Embed Size (px)
Citation preview
Build an app that reveals security holes on Android
Workshop
Freek Kauffmann Paul Lammertsma
1. Connect to the open wireless network
2. Android setting: allow non-market applications
3. Download AIDE from Google Play
Before we start
APPS!
Android
• What are the security principles of Android?– POSIX based (Linux)– User IDs and File Access– Permissions– Application signing (identifies developer)– Sandboxing (application isolation)
Android
• Implications of rooting your device? – You can modify the Operating System– You can replace all applications– Access all application data– Grant/revoke permissions– Send data to and from the phone
• Others (malicious software?) can do the same!*
Android
• Facebook SDK exploit (April, David Poll)– Logcat– Let’s hack this!
We’ll make an app that…
• Steals Facebook login from bonafide apps– Draw Something Free– Hootsuite– Facebook Marketplace (Oodle)– Soundhound– LauncherPro– Sleepy Jack– Airport City, Diamonds Blaze
and others by Game Insight
https://github.com/pflammertsma/FacebookThief.git
github
https://github.com/pflammertsma/FacebookThief.git
continues onnext slide…
Facebook Thief
Tap to enable the background service
