security analysis of anti theft solutions by android
play

Security Analysis of Anti-Theft Solutions by Android Mobile - PowerPoint PPT Presentation

Mar 30, 2023 •189 likes •481 views

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Mobile Anti Virus (MAV) sample Lock Wipe 21/05/15 Laurent

  1. Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/

  2. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 2

  3. Background ● Phone theft is a growing problem ● 2013: – 3.1M devices stolen in the USA – 120,000 in London ● 50% of users don't lock their phone 21/05/15 Laurent Simon - MoST'15 - USA 3

  4. Anti-Theft Solutions ● Wide offering – enterprise and consumer-grade => This talk: consumer grade only ● Top 10 Mobile Anti Virus apps (MAV), downloaded from Google Play hundreds of millions of times (top 2 between 100M and 500M) ● Anti-theft enable remote wipe and remote lock with an app on phone + remote trigger via ● web page ● SMS 21/05/15 Laurent Simon - MoST'15 - USA 5

  5. Partition storing user data ● Data partition mounted on /data ● Sensitive info, ext4 (eMMC), yaffs2 ("raw flash") ● Internal (primary) "SD card" : mounted on /sdcard ● Music, pictures, FAT, emulated (FUSE) ● External SD card : removable ● Same as internal one, FAT ● Secondary SD card, or primary if no internal one 21/05/15 Laurent Simon - MoST'15 - USA 6

  6. Admin API ● Provides admin features, i.e. sensitive functions ● Access to various "policies": e.g. force-lock , wipe-data , reset-password ● Like traditional Android permissions, each policy declared in Android manifest file ● Like traditional Android permissions, policies not accepted at installation but manually enabled/disabled in the phone Settings 21/05/15 Laurent Simon - MoST'15 - USA 7

  7. Admin API (Cont'ed) 21/05/15 Laurent Simon - MoST'15 - USA 9

  8. Admin API (Cont'ed) ● If user does not grant admin access, app can still run ... without admin privileges ● To uninstall/remove admin app, admin privileges must be disabled first ● Restrictions imposed: cannot read other apps' data or read/write chip at block level 21/05/15 Laurent Simon - MoST'15 - USA 10

  9. Admin API (Cont'ed) ● Focus of this talk: force-lock and wipe-data policies ● wipeData(int flag) : ● Triggers the built-in Factory Reset ● Flag indicates: – Wipe only data partition – Wipe data partition AND primary SD card ● LockNow() : lock the screen with default Android PIN ● No admin granted: ad-hoc solutions 21/05/15 Laurent Simon - MoST'15 - USA 11

  10. Modes ● Normal mode: Android ● Safe mode ● Recovery/Bootloader mode 21/05/15 Laurent Simon - MoST'15 - USA 12

  11. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 13

  12. Apps studied ● 10 most downloaded Mobile Anti Virus (MAV) apps on Google Play ● AVG, Lookout, Avast, Dr.web, Norton, McAFee, Kaspersky, TrustGo, TrendMicro, Avira ● Top 2 downloaded 100M-500M ● Following top 4 10M-50M 21/05/15 Laurent Simon - MoST'15 - USA 14

  13. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 17

  14. Removal of MAVs & API Misuse ● Scenario: admin + non-locked: ● 7/10 MAVs do not prevent disabling admin privileges ● McAfee and Avast prompt user with PIN when trying to disable admin 21/05/15 Laurent Simon - MoST'15 - USA 19

  15. Removal of MAVs & API Misuse ● Android doc: "called prior to the administrator being disabled" ● BUT called after on Gingerbread (GB, v2.3.x) ● OnDisabledRequested() called prior on GB, ICS, JB 21/05/15 Laurent Simon - MoST'15 - USA 20

  16. Other API Misuses ● Scenario: admin + locked: proper lock implementation requires: ● Force-lock policy declared in manifest file by MAV ● Manual granting of admin by users ● Proper use of API by MAV, e.g. lockNow() ● 4/10 MAVs do not use lockNow() even when granted admin privileges ● Bypass thru Safe mode 21/05/15 Laurent Simon - MoST'15 - USA 21

  17. Rate Limiting ● Scenario: admin + locked + use lockNow() ● Overlay of custom lock screen on top of default Android PIN screen 21/05/15 Laurent Simon - MoST'15 - USA 22

  18. Rate Limiting ● 5/10 MAVs do not enforce rate limiting in their screen => brute-force PIN feasible ● For a 4-digit PIN and 5sec/PIN attempt, about 7hrs on average for randomly selected PINs ● <5mn for 60 most common PINs ~ 30% ● <40mn for 400 most common PINs ~ 50% 21/05/15 Laurent Simon - MoST'15 - USA 24

  19. Rate Limiting ● Scenario: admin + locked + use lockNow() + rate limiting ● Some devices have no rate limiting (e.g. Samsung Galaxy S Plus) ● Reboot into Safe mode where user-installed apps do not run automatically ● Counter storing glitches: e.g. for Lookout, removing battery resets the state 21/05/15 Laurent Simon - MoST'15 - USA 26

  20. Network-level attacks: GSM ● Avast (100M-500M download) sends temp PIN in clear ● Similar issue for Dr.Web with commands sent via SMS 21/05/15 Laurent Simon - MoST'15 - USA 27

  21. Network-level attacks: TLS ● Impersonate as cloud server to send an unlock command ● One app did not validate the CN of certs 21/05/15 Laurent Simon - MoST'15 - USA 29

  22. Vendor customisations ● Charging mode gives shell: e.g. LG L7 runing JB (v4.1.2) ● Unprotected Recovery/Booloader: flash arbitrary binaries to access data regardless of Android lock. Most Samsung/LG phones in our sample. 21/05/15 Laurent Simon - MoST'15 - USA 31

  23. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 32

  24. Wipe implementations ● Data partition: 10/10 use admin API to wipe it ● If no admin privileges, just use phone APIs (contact, SMS, etc) ● Primary SD: 5/10 MAVs use admin API to wipe it ● Other MAVs unlink and/or overwrite files and/or format partition ● Secondary SD: 10/10 MAVs use ad-hoc solutions (unlink, overwrite files, format partition). Android has no API to wipe it . 21/05/15 Laurent Simon - MoST'15 - USA 33

  25. Lookout implementation ● Overwrites files and unlinks them ● Dev assume file update occurs "in-place" ● On Galaxy S Plus, FAT-formatted primary SD: >90% data recoverable 21/05/15 Laurent Simon - MoST'15 - USA 34

  26. Avast implementation ● "Thorough wipe" option: ● Unlinks all files from external storage ● Creates a 1MB file and overwrites it 1000 times with zeros ● Dev assume file update does NOT occurs "in- place", so 1GB (1000x1MB) unallocated space is overwritten ● Partitions formatted with ext4 update "in-place", 99% of data is recoverable 21/05/15 Laurent Simon - MoST'15 - USA 35

  27. Conclusion ● Lock implementations can be circumvented because of misuse of APIs, vendor customisations, restrictions imposed by Android ● Wipe implementations are not better than the buit-in (possibly flawed) Factory Reset ● Vendor solutions only have the potential to increase reliability 21/05/15 Laurent Simon - MoST'15 - USA 36

  28. Thanks! L a u r e n t S i m o n lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ 21/05/15 Laurent Simon - MoST'15 - USA 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden SECURE SOFTWARE ENGINEERING GROUP 2 This we would still hope for @Override

589 views • 20 slides
Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE

Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE

Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE resund Security Day, 2019 The early morning opening slide... There are two types of crypto talks... 1. We present a third preimage attack on

435 views • 21 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas

How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas

Java's SSLSocket: How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas &lt;lukas@rt-solutions.de&gt; About the Speaker IT Consultant at rt-solutions.de (ITSec, Smartphone Payment) Open Source developer

905 views • 32 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to

What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to

Physical Security November 18, 2011 Entity Copper Theft Solutions Brian Smith, Progress Energy November 28, 2011 What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to steal Obtainable reward

574 views • 34 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
What is Identity Theft? &quot;Someone obtaining your personal identifying information without

What is Identity Theft? &quot;Someone obtaining your personal identifying information without

Identity Fraud: Protecting Your Identity Between Work and Play Ryan Sothan, Outreach Coordinator Nebraska Department of Justice, Office of the Attorney General Consumer Protection and Anti-Trust Division What is Identity Theft?

314 views • 18 slides
Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Methodology Results Practical recovery FR alternatives 21/05/15 Laurent Simon - MoST'15 -

636 views • 27 slides
Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1 project presentation, 2016 Tom Curran &amp; Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation,

183 views • 17 slides
Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office

Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office

Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office lerchey@andrew.cmu.edu Start with the Basics Patching Antivirus and anti-malware software Strong passwords Be aware of Theft

301 views • 9 slides
Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America. The Social Security number is a major privacy concern for most people, because it links to information that is typically kept private. Exposing

326 views • 17 slides
BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September 26 2018 About Me Senior Security Researcher @ Lookout B.S. in Information Security More than 5 years working in Information Security

663 views • 31 slides
EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri Blumenthal (analysis done by Sarvar Patel) Member of Technical Staff EAP-SIM Draft and its Security Claims Current EAP-SIM provides

342 views • 7 slides
Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Over-the-Air Cross-platform Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer Institute for Secure Information Technology/CASED, Germany Joint work with Lucas Davi Ahmad-Reza Sadeghi Christopher

482 views • 33 slides
Arrested Development The awkward adolescence of a microservices-based application Europython 2015

Arrested Development The awkward adolescence of a microservices-based application Europython 2015

Arrested Development The awkward adolescence of a microservices-based application Europython 2015 Scott Triglia The Company 77M reviews 142M monthly unique users Scott Triglia @scott_triglia 4 years with Yelp Your Speaker Search, ML,

1.34k views • 112 slides
Roofing: Functional Decomp. &amp; Eng. Requirements Function Test Cleanliness Bacterial swab

Roofing: Functional Decomp. &amp; Eng. Requirements Function Test Cleanliness Bacterial swab

Roofing: Functional Decomp. &amp; Eng. Requirements Function Test Cleanliness Bacterial swab test after processing Can withstand pulling force of high Binding materials wind speeds or dismantling Assembly # of finished roofs Targets low

52 views • 4 slides
Lesson 2 Android Workbenches: Android Studio &amp; Eclipse Victor Matos Cleveland State

Lesson 2 Android Workbenches: Android Studio &amp; Eclipse Victor Matos Cleveland State

Lesson 2 Android Workbenches: Android Studio &amp; Eclipse Victor Matos Cleveland State University Portions of this page are reproduced from work created and shared by Google and used according to terms described in the Creative Commons 3.0

977 views • 63 slides
Introduc)on*to*Android* Mobile*and*Ubiquitous*Compu)ng* MEIC/MERC*2015/16* * Nuno*Santos*

Introduc)on*to*Android* Mobile*and*Ubiquitous*Compu)ng* MEIC/MERC*2015/16* * Nuno*Santos*

Introduc)on*to*Android* Mobile*and*Ubiquitous*Compu)ng* MEIC/MERC*2015/16* * Nuno*Santos* 1.#SOME#CONTEXT# Mobile*and*Ubiquitous*Compu)ng*2015/16* What*Is*Android?* Android*delivers*a*complete*set*of*soIware*for*

598 views • 24 slides
PromCon closing talk Sleep is optional and for the weak Richard Hartmann, RichiH@ {

PromCon closing talk Sleep is optional and for the weak Richard Hartmann, RichiH@ {

Intro Behind the scenes Thank you Goodbye PromCon closing talk Sleep is optional and for the weak Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih@ { fosdem,debian,richih } .org, @TwitchiH 2018-08-10 Richard Hartmann, RichiH@ {

429 views • 16 slides
AMERICAS ANDROID ALPHABET SOUP Darryn Campbell Senior Software Architect Developer Session

AMERICAS ANDROID ALPHABET SOUP Darryn Campbell Senior Software Architect Developer Session

AMERICAS ANDROID ALPHABET SOUP Darryn Campbell Senior Software Architect Developer Session Agenda Android Alphabet Soup How the enterprise got here Where were going Android Marshmallow &amp; demos Android Nougat

337 views • 29 slides
17-11-14 Todays Goals/Invitations Collaboration - Explore/play with the

17-11-14 Todays Goals/Invitations Collaboration - Explore/play with the

17-11-14 Todays Goals/Invitations Collaboration - Explore/play with the kits in partners or in small groups! Hands-On Literacy Kits Idea Generation - Share an idea/kit you've seen from other sources (i.e.

441 views • 7 slides

More recommend