Presentation is loading. Please wait.

Presentation is loading. Please wait.

ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,

Published bySilas Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,"— Presentation transcript:

1 ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo, Dr. Jixue Liu

2 Why Android: Share of Total Smartphone Market: 82.8%  iOS: 13.9% (up to Quarter 2, 2015; Source: idc.com) Number of Apps in Google Play: 1.6 million  App Store: 1.5 million (up to July, 2015; Source: statista.com) Share of Mobile attack Target: 99% - as January, 2014; Source: Kaspersky Lab

3 Focus:  Study popular Android communication apps  An adversary model  Case study apps

4 Communication Apps: VoIP Apps:  Growing popularity  Free app to app call, Cheaper app to phone call  Voice Call, Video Call, Conference Call, Text messages  Cross-Platform Mobile Browsers  Application to browse web pages in Mobile

5 VoIP Communication Encoding/Decoding : Analog Voice > Digital data > Analog Voice Characteristics of Codecs  Bit rate (Kbps)  Sample Size (Byte)  Sample Interval (ms)  Packet Per second (PPS) Constant Bit Rate (CBR) or Variable Bit Rate(VBR) Proprietary Codecs

6 Parts of VoIP Communication Signalling Control Session (SIP)  Session establishment  Codec negotiation RTP session  Voice data transfer

7 Identify Codec from intercepted packets If Signalling Control Session is not encrypted.

8 VoIP communication security  Encryption  Signalling Control Session Encryption  RTP packets Encryption  Proprietary Codec

9 Identify Codec from intercepted packets If Signalling Control Session is encrypted:  Calculate bit rate for each seconds from RTP payload  If (bitrate is constant)  Constant Bit rate(CBR) codec is used  Select matching or closest bitrate codecs  If (bitrate is dynamic)  Variable Bit rate (VBR) codec is used  Select “opus” decoder tool for decoding

10 Formula 1: Calculate Bit rate from RTP payload

11 Identify Codec from intercepted packets

12 Decoder Tools For CBR codec: RTP to wave decoders are freely available:  G.711, G.722, GSM : decoded by CloudShark  G.729, ILBC : decoder tool available for download  For VBR: we created a java applications  Takes each RTP packet from captured file  Decodes using official native libraries  Add header for linear wave sound  Save as wave file

13 Result

14 Part 2: Mobile Browser Lightweight Browsers:  Faster for web page loading  Growing popularity  Limited Plugins

15 Selected Browsers for Experiment

16 Browser Cache  Saves web resources when downloaded for the first time  Are loaded to the browser, when user access the same site  Contain: HTML file, CSS, JavaScript and media files

17 Android File System for applications Internal Storage: MODE_PRIVATE; accessible only by creator application, by default External Storage: Accessible to all applications

18 Cache Storage of the browsers Dolphin:  Cache resources: /sdcard/TunnyBrowser/Cache/webViewCache  Screenshots of tabs: /sdcard/TunnyBrowser/Cache/tablist_cache  Speed dial URLs: /sdcard/TunnyBrowser/Cache/speeddial_covers UC Browser:  Cache resources: sdcard/UCDownloads/cache/com.UCMobile.inti/  Data Traffic detail: /sdcard/UCDownloads/config/TrafficStats.db  Detailed browsing data: /sdcard/UCDownloads/offline/ApplicationCache.db

19 Cache Storage of the browsers Samsung Stock Browser:  Cache resources: /data/data/com.sec.android.app.sbrowser/cache/Cache/  Screenshots : /data/data/com.sec.android.app.sbrowser/files/thumbnail.bmp1 (Permission: Mode 644) CM Browser:  Cache Resources: /data/data/com.ksmobile.cb/app_webview/Cache  Browser History: /sdcard/CheetahBrowser/.data/

20 Why use External storage ? Larger Cache storage Capability Avoid risk of file deletion by System

21 Proposed adversary model Adversary Capability: Install application in user’s device Goals:  Know URLs visited by user  Know searched items : searched by user  Know the content of the webpage, visited by user

22 Application User Permission required:  WRITE_EXTERNAL_STORAGE  ACCESS_NETWORK_STATE Permission granted by Android, without users approval  READ_EXTERNAL_STORAGE  INTERNET

23 Targeted activities of application Know, when user started using browser Copy cache files to the Internal storage Upload files to the server Change content (Poison) in cache

24 Work Flow of the application

25 Result

26 Video: Getting Browsed content From Samsung Stock browser.

27 Conclusion Many Android users private information is at risk Adversary can:  Listen What the user is talking  See what the user is Browsing

28 Thank You

Download ppt "ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,"

Similar presentations

Review of Chapter 2. Important concepts – The Internet is a worldwide collection of networks that links millions of businesses, government agencies, educational.

Review of Chapter 2. Important concepts – The Internet is a worldwide collection of networks that links millions of businesses, government agencies, educational.
Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.

Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.
1 Multimedia on the Web: Issues of Bandwidth Bandwidth is a measure of the amount of data that can be sent through a communication pipeline each second.

1 Multimedia on the Web: Issues of Bandwidth Bandwidth is a measure of the amount of data that can be sent through a communication pipeline each second.
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.
Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.

Kinesis Survey Technologies Kinesis Webinar January 8 & 9, 2014 Mobile Testing - Best Practices.
Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.

Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
Simulation 1: Calculate the total bandwidth required for a VoIP call

Simulation 1: Calculate the total bandwidth required for a VoIP call
HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to www.hnadrive.com Site supports: Internet.

HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to Site supports: Internet.
TEL500-Voice Communications Session initiation protocol improvement using inter- asterisk exchange Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication.

TEL500-Voice Communications Session initiation protocol improvement using inter- asterisk exchange Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication.
Discovering Computers: Chapter 1

Discovering Computers: Chapter 1
Mastering the Internet, XHTML, and JavaScript Chapter 2 Web Browsers.

Mastering the Internet, XHTML, and JavaScript Chapter 2 Web Browsers.
James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.

James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.
K. Salah 1 Chapter 28 VoIP or IP Telephony. K. Salah 2 VoIP Architecture and Protocols Uses one of the two multimedia protocols SIP (Session Initiation.

K. Salah 1 Chapter 28 VoIP or IP Telephony. K. Salah 2 VoIP Architecture and Protocols Uses one of the two multimedia protocols SIP (Session Initiation.
Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.
Group #2 - Rebecca Patton, Cecilia Macris, Elizabeth Dunne Google Bookmarks, Google Books, & Google Play.

Group #2 - Rebecca Patton, Cecilia Macris, Elizabeth Dunne Google Bookmarks, Google Books, & Google Play.
PowerPoint Presentation to Accompany GO! with Internet Explorer 9 Getting Started Chapter 3 Exploring the World Wide Web with Internet Explorer 9.

PowerPoint Presentation to Accompany GO! with Internet Explorer 9 Getting Started Chapter 3 Exploring the World Wide Web with Internet Explorer 9.

Similar presentations

Ads by Google