Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Mobile Computing

Published byMonika Müllerová Modified over 5 years ago

Similar presentations

Presentation on theme: "Security in Mobile Computing"— Presentation transcript:

1 Security in Mobile Computing
Prabhaker Mateti

2 Some Statistics 6.77 billion people[1]
1.48 billion Internet enabled PCs[2] 4.10 billion mobile phones[1] Mobile phone replacement rate 12-18 month average[3] 1.1 billion mobile phones are purchased per year[4] 13.5% of mobile phone sales are smartphones[5] The number of smartphones will soon compare with the number of Internet enabled PCs stamosa speaks [1] on The World Factbook) [2] [3]  [4] [5]

3 Mobile Security is Getting Interesting
Techniques for desktop analysis are more useful to smart phones Mobile networks can now be easily manipulated  From phones: Miller, Lackey, Miras at BlackHat 2009 From false base stations:   [stamosa]

4 Mobile Security Matures
We are now seeing attacks against all layers of mobile infrastructure: Applications Platform OS Baseband Network

5 Mobile Security Matures
We are now seeing attacks against all layers of mobile infrastructure: Applications Platform OS Baseband Network Mobile devices must be treated as fully fledged computers. Do not assume they are "special".

6 Security Philosophy Finite time and resources
Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to prevent security breaches from occurring Need to minimize the impact of a security breach Need to detect vulnerabilities and security breaches Need to react to vulnerabilities and security breaches swiftly richc

7 Prevent 5 million new lines of code
Uses almost 100 open source libraries Android is open source ⇒ can't rely on obscurity Teamed up with security experts from Google Security Team iSEC Partners n.runs Concentrated on high risk areas Remote attacks Media codecs New/custom security features Low-effort/high-benefit features ProPolice stack overflow protection Heap protection in dlmalloc stamosa

8 Breadth of MobiComp Security Issues
Molbile Computing includes standard TCP/IP networking Wi-Fi, Access Points, WEP, WPA, … bluetooth, cellular, … networking => All of network security are relevant Additional areas of concern theft/loss of mobile device and its content limited computational power limited storage capacity CEG436: Mobile Computing (PM)

9 Security/Privacy of Android Devices
All the security/privacy issues of Mobile Computing Linux OS Many that are specific to the Android Application framework AndroidManifest.xml Activity, Service, Provider, … Manager CEG436: Mobile Computing (PM)

10 SecureMSM from Qualcomm
Support for open DRM implementations, including the three methods of OMA DRM version one: Forward lock Combined delivery Separate delivery Trusted execution of applications Fine granularity of permissions on executable content and API access control Trusted boot ensures integrity of mobile device software Secure file system ensures integrity of sensitive data CEG436: Mobile Computing (PM)

11 GIF Image Vulnerability
Decode function uses logical screen width and height to allocate heap Data is calculated using actual screen width and height Can overflow the heap buffer allowing hacker can allow a hacker to control the phone

12 PNG Image Vulnerability
Uses an old libpng file This file can allow hackers to cause a Denial of Service (crash)

13 BMP Image Vulnerability
Negative offset integer overflow Offset field in the image header used to allocate a palette With a negative value carefully chosen you can overwrite the address of a process redirecting flow

14 Web Browser Vulnerability
Vulnerability is in the multimedia subsystem made by PacketVideo Due to insufficient boundary checking when playing back an MP3 file, it is possible to corrupt the process's heap and execute arbitrary code on the device Can allow a hacker to see data saved on the phone by the web browser and to peek at ongoing traffic Confined to the "sandbox"

15 General Mobile Phone Vulnerabilities
GSM SMS MMS CDMA Bluetooth Wireless vulnerabilities

16 GSM Vulnerabilities GSM David Hulton and Steve Muller
Largest Mobile network in the world 3.8 billion phones on network David Hulton and Steve Muller Developed method to quickly crack GSM encryption Can crack encryption in under 30 seconds Allows for undetectable evesdropping Similar exploits available for CDMA phones

17 SMS Vulnerabilities SMS
Short Messaging System Very commonly used protocol Used to send "Text Messages" GSM uses 2 signal bands, 1 for "control", the other for "data". SMS operates entirely on the "control" band. High volume text messaging can disable the "control" band, which also disables voice calls. Can render entire city 911 services unresponsive.

18 MMS Vulnerabilities MMS Exploit of MMS can drain battery 22x faster
Unsecure data protocol for GSM Extends SMS, allows for WAP connectivity Exploit of MMS can drain battery 22x faster Multiple UDP requests are sent concurrently, draining the battery as it responds to request Does not expose data Does make phone useless

19 Bluetooth Vulnerabilities
Short range wireless communication protocol Used in many personal electronic devices Requires no authentication An attack, if close enough, could take over Bluetooth device. Attack would have access to all data on the Bluetooth enabled device Practice known as bluesnarfing

20 Hackers for Android Hackers make Android stronger
White hats want to plug holes Example Browser Threat reported by Independent Security Evaluators Jailbreak hole fixed by Google over-the-air

21 dlmalloc Heap consolidation attack
Allocation meta-data is stored in band Heap overflow can perform 2 arbitrary pointer overwrites To fix, check: b->fd->bk == b b->bk->fd == b

22 WebKit Heap Overflow

23 Minimize We cannot rely on prevention alone Vulnerabilities happen
Users will install malware Code will be buggy How can we minimize the impact of a security issue? My webmail cannot access my banking web app Same origin policy Why can malware access my browser? my banking info? Extend the web security model to the OS richc

24 Minimize Traditional operating system security Host based
User separation Mobile OSes are for single users User separation is like a "same user policy" Run each application in its own UID is like a "same application policy"  Privilege separation Make privilege separation relatively transparent to the developer richc

25 Application Sandbox Each application runs within its own UID and VM
Default privilege separation model Instant security features Resource sharing CPU, Memory Data protection FS permissions Authenticated IPC Unix domain sockets Place access controls close to the resource, not in the VM richc

26 Application Sandbox Place access controls close to the resource
Smaller perimeter ⇒ easier to protect Default Linux applications have too much power Lock down user access for a "default" application Fully locked down applications limit innovation Relying on users making correct security decisions is tricky richc

27 Permissions Whitelist model Allow minimal access by default
Allow for user accepted access to resources Ask users less questions Make questions more understandable 194 permissions More ⇒ granularity Less ⇒ understandability richc

28 More Privilege Separation
Media codecs are very complex ⇒ very insecure Won't find all the issues media libraries Banish OpenCore media library to a lesser privileged process mediaserver Immediately paid off Charlie Miller reported a vulnerability in our MP3 parsing oCERT richc

29 Detect A lesser-impact security issue is still a security issue
Internal detection processes Developer education Code audits Fuzzing Honeypot Everyone wants security ⇒ allow everyone to detect issues Users Developers Security Researchers stamosa

30 External Reports Applied formal methods to access SMS and Dialer
Patrick McDaniel, William Enck, Machigar Ongtang Applied formal methods to access SMS and Dialer Charlie Miller, John Hering Outdated WebKit library with PCRE issue XDA Developers Safe mode lock screen bypass Charlie Miller, Collin Mulliner MP3, SMS fuzzing results Panasonic, Chris Palmer Permission regression bugs If you find a security issue, please stamosa

31 User Reporting stamosa

32 A User Report MemoryUp: mobile RAM optimizer
faster, more stable, more responsive, less waiting time not quite stamosa

33 React Autoupdaters are the best security tool since Diffie-Hellman
Every modern operating system should be responsible for: Automatically updating itself Providing a central update system for third-party applications Android's Over-The-Air update system (OTA) User interaction is optional No additional computer or cable is required Very high update rate richc

34 Shared UID Regression Shared UID feature
Malware does not hurt computers, malware authors do Two applications are signed ⇒ can share UIDs More interactivity Panasonic reported that shared UID was broken If the user installs malware, then the attacker could share UIDs with an existing installed app, like the browser Breaks Application Sandbox richc

35 Update Process 2009-05-14 Panasonic reported the issue
Patched the issue, wrote regression tests Kicked off internal audit Built and tested every flavour of Android Coordinated a public response with the reporter, carriers, PR and oCERT Received critical-mass approval OTAed users, rolled out patches to factories, SDK, and open source Released advisory (oCERT ) richc

36 Not over yet! 2009-07-06 Completed audit and tests
Coordinated a public response with, carriers, PR and oCERT Received critical-mass approval OTAed users, rolled out patches to factories, SDK, and open source Released advisory (oCERT ) richc

37 Conclusion Security an ongoing process not a checkbox Process Prevent
Minimize Detect React richc

38 References William Enck and Patrick McDaniel, Understanding Android's Security Framework (Tutorial), 2010, siis.cse.psu.edu/android-tutorial.html Source code: android-sec-tutorial-src.tar.gz Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson, Vulnerability Study of the Android Jesse Burns, Mobile Application Security On Android, Black Hat Rich Cannings, Alex Stamos, Securing a mobile platform from the ground up CEG436: Mobile Computing (PM)

Download ppt "Security in Mobile Computing"

Similar presentations

Securing a mobile platform from the ground up

Securing a mobile platform from the ground up
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.

UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.
Android Security CEG436: Mobile Computing Prabhaker Mateti.

Android Security CEG436: Mobile Computing Prabhaker Mateti.
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Mobile Application Development

Mobile Application Development
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
Mobile Security Overview. Mobile is everywhere: Mobile is about transacting 1 96% year to year increase in mobile cyber Monday sales between 2012 and.

Mobile Security Overview. Mobile is everywhere: Mobile is about transacting 1 96% year to year increase in mobile cyber Monday sales between 2012 and.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.

Similar presentations

Ads by Google