slides - MobCom

Android Security

COSIC Summer Course 2013

Dr. Ir. Stefaan Seys, KU Leuven, ESAT/COSIC

Outline



Introduction



Android Security Mechanisms







… for the End User

… for the Developer

… for the Enterprise



Looking to the future

Mobcom Annual Workshop February 5th, 2014 2

Android: When? What? How Many and Why?

Android History

October 2003

August 2005

November 2007

September 2008

October 2009

May 2010

December 2010

February 2011

October 2011

July 2012

October 2012

Android Inc founded by Andy Rubin, Rich Miner,

Nick Sears and Chris White

Google acquires Android Inc

Open Handset Alliance formed, Android unveiled to public

First Android handset:

HTC Dream, Android 1.0

Android 2.0 Eclair

Android 2.2 Froyo

Android 2.3 Gingerbread

Android 3.0 Honeycomb

Android 4.0 Ice Cream Sandwich

Android 4.1 Jelly Bean

Android 4.2 Jelly Bean 4.2


Android version distribution evolution

v2.3 still 25%

[http://www.appbrain.com/stats/top-android-sdk-versions]


Android version distribution (Feb 2014)

Mobcom Annual Workshop February 5th, 2014

[developer.android.com]

6

Android Software Stack







In the heart of Android lives a Linux kernel

2.6.x until Ice Cream Sandwich, 3.0.x afterwards

Hardware abstraction layer, memory management, network stack,

IPC, file system, etc.







The kernel runs a set of open source libraries

Graphics, Media, FreeType, WebKit, System C libs, SQLite, etc.

Android runtime : Java core libraries and Dalvik VM





Android Apps interact with the Application Framework

Activity Mgr, Notification Mgr, Resource Mgr, Package Mgr, Content

Providers, etc.


Android Software Stack


[Wikipedia]

8

Dalvik Virtual Machine







Google has chosen not to use standard Java libraries nor the standard JVM

Instead Google opted for the Dalvik VM









Reason

Hardware constrains: ARM processor with 128MB RAM and 256MB

Flash

Hardware diversity

Support for Sandboxed application runtimes

Avoid licensing fees to Oracle for J2ME







Every App runs in its own VM (as apposed to a single VM in J2ME)

New VMs are forked from the Zygote

Dalvik VMs run DEX code


App Installation





Complete application packaged in a single .APK file





Content is signed using the developers private key

It is only used to link apps of the same developer (updates)

Says nothing about the trustworthiness of the app/developer





Signature only verified at installation

So changes afterwards are not detected



Every App gets its own unique Linux user id





Every App gets its own data folder

/data/data/com.example.my_app


Android’s Security Reputation

Android’s Security Reputation





Android 72% market share vs iOS 14%

[Gartner, Q4/2012, 1]

Market share and “openness” makes Android the favored target:

2012 – new threats:

• Android

• iOS

103

1

2012 – new vulnerabilities:

• Android

• iOS

13

387

[Symantec, Q1/2013, 2]


Malware Incentives







Attackers are interested in

[F-Secure, Q1/2013, 3]

Making money

Stealing your personal data

 to make money, or

 to set up a targeted attack











Examples:

Send SMS to premium numbers

Set up calls to premium numbers (while user is sleeping)

Forward all mails, SMS, twitter, etc. to attacker’s server

Send location of user to attacker’s server


Software Attack Paths

Publish

Malware

Malware with “additional” permissions

Malware that elevates its permissions by exploiting some bug in OS/App (browser)


Malware as a Service





Malware kits are also sold....

Currently on high demand: “Perkele”

(Finnish curse; “damn”)

1. Username/password

Internet

2. mTAN


Cellular

PC Malware

Inject code in web page, ask user to install Perkele on phone

Steal credentials

Perkele

Looks genuine (tailored to bank)

Keeps running in background

Intercepts SMS

15

Android security updates/patches









Android installs depend on three parties

Google (developer)

OEM (personalization phase 1)

Carrier (personalization phase 2)



Short shelf-life of devices (e.g., new Galaxy S every year)



Meaning short support/no updates by OEM/Carrier





Resulting in millions of devices with known vulnerabilities

Gingerbread still largest 25% install base


Android Security Essentials

Locked BootLoader

ARM SoC

Hash(root PK)

INIT

IMAGE

Signature

Cert. chain





Actual implementation depends on OEM









“ Unlocking capabilities” also depend on OEM

Samsung ships mostly unlockable

HTC supports official unlocking (voids warranty)

LG ships unlocked, but no default flashing support

Motorola tends to be locked tight (requires exploit)


SYSTEM

IMAGE

Signature

Cert. chain

18

Android Application Sandboxing

App 1 App 2

Core Libs

Zygote

Separate process

Unique UID

(Core Libs)

Dalvik VM

Separate process

Unique UID











Every Android App

Runs in its own process

Has its own Dalvik VM instance

Is assigned a unique Linux user ID

Uses Linux file permissions linked to that user ID

(Core Libs)

Dalvik VM

Separate process

Unique UID


Android UID’s


Root user not available







Android does not allow to use “sudo” to gain root privileges

No root shell user over ADB

Apps cannot ask root privileges



Sandboxing Apps relies on this!



“ Rooting ” your phone means enabling the use of root privileges


Android Permissions





Access to low-level resources

(network, phone calls, SMS, etc.) is enforced through user and group permissions at kernel level

Higher level permissions restricted by the Android Runtime



App developers need to specify the required permissions


Bouncer







Scans apps for “malicious activities” while uploading to

Google Play

Apps are executed on emulator

Easy to detect this….





Since Jelly Bean 4.2: local version of Bouncer

Will also scan Apps from other stores


Android Security for the

User

People are Curious Creatures













From a 2011 study

[McAfee, Ponemom Inst., 4]

140,000 out of 3.3M (4.1%) of smart phones were lost or stolen in 1 year

10,000 were recovered

47% lost at home or hotel room, 29% while in transit

Smartphone Honey Stick Project

[Symantec, 2012, 5]

50 `prepped’ smartphone intentionally ‘lost’ in various cities in

US











96% were accessed by the finders, about 85% checked data on phone

43% opened the ‘online banking’ app

53% opened the ‘salaries’ file

60% checked personal mail

72% opened photos


Prevent Data Theft



Your data is only protected against trivial methods when

1.

2.

3.

screen lock is enabled (properly), and

ADB debugging is disabled, and the bootloader is locked









Unfortunately

Some phones come with an unlocked bootloader (e.g., Sprint Galaxy S4)

Screen lock used < 50% [4]

Screen lock has its limits


Screen lock has its limits



Some Apps need bypass screen lock, bugs…





Phone App

Viber



Skype



“Smudge attack”







Some of sensor can be used as a “side channel” to capture PINs

The accelerometer

The front-facing camera

FUTURE OF MOBILE PAYMENTS 2013 27

But the Attacker has Physical Access…

“Given physical access, your data is only as secure as your attacker is lazy or ignorant ”









“Not motivated”:

You are lucky, your data is safe.



“Motivated but not very skilled”:

RIFF Box and others (pre-programmed JTAG debuggers)



“Motivated and skilled”:

Nothing to prevent data theft…


Android Disk Encryption



> Android 4.0 (end 2011) supports disk encryption









Based on dm-crypt

Only /data partition (not full disk) aes-cbc-essiv:sha256 with 128-bit keys

Salt and E(DEK) stored on disk

Password or PIN

Salt

PBKDF2

AES

KEK







Weaknesses

Brute force short PINs

[6]

“Frost” tool

[7]

AES

DEK

/data


FROST

Can only be used with an unlocked bootloader!


Physical Access Attack Tree



No trivial attack vector

No

No

Screenlock?

No

Yes

Unlocked bootloader?

ADB enabled

Yes

Use tool like odin3 to unlock the bootloader

Yes

“Root” the phone and dump flash using ADB or

Install recovery image to dump flash

Use JTAG or other means to dump flash



No

File system encryption?

Yes

Brute force password


Android 4.2 improvements





ADB white list

Upon installation, your Android SDK will generate a random

RSA key

Can be circumvented when using an unlocked bootloader!



Premium SMS confirmation



Developer

File Storage











App’s files are private by default

Onwed by their own UID



Unless developer choses otherwise

MODE_WORLD_WRITEABLE or MODE_WORLD_READABLE



Apps signed with same key can run with same UID and access each other’s files

/mnt/sdcard is world readable/writeable

Meaning your pictures...


Avoid Leaking Permission-Protected Data

Sandbox

Weak App

ACCESS_FINE_LOCATION

Inter Process Call that does not require any permissions, e.g.,

ContentProvider


Crypto Support







Android uses custom version of Bouncy Castle

Prevents inclusion of official release in apps

Use Spongy Castle as work around



Android includes openssl libs







Android ICS 4.0 adds VPN API

Adds Key Chain API


Code Obfuscation













Android build system includes support for ProGuard removes unused code renaming classes, fields, and methods

Makes reverse engineering more difficult

Smaller .apk files package a; public class a

{ static String a = "Hello"; static String b = "Wwlhkd16uqE3UT941ut57Xw8OP4" static void a() {

System.out.println(a);

} public static void main(String[] args) { a();

}

}

Why use it? Because .apk -> source is trivial....


Android App Reverse Engineering

Tool chain to obtain code from any app in Android

Get apk from phone (“root”) apk dex jar source unzip

Extract dex from apk package dex2jar

Translate dex to jar

JD-GUI

Decompile bytecode to source


DRM



Android platform provides an extensible DRM framework



Actual DRM mechanisms provided by third parties



Hides details of DRM to app developers

[Android documentation]



Enterprise

Device Policy Admin





> Android 2.2 Froyo: Android Device Admin API















“Administrators” capabilities:

(Remotely) wipe the data

Request to change or set password

(disable pattern lock)

Set password rules and expiration

Set max failed login attempts



Lock or erase the device

Lock the screen

Enable storage encryption

Disable the camera


Better VPN support







Pre Android ICS 4.0

L2TP, L2TP/IPSec PSK,

L2TP RSA and PPTP

Not useful for majority of enterprise VPNs



ICS 4.0 adds support for pure IPSec VPNs for better compatibility





New VPN API that allows SSL VPN clients to be deployed as Apps

E.g., Cisco Anyconnect requires a “rooted” device prior to

ICS4.0


Hopefully in the near future....



TEE (Trusted Execution Environment)







Hardware enforced isolation from OS

Runs on the main device chipset

Has privileged access to device resources





(Mostly) implemented using ARM Trustzone

Example: Samsung KNOX


[GlobalPlatform]

43

TEE Positioning


[GlobalPlatform]

44

TEE functionality





TEE has direct access to screen without OS involvement

Allows secure entry and verification of PINs, passwords, etc.





Allow secure storage of cryptographic keys and their use in an isolated environment

Prevents exploits (remote or local) from stealing these keys





Allows secure storage of server certificates

Prevents Man-in-the-Middle attacks


Remaining Issues









Further TEE standardisation

Who can install

Trusted Applications (TA)?

Downloadable TA’s?

TA certification?



Users do not understand

“security indicators”


[Trusted Foundations]

46

Questions


Thank you!

?

47

References















[1] http://www.gartner.com/it/page.jsp?id=2237315

[2] Symantec Internet Security Threat Report 2013

[3] F-Secure Mobile Threat Report January-March 2013

[4] McAfee and the Ponemom Institute, The Lost Smartphone

Problem: Benchmark study of U.S. organizations, Oct. 2011

[5] The Symantec Smartphone Honey Stick Project, Mar. 2012

[6] Cannon, T., and Bradford, S. Into the Droid: Gaining Access to Android User Data. In DefCon '12 (July 2012), VIA Forensics

[7] Tilo M•uller, Michael Spreitzenbarth, and Felix C. Freiling,

Frost: Forensic Recovery of Scrambled Telephones

International Course on Computer Security and Cryptography - 14th edition - 2013 48

49

slides - MobCom

Android Security

Outline

Android: When? What? How Many and Why?

Android History

Android version distribution evolution

Android version distribution (Feb 2014)

Android Software Stack

Android Software Stack

Dalvik Virtual Machine

App Installation

Android’s Security Reputation

Android’s Security Reputation

Malware Incentives

Software Attack Paths

Malware as a Service

Android security updates/patches

Android Security Essentials

Locked BootLoader

Android Application Sandboxing

Android UID’s

Root user not available

Android Permissions

Bouncer

People are Curious Creatures

Prevent Data Theft

Screen lock has its limits

But the Attacker has Physical Access…

Android Disk Encryption

FROST

Physical Access Attack Tree

Android 4.2 improvements

File Storage

Avoid Leaking Permission-Protected Data

Crypto Support

Code Obfuscation

Android App Reverse Engineering

DRM

Device Policy Admin

Better VPN support

Hopefully in the near future....

TEE Positioning

TEE functionality

Remaining Issues

Questions

Thank you!

References

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib