Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating Luyi Xing 1 , Xiaorui Pan 1 , Rui Wang 2 , Kan Yuan 1 , and XiaoFeng Wang 1 1 Indiana University Bloomington 2 Microsoft Research 35 th IEEE Symposium on Security and Privacy (Oakland'14) 左左左 2014/05/12 Seminar @ ADLab, CSIE, NCU
36
Embed
Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating Luyi Xing 1, Xiaorui Pan 1, Rui Wang 2, Kan Yuan 1, and XiaoFeng.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating
Luyi Xing1, Xiaorui Pan1, Rui Wang2, Kan Yuan1, and XiaoFeng Wang1
1Indiana University Bloomington2Microsoft Research
35th IEEE Symposium on Security and Privacy (Oakland'14)
左昌國2014/05/12 Seminar @ ADLab, CSIE, NCU
Outline• Introduction• Pileup Exploits• Finding Pileups• Measurement and Evaluation• Conclusions
2
Introduction• Mobile OS Updating (Android)
• More complex• Sandboxed apps• Lots of sensitive user data• Updating live system
• More often• More files
• 15,525 files from
4.0.4 to 4.1.2
• Less steps (for user)• Press one button
3
Introduction• Android Updating
• Download upgrading image through OTA (Over the Air)• Reboot to recovery mode• Replace some system files, such as bootloader, Package Manager
Service (PMS), and APKs under /system directory• Reboot to the new OS• Update other components
4
Introduction• What PMS does when upgrading Android OS
• Install or reinstall all system apps under /system, and then 3rd-party apps under /data/app
2. (bp.sourcePkg.equals(pkg.pkgName)) == FALSE the old app name is NOT equal to the new system app name
If new permission name exists on old OS, and it is from non-system old app, and the <PackageName> is not equal
25
Finding Pileups• Finding Exploit Opportunities
• Different Android versions, manufacturers, device models, and carriers (Wireless Service Provider) are affected under different exploit opportunities.
Image scan• Compare system attributes and properties on 2 consecutive versions
from the same manufacturer, device model, region, and carrier.• Find out those newly added permissions or other attributes and props.
26
Finding Pileups• Pileup Scanner (Google Play)
• The app only asks for the INTERNET permission.
1. Gather information from android.os.Build2. Query the database for the exploit opportunites
3. Call API getInstalledPackages to get the names of installed packages, and use getPackageInfo to retrieve the information
Measurement and Evaluation• Android image collection
• 38 images for Google Nexus devices• Nexus7, Nexus10, Nexus Q, Galaxy Nexus, Nexus S• From 2.3.6 to 4.3
• 3,511 images for Samsung devices• 217 devices models, 267 carriers• From 2.3 to 4.3
• Source code of AOSP versions and customized versions• 1,522 from Samsung, 377 from LG, 1,593 from HTC
28
Measurement and Evaluation• Limitation
• Permission harvesting• Registration of non-system app’s property• Assertions do not cover
• Google Play Services DoS• Google Play is installed under the /data/app directory on Android 4.0.4• 3rd-party
29
Measurement and Evaluation• Measurement of Opportunities
• From the 38 Google and 3,511 Samsung images• 741 update instances
30
Measurement and Evaluation• Sensitive permissions at least dangerous protection level• Restrictive above dangerous
31
Measurement and Evaluation• At least one new shared UID was added in 50% update instances
32
Measurement and Evaluation• Impacts of customizations
• Though Google and AOSP make the biggest system overhaul from 2.3.X to 4.0.X and show a trend of less aggressive updating afterwards, Samsung continues to bring in more new stuffs.
33
Measurement and Evaluation• 4.0 - 4.1
• DCM (Docomo), TMB (T-Mobile)
• 4.1 - 4.2• DBT (Deutsche Bundespost Telekom), INU, SER
34
Measurement and Evaluation• Evaluating Scanner
• Effectiveness: • Install top 100 free apps from Google Play• Install system apps that could be updated through Google Play• Install a set of attack apps• Update Android version one by one, until 4.3All malicious apps detected and no false positives
• Performance
35
Conclusion• Android update, in order to ensure the smooth process
without endangering user assets, becomes error-prone.• This paper reported the first systematic study of the
problem.• Revealed Pileup vulnerabilities• Performed large-scale measurement to confirm the presence of
such flaws in all Android versions.
• To mitigate the threat, this paper proposed SecUP to detect Pileup vulnerabilities.