bypassing the android permission model
play

Bypassing the Android Permission Model Georgia Weidman Founder and - PowerPoint PPT Presentation

Mar 05, 2023 •368 likes •819 views

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the permission model working? Are users making good decisions? Most Popular Android App Demo App abusing permissions Demo explained Permissions:

  1. Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC

  2. Is the permission model working? Are users making good decisions?

  3. Most Popular Android App

  4. Demo App abusing permissions

  5. Demo explained Permissions: − Read IMEI − Read Contacts − Send SMS We exploited every one of these

  6. Rooting Android

  7. Rooting Android for Evil (DroidDream)

  8. DroidDream Permissions INTERNET READ_PHONE_STATE CHANGE_WIFI_STATE ACCESS_WIFI_STATE

  9. DroidDream

  10. DroidDream

  11. DroidDream Rooting Exploid CVE-2010-Easy (RageAgainsttheCage)

  12. DroidDream Root Payload  Permission model no longer applies − installed packages − All personal data − Send to C&C

  13. Rooting Android

  14. Demo Demo: Malicious post root payload

  18. How the Botnet Works Bot Receives a Message Bot Decodes User Data Checks for Bot Key Performs Functionality

  19. Mitigation  Users update their phones  That means they need the updates pushed out  That means you third party platforms!!

  22. Android Storage  Sdcard  VFAT  With apps  Only visible to app (default)  World readable

  23. Demo Exploiting bad storage practices

  24. Demo Explained  Stores sensitive data on the sdcard  Sdcard is VFAT  Everything is world readable

  25. Demo Explained  Discovers how the data is stored  Accesses it  Sends it to an attacker

  26. Code Examples Vulnerable Code Malicious Code

  27. BadSaveFile

  28. BadSendFile

  29. Wait? How do we get source code? Winzip/7zip etc. dex2jar jd-gui Whitepaper with more info: http://cdn01.exploit-db.com/wp- content/themes/exploit/docs/17717.pdf

  33. Nonsensical Code while (true) { if (i < 0); String str; while (true) { return; try {

  34. Mitigation  Store information securely  Not on sdcard  Not in source code  Not world readable

  35. Android Interfaces  Call other programs  Don't reinvent the wheel  Take a picture  Twitter from photo app

  36. Demo Exploiting open interface with SMS functionality

  37. Demo Explained  When it is called it sends an SMS  Caller can set the number and message  Sadly this is considered useful!

  38. Demo Explained  Calls the SMSBroadcastr  Sends number and message  Sends an SMS

  39. Code Examples Vulnerable Code Malicious Code

  40. SMSBroadcastr

  41. SMSIntent

  42. Mitigations  Don't have dangerous functionality available in interfaces  Require user interaction (click ok)  Require-permission tag in manifest for interface

  43. Contact Georgia Weidman georgiaweidman.com bulbsecurity.com georgia@bulbsecurity.com @georgiaweidman

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A certified reference validation mechanism for the permission model of Android Gustavo Betarte

A certified reference validation mechanism for the permission model of Android Gustavo Betarte

Motivation Introduction Specification Verification A certified reference validation mechanism for the permission model of Android Gustavo Betarte Juan Campo Felipe Gorostiaga Carlos Luna InCo, Facultad de Ingenier a, Universidad de

850 views • 73 slides
Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich

Small Changes, Big Changes: An Updated View on the Android Permission System Yury Zhauniarovich Olga Gadyatskaya RAID 2016 Sensitive Resource Protection in Android Android is the most popular mobile OS: - ~ 2 billion of third-party apps

523 views • 24 slides
AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max

AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max

AVPASS: Automatically Bypassing Android Malware Detection System Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, and Taesoo Kim Georgia Institute of Technology, July 27, 2017 Ab About t Us SSLab (@GT) Focusing on s ystem and security

1.25k views • 72 slides
Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven

Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven

Bypassing Android Password Manager Apps Without Root Stephan Huber, Siegfried Rasthofer, Steven Arzt Fraunhofer SIT 2 Stephan Siegfried Mobile Security Researcher at Head of Department Secure Fraunhofer SIT Software Engineering

948 views • 58 slides
SigPID: Significant Permission Identification for Android Malware Detection Authors: Lichao Sun,

SigPID: Significant Permission Identification for Android Malware Detection Authors: Lichao Sun,

SigPID: Significant Permission Identification for Android Malware Detection Authors: Lichao Sun, Zhiqiang Li, Qiben Yan, Witawas Srisa-an and Yu Pan Department of Computer Science and Engineering University of Nebraska Lincoln Presenters: Yu

999 views • 24 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And

Android Framework Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android Alexandre Bartel University of Luxembourg September 8, 2014 Supervisor: Yves Le Traon Advisors:

992 views • 77 slides
THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson Tim Wyatt BlackHat USA 2010 AGENDA Android Internals Overview Security/Permission Model Why Ask For Permission When You Can Ask For

1.17k views • 87 slides
TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan, Kaiming Cheng, Zhen Zhang, Yinzhi Cao, Yuan Tian Permission-based Access Control Android Chrome IFTTT 2

842 views • 82 slides
Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto

Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto

PScout: Analyzing the Android Permission Specification Kathy Au, Billy Zhou, James Huang, David Lie University of Toronto Smartphone Permission System Smartphones are loaded with sensors GPS, camera, microphone, NFC, Wi-Fi radio, etc.

601 views • 27 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer

CS5530 Mobile/Wireless Systems GPS/Location in Android Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang UC. Colorado Springs CS5530 Ref. CN5E, NT@UW, WUSTL Android Location Interface 1. Request permission in

207 views • 10 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API -

- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API -

- Rohit Vobbilisetty What is the Camera API Capture Photos Capture Videos Camera API - Android 2 Before starting Declare the permissions in the Android Manifest Camera Usage: &lt;uses-permission android:name=

355 views • 19 slides
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net

Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript Bypassing browser

1.1k views • 48 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest &lt;manifest xmlns:android=&quot;http://schemas.android.com/apk/res/android&quot; package=&quot;net.cserna.bence.colorguess

201 views • 3 slides
Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting,

Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting,

Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting, December 13, 2012 Agenda Migration background Request Tracker PSNC installation Migration Lessons learnt Migration

468 views • 11 slides
polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU

polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU

polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU Darmstadt Chapel Hill, June 19, 2012 The polymake System software for research in: geometric combinatorics: convex polytopes algebraic geometry

294 views • 10 slides
CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana

CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana

CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana Kosmajac, Tukai Pain Faculty of Computer Science Dalhousie University 29/31-Jan-2020 (3) CSCI 4152/6509 1 Lab Overview We will continue with the

260 views • 25 slides
Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different

Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different

Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different from being vague... The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.

824 views • 55 slides
Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run

459 views • 29 slides
: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of

: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of

: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of Computer Science APIs Define Protocols APIs often define object protocols Protocols restrict possible orderings of method calls

417 views • 24 slides
On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group

On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group

On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group Royal Holloway, University of London Introduction The role hierarchy is central to most RBAC models Modelled as a partially ordered set R

834 views • 25 slides
Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4, sec?ons 4.5 and 4.6 [SFK00] DAC vs RBAC DAC Users, Groups

415 views • 25 slides

More recommend