ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical...
Transcript of ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical...
![Page 1: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/1.jpg)
ANALYZING INTER-APPLICATION COMMUNICATION IN ANDROID
Erika Chin
Adrienne Porter Felt
Kate Greenwood
David Wagner
UC Berkeley
![Page 2: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/2.jpg)
INTER-APPLICATION COMMUNICATION
2
Yelp App
Maps App Dialer App Malicious App
• Eavesdropping Attacks
Inter-Application Communication
Other App
• Injection Attacks
![Page 3: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/3.jpg)
ORGANIZATION
¢ Android communication model
¢ Security analysis of Android
¢ ComDroid
¢ Analysis of third-party applications
¢ Recommendations
3
![Page 4: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/4.jpg)
ANDROID OVERVIEW
¢ Intents = Android IPC
¢ Applications are divided into components
¢ Intents can be sent between components
¢ Intents can be used for intra- and inter-application communication
4
Sender Receiver
Intent
![Page 5: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/5.jpg)
EXPLICIT INTENTS
5
Yelp Map App
Name: MapActivity
To: MapActivity
Only the specified destination receives this message
![Page 6: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/6.jpg)
IMPLICIT INTENTS
6
Yelp
Clock App
Map App
Handles Action: VIEW
Handles Action: DISPLAYTIME
Implicit Intent Action: VIEW
![Page 7: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/7.jpg)
IMPLICIT INTENTS
7
Yelp
Browser App
Map App
Handles Action: VIEW
Handles Action: VIEW
Implicit Intent Action: VIEW
![Page 8: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/8.jpg)
SECURITY ANALYSIS OF ANDROID
8
![Page 9: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/9.jpg)
COMMON DEVELOPER PATTERN: UNIQUE ACTION STRINGS
9
Showtime Search
Results UI
IMDb App
Handles Actions: willUpdateShowtimes, showtimesNoLocationError
Implicit Intent Action: willUpdateShowtimes
![Page 10: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/10.jpg)
10
![Page 11: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/11.jpg)
COMMON DEVELOPER PATTERN: UNIQUE ACTION STRINGS
11
Showtime Search
Results UI
IMDb App
Handles Actions: willUpdateShowtimes, showtimesNoLocationError
Implicit Intent Action: willUpdateShowtimes
![Page 12: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/12.jpg)
ATTACK #1: EAVESDROPPING
12
Showtime Search
Malicious Receiver
IMDb App
Handles Action: willUpdateShowtimes, showtimesNoLocationError
Implicit Intent Action: willUpdateShowtimes
Eavesdropping App
Sending Implicit Intents makes communication public
![Page 13: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/13.jpg)
ATTACK #2: INTENT SPOOFING
13
Malicious Component
Results UI
IMDb App
Handles Action: willUpdateShowtimes, showtimesNoLocationError
Action: showtimesNoLocationError
Malicious Injection App
Receiving Implicit Intents makes the component public
![Page 14: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/14.jpg)
14
Typical case Attack case
![Page 15: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/15.jpg)
ATTACK #3: MAN IN THE MIDDLE
15
Showtime Search
Results UI
IMDb App
Handles Action: willUpdateShowtimes, showtimesNoLocation Error
Malicious Receiver
Handles Action: willUpdateShowtimes, showtimesNoLocationError
Man-in-the-Middle App
Action: willUpdateShowtimes
Action: showtimesNoLocation Error
![Page 16: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/16.jpg)
ATTACK #4: SYSTEM INTENT SPOOFING
¢ Background – System Broadcast � Event notifications sent by the system � Some can only be sent by the system
¢ Receivers become accessible to all applications when listening for system broadcast
16
![Page 17: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/17.jpg)
SYSTEM BROADCAST
17
Component
App 1
Handles Action: BootCompleted
Component
App 2
Handles Action: BootCompleted
Component
App 3
Handles Action: BootCompleted
System Notifier
Action: BootCompleted
![Page 18: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/18.jpg)
SYSTEM INTENT SPOOFING: FAILED ATTACK
18
Handles Action: BootCompleted
Malicious Component
Malicious App
Action: BootCompleted
Component
App 1
![Page 19: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/19.jpg)
SYSTEM INTENT SPOOFING: SUCCESSFUL ATTACK
19
Handles Action: BootCompleted
Malicious Component
Malicious App
Component
App 1
To: App1.Component
![Page 20: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/20.jpg)
REAL WORLD EXAMPLE: ICE APP
¢ ICE App: Allows doctors access to medical information on phones
¢ Contains a component that listens for the BootCompleted system broadcast
¢ On receipt of the Intent, it exits the application and locks the screen
20
![Page 21: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/21.jpg)
REAL WORLD EXAMPLE: ICE
21
![Page 22: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/22.jpg)
COMDROID
22
ComDroid Android Executable File
Security Warnings for Exposed Communication
ComDroid analyzes applications to detect Intent-based attack surfaces
![Page 23: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/23.jpg)
EVALUATION
¢ Manually verified ComDroid’s warnings for 20 applications
¢ 60% of applications examined have at least 1 exploitable IPC vulnerability
23
Type # of Warnings
# of Apps
Severe Vulnerability 34 12
Bad Practice 16 6
Spurious Warning 6 6
![Page 24: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/24.jpg)
RECOMMENDATIONS
¢ Treat inter- and intra-application communication as different cases
¢ Prevent public internal communication � 21% of severe vulnerabilities � 63% of bugs due to bad practice
¢ Verify system broadcasts
� 6% of severe vulnerabilities � 13% of bugs due to bad practice
¢ Can be fixed by either developers or platform 24
![Page 25: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/25.jpg)
RELATED WORK
¢ Enck et al. – introduces information leakage through Broadcast Intents and information injection into Receivers
¢ Burns – discusses other common developers’ errors
25
![Page 26: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/26.jpg)
CONCLUSION
¢ Applications may be vulnerable to other applications through Android Intent communication
¢ Many developers misuse Intents or do not realize the consequences of their program design
¢ 60% of applications examined had at least 1 vulnerability
¢ ComDroid tool to be publically accessible soon at www.comdroid.org 26
![Page 27: ANALYZING INTER PPLICATION COMMUNICATION IN ANDROID · ICE App: Allows doctors access to medical information on phones ! Contains a component that listens for the BootCompleted system](https://reader034.fdocuments.us/reader034/viewer/2022042309/5ed56cddcfeb855c4e40ca09/html5/thumbnails/27.jpg)
Thank you!
Any questions?
27