Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
Exploiting Media Projection Vulnerability in Android 7 and belowPrakhar AgarwalSupervisor - Prof. Sandeep Shukla
Indian Institute of Technology, Kanpur
Outline
▪ Introduction– What is Android?
– Android Architecture
– Android Applications
▪ Android Security– Why?
– Sandboxing
– Permission System
▪ Media Projection Vulnerability and Exploit
▪ Countermeasures and Other attacks
▪ Demonstration
Introduction
Android
▪ Operating system for mobile devices
▪ Linux kernel based
▪ Open-source, developed by Google
▪ Dalvik Virtual Machine (DVM) for android apps
▪ Latest Version – 8.0 (Oreo)
Android Versions
Source: https://templatebench.com/android-operating-system-history/
Android Architecture
Default appsCalls SMS
Java API Framework
Third party appsPaytm Spotify
Native libs(C / C++)
Linux Kernel (modified)
Android Runtime(Dalvik / ART)
Hardware Abstraction Layer
Android Application
▪ Application Manifest
▪ Intent
▪ Activity
▪ Broadcast Receiver
▪ Service
▪ Content Provider
Source: http://rosixtechnology.com/android-mobile-application-developers-in-ahmedabad
Android Architecture (cont.)
▪ Java API Framework– Provide packages/classes for common tasks (managing UI)
– Package Manager, Activity Manager, etc.
▪ Native libs– Libraries for hardware support
– Core services (init, ADB, etc)
▪ DVM– Optimized VMs for speed and memory
▪ Kernel– Derived from Linux kernel
– Uses flash memory instead of magnetic drives
Android Security
Why Android Security
Source: https://www.idc.com/promo/smartphone-market-share/os
▪ Significant market share
▪ Open Source
▪ Large ecosystem
▪ User activity and data
▪ Billions of users
Application Sandboxing
Kernel
Process boundary
Process boundary
Syscall Syscall Syscall
App 1 App 2 App 3UID A UID B UID C
▪ Isolated Apps
▪ Only access own/allowed resources
▪ Inherited from Linux
Android Permission System
▪ Mentioned in Android Manifest
▪ Assigned to Sandbox
▪ Can be defined by Developer
Application
System DataSystem
InterfacesSystem
Resources
Permissions
Permission Protection Level
▪ Normal– Access data/resource outside sandbox
– Little risk to user’s privacy
– Bluetooth, Vibrate, Set alarm, etc.
▪ Signature– Requesting and declaring app signed by same certificate
– Clear app cache, force stop packages, etc.
▪ Dangerous– Request to user’s private information
– Camera, send sms, call, etc.
▪ System– System alert, access usb, etc.
Dynamic Permissions
▪ Dangerous permissions are requested at runtime
▪ Permission are granted at runtime
▪ Can be revoked by the user once granted
▪ Present in Android 6.0 onwards
Source: https://inthecheesefactory.com/blog/things-you-need-to-know-about-android-m-permission-developer-edition/en
Media Projection
▪ Handles screen capture and system audio record
▪ Present in Android 5.0 Lollipop onwards
▪ Can capture media from third-party and system apps
▪ Does not require any permission or root
▪ CVE-2015-3878 on Common Vulnerabilities and Exposure
▪ Patched on Android 8.0
▪ Still exists on Android 5.0 – 7.1
Media Projection Vulnerability
Source: https://latesthackingnews.com/2017/11/20/android-issue-allows-attackers-to-capture-screen-and-record-audio-on-77-of-all-devices/
Countermeasures
▪ Users update Android version if supported
▪ Patch for lower Android versions
▪ Users keep updating the Security patches
▪ Take care before granting permissions
Other Attacks and Vulnerabilities
▪ Confused Deputy Attack– Over privileged apps
▪ Collusion Attacks– Share permissions between 2 or more apps
▪ Phishing Attacks– Instant Apps
Demonstration of Exploit
Acknowledgement
▪ “Android Hacker’s book” - Joshua J. Drake Pau Oliva Fora Zach Lanier Collin Mulliner Stephen A. Ridley Georg Wicherski
▪ “The State of Android Security” – SOTA presentation, Saurabh Kumar
▪ https://github.com/JakeWharton/Telecine
▪ https://www.cvedetails.com/
▪ https://developer.android.com/
Thanks