Remote Code Execution on Android

Remote Code Execution on Android

MASARYK UNIVERSITY FACULTY OF INFORMATICS Remote code execution on Android MASTER'S THESIS Mayank Samadhiya Chennai, Fall 2017 MASARYK UNIVERSITY FACULTY OF INFORMATICS Remote code execution on Android MASTER'S THESIS Mayank Samadhiya Chennai, Fall 2017 This is where a copy of the official signed thesis assignment and a copy of the Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Mayank Samadhiya Advisor: Martin Stehlik i Acknowledgement I am very thankful to my organization and Government of India for giving me the opportunity to pursue Master studies at Masaryk Uni­ versity. I am thankful to RNDr. Martin Stehlik Ph.D, Mgr. Jaroslav Seděnka and Dr. Chester Rebeiro who has guided me in completion of my Master thesis. I am also thankful to Prof RNDr Václav Matyáš Ph.D. for his continuous motivation for the completion of thesis. I am also thankful to all my teachers at Masaryk University, especially Prof RNDr Václav Matyáš Ph.D., RNDr. Petr Švenda Ph. D and to all my batchmates for enabling me to learn many vital aspects of In­ formation Security. I would like to thank my wife Ritu and children Darsh and Shivay for there patience and providing me continuous encouragement and support. iii Abstract Android is an open-source platform which is widely used in smart phones, tablets and other low power applications. The security of Android has become very crucial with high increase in usage. The number of attacks on Android and their sophistication has increased exponentially in past few years. This work explores the security mecha• nism deployed by Android developers to protect their users along with few of the vulnerabilities reported recently. Further five well known vulnerabilities are chosen and are executed on vulnerable versions and patched versions on emulators and different hardware platforms. iv Keywords Android, Exploit, Integer Overflow, Integer Underflow, Libstagefright, Patch, Privilege Escalation, Remote Code Execution, Vulnerability, WebView. v Contents 1 Introduction 1 2 Android OS and Webview Component 5 2.1 Android OS Architecture 5 2.1.1 Linux Kernel 5 2.1.2 Hardware Abstraction Layer 6 2.1.3 Android Runtime 6 2.1.4 Libraries 7 2.1.5 Application Framework 7 2.1.6 Application 8 2.2 An Overview of Android Security and Vulnerabilities .... 8 2.2.1 Android Security Mechanisms 8 2.2.2 Overview of Vulnerabilities in Android 11 2.3 WebView 13 2.3.1 Creating an WebView Instance 14 2.3.2 WebView Issues and Vulnerabilities 14 2.3.3 Attack Vectors for WebView Vulnerabilities ... 16 2.4 StageFright 16 2.4.1 Stagefright Vulnerabilities 17 2.4.2 Attack Vectors for Stagefright Vulnerabilities . 18 3 Exploits Classification 19 3.1 Denial of Service (DoS) 19 3.2 Code Execution 21 3.3 Buffer Overflow 23 3.4 Memory Corruption 24 3.5 Privilege Escalation 25 4 Analysis of Selected Exploits 27 4.1 Stagefright Vulnerabilities 27 4.1.1 CVE-2015-1538 28 4.1.2 CVE-2015-3824 29 4.1.3 CVE-2015-3864 31 4.2 WebView Vulnerabilities 33 4.2.1 CVE-2016-6754 33 4.2.2 CVE-2012-6636 35 vii 5 Evaluation and Modification of Selected Exploits 37 5.1 Evaluation of Stage/right Attacks 37 5.1.1 CVE-2015-1538 37 5.1.2 CVE-2015-3824 38 5.1.3 CVE-2015-3864 41 5.2 Evaluation of Attacks on WebView 42 5.2.1 CVE-2016-6754 42 5.2.2 CVE-2012-6636 43 6 Conclusion 45 7 Future Work 47 A Exploitation Procedure for CVE-2015-1538 53 B AVD Details for Exploited Device for CVE-2015-1538 55 C Exploitation Procedure for CVE-2015-3824 57 D AVD Details for Exploited Device for CVE-2015-3824 and CVE-2015-3864 59 E Procedure to Exploit CVE-2015-3864 61 F Procedure to Exploit CVE-2012-6636 63 viii List of Tables 5.1 Stagefright Vulnerability Results 42 5.2 CVE-2016-6754 Exploit Results 43 5.3 CVE-2012-6636 Exploit Results 44 List of Figures 1.1 Exponential Increase in Vulnerabilities Found in Android - Year wise 2 1.2 Types of Vulnerabilities Discovered in Android 2 2.1 Android Stack [29] 6 2.2 Mind Map of Issues in Android Vulnerabilities [13] 11 2.3 Vulnerable Components of Android [13] 12 3.1 Types of Vulnerabilities Affected Android in Year 2016 20 xi 1 Introduction There are many platforms which are used in smart phones like An• droid, iOS, Windows, Symbian and few others. Android's share was 86.1 percent among all the mobile phones sold to end users in first quarter of 2017 [23], and the total share of Android phones is 73.05 percent in Oct, 2017 [26]. During the initial days of Android, its only purpose was to run on smart phones. But with further advancements now Android found applications in Smart TVs, Smart watches, medi• cal equipment etc [16]. With such wide usage and dependencies, the security of Android systems has also became a big matter of concern. The Figure 1.1 shows number of vulnerabilities discovered from 2009 till year 2017 (Sept.), the data has been obtained from [33]. It can be observed from the Figure 1.1 that since 2008 there is exponential in• crease in the vulnerabilities discovered in the Android systems [33] and thus the attacks on Android systems have also increased in same fashion. The Figure 1.1 is based on data obtained from CVE-MITRE, which assumes that all the reported vulnerabilities are patched soon or before reported on CVE. The major share of vulnerabilities reported and exploited is taken by Denial of Service (DoS), Code Execution, Overflow and Gain privileges, which can be seen in Figure 1.2. The Figure 1.2 also shows the types of vulnerabilities popped since 2008 and their individual shares [33]. There are very few SQL injection vulnerabilities (one) reported in Android since its origin as shown in figure 1.2. This work discuss about many vulnerabilities reported in Android systems. Different types of vulnerabilities arising from design flaws are explained in detail. Further three vulnerabilities from Stagefright media library and two from Web View component are analyzed and tested on vulnerable and patched versions. The Chapter 2 deals with the Android architecture along with its various layers and the security mechanisms in place. An overview of vulnerabilities discovered in past in various Android components are discussed and explained. At the last of this chapter, Web View component and libstagefright library of Android is discussed along with related security issues. 1 i. INTRODUCTION Figure 1.1: Exponential Increase in Vulnerabilities Found in Android - Year wise Figure 1.2: Types of Vulnerabilities Discovered in Android 2 i. INTRODUCTION In Chapter 3 different attack vectors with relation to the related vulnerabilities are discussed. Five kind of vulnerabilities along with exploit examples are discussed in this chapter. In Chapter 4 five specific vulnerabilities are studied in detail and their available exploits have been analyzed. Three of the vulnerabil• ities are from libstagefright library and two are from the Web View component of Android. In Chapter 5 the result of exploitation of vulnerabilities discussed in chapter 4 are placed. Analysis is done on the vulnerable and patched versions of Android. Further, devices from different Original Equip• ment Manufacturers (OEMs) are also considered for analysis. 3 2 Android OS and Webview Component This section deals with Android OS, its various layers, latest security mechanisms and vulnerabilities associated with every layer. Later in this section web view component of Android is discussed in detail. 2.1 Android OS Architecture Android is an open source operating system which is based on Linux and designed for mobile phones and tablets. It is also used in other small devices like smart watch, Vehicle Mounted Systems, Point of Sale (PoS) Devices, Medical Devices [16] etc. Android is more like a software stack which consists of different layers as shown in Figure 2.1 [29]. The different layers of Android are: 1. Linux kernel 2. Hardware Abstraction Layer 3. Android Runtime 4. Libraries 5. Application framework 6. Applications 2.1.1 Linux Kernel The lowest layer in Android is Linux. It provides a level of abstraction between the hardware and other layers of Android stack. The Android devices mainly use versions 3.18 or 4.4 of Linux kernel [17]. There is no direct interaction of developers and users with this layer, still this layer serves as core layer. The Linux kernel provides generic system services like: • Memory and process management • Permissions 5 2. ANDROID OS AND WEB VIEW COMPONENT ALARM • BROWSER • CALCULATOR • CALENDAR • CAMERA - CLOCK • CONTACTS • DIALER • EM AIL * HOME - IM • MEDIA PLAYER • PHOTO ALBUM * SMS/MMS • VOICE DIAL CONTENT PROVIDERS • MANAGERS (ACTIVITY. LOCATION. PACKAGE. NOTIFICATION. RESOURCE. TELEPHONY. WINDOW)' VIEW SYSTEM AUDIO MANAGER* FREETYPE'LIBC • MEDIA FRAMEWORK * CORE LIBRARIES* OPENGL'ES • ART • DALVIK VM SOLÍTE* SSL* SURFACE MANAGER* WEBKIT AUDIO • BLUETOOTH • CAMERA ' DRM • EXTERNAL STORAGE • GRAPHICS • INPUT * MEDIA • SENSORS • TV DRIVERS (AUDIO, BINDER (IPC). BLUETOOTH. CAMERA, DISPLAY, KEYPAD, SHARED MEMORY, USB, WIFI) • POWER MANAGEMENT Figure 2.1: Android Stack [29] • File and network I/Os • Device management • Device drivers 2.1.2 Hardware Abstraction Layer The Hardware abstraction layer (HAL) provides a standard method for creating software hooks (interfaces) between the Android platform and any proprietary hardware [29].

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    82 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us