SlideShare une entreprise Scribd logo

Security Issues in Android Custom Rom

n|u - The Open Security Community
n|u - The Open Security Community

Security Issues in android Custom Rom by Anant Shrivastava @ c0c0n, October 2011

Technologie
1  sur  23
Télécharger pour lire hors ligne
Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
Android Architecture
ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
Are you Insecure Demo
About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info

Recommandé

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IOpersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDKAdnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground UpOpersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIOpersys inc.
 

Recommandé

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IOpersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDKAdnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground UpOpersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIOpersys inc.
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VIOpersys inc.
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UIOpersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia FrameworkOpersys inc.
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OSJimmy Software
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Screencasting
ScreencastingScreencasting
ScreencastingRex Tsai
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentKarim Yaghmour
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3Opersys inc.
 
Rooting android
Rooting androidRooting android
Rooting androidMatt Vieyra
 
Social media security
Social media securitySocial media security
Social media securityn|u - The Open Security Community
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOvern|u - The Open Security Community
 

Contenu connexe

Tendances

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VIOpersys inc.
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UIOpersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia FrameworkOpersys inc.
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Screencasting
ScreencastingScreencasting
ScreencastingRex Tsai
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentKarim Yaghmour
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3Opersys inc.
 

Tendances (20)

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about it
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UI
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Screencasting
ScreencastingScreencasting
Screencasting
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3
 
Rooting android
Rooting androidRooting android
Rooting android
 

En vedette

En vedette (6)

Social media security
Social media securitySocial media security
Social media security
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
 
Dissecting exploit activity
Dissecting exploit activityDissecting exploit activity
Dissecting exploit activity
 
Metapwn
MetapwnMetapwn
Metapwn
 
Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 

Similaire à Security Issues in Android Custom Rom

Rooting Android Devices
Rooting Android DevicesRooting Android Devices
Rooting Android DevicesLokendra Rawat
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Opersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux DevelopersOpersys inc.
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel HackingDeveler S.r.l.
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Ron Munitz
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVOpersys inc.
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)ClubHack
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Ron Munitz
 
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Ron Munitz
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIOpersys inc.
 

Similaire à Security Issues in Android Custom Rom (20)

Rooting Android Devices
Rooting Android DevicesRooting Android Devices
Rooting Android Devices
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux Developers
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IV
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
 
Headless Android
Headless AndroidHeadless Android
Headless Android
 
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VI
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Dernier (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Security Issues in Android Custom Rom

  • 1. Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
  • 2. Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
  • 3. What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
  • 5. ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
  • 6. Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
  • 7. Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
  • 8. Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
  • 9. Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
  • 10. Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
  • 11. Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
  • 12. USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
  • 13. Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
  • 14. ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
  • 15. System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
  • 16. Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
  • 17. Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
  • 18. Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
  • 19.
  • 20. Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
  • 21. Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
  • 23. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info