12. Our Text Message Example
• Permission to read text message(SMS)
database
• Specific permission to send text
message(SMS) messages
• Without user consent, application cannot
access this information
13. Is this system working to protect users?
Are users making good decisions about
application permissions?
16. Abusing the Android Sandbox
• Load exploit code at runtime
• Safe application becomes malicious
application
• In the wild: DroidDream
• In the lab: Rootstrap
29. Selected Bibliography
• John Oberheide and Jach Lanier “Team JOCH vs. Android”
Shmoocon 2011: http://jon.oberheide.org/files/shmoo11-
teamjoch.pdf
• Charlie Miller and Collin Mulliner “Fuzzing the Phone in
Your Phone” Blackhat USA 2009:
http://www.blackhat.com/presentations/bhusa-
09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
• Dino Dai Zovi “Apple iOS Security Evalution” Blackhat USA
2011: https://media.blackhat.com/bh-us-
11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf
Notes de l'éditeur
ContactsEmails (work emails too)PicturesLocationCredentials to online applicationsMore
Encryption security in transit varies 2G is broken (Blackhat 2009 Karsten Kohl broke session key in minutes with 1TB storage and 2 nice video cards) Example of interception (Chris PagentDefcon 2010 with his rogue access point}
“Hi meet me for lunch” -- privacy not so important“Meet me for lunch while my wife is out” -- privacy more important“Here is your bank account credentials” -- privacy required
iPhoneMust have a developer certificate to even run code on your own device$99/yearIdentity is verifiedAll code is reviewed and signed before upload to the store AndroidAnyone can write an app and upload to the Android market$25 signup fee Anonymous signup possibleNo certificate authority/self signed apps (3rd party store apps run too)
Mandatory code signing/ apps cannot load new code at runtime (specific dispensation for browsers, etc.)ASLR on system binaries and some apps in 4.3 and laterIndividual apps sandboxed with MAC for system permissions etc.
Android apps can request any permissions they want. Up to the user to decide to decide if app is safeFoursquare would need GPS but not SMS
Edit and Read SMS, send SMS, receive SMSModify/delete USB storage contentsPrevent phone from sleeping, write sync settingsGPS dataServices that cost you moneyAct as account authenticator, manage accountsRead and write to your personal information including contact dataPhone calls, read phone state and identityFull network access
Any app can use kernel exploits to gain root privileges Any app can load new code at runtimeCan load new shellcode as it becomes availableDroidDream:Trojaned apps on the Android App Store Used known root methods to gain root privilegesSends phone info: IMEI, IMSI, etc. offsightRootstrap:Zach Lanier and Jon OberheideShmoocon 2011Rootstrap app downloads new exploits as they become availablePackaged with Twilight ad app to encourage downloads
Original Android G1 jailbreak: go to home screen, hit enter twice, type telnetd …Current iPhone and Android Jailbreaks: Go to this website and say yes to running this unknown binary by an unknown personIt roots the phone, what else does it do?