security analysis of anti theft solutions by android
play

Security Analysis of Anti-Theft Solutions by Android Mobile - PowerPoint PPT Presentation

Mar 30, 2023 •189 likes •481 views

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Mobile Anti Virus (MAV) sample Lock Wipe 21/05/15 Laurent

  1. Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/

  2. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 2

  3. Background ● Phone theft is a growing problem ● 2013: – 3.1M devices stolen in the USA – 120,000 in London ● 50% of users don't lock their phone 21/05/15 Laurent Simon - MoST'15 - USA 3

  4. Anti-Theft Solutions ● Wide offering – enterprise and consumer-grade => This talk: consumer grade only ● Top 10 Mobile Anti Virus apps (MAV), downloaded from Google Play hundreds of millions of times (top 2 between 100M and 500M) ● Anti-theft enable remote wipe and remote lock with an app on phone + remote trigger via ● web page ● SMS 21/05/15 Laurent Simon - MoST'15 - USA 5

  5. Partition storing user data ● Data partition mounted on /data ● Sensitive info, ext4 (eMMC), yaffs2 ("raw flash") ● Internal (primary) "SD card" : mounted on /sdcard ● Music, pictures, FAT, emulated (FUSE) ● External SD card : removable ● Same as internal one, FAT ● Secondary SD card, or primary if no internal one 21/05/15 Laurent Simon - MoST'15 - USA 6

  6. Admin API ● Provides admin features, i.e. sensitive functions ● Access to various "policies": e.g. force-lock , wipe-data , reset-password ● Like traditional Android permissions, each policy declared in Android manifest file ● Like traditional Android permissions, policies not accepted at installation but manually enabled/disabled in the phone Settings 21/05/15 Laurent Simon - MoST'15 - USA 7

  7. Admin API (Cont'ed) 21/05/15 Laurent Simon - MoST'15 - USA 9

  8. Admin API (Cont'ed) ● If user does not grant admin access, app can still run ... without admin privileges ● To uninstall/remove admin app, admin privileges must be disabled first ● Restrictions imposed: cannot read other apps' data or read/write chip at block level 21/05/15 Laurent Simon - MoST'15 - USA 10

  9. Admin API (Cont'ed) ● Focus of this talk: force-lock and wipe-data policies ● wipeData(int flag) : ● Triggers the built-in Factory Reset ● Flag indicates: – Wipe only data partition – Wipe data partition AND primary SD card ● LockNow() : lock the screen with default Android PIN ● No admin granted: ad-hoc solutions 21/05/15 Laurent Simon - MoST'15 - USA 11

  10. Modes ● Normal mode: Android ● Safe mode ● Recovery/Bootloader mode 21/05/15 Laurent Simon - MoST'15 - USA 12

  11. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 13

  12. Apps studied ● 10 most downloaded Mobile Anti Virus (MAV) apps on Google Play ● AVG, Lookout, Avast, Dr.web, Norton, McAFee, Kaspersky, TrustGo, TrendMicro, Avira ● Top 2 downloaded 100M-500M ● Following top 4 10M-50M 21/05/15 Laurent Simon - MoST'15 - USA 14

  13. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 17

  14. Removal of MAVs & API Misuse ● Scenario: admin + non-locked: ● 7/10 MAVs do not prevent disabling admin privileges ● McAfee and Avast prompt user with PIN when trying to disable admin 21/05/15 Laurent Simon - MoST'15 - USA 19

  15. Removal of MAVs & API Misuse ● Android doc: "called prior to the administrator being disabled" ● BUT called after on Gingerbread (GB, v2.3.x) ● OnDisabledRequested() called prior on GB, ICS, JB 21/05/15 Laurent Simon - MoST'15 - USA 20

  16. Other API Misuses ● Scenario: admin + locked: proper lock implementation requires: ● Force-lock policy declared in manifest file by MAV ● Manual granting of admin by users ● Proper use of API by MAV, e.g. lockNow() ● 4/10 MAVs do not use lockNow() even when granted admin privileges ● Bypass thru Safe mode 21/05/15 Laurent Simon - MoST'15 - USA 21

  17. Rate Limiting ● Scenario: admin + locked + use lockNow() ● Overlay of custom lock screen on top of default Android PIN screen 21/05/15 Laurent Simon - MoST'15 - USA 22

  18. Rate Limiting ● 5/10 MAVs do not enforce rate limiting in their screen => brute-force PIN feasible ● For a 4-digit PIN and 5sec/PIN attempt, about 7hrs on average for randomly selected PINs ● <5mn for 60 most common PINs ~ 30% ● <40mn for 400 most common PINs ~ 50% 21/05/15 Laurent Simon - MoST'15 - USA 24

  19. Rate Limiting ● Scenario: admin + locked + use lockNow() + rate limiting ● Some devices have no rate limiting (e.g. Samsung Galaxy S Plus) ● Reboot into Safe mode where user-installed apps do not run automatically ● Counter storing glitches: e.g. for Lookout, removing battery resets the state 21/05/15 Laurent Simon - MoST'15 - USA 26

  20. Network-level attacks: GSM ● Avast (100M-500M download) sends temp PIN in clear ● Similar issue for Dr.Web with commands sent via SMS 21/05/15 Laurent Simon - MoST'15 - USA 27

  21. Network-level attacks: TLS ● Impersonate as cloud server to send an unlock command ● One app did not validate the CN of certs 21/05/15 Laurent Simon - MoST'15 - USA 29

  22. Vendor customisations ● Charging mode gives shell: e.g. LG L7 runing JB (v4.1.2) ● Unprotected Recovery/Booloader: flash arbitrary binaries to access data regardless of Android lock. Most Samsung/LG phones in our sample. 21/05/15 Laurent Simon - MoST'15 - USA 31

  23. Talk outline ● Background ● Mobile Anti Virus (MAV) sample ● Lock ● Wipe 21/05/15 Laurent Simon - MoST'15 - USA 32

  24. Wipe implementations ● Data partition: 10/10 use admin API to wipe it ● If no admin privileges, just use phone APIs (contact, SMS, etc) ● Primary SD: 5/10 MAVs use admin API to wipe it ● Other MAVs unlink and/or overwrite files and/or format partition ● Secondary SD: 10/10 MAVs use ad-hoc solutions (unlink, overwrite files, format partition). Android has no API to wipe it . 21/05/15 Laurent Simon - MoST'15 - USA 33

  25. Lookout implementation ● Overwrites files and unlinks them ● Dev assume file update occurs "in-place" ● On Galaxy S Plus, FAT-formatted primary SD: >90% data recoverable 21/05/15 Laurent Simon - MoST'15 - USA 34

  26. Avast implementation ● "Thorough wipe" option: ● Unlinks all files from external storage ● Creates a 1MB file and overwrites it 1000 times with zeros ● Dev assume file update does NOT occurs "in- place", so 1GB (1000x1MB) unallocated space is overwritten ● Partitions formatted with ext4 update "in-place", 99% of data is recoverable 21/05/15 Laurent Simon - MoST'15 - USA 35

  27. Conclusion ● Lock implementations can be circumvented because of misuse of APIs, vendor customisations, restrictions imposed by Android ● Wipe implementations are not better than the buit-in (possibly flawed) Factory Reset ● Vendor solutions only have the potential to increase reliability 21/05/15 Laurent Simon - MoST'15 - USA 36

  28. Thanks! L a u r e n t S i m o n lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ 21/05/15 Laurent Simon - MoST'15 - USA 37

Recommend

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden SECURE SOFTWARE ENGINEERING GROUP 2 This we would still hope for @Override

589 views • 20 slides
Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE

Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE

Defeating Android security solutions by exploiting fuzzy hashing (updated) Arash Vahidi RISE resund Security Day, 2019 The early morning opening slide... There are two types of crypto talks... 1. We present a third preimage attack on

435 views • 21 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

672 views • 56 slides
How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas

How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas

Java's SSLSocket: How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas &lt;lukas@rt-solutions.de&gt; About the Speaker IT Consultant at rt-solutions.de (ITSec, Smartphone Payment) Open Source developer

905 views • 32 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to

What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to

Physical Security November 18, 2011 Entity Copper Theft Solutions Brian Smith, Progress Energy November 28, 2011 What is Needed to Create Copper Theft I ssues? Person with criminal intent or motivation to steal Obtainable reward

574 views • 34 slides
Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen

Identity Theft Identity Theft Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes Identity theft can cost you time and money. Tips for Preventing Identity Theft

322 views • 10 slides
What is Identity Theft? &quot;Someone obtaining your personal identifying information without

What is Identity Theft? &quot;Someone obtaining your personal identifying information without

Identity Fraud: Protecting Your Identity Between Work and Play Ryan Sothan, Outreach Coordinator Nebraska Department of Justice, Office of the Attorney General Consumer Protection and Anti-Trust Division What is Identity Theft?

314 views • 18 slides
Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk

Security Analysis of Android Factory Resets Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Methodology Results Practical recovery FR alternatives 21/05/15 Laurent Simon - MoST'15 -

636 views • 27 slides
Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1

Security Analysis of Android for Work Research Project #1 Tom Curran &amp; Ruben de Vries RP1 project presentation, 2016 Tom Curran &amp; Ruben de Vries (University of Amsterdam) Security Analysis of Android for Work RP1 project presentation,

183 views • 17 slides
Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office

Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office

Computing Security @ Carnegie Mellon University John K. Lerchey Information Security Office lerchey@andrew.cmu.edu Start with the Basics Patching Antivirus and anti-malware software Strong passwords Be aware of Theft

301 views • 9 slides
Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America.

Training to Prevent Identity Theft Identity Theft is the fastest growing crime in America. The Social Security number is a major privacy concern for most people, because it links to information that is typically kept private. Exposing

326 views • 17 slides
BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September 26 2018 About Me Senior Security Researcher @ Lookout B.S. in Information Security More than 5 years working in Information Security

663 views • 31 slides
EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri Blumenthal (analysis done by Sarvar Patel) Member of Technical Staff EAP-SIM Draft and its Security Claims Current EAP-SIM provides

342 views • 7 slides
Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO)

Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO)

Identity Theft Wiam Younes Training and Awareness Coordinator Information Security Office(ISO) www.cmu.edu/iso Computing Services www.cmu.edu/computing What is Identity Theft? Identity Theft is a crime in which an impostor obtains key

409 views • 24 slides
Xpanda security gates Security solutions Retail security gate solutions Industrial

Xpanda security gates Security solutions Retail security gate solutions Industrial

STOREFRONT PROTECTION Xpanda security gates Security solutions Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Access control security gate solutions Office building

406 views • 13 slides
Retail security gate solutions Industrial security gate solutions Institutional

Retail security gate solutions Industrial security gate solutions Institutional

PHYSICAL SECURITY SOLUTIONS Quantum security gates can help you improve security quickly. Before or after a break-in. Retail security gate solutions Industrial security gate solutions Institutional security gate solutions Office

215 views • 18 slides
CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015 Q3 Market Share Android iOS

774 views • 26 slides
Android and Bitmaps: How hard could it be? Maksim Lin Manichord Mobile Solutions Intro I'm an

Android and Bitmaps: How hard could it be? Maksim Lin Manichord Mobile Solutions Intro I'm an

Android and Bitmaps: How hard could it be? Maksim Lin Manichord Mobile Solutions Intro I'm an old time Java dev (serverside and J2ME), but a Android apprentice... I'll talk about my experiences recently writing and debugging my

445 views • 12 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
Scanners for Security Screening and for Theft and Contraband Detection By Dr. Shengli Niu

Scanners for Security Screening and for Theft and Contraband Detection By Dr. Shengli Niu

Scanners for Security Screening and for Theft and Contraband Detection By Dr. Shengli Niu Senior Specialist on Occupational Health SafeWork/ILO 1 Personal Scanners Figure 1 Backscatter Systems and Sample Images (NCRP Commentary No. 16)

821 views • 33 slides
An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions

An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions

An Analysis of Wireless Security at U of M Dearborn: Found Problems and Proposed Solutions (CASL Only) Summary Basic Networking Concepts Description of vulnerabilities Demonstration Possible solutions Networking Addresses 3

288 views • 24 slides

More recommend