physical access with ADB enabled Non password or screen lock With ADB enabled Attacker can exploit the device through ADB  Physical access without ADB enabled Attacker unable to use ADB service Attacker load malicious code via recovery mode  Physical access on unobstructed device Non password or screen lock Attacker enabling ADB on, installing malicious application etc….

11. Computer Security & OS Lab. Unprivileged Attacks 11  User installing application via internet  Application sandboxed but access system resource with permissions  Trojan malware application found in legitimate Android Market  Malicious application running background with registered intent  Malicious application using legitimate API for disable screen lock  Application repackaging for downloading in Android Market

12. Computer Security & OS Lab. Remote Exploitation 12  Oberheid’s seemingly benign application but application would routinely make remote request for new payloads to execute. For privilege escalation  Linux exploit adaptable Android OS This feature maximized slow patch cycle

13. Computer Security & OS Lab. Physical Access without ADB Enabled 13  Attackers targeting recovery mode Generate customized recovery image  Modification init.rc and default.prop Modified init.rc run malicious code, such as root-kit init.rc file executable right to an su executable. default.prop file exchange ADB state unable -> enable  Physical access to unobstructed device Adaptable all methodologies

14. Computer Security & OS Lab. MitigationsMitigations 14  Reduce the Patch Cycle Length Separation between Google’s core and manufacturers patch  Privileged Applications Change permissions hierarchy  Leveraging Existing Security Technologies Adapting SELinux TaintDroid  Authenticated Downloads Apple’s AppStore  Authenticated ADB  Trusted Platform Module

15. Computer Security & OS Lab. ConclusionConclusion 15

16. Computer Security & OS Lab. ReferenceReference 16  http://developer.android.com/guide/topics/manifest/intent-filter- element.html http://developer.android.com/guide/topics/manifest/intent-filter- element.html  http://ko.wikipedia.org/wiki/ 신뢰 _ 플랫폼 _ 모듈 http://ko.wikipedia.org/wiki/ 신뢰 _ 플랫폼 _ 모듈

17. 감사합니다.