'SecureMe - Droid' Android Security Application by Vishal Asthana
-
Upload
owasp -
Category
Technology
-
view
300 -
download
2
Transcript of 'SecureMe - Droid' Android Security Application by Vishal Asthana
SecureMe - Droid
About Us
Security Consultant at Security Compass Inc.
Active in…• Web, Mobile & Infrastructure Security• Research & Development, IoT (new!)• Quick-n-Dirty coder• Proud OSCP
About Us
Director India Ops at Security Compass Inc.
• Researching in SDLC and Agile Security• SafeCode TLC representative• Co-leading the Delhi chapters– Null (since March 2014)– OWASP (since June 2014)
• Founder member of (ISC)² Delhi Chapter
Where it started?
Where it started?
• SMD: SecureMe – Droid• Android security application• Scan installed/updating apps• NVD CVE database as source
SecureMe – Droid Overview
• No other app providing this feature• Some similar ideas:– Android OS security apps– Privacy apps
http://cmuchimps.org/– Trustable– Belarc
Birth of SMD
SecureMe – Design Consideration
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
SecureMe – Design Consideration
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data
SecureMe – Design Consideration
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data– Post scanning actions
• Uninstall unsafe app• Update app using Google Play
Store• Keep using app
– Why not disable app?
SecureMe – Design Consideration
• Secure by Design– Minimum Android Permissions
• Network Access• Boot Completed
– Not accessing sensitive data– Post scanning actions
• Uninstall unsafe app• Update app using Google Play Store• Keep using app
– Why not disable app?– Active over Mobile Data and WiFi
SecureMe – Design Consideration
• App Scanning– Pre/Already installed apps– Just installed app– Updated app
• Scan depth– Low, Normal, Medium– High, Intense
• Scheduled Scan
SecureMe Droid Internals
• Install SecureMe Droid– Google Play Store– Download from https://secureme.securitycompass.com/
SMD: Internals
• SecureMe Droid detects– New app installation– Existing app update– Scan any installed app
• No sensitive information
SMD: Internals (contd.)
• SecureMe Android Client and Server– HTTPS Communication
• Find security issues:– NVD CVE database
SMD: Internals (contd.)
• SecureMe Scan Results– App is safe – App is unsafe
• Uninstall App• Keep App• Update app using Play Store
SMD: Internals (contd.)
• Am I Vulnerable (AIV)• Re-branded to SecureMe – Droid (SMD)• AIV + ReBranding = SMD
Where is AIV?
Demo Time
Conclusion• Fun side project• First ever conference acceptance and rollout• You MUST use it and provide feedback!
Abhineet JayarajSecurity Consultant
Vishal AsthanaRegional Director, India Operations
THANK YOU!
[email protected] [email protected]
W W W . S E C U R I T Y C O M P A S S . C O M