Guard your Android - Speaker Deck

Slide 1

Slide 1 text

Stay Hungry, Stay Foolish! Stay Alert, Stay Safe! Om Shanti

Slide 2

Slide 2 text

Aboutme.apk A Student and a Learner! Always! :P Harsh Dattani GDG Baroda

Slide 3

Slide 3 text

We all know! ● Fastest Growing Mobile Operating System ● 1.5 billion downloads a month and growing ● Millions of Devices running this Operating System ● Easy (Are you sure?) to Develop Applications ● Open Source!

Slide 4

Slide 4 text

What we Don’t know! ● It’s easy to create malware and target Android. ● Even “seem like trusty” app can be malicious. ● It’s not that our data, but friend’s data is also important!

Slide 5

Slide 5 text

Important Security Terms! ● Assets ● Vulnerabilities ● Attack Vectors ● Threats ● Proactive Measures ● Counter Measures ● Patches ● Malware

Slide 6

Slide 6 text

Some Famous Android Malware ● Fake Opera Browser ● Fake Angry Bird Space ● Droid Dream Malware ● Blackmart ● Cracked Apks ● Battery Savers ● And More...!

Slide 7

Slide 7 text

Unix Security Policy 1. Process Isolation 2. Hardware Isolation 3. User Permission Model 4. R/W/X Permissions to file 5. Secure IPC

Slide 8

Slide 8 text

Application Installation

Slide 9

Slide 9 text

Android Security Policy 1. Application Isolation 2. Sandbox of Application 3. Secure Communication 4. Signing the Application 5. Permission model of Application

Slide 10

Slide 10 text

Virtualization

Slide 11

Slide 11 text

Application Isolation ● Each application has own GID/UID. ● System apps also have own GID/UID. ● Based on UNIX Security Model.

Slide 12

Slide 12 text

Permission Policy (Default) ● No app can Write other app data. ● But can Read data, with due permission ● Connect to network ● Cannot Use Peripherals ● Cannot Use System APIs to Read/Send SMS, Call.. ● Cannot Load App on System Start

Slide 13

Slide 13 text

Darwin’s Theory!

Slide 14

Slide 14 text

Dalvik → ART

Slide 15

Slide 15 text

1.0 → 6.0

Slide 16

Slide 16 text

Less Secure → More Less Secure

Slide 17

Slide 17 text

Some Steps! 1. Select popular application. 2. Reverse Engineer it. a. Dex2jar b. Apktool c. Smali/Baksmali and many more.. 3. Inject malicious code. 4. Distribute the app. (With new Certi)

Slide 18

Slide 18 text

Root?

Slide 19

Slide 19 text

But it’s not Free!

Slide 20

Slide 20 text

Dangers of Root! ● Isolation is gone! ● We have unknown code (Custom ROM) ● Permission Exploits ● Privacy! (Major)

Slide 21

Slide 21 text

Exploitation Frameworks ● AFE ● Santoku ● MSFvemon ● Androguard ● APKTool ● Dex2Jar