ANALYZING INTER-APPLICATION COMMUNICATION IN ANDROID

tibburfrogtownMobile - sans fil

14 déc. 2013 (il y a 3 années et 7 mois)

125 vue(s)

ANALYZING
INTER-APPLICATION
COMMUNICATIONIN
A
NDROID
Erika Chin
Adrienne Porter Felt
Adrienne Porter Felt
Kate Greenwood
David Wagner
UC Berkeley
INTER-APPLICATION
COMMUNICATION
Yelp App
•Eavesdropping Attacks
•Injection Attacks
Inter-A
pp
lication Communication
pp
Maps AppDialer App
Malicious
App
Other App
2
O
RGANIZATION
O
RGANIZATION

Android communication model

Security analysis of Android

ComDroid

Analysis of third-party applications

Recommendations
3
ANDROID
OVERVIEW

Intents= Android IPC

Applications are divided into components

Intents can be sent between components

Intents can be sent between components

Intents can be used for intra-and inter-application
ii
commun
i
cat
i
on
Sender
Receiver
4
Intent
EXPLICIT
INTENTS
Name: MapActivity
Yelp
Map
App
To:
MapActivity
To:
MapActivity
Only the specified destination receives this message
5
Only the specified destination receives this message
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: DISPLAYTIME
Clock
Im
p
licit Intent
App
p
Action: VIEW
6
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: VIEW
Browser
Im
p
licit Intent
App
p
Action: VIEW
7
SECURITY
ANALYSIS
OF
ANDROID
8
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
9
w
illU
p
d
ate
Sh
owt
i
mes
10
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
11
w
illU
p
d
ate
Sh
owt
i
mes
ATTACK #1: EAVESDROPPING
IMDbApp
Handles Action:
Eavesdropping App
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Search
Malicious
Receiver
Implicit Intent
Action:
willUpdateShowtimes
12
Sending Implicit Intents makes communication public
ATTACK #2: INTENT
SPOOFING
IMDbApp
Handles Action:
Malicious
Injection
A
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
A
pp
Malicious
Component
Results UI
A
ction:
showtimesNoLocationError
13
Receiving Implicit Intents makes the component public
14
Typical caseAttack case
ATTACK #3: M
AN
IN
THE
M
IDDLE
ATTACK #3: M
AN
IN
THE
M
IDDLE
IMDbApp
Man-in-the-Middle App
Handles Action:
willUpdateShowtimes,
showtimesNoLocation
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Error
Malicious
Search
Receiver
Action:
willUpdateShowtimes
Action:
showtimesNoLocation
15
Error
ATTACK #4: SYSTEM
INTENT
SPOOFING

Back
g
round

S
y
stem Broadcast
g
y

Event notifications sent by the system

Some can only be sent by the system

Receivers become accessible to all applications
when listening for system broadcast
when listening for system broadcast
16
App 1
SYSTEM
BROADCAST
Component
Handles Action:
BootCompleted
Handles Action:
BootCompleted
App 2
System
Notifier
Component
Handles Action: BootCompleted
App
3
Action:
BtCltd
Component
pp
B
oo
tC
omp
l
e
t
e
d
17
Handles Action: BootCompleted
SYSTEM
INTENT
SPOOFING: FAILED
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
Action:
BootCompleted
18
SYSTEM
INTENT
SPOOFING: SUCCESSFUL
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
To: App1.Component
19
REAL
WORLD
EXAMPLE: ICE APP

ICE App: Allows doctors access to medical
information on
p
hones
p

Contains a component that listens for the
BootCompletedsystem broadcast

ョ葉ﹴ若北說︠

ョ葉ﹴ

若北說︠
ﱯ
20
REAL
WORLD
EXAMPLE: ICE
21
COMDROID
Android
Security
ComDroid
Android
Executable
File
Warnings for
Exposed
Communication
ComDroidanalyzes applications to detect Intent-
based attack surfaces
22
EVALUATION

Manuall
y
verified ComDroid’swarnin
g
s for 20
y
g
applications

60% of applications examined have at least 1
exploitable IPC vulnerability
Type# of
Warnings
#of Apps
Severe Vulnerability3412
Bad Practice166
SpuriousWarning66
23
RECOMMENDATIONS

Treat inter-and intra-application communication
as different cases

Prevent public internal communication
f lbilii

21%

o
f
severe

vu
l
nera
bili
t
i
es

63% of bugs due to bad practice

Verify system broadcasts

6% of severe vulnerabilities

13% of bugs due to bad practice
C b fid b ith dl ltf

C
an
b
e
fi
xe
d b
y

e
ith
er
d
eve
l
opers

or

p
l
a
tf
orm
24
RELATED
WORK

Encket al.

introduces information leaka
g
e
g
through Broadcast Intents and information
injection into Receivers

Burns –discusses other common developers’
errors
errors
25
C
ONCLUSION
C
ONCLUSION

Applications may be vulnerable to other
applications through Android Intent
applications through Android Intent
communication

Many developers misuse Intents or do not realize
the consequences of their program design

60% of applications examined had at least 1
vulnerability
vulnerability

ComDroidtool to be publicall
y
accessible soon at
y
www.comdroid.org
26
Thank you!
Any questions?
27