Vulnerabilities in Android
-
Upload
birju-tank -
Category
Engineering
-
view
40 -
download
5
Transcript of Vulnerabilities in Android
Vulnerabilities in Android
By : BIRJU TANK(141060753017)M.E 3rd Sem WiMC
GTU PG School, BISAG-CDAC, Gandhinagar
Introduction
• Growth of the Smartphones increases rapidly
• Android and iOS Smartphones claimed above 90%
• Universal awareness of Privacy should require
• Many Malicious codes are reported
• Causes Security flaw, financial loss, private information leakage
Types of vulnerabilities
• Invalidated inputs
• Broken Access Control
• Cross-site scripting
• Buffer overflow
• SQL Injection
• Http Header Injection
• FTP Bounce attack
Android Security
• File system is encrypted against any theft or loss of device
• The Sandbox concept is adopted to isolate apps data and codes from other apps
• Concept of Content Provider and Permission
Content Provider and Permission
Current Safety Status of Mobile Devices• Extract an application's signature and then compare it with the
signatures in the malicious application signature database
• But this is time consuming • Solution to this is Cloud Antivirus
Security Problems faced by mobile devices• Malicious applications
• Unsafe websites
• Data security of mobile devices
• Network data security of the mobile devices
Conclusion
• Android relies on the Sandbox to protect codes and data of an app from other apps, whilst it offers the ContentProviders to share databases as necessary.• Assigning permissions to control accesses is not mandatory, which
leads to security loopholes.
Future Work
• Security module of any object is very huge area b’coz
100% Security is Myth
References1. P. D. Meshram, Dr. R.C. Thool – “A paper on Vulnerabilities in Android and
Security of Android Devices”, 2014 IEEE Global Conference on Wireless Computing and Networking (GCWCN), 978-1-4799-6298-3/14/$31.00 © 2014 IEEE
2. Jingzheng Wu, Yanjun Wu, Mutian Yang, Zhifei Wu, Yongji Wang – “Vulnerability Detection in Android system”, 2013 IEEE Sixth International Conference on Cloud Computing - 978-0-7695-5028-2/13 $26.00 © 2013 IEEE
3. Xiali Hei, Xiaojiang Du and Shan Lin – “Two Vulnerabilities in Android Kernel” IEEE ICC 2013 - Wireless Networking Symposium- 978-1-4673-3122-7/13/$31.00 ©2013 IEEE
4. AndroidManifest, http://developer.android.com/guide/topics/ manifest/ manifestt-intro.html
5. Android Security, http://developer.android.com/training / articles/security-tips.html