security analysis of android factory resets
play

Security Analysis of Android Factory Resets Laurent Simon - PowerPoint PPT Presentation

Aug 05, 2023 •355 likes •636 views

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Methodology Results Practical recovery FR alternatives 21/05/15 Laurent Simon - MoST'15 -

  1. Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/

  2. Talk outline ● Background ● Methodology ● Results ● Practical recovery ● FR alternatives 21/05/15 Laurent Simon - MoST'15 - USA 3

  3. Background ● Second-hand phone market growth ● 57M, 2014 (Gartner) ● 2/3 second life, 2015 (Gartner) ● 150-250M traded by 2018 ● Data recovery success reported ● Avast, BBC news, etc 21/05/15 Laurent Simon - MoST'15 - USA 4

  4. Secure Deletion ● Logical Sanitisation : data cannot be recovered via standard hardware interfaces like standard eMMC commands ● Digital Sanitisation : data cannot be recovered via any digital means, including the bypass or compromise of the device’s controller or firmware, or via undocumented drive commands ● This talk: logical sanitisation 21/05/15 Laurent Simon - MoST'15 - USA 5

  5. Data Storage Locations ● Data partition mounted on /data ● Sensitive info, ext4 (eMMC), yaffs2 ("raw flash") ● Internal (primary) "SD card" : mounted on /sdcard ● Music, pictures, FAT, emulated (FUSE) ● External SD card : removable ● Same as internal one, FAT ● Secondary SD card, or primary if no internal one 21/05/15 Laurent Simon - MoST'15 - USA 6

  6. Data Storage Locations ● (secondary) ● (primary) ● (secondary) 21/05/15 Laurent Simon - MoST'15 - USA 7

  7. Flash Memory - Overview ● Unlike HDDs, Solid State Storage (SSD) supports a limited number of erase cycles (10000) => memory management, wear-leveling algo 21/05/15 Laurent Simon - MoST'15 - USA 8

  8. Flash Memory - Overview ● Unlike HDD, Solid State Storage (SSD) support a limited number of erase cycles (10000) => memory management, wear-leveling algo 21/05/15 Laurent Simon - MoST'15 - USA 9

  9. Flash Memory – File Systems ● Software: flash-aware file system yaffs2 ● Hardware: eMMC (logical view for OS) 21/05/15 Laurent Simon - MoST'15 - USA 10

  10. How to securely delete? ● Yaffs2: Exposed via ioctl(fd,MEMERASE,blk_num) ● eMMC: special commands to send to the chip Exposed via: ● ioctl(fd, BLKDISCARD, blknum) ● ioctl(fd, BLKSECDISCARD, blknum) 21/05/15 Laurent Simon - MoST'15 - USA 11

  11. Talk outline ● Background ● Methodology ● Results ● Practical recovery ● FR alternatives 21/05/15 Laurent Simon - MoST'15 - USA 13

  12. Phone Acquisition 21/05/15 Laurent Simon - MoST'15 - USA 15

  13. Setup ● Overwrite "bit-by-bit" partitions (data, primary and secondary SD card) with identifying patterns ● Bit-by-bit = lower level possible (dd-like) ● Identifying patterns = unique ID ● Factory Reset ● Pattern recovery and identification 21/05/15 Laurent Simon - MoST'15 - USA 16

  14. ● Background ● Methodology ● Results ● Practical recovery ● FR alternatives 21/05/15 Laurent Simon - MoST'15 - USA 19

  15. Results: Data partition 21/05/15 Laurent Simon - MoST'15 - USA 20

  16. Results: Data partition (Cont'ed) ● Upgrade from GB (2.3.x) to ICS (4.0.x) ● ioctl(BLKSECDISCARD) return errno 95 EOPNOTSUPP ● 2007 eMMC standard has compulsory support for logical sanitisation ● HTC Sensation XE correctly wipes data partition in Bootloader mode but not for Android Factory Reset 21/05/15 Laurent Simon - MoST'15 - USA 21

  17. Results: Data partition 21/05/15 Laurent Simon - MoST'15 - USA 22

  18. Results: Primary SD card format() f o r m a t ( ) ioctl(BLKDISCARD) ioctl(BLKDISCARD) 21/05/15 Laurent Simon - MoST'15 - USA 23

  19. Results: Secondary SD card N o t s u p p o r t e d in AOSP code 21/05/15 Laurent Simon - MoST'15 - USA 24

  20. Talk outline ● Background ● Methodology ● Results ● Practical recovery ● FR alternatives 21/05/15 Laurent Simon - MoST'15 - USA 26

  21. Practical Recovery ● Contact (Facebook, Phonebook, WhatsApp, etc) ● Conversation (emails, SMSs, Facebook & WhatsApp chats, etc) ● Browsing history ● Credentials (Facebook cookies, etc) ● Multimedia 21/05/15 Laurent Simon - MoST'15 - USA 27

  22. Practical Recovery (Cont'ed) ● Android (master) auth token(s) ● Master token can be used to get other tokens from Google ● Tokens recovered 100% of the time, master one 80% 21/05/15 Laurent Simon - MoST'15 - USA 28

  23. Talk outline ● Background ● Methodology ● Results ● Practical recovery ● FR alternatives 21/05/15 Laurent Simon - MoST'15 - USA 29

  24. Alternatives to built-in FR ● Overwrite bit-by-bit: one pass enough to provide logical sanitisation ● Filling unallocated space (create files) to overwrite: discarded because: ● Extra level of indirection ● File systems vary (ext4, FAT, FUSE, Samsung's proprietary RFS) 21/05/15 Laurent Simon - MoST'15 - USA 30

  25. Alternatives to built-in FR (Cont'ed) ● Full Disk Encryption (FDE), >= ICS only (v4.0.x) => not possible on GB (2.3.x) vulnerable devices ● Ony support for data partition ● Encryption key stored encrypted using user's PIN in so called "crypto footer" ● Cryptp footer not sanitised with flawed FR ● Crypto footer allows PIN brute-force ● Android lollipop (5.x): default encryption has hardcoded password "default_password" 21/05/15 Laurent Simon - MoST'15 - USA 31

  26. Conclusion ● Android FR in messy state ● Android code, vendors' customisations and lack of proper testing ● Mostly available on the second-hand market NOW ● Paper provides engineering design suggestions to reduce this problem in future handsets. Have a look! 21/05/15 Laurent Simon - MoST'15 - USA 32

  27. Thanks! L a u r e n t S i m o n lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ 21/05/15 Laurent Simon - MoST'15 - USA 33

Recommend

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1 project presentation, 2016 Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation,

183 views • 17 slides
BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September 26 2018 About Me Senior Security Researcher @ Lookout B.S. in Information Security More than 5 years working in Information Security

663 views • 31 slides
CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015 Q3 Market Share Android iOS

774 views • 26 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps Yury Zhauniarovich, MaqsoodAhmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci yury.zhauniarovich, maqsood.ahmad, bruno.crispo,

427 views • 24 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model

The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model

The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model Static vs. Dynamic analysis Mercury: New framework on the block Finding OEM problems Techniques for malware How do we fix this?

576 views • 56 slides
Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 , Julian Dolby 3 1 Rensselaer Polytechnic Institute 2 Google 3 IBM Research 1 Taint Analysis for Android Tracks flow of private data Controlled at

629 views • 35 slides
Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal Security Agency CLASSIFICATION HEADER Agenda Motjvatjon/Background Current State Using SELinux in Android What's Next for SELinux in

762 views • 72 slides
UAV Factory Ltd 29 November 2019 What is UAV Factory? UAV Factory Ltd. is one of the worlds

UAV Factory Ltd 29 November 2019 What is UAV Factory? UAV Factory Ltd. is one of the worlds

UAV Factory Ltd 29 November 2019 What is UAV Factory? UAV Factory Ltd. is one of the worlds leading developers and manufacturers of fixed wing composite airframes, subsystems and accessories for small fixed wing unmanned aircraft industry.

646 views • 26 slides
The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu Agenda Overview of project Android security background Binder IPC BinderFilter Logging and analysis tools Picky Demos

631 views • 51 slides
CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Android Security Table of Contents Android

562 views • 15 slides
Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Mobile Anti Virus (MAV) sample Lock Wipe 21/05/15 Laurent

481 views • 28 slides
From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried

620 views • 45 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides
ANDROID MALWARE https://www.cnet.com/android-update/ Rafael Estrada Department of Mathematics

ANDROID MALWARE https://www.cnet.com/android-update/ Rafael Estrada Department of Mathematics

DATA ANALYSIS OF ANDROID MALWARE https://www.cnet.com/android-update/ Rafael Estrada Department of Mathematics New Mexico Tech Mentor: Dr. Golden G. Richard III Postdoctoral Researcher: Aisha Ali-Gombe July 26 th 2017 CCT REU 2017 ANDROID

347 views • 10 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
Improving Android Reliability and Security Iulian Neamtiu, Assoc. Prof. CS Chairs Meeting June

Improving Android Reliability and Security Iulian Neamtiu, Assoc. Prof. CS Chairs Meeting June

Improving Android Reliability and Security Iulian Neamtiu, Assoc. Prof. CS Chairs Meeting June 14, 2018 Mobile OSes rapidly expanding their device range and user base. Android: 2 billion monthly active users but

403 views • 15 slides

More recommend