Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC.

Published byAmy Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC."— Presentation transcript:

1 Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC

2 Is the permission model working? Are users making good decisions?

3 Most Popular Android App

4 Demo App abusing permissions

5 Demo explained Permissions:  Read IMEI  Read Contacts  Send SMS We exploited every one of these

6 Rooting Android

7 Rooting Android for Evil (DroidDream)

8 DroidDream Permissions INTERNET READ_PHONE_STATE CHANGE_WIFI_STATE ACCESS_WIFI_STATE

9 DroidDream

10

11 DroidDream Rooting Exploid CVE-2010-Easy (RageAgainsttheCage)

12 Rooting Android

13 DroidDream Root Payload Permission model no longer applies  installed packages  All personal data  Send to C&C

14 Rooting Android for Evil (DroidDream)

15 Rooting Android

16 Mitigation Users update their phones That means they need the updates pushed out That means you third party platforms!!

17

18

19 Android Storage Sdcard VFAT With apps Only visible to app (default) World readable

20 Demo Exploiting bad storage practices

21 Demo Explained Stores sensitive data on the sdcard Sdcard is VFAT Everything is world readable

22 Demo Explained Discovers how the data is stored Accesses it Sends it to an attacker

23 Code Examples Vulnerable Code Malicious Code

24 BadSaveFile

25 BadSendFile

26 Wait? How do we get source code? Winzip/7zip etc. dex2jar jd-gui Whitepaper with more info: http://cdn01.exploit-db.com/wp- content/themes/exploit/docs/17717.pdf

27

28

29

30 Nonsensical Code while (true) { if (i < 0); String str; while (true) { return; try {

31 Mitigation Store information securely Not on sdcard Not in source code Not world readable

32 Android Interfaces Call other programs Don't reinvent the wheel Take a picture Twitter from photo app

33 Demo Exploiting open interface with SMS functionality

34 Demo Explained When it is called it sends an SMS Caller can set the number and message Sadly this is considered useful!

35 Demo Explained Calls the SMSBroadcastr Sends number and message Sends an SMS

36 Code Examples Vulnerable Code Malicious Code

37 SMSBroadcastr

38 SMSIntent

39 Mitigations Don't have dangerous functionality available in interfaces Require user interaction (click ok) Require-permission tag in manifest for interface

40 Contact Georgia Weidman georgiaweidman.com bulbsecurity.com georgia@bulbsecurity.com @georgiaweidman

Download ppt "Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC."

Similar presentations

Kadra Alvaro April,2010. Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future.

Kadra Alvaro April,2010. Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future.
A new free student safety service for parents to find their Childs's location when: 1.If their child is in danger and seeks immediate help. 1.They receive.

A new free student safety service for parents to find their Childs's location when: 1.If their child is in danger and seeks immediate help. 1.They receive.
Dissecting Android Malware : Characterization and Evolution

Dissecting Android Malware : Characterization and Evolution
Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.

Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.
SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.

SAFETYCHECK Eric Hatch | David Allen |Bailee Lucas| Austin Rhodes.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.

Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.
Access · convergence · management security · performance Margins in Mobility – Ian Kilpatrick, Wick Hill.

Access · convergence · management security · performance Margins in Mobility – Ian Kilpatrick, Wick Hill.
Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.

Remote Access. What is the Remote Access Domain? remote access: the ability for an organization’s users to access its non-public computing resources from.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Presentation By Deepak Katta

Presentation By Deepak Katta
NFC.  Near Filed Communication  Is a short range high frequency wireless communication technology  Low speed (106 to 424 kbps)  Low friction setup.

NFC.  Near Filed Communication  Is a short range high frequency wireless communication technology  Low speed (106 to 424 kbps)  Low friction setup.
Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.

Android Declassification Infrastructure Matan David Yuval Evron Project Advisor: Roei Schuster 1.
Introduction to Mobile Malware

Introduction to Mobile Malware
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
DroidKungFu and AnserverBot

DroidKungFu and AnserverBot
Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Similar presentations

Ads by Google