Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

Published byWalter Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)"— Presentation transcript:

1 Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)

2

3 Overview Architecture of the Android Scope of Vulnerabilities for the Android Known Vulnerabilities for the Android General Vulnerabilities of Mobile Devices Organizations Supporting the Android

4 Architecture It is a software stack which performs several OS functions. The Linux kernel is the base of the software stack. Core Java libraries are on the same level as other libraries. The virtual machine called the Dalvik Virtual Machine is on this layer as well. The application framework is the next level.

5

6 Parts of Applications Activity An activity is needed to create a screen for a user application. Intents Intents are used to transfer control from one activity to another. Services It doesn't need a user interface. It continues running in the background with other processes run in the foreground.

7 Content Provider This component allows the application to share information with other applications.

8 Security Architecture - Overview

9 Scope of Vulnerabilities Refinements to MAC Model Delegation Public and Private Components Provision - No Security Access to Public Elements Permission Granting Using User's Confirmation Solutions ??? Precautions by Developers Special Tools for Users

10 Known Vulnerabilities Image Vulnerablities o GIF o PNG o BMP Web Browser

11 GIF Image Vulnerability Decode function uses logical screen width and height to allocate heap Data is calculated using actual screen width and height Can overflow the heap buffer allowing hacker can allow a hacker to control the phone

12 PNG Image Vulnerability Uses an old libpng file This file can allow hackers to cause a Denial of Service (crash)

13 BMP Image Vulnerability Negative offset integer overflow Offset field in the image header used to allocate a palette With a negative value carefully chosen you can overwrite the address of a process redirecting flow

14 Web Browser Vulnerability Vulnerability is in the multimedia subsystem made by PacketVideo Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic Confined to the "sandbox"

15 General Mobile Phone Vulnerabilities GSM o SMS o MMS CDMA Bluetooth Wireless vulnerabilities

16 GSM Vulnerabilities GSM o Largest Mobile network in the world o 3.8 billion phones on network David Hulton and Steve Muller o Developed method to quickly crack GSM encryption o Can crack encryption in under 30 seconds o Allows for undetectable evesdropping Similar exploits available for CDMA phones

17 SMS Vulnerabilities SMS o Short Messaging System o Very commonly used protocol o Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive.

18 MMS Vulnerabilities MMS o Unsecure data protocol for GSM o Extends SMS, allows for WAP connectivity Exploit of MMS can drain battery 22x faster o Multiple UDP requests are sent concurrently, draining the battery as it responds to request Does not expose data Does make phone useless

19 Bluetooth Vulnerabilities Bluetooth o Short range wireless communication protocol o Used in many personal electronic devices o Requires no authentication An attack, if close enough, could take over Bluetooth device. Attack would have access to all data on the Bluetooth enabled device Practice known as bluesnarfing

20 Organizations Supporting Android Google Open Handset Alliance 3rd Parties (ex: Mocana) Users Hackers

21 Organizations Supporting Android

22 Open Handset Alliance

23 Objective: To build a better mobile phone to enrich the lives of countless people across the globe.

24 3rd Party Partners Mocana -- NanoPhone Secure Web Browser VPN FIPS Encryption Virus & Malware Protection Secure Firmware Updating Robust Certificate Authentication

25 Hackers for Android Hackers make Android stronger White hats want to plug holes Example o Browser Threat reported by Independent Security Evaluators o Jailbreak hole fixed by Google over-the-air

26 Conclusion Android is New & Evolving Openness of Android o Good in the long-run o Strong Community Robust Architecture Powerful Computing Platform

Download ppt "Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)"

Similar presentations

Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
Presentation by Amal Babu New OS of Google, initially designed for netbooks Released in second half of 2010 Google chrome browser on Linux kernel Inbuilt.

Presentation by Amal Babu New OS of Google, initially designed for netbooks Released in second half of 2010 Google chrome browser on Linux kernel Inbuilt.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.

MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.
Android architecture overview

Android architecture overview
Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.

Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.

UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager Molde University College.

Mobile and Wireless Security INF245 Guest lecture by Bjorn Jager Molde University College.
Mobile Application Development

Mobile Application Development
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.

Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Introduction to Android Platform Overview 19.3.2013.

Introduction to Android Platform Overview
To be Presented by, T.Sathishkumar [11mw07] 1. Synopsis Introduction Version Features License An Application Development Demo Possibilities Advantages.

To be Presented by, T.Sathishkumar [11mw07] 1. Synopsis Introduction Version Features License An Application Development Demo Possibilities Advantages.

Similar presentations

Ads by Google