SlideShare ist ein Scribd-Unternehmen logo

Security Issues in Android Custom Rom

n|u - The Open Security Community
n|u - The Open Security Community

Security Issues in android Custom Rom by Anant Shrivastava @ c0c0n, October 2011

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
Android Architecture
ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
Are you Insecure Demo
About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info

Empfohlen

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
Anant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For You
Adam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?
Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012
Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part I
Opersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDK
Adnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground Up
Opersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VI
Opersys inc.
 

Empfohlen

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
Anant Shrivastava
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For You
Adam Caudill
 
What to do after Rooting ?
What to do after Rooting ?What to do after Rooting ?
What to do after Rooting ?
Arnav Gupta
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012
Opersys inc.
 
Android Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part IAndroid Jumpstart ESC SV 2012 Part I
Android Jumpstart ESC SV 2012 Part I
Opersys inc.
 
Cyanogen Platform SDK
Cyanogen Platform SDKCyanogen Platform SDK
Cyanogen Platform SDK
Adnan Begovic
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground Up
Opersys inc.
 
Inside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VIInside Android's UI at AnDevCon VI
Inside Android's UI at AnDevCon VI
Opersys inc.
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
xabean
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about it
robertfisk
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
Opersys inc.
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UI
Opersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
Opersys inc.
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3
Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Opersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
Opersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
Opersys inc.
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
Opersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
Opersys inc.
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
Opersys inc.
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
Jimmy Software
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
Priyanka Aash
 
Screencasting
ScreencastingScreencasting
Screencasting
Rex Tsai
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
Karim Yaghmour
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
Opersys inc.
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3
Opersys inc.
 
Rooting android
Rooting androidRooting android
Rooting android
Matt Vieyra
 
Social media security
Social media securitySocial media security
Social media security
n|u - The Open Security Community
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
n|u - The Open Security Community
 

Weitere ähnliche Inhalte

Was ist angesagt?

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
xabean
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
Opersys inc.
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
Opersys inc.
 
Screencasting
ScreencastingScreencasting
Screencasting
Rex Tsai
 

Was ist angesagt? (20)

Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about it
 
Leveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VILeveraging Android's Linux Heritage at AnDevCon VI
Leveraging Android's Linux Heritage at AnDevCon VI
 
Customizing Android's UI
Customizing Android's UICustomizing Android's UI
Customizing Android's UI
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3Android On Development Boards at AnDevCon3
Android On Development Boards at AnDevCon3
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012Android Hacks, Variants, Tricks and Resources ESC SV 2012
Android Hacks, Variants, Tricks and Resources ESC SV 2012
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Android's Multimedia Framework
Android's Multimedia FrameworkAndroid's Multimedia Framework
Android's Multimedia Framework
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Screencasting
ScreencastingScreencasting
Screencasting
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3
 
Rooting android
Rooting androidRooting android
Rooting android
 

Andere mochten auch

Andere mochten auch (6)

Social media security
Social media securitySocial media security
Social media security
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
 
Dissecting exploit activity
Dissecting exploit activityDissecting exploit activity
Dissecting exploit activity
 
Metapwn
MetapwnMetapwn
Metapwn
 
Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++Web Security – I: HTTP Protocol++
Web Security – I: HTTP Protocol++
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 

Ähnlich wie Security Issues in Android Custom Rom

Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Ron Munitz
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IV
Opersys inc.
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Ron Munitz
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Ron Munitz
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VI
Opersys inc.
 

Ähnlich wie Security Issues in Android Custom Rom (20)

Rooting Android Devices
Rooting Android DevicesRooting Android Devices
Rooting Android Devices
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux Developers
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
 
Is Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IVIs Android the New Embedded Linux? at AnDevCon IV
Is Android the New Embedded Linux? at AnDevCon IV
 
Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)Android Tamer (Anant Shrivastava)
Android Tamer (Anant Shrivastava)
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
Android As a Server- Building Android for the Cloud (AnDevCon SF 2013)
 
Headless Android
Headless AndroidHeadless Android
Headless Android
 
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...
 
Embedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VIEmbedded Android Workshop at AnDevCon VI
Embedded Android Workshop at AnDevCon VI
 

Mehr von n|u - The Open Security Community

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Kürzlich hochgeladen (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Security Issues in Android Custom Rom

  • 1. Security Issues In Android (Custom ROM's) Anant Shrivastava http://anantshri.info
  • 2. Agenda ● Introduction to Concept : Custom Rom ● Why Security Review ● Security Issues ● PoC : Data Theft Tool ● Protection Tips ● Demo : Tool
  • 3. What is Android ROM ● Android ROM is the OS Firmware layer of Phone. ● Generally consist of /system partition ● May include /data partition ● Contains – Kernel – Dalvik – Libraries – Framework – Application (Vendor Provided)
  • 5. ROM's concept ● Android Basically has two ROM's or firmwares. ● Stock : Pre installed by Manufacturers ● Custom : AfterMarket version, not supported by manufacturer. ● Example – CyanogenMod : claimed as aftermarket firmware. – MIUI : Chinese by origin, mimic's iPhone Looks. – OMFGB : Gingerbread Enhanced
  • 6. Advantage of Custom ROM's ● Bring out the best of all World's, example : – You may like SE hardware but love htc sense UI. – You prefer minimal phone, or avoid default apps. – Roms with specific features ● When Carrier / manufacturer stop providing updates ● Bleeding Edge (2.3.7) ● Pre-rooted ● Targetted : Speed, Gaming,Performance, Battery ● Overclocking and underclocking
  • 7. Where can i get it • http://cyanogenmod.com • http://miui.org • http://forum.xda-developers.com • http://android.modaco.com • http://modmymobile.com/forum.php • And many more underground forums.
  • 8. Recipe Modify Stock ROM ● Parellel after market ROM's ● Best of Both ● General ROM cookers are here for either ● ● Fun ● Profit ● They Can attitude.
  • 9. Why Security Review Next In Thing : Designing Malware and Exploits for android On top of that : employee's Pressure to integrate Android in Corporate infrastructure. AfterMarket Distribution like CyanogenMod are considered viable alternative. Lots of work is underway to safely implement CyanogenMod in Corporate Environment.
  • 10. Are we Missing Something ● Did anyone tried peeking under the hood. ● This is what we will be doing today
  • 11. Practices under Scrutiny ● USB Debugging enabled ● Adb Shell root mode ● System permissions ● Installation from unknown source ● Adb shell over wifi ● Su acccess and settings ● Custom Recoveries
  • 12. USB Debugging enabled ● ADB or Android Debug Bridge ,Google's Debug. ● Menu → Settings → Applications → Development ● Supports – Push / Pull Files and folders – Remount system partitions – Installation of software without prompt – Fastboot with different Kernel
  • 13. Adb Shell root mode ● Special Setting making adb run in root mode. ● Activated at boot time. ● boot.img → ramdisk.cpio.gz → build.prop ● Do you pay attention to the other end of charging Dock. :)
  • 14. ADB Shell over WiFi ● This Settings allow adb shell to be used over wifi network. (Freedom from Wires :) ) ● At boot time or run time both. ● service.adb.tcp.port = <tcp_port_no> ● Combine with our beloved ro.secure, you literally handover your device shouting : ”PLEASE OWN ME”. ● This is hypothetical as of now, no known usage found so far.
  • 15. System permissions ● /system should be readonly as its critical section of phone. ● Its observed at lots of places where Cooker's keep 777 settings for /system ● Do you remember : – /system/app : system apps – /system/bin : executable ● Remember ROOTKITS, TROJAN, MALWARE
  • 16. Unknown Source Installation ● This Settings disallows third party softwares, forces the use of Android Market. ● Aftermarket forum practices, enable Unknown Sources.
  • 17. Su Access ● With greater Power comes greater responsibility. ● SU or switch user binary is a direct indication of a rooted device. ● However default protection from unauthorized execution is not available. ● Superuser.apk is only known protection.
  • 18. Recovery Images ● Android Provides an option to install Custom Recovery softwares. ● Recovery softwares provide un restricted root access by default. ● Putting a phone in recovery mode is as simple as reboot, press backspace or vol_down till recovery starts.
  • 19.
  • 20. Demo PoC tool DEMO IS INTENTIONALLY NOT DEVELOPED TO A LARGE EXTEND TO AVOID SCRIPT KIDDIE APPROACH
  • 21. Protection ● Developers – Avoid settings not so required for normal user. – Give recomendation to close unknow source setting. – ● Users – Take a closer look at Development Process. – Ask Questions – Run ARE YOU INSECURE
  • 23. About Me Anant Shrivastava CEH, RHCE Interested in Android, Linux, Web 2.0 Member of Null and G4H ● Email : anant@anantshri.info ● Web : http://anantshri.info ● Blog : http://blog.anantshri.info