security analysis of android for work
play

Security Analysis of Android for Work Research Project #1 Tom - PowerPoint PPT Presentation

Nov 12, 2023 •13 likes •183 views

Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1 project presentation, 2016 Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation,

  1. Security Analysis of Android for Work Research Project #1 Tom Curran & Ruben de Vries RP1 project presentation, 2016 Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 1 / 17

  2. What is Android for Work Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 2 / 17

  3. Why is it interesting? Data separation achieved using separate user profiles Profiles run concurrently Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 3 / 17

  4. Research Question Is it possible to read data from the work profile using a process started by the personal profile? Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 4 / 17

  5. Research Question; narrowed down Is it possible to read data from a managed profile from the user profile using the binder? How does Android for Work handle encryption of data? Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 5 / 17

  6. Findings Data can be read via the Binder Data is encrypted when device is switched off, but not once it is running. Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 6 / 17

  7. Encryption; Demo [...] Once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. - Android for Work Security White Paper Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 7 / 17

  8. Root? Root exploits uncovered in the past Towel Root, affecting up to KitKat 4.4.2 (2014) Stagefright 2.0, affects up to Lollipop 5.1 (2015) Rooting Marshmallow 6.0+ Harder but possible SELinux Exploits in Linux kernel e.g. CVE-2016-0728 (2016) Fuzzing Android System Services by Binder, Blackhat 2015 Once you have root, lie about having it All Your Root Checks Are Belong to Us, Blackhat 2015 Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 8 / 17

  9. Android Version Distribution Figure: Collected over 7-day period ending on 4th January 2016, Google. Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation, 2016 9 / 17

  10. Application Sandboxing RP1 project presentation, 2016 10 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  11. Binder IPC RP1 project presentation, 2016 11 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  12. Binder IPC Isolate kernel from user apps All communication between processes passes via the Binder Any data type can be sent Two components: kernel driver and library loaded in applications RP1 project presentation, 2016 12 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  13. Attacking the Binder? 1 Inject code into target service 2 Hook the function writing data to the driver 3 Listen on target service RP1 project presentation, 2016 13 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  14. Attacking Android for Work? Services shared between users Keyboard Phone calls ... Flexible Nothing displayed on UI Subvert file-based encryption from Enterprise apps (e.g. Sophos Mobile Encryption)? RP1 project presentation, 2016 14 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  15. Is it really practical? Number of obstacles to first overcome Gaining root access Bypassing SELinux Avoiding root detection Will never achieve 100% security Layered security Encrypt the traffic Minimize data travelling acrosss Binder RP1 project presentation, 2016 15 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  16. Conclusion Data is not encrypted while device is running Bypassing root detection from MDMs is possible Data flowing through the Binder can be read by other rooted users RP1 project presentation, 2016 16 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

  17. Questions? RP1 project presentation, 2016 17 / Tom Curran & Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work 17

Recommend

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware

Security & Pie Android 9.0 & APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Methodology Results Practical recovery FR alternatives 21/05/15 Laurent Simon - MoST'15 -

636 views • 27 slides
Android Security & Secure Meta-Markets Alessandro Armando (joint work with G. Costa, A.

Android Security & Secure Meta-Markets Alessandro Armando (joint work with G. Costa, A.

Android Security & Secure Meta-Markets Alessandro Armando (joint work with G. Costa, A. Merlo, and L. Verderame) DIBRIS, U. of Genova & Security and Trust Research Unit, FBK, Trento NeSSoS 2013, Sept. 05, 2013 Alessandro Armando (UNIGE

393 views • 24 slides
BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September 26 2018 About Me Senior Security Researcher @ Lookout B.S. in Information Security More than 5 years working in Information Security

663 views • 31 slides
CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015 Q3 Market Share Android iOS

774 views • 26 slides
Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a

Android Customization: From the Kernel to the Apps Hi, I am Cdric, I work for Genymobile as a System Engineer Genymobile is a company specialized in Android. We are based in France (Paris and Lyon) and SF. We develop and customize android

514 views • 40 slides
StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Apps Yury Zhauniarovich, MaqsoodAhmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci yury.zhauniarovich, maqsood.ahmad, bruno.crispo,

427 views • 24 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model

The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model

The heavy metal that poisoned the droid Tyrone Erasmus Introduction Android Security Model Static vs. Dynamic analysis Mercury: New framework on the block Finding OEM problems Techniques for malware How do we fix this?

576 views • 56 slides
Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 ,

Scalable and Precise Taint Analysis for Android Wei Huang 12 , Yao Dong 1 , Ana Milanova 1 , Julian Dolby 3 1 Rensselaer Polytechnic Institute 2 Google 3 IBM Research 1 Taint Analysis for Android Tracks flow of private data Controlled at

629 views • 35 slides
Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal

Security Enhancements (SE) for Android Stephen Smalley Trusted Systems Research Natjonal Security Agency CLASSIFICATION HEADER Agenda Motjvatjon/Background Current State Using SELinux in Android What's Next for SELinux in

762 views • 72 slides
The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu Agenda Overview of project Android security background Binder IPC BinderFilter Logging and analysis tools Picky Demos

631 views • 51 slides
CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Mobile Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Android Security Table of Contents Android

562 views • 15 slides
Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Mobile Anti Virus (MAV) sample Lock Wipe 21/05/15 Laurent

481 views • 28 slides
From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric

FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware T aint Analysis for Android Apps From Dalvik Bytecode Analysis to Leak Detection in Android Applications Alexandre Bartel, Eric Bodden, Steven Artz, Siegfried

620 views • 45 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Lesson 25 Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work created and shared by Google

518 views • 41 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides

More recommend