Security Analysis of Android for Work Research Project #1 Tom - - PowerPoint PPT Presentation

security analysis of android for work
SMART_READER_LITE
LIVE PREVIEW

Security Analysis of Android for Work Research Project #1 Tom - - PowerPoint PPT Presentation

Nov 12, 2023 13 likes •186 views

Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1 project presentation, 2016 Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation,

slide-1
SLIDE 1

Security Analysis of Android for Work

Research Project #1 Tom Curran & Ruben de Vries RP1 project presentation, 2016

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 1 / 17

slide-2
SLIDE 2

What is Android for Work

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 2 / 17

slide-3
SLIDE 3

Why is it interesting?

Data separation achieved using separate user profiles Profiles run concurrently

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 3 / 17

slide-4
SLIDE 4

Research Question

Is it possible to read data from the work profile using a process started by the personal profile?

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 4 / 17

slide-5
SLIDE 5

Research Question; narrowed down

Is it possible to read data from a managed profile from the user profile using the binder? How does Android for Work handle encryption of data?

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 5 / 17

slide-6
SLIDE 6

Findings

Data can be read via the Binder Data is encrypted when device is switched off, but not once it is running.

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 6 / 17

slide-7
SLIDE 7

Encryption; Demo

[...] Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process.

  • Android for Work Security White Paper

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 7 / 17

slide-8
SLIDE 8

Root?

Root exploits uncovered in the past

Towel Root, affecting up to KitKat 4.4.2 (2014) Stagefright 2.0, affects up to Lollipop 5.1 (2015)

Rooting Marshmallow 6.0+ Harder but possible

SELinux Exploits in Linux kernel e.g. CVE-2016-0728 (2016) Fuzzing Android System Services by Binder, Blackhat 2015

Once you have root, lie about having it

All Your Root Checks Are Belong to Us, Blackhat 2015

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 8 / 17

slide-9
SLIDE 9

Android Version Distribution

Figure: Collected over 7-day period ending on 4th January 2016, Google.

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 9 / 17

slide-10
SLIDE 10

Application Sandboxing

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 10 / 17

slide-11
SLIDE 11

Binder IPC

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 11 / 17

slide-12
SLIDE 12

Binder IPC

Isolate kernel from user apps All communication between processes passes via the Binder Any data type can be sent Two components: kernel driver and library loaded in applications

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 12 / 17

slide-13
SLIDE 13

Attacking the Binder?

1 Inject code into target service 2 Hook the function writing data to the driver 3 Listen on target service Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 13 / 17

slide-14
SLIDE 14

Attacking Android for Work?

Services shared between users

Keyboard Phone calls ...

Flexible Nothing displayed on UI Subvert file-based encryption from Enterprise apps (e.g. Sophos Mobile Encryption)?

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 14 / 17

slide-15
SLIDE 15

Is it really practical?

Number of obstacles to first overcome

Gaining root access Bypassing SELinux Avoiding root detection

Will never achieve 100% security

Layered security Encrypt the traffic Minimize data travelling acrosss Binder

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 15 / 17

slide-16
SLIDE 16

Conclusion

Data is not encrypted while device is running Bypassing root detection from MDMs is possible Data flowing through the Binder can be read by other rooted users

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 16 / 17

slide-17
SLIDE 17

Questions?

Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 17 / 17