Presentazione standard di PowerPoint · Dubsmash 2.21.2 NullPointerException Tinder 6.7.2...
Transcript of Presentazione standard di PowerPoint · Dubsmash 2.21.2 NullPointerException Tinder 6.7.2...
The Team
Marta Catillo
Antonio Farina
Luigi Martire
Supervisor
Prof. Aaron Visaggio
Team Leader
Dott. Ing. Antonio Pirozzi
https://github.com/lmartire/DoApp
Android Environment
Activity
Receiver Serviceintent
explicit implicit
Why (?)
• It’s possibile to start an Android Component with malicious intentions?• Yes, with Intent Spoofing.
• When an app registers to receive implicit system intents from the Android OS, it is also registered to receive any explicit intents.
• Impact: Un-authentic launching of vulnerable activities, accessing logins, card credentials, etc. and theft of data
Android Environment
Activity
Receiver Serviceintent
explicit implicit
Android Environment
Activity
Receiver Serviceintent
ExplicitMALINTENT
implicit
State of the Art (1)Intent
Fuzzer
BIFUZ
- Only null Intent- No Report- No data field analysis
- Only Activities- Only Mimetype- No Report- No user-friendly
- Only Receivers- No Report
- No Android App- No user-friendly - Only System App
- Stagefright specialized
State of the Art (2)Android
App
External
Tool
Tested Android Components Tested Fields Test Type System
Libraries
tested
UI
eventsReport
Activity Service Receiver Action MimeType URI Null Random Semivalid
DoApp X X X X X X X X X X X
DroidFuzzer X X X X
Fuzzinozer X X X X X X X X
Bifuz X X X X X X X
American
Fuzzy LopX - - - - - - - - - X X
Intent Fuzzer
(ISEC)X X X X X
Monkey X X X X X
Dynodroid X X X X X
GUIRipper X X X X X
Orbit X X X X X
SwiftHand X X X X X
PUMA X X X X X
EvoDroid X X X X X
ACTEve X X X X
DoApp’s objective
WHAT• Android Application• Automatic tool• User-friendly• Deep test• Report
WHO• Developers
• Testers
• Researchers
• PentestersHOW
• Every component
• Every Action
• Every Data Field
• Null, random, semivalid test
WHY• Test Intent
Vulnerabilities• Intent spoofing• DOS Attack• Data leakage
DoApp Design (1)
DoApp Design (2)
MalIntentGenerator
SemivalidGeneratorRandomGeneratorNullGenerator
DoApp Design – Info Gathering (1)activity1
intent-filter
ACTION_WEB_SEARCH
intent-filter
datamimetype = image/png
datamimetype = image/jpeg
action VIEW
action EDIT
datascheme = https
datascheme = http
datamimetype = text/plain
IntentDataInfo
activity1
intent-filter
datamimetype = image/png
IntentDataInfo
activity1
intent-filter
datascheme = http…
references
refe
ren
ces
DoApp Design – Info Gathering (2)Data Field of Manifest
URIMimeType
Text/plain All other
DoApp Design – Test Case Generation (1)
mimeType = "text/plain"
mimeType : all the other ones
NULL input without setting data type
NULL input setting data type
Random text (EXTRA_TEXT) setting data type
NULL input without setting data type
NULL input setting data type
Random URI (EXTRA_STREAM) setting data type
Semivalid URI (EXTRA_STREAM) setting data type
DoApp Design – Test Case Generation (2)
http
https
unisannio.it
ding.unisannio.it
demm.unisannio.it
random MalIntents
DoApp Design – FuzzerServicefuzzerService{
cleanLogCat();
foreach(MalIntent in malintents){sendMalIntent();parseLogCat();searchExceptions();
if(exception found){storeException();storeMalIntent();
}
killApp();}
}
Operational Conditions
ResultsAPPNAME VERSION Exception Types
Microsoft Onedrive 4.9 NullPointerException
Whatsapp 2.17.32 NullPointerException
Adobe - Acrobat Reader 17.90 NullPointerException
Dropbox 32.2.4 NullPointerException
IndexOutOfBoundsException
Shazam 6.7.0 NullPointerException
Twitter 6.31.0 NullPointerException
Microsoft Outlook 2.1.138 NullPointerException
Dubsmash 2.21.2 NullPointerException
Tinder 6.7.2 NullPointerException
RuntimeException
Badoo 4.59.0 NullPointerException
Pinterest 6.7.0 IllegalArgumentException
The Fork 8.5.1 NullPointerException
Box 4.3.615 NullPointerException
vk 4.7.2 ArrayIndexOutOfBoundsException
Wire private messenger 2.26.309 NullPointerException
SoundCloud 2017.01.24 NullPointerException
IllegalStateExceptipon
Asus Task 2.15.0.20 NullPointerException
Microsoft Word 16.0.7766.4775 NullPointerException
Microsoft Office Lens 16.0.7820.3002 NullPointerException
Microsoft Powerpoint 16.07.7766.4272 NullPointerException
Microsoft Excel 16.0.7766.5022 NullPointerException
Asus File Manager 2.0.0.355 NullPointerException
Signal - private messenger 3.28.1 NullPointerException
Expedia 8.0.1 NullPointerException
Conclusions
Exceptions type:
• NullPointerException
• IndexOutOfBound
• IllegalStateException
Future Development
• make it user-friendly
• improve stability
• usage for pentest
• data leakage