ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Transcription

1 ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an informa business AN AUERBACH BOOK

2 Contents Dedication Foreword Preface About the Authors Acknowledgments v xiii xv xvii xix Chapter Introduction Why Android Evolution of Mobile Threats Android Overview Android Marketplaces Summary Chapter 2 Android Architecture Android Architecture Overview Linux Kernel Libraries Android Runtime Application Framework Applications 27

3 viii Android Security: Attacks and Defenses 2.2 Android Start Up and Zygote 2.3 Android SDK and Tools Downloading and Installing the Androi Developing with Eclipse and ADT Android Tools DDMS ADB ProGuard 2.4 Anatomy of the "Hello World" Application Understanding Hello World 2.5 Summary Chapter 3 Android Application Architecture 3.1 Application Components Activities Intents Broadcast Receivers Services Content Providers 3.2 Activity Lifecycles 3.3 Summary Chapter 4 Android (in)security 4.1 Android Security Model 4.2 Permission Enforcement Linux 4.3 Android's Manifest Permissions Requesting Permissions Putting It All Together 4.4 Mobile Security Issues Device Patching External Storage Keyboards Data Privacy Application Security Legacy Code

4 Contents ix 4.5 Recent Android Attacks A Walkthrough Analysis of DroidDream Variant Analysis of Zsone Analysis of Zitmo Trojan Summary 93 Chapter 5 Pen Testing Android Penetration Testing Methodology External Penetration Test Internal Penetration Test Penetration Test Methodologies Static Analysis Steps to Pen Test Android OS and Devices Tools for Penetration Testing Android Nmap BusyBox Wireshark Vulnerabilities in the Android OS Penetration Testing Android Applications Android Applications Application Security Miscellaneous Issues Summary 118 Chapter 6 Reverse Engineering Android Applications Introduction What is Malware? Identifying Android Malware Reverse Engineering Methodology for Android Applications Summary 144 Chapter 7 Modifying the Behavior of Android Applications without Source Code Introduction To Add Malicious Behavior 148

5 x Android Security: Attacks and Defenses Chapter To Eliminate Malicious Behavior To Bypass Intended Functionality DEX File Format Case Study: Modifying the Behavior of an Application Real World Example 1 Google Wallet Vulnerability Real World Example 2 Skype Vulnerability (CVE ) Defensive Strategies Perform Code Obfuscation Perform Server Side Processing Perform Iterative Hashing and Use Salt Choose the Right Location for Sensitive Information Cryptography Conclusion Summary 8 Hacking Android Introduction Android File System Mount Points File Systems Directory Structure Android Application Data Storage Options /data/data Rooting Android Devices Imaging Android Accessing Application Databases Extracting Data from Android Devices Summary Chapter 9 Securing Android for the Enterprise Environment Android in Enterprise Security Concerns for Android in Enterprise 193

6 Contents xi End-User Awareness Compliance/Audit Considerations Recommended Security Practices for Mobile Devices Hardening Android Deploying Android Securely Device Administration Summary 211 Chapter 10 Browser Security and Future Threat Landscape Mobile HTML Security Cross-Site Scripting SQL Injection Cross-Site Request Forgery Phishing Mobile Browser Security Browser Vulnerabilities The Future Landscape The Phone as a Spying/Tracking Device Controlling Corporate Networks and Other Devices through Mobile Devices Mobile Wallets and NFC Summary 222 Appendix A 223 Appendix В 233 B.1 Views 233 B.2 Code Views 235 B.3 Keyboard Shortcuts 236 B.4 Options 236 Appendix С 239 Glossary 241 Index 251