The first comprehensive guide to discovering and preventing
attacks on the Android OS
As the Android operating system continues to increase its share
of the smartphone market, smartphone hacking remains a growing
threat. Written by experts who rank among the world's foremost
Android security researchers, this book presents vulnerability
discovery, analysis, and exploitation tools for the good guys.
Following a detailed explanation of how the Android OS works and
its overall security architecture, the authors examine how
vulnerabilities can be discovered and exploits developed for
various system components, preparing you to defend against
them.
If you are a mobile device administrator, security researcher,
Android app developer, or consultant responsible for evaluating
Android security, you will find this guide is essential to your
toolbox.
* A crack team of leading Android security researchers explain
Android security risks, security design and architecture, rooting,
fuzz testing, and vulnerability analysis
* Covers Android application building blocks and security as well
as debugging and auditing Android apps
* Prepares mobile device administrators, security researchers,
Android app developers, and security consultants to defend Android
systems against attack
Android Hacker's Handbook is the first comprehensive
resource for IT professionals charged with smartphone
security.
Autorentext
JOSHUA J. DRAKE is a Director of Research Science at
Accuvant LABS.
PAU OLIVA FORA is a Mobile Security Engineer with
viaForensics.
ZACH LANIER is a Senior Security Researcher at Duo
Security.
COLLIN MULLINER is a postdoctoral researcher at
Northeastern University.
STEPHEN A. RIDLEY is a Principal Researcher with
Xipiter.
GEORG WICHERSKI is a Senior Security Researcher with
CrowdStrike.
Zusammenfassung
The first comprehensive guide to discovering and preventing attacks on the Android OS
As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.
If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.
- A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis
- Covers Android application building blocks and security as well as debugging and auditing Android apps
- Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack
Inhalt
Introduction xxv
Chapter 1 Looking at the Ecosystem 1
Understanding Android's Roots 1
Company History 2
Version History 2
Examining the Device Pool 4
Open Source, Mostly 7
Understanding Android Stakeholders 7
Google 8
Hardware Vendors 10
Carriers 12
Developers 13
Users 14
Grasping Ecosystem Complexities 15
Fragmentation 16
Compatibility 17
Update Issues 18
Security versus Openness 21
Public Disclosures 22
Summary 23
Chapter 2 Android Security Design and Architecture 25
Understanding Android System Architecture 25
Understanding Security Boundaries and Enforcement 27
Android's Sandbox 27
Android Permissions 30
Looking Closer at the Layers 34
Android Applications 34
The Android Framework 39
The Dalvik Virtual Machine 40
User-Space Native Code 41
The Kernel 49
Complex Security, Complex Exploits 55
Summary 56
Chapter 3 Rooting Your Device 57
Understanding the Partition Layout 58
Determining the Partition Layout 59
Understanding the Boot Process 60
Accessing Download Mode 61
Locked and Unlocked Boot Loaders 62
Stock and Custom Recovery Images 63
Rooting with an Unlocked Boot Loader 65
Rooting with a Locked Boot Loader 68
Gaining Root on a Booted System 69
NAND Locks, Temporary Root, and Permanent Root 70
Persisting a Soft Root 71
History of Known Attacks 73
Kernel: Wunderbar/asroot 73
Recovery: Volez 74
Udev: Exploid 74
Adbd: RageAgainstTheCage 75
Zygote: Zimperlich and Zysploit 75
Ashmem: KillingInTheNameOf and psneuter 76
Vold: GingerBreak 76
PowerVR: levitator 77
Libsysutils: zergRush 78
Kernel: mempodroid 78
File Permission and Symbolic LinkRelated Attacks 79
Adb Restore Race Condition 79
Exynos4: exynos-abuse 80
Diag: lit / diaggetroot 81
Summary 81
Chapter 4 Reviewing Application Security 83
Common Issues 83
App Permission Issues 84
Insecure Transmission of Sensitive Data 86
Insecure Data Storage 87
Information Leakage Through Logs 88
Unsecured IPC Endpoints 89
Case Study: Mobile Security App 91
Profiling 91
Static Analysis 93
Dynamic Analysis 109
Attack 117
Case Study: SIP Client 120
Enter Drozer 121
Discovery 121
Snarfing 122
Injection 124
Summary 126
Chapter 5 Understanding Android's Attack Surface 129
An Attack Terminology Primer 130
Attack Vectors 130
Attack Surfaces 131
Classifying Attack Surfaces 133
Surface Properties 133
Classification Decisions 134
Remote Attack Surfaces 134
Networking Concepts 134
Networking Stacks 139
Exposed Network Services 140
Mobile Technologies 142
Client-side Attack Surface 143
Google Infrastructure 148
Physical Adjacency 154
Wireless Communications 154
Other Technologies 161
Local Attack Surfaces 161
Exploring the File System 162
Finding Other Local Attack Surfaces 163
Physical Attack Surfaces 168
Dismantling Devices 169
USB 169
Other Physical Attack Surfaces 173
Third-Party Modifications 174
Summary 174
Chapter 6 Finding Vulnerabilities with Fuzz Testing 177
Fuzzing Backg...