analyzing inter-application communication in android
DESCRIPTION
Erika Chin Adrienne Porter Felt Kate Greenwood David Wagner University of California Berkeley MobiSys 2011. Analyzing Inter-Application Communication in Android. Outline. Introduction Android Overview Intent-based Attack Surfaces ComDroid Evaluation Other mobile Platforms. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/1.jpg)
ANALYZING INTER-APPLICATION COMMUNICATION IN ANDROID
Erika ChinAdrienne Porter FeltKate GreenwoodDavid Wagner
University of California BerkeleyMobiSys 2011
![Page 2: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/2.jpg)
Outline
Introduction Android Overview Intent-based Attack Surfaces ComDroid Evaluation Other mobile Platforms
![Page 3: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/3.jpg)
Introduction
![Page 4: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/4.jpg)
Introduction
Android’s message passing system can become an attack surface if used incorrectly Intent Intents can be used for both intra- and inter-
application communication ComDroid
A tool analyzes Android applications to detect potential instances of vulnerabilities
Personal data loss, corruption, phishing…
![Page 5: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/5.jpg)
Android Overview
![Page 6: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/6.jpg)
Android Overview
Android’s security model differs significantly from the standard desktop security model
The complexity of Android’s message passing system implies it has the largest attack surface
![Page 7: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/7.jpg)
Android Overview
Threat Model
Isolation (mem, file..)
Isolation (mem, file..)
![Page 8: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/8.jpg)
Android Overview
Activity Activity Activity
Service
BroadcastReceiver
Service
BroadcastReceiver
Service
BroadcastReceiver
Intent
Intent
Intent
System Intent
Malicious Intent
Fake System Intent
![Page 9: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/9.jpg)
Android Overview
Activity
www.bank.com
attacker.com
?
![Page 10: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/10.jpg)
Android Overview
This paper do not consider attacks on the OS
Just focus on securing applications from each other
![Page 11: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/11.jpg)
Android Overview
Intents [link] System broadcast Intents
Only can be sent by the OS Explicit or implicit
![Page 12: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/12.jpg)
12
Explicit Intents
Yelp MapApp
Name: MapActivity
To: MapActivity
Only the specified destination receives this message
![Page 13: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/13.jpg)
13
Implicit Intents
Yelp
ClockApp
MapApp
Handles Action: VIEW
Handles Action: DISPLAYTIME
Implicit IntentAction: VIEW
![Page 14: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/14.jpg)
14
Implicit Intents
Yelp
BrowserApp
MapApp
Handles Action: VIEW
Handles Action: VIEW
Implicit IntentAction: VIEW
![Page 15: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/15.jpg)
Android Overview
Activities Services Broadcast Receivers Content Providers
![Page 16: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/16.jpg)
Advanced Defense Laboratory 16
Android Overview
Activity Display on screen
2009/12/8
![Page 17: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/17.jpg)
Advanced Defense Laboratory 17
Android Overview
Service Background process
2009/12/8
![Page 18: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/18.jpg)
Advanced Defense Laboratory 18
Android Overview
Broadcast Receiver Asynchronous event notification
2009/12/8
![Page 19: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/19.jpg)
Advanced Defense Laboratory 19
Android Overview
Content Provider Share data between applications Do not use Intents Use URI (Uniform Resource Identifier)
2009/12/8
![Page 20: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/20.jpg)
Android Overview
Component Declaration AndroidManifest.xml
To receive Intents… Service and Activity must be declared in
the manifest Broadcast Receivers can be declared at
runtime or in the manifest
![Page 21: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/21.jpg)
Android Overview
Exported Components EXPORTED flag (in AndroidManifest.xml) Includes at least one Intent filter
Intent filter Action, category, data, extra data…
![Page 22: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/22.jpg)
Android Overview
A sender can assign any action, type, or category (certain actions that it only the system can send)
![Page 23: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/23.jpg)
Android Overview
Permission Normal Dangerous Signature SignatureOrSystem
![Page 24: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/24.jpg)
Intent-based Attack Surfaces
![Page 25: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/25.jpg)
25
Common Developer Pattern:Unique Action Strings
ShowtimeSearch
Results UI
IMDb AppHandles Actions: willUpdateShowtimes,showtimesNoLocationError
Implicit IntentAction: willUpdateShowtimes
![Page 26: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/26.jpg)
26
![Page 27: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/27.jpg)
27
Common Developer Pattern:Unique Action Strings
ShowtimeSearch
Results UI
IMDb AppHandles Actions: willUpdateShowtimes,showtimesNoLocationError
Implicit IntentAction: willUpdateShowtimes
![Page 28: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/28.jpg)
28
ATTACK #1: Eavesdropping
ShowtimeSearch
Malicious Receiver
IMDb AppHandles Action: willUpdateShowtimes,showtimesNoLocationError
Implicit IntentAction: willUpdateShowtimes
Eavesdropping App
Sending Implicit Intents makes communication public
![Page 29: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/29.jpg)
29
ATTACK #2: Intent Spoofing
Malicious Component
Results UI
IMDb AppHandles Action: willUpdateShowtimes,showtimesNoLocationError
Action: showtimesNoLocationError
Malicious Injection App
Receiving Implicit Intents makes the component public
![Page 30: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/30.jpg)
30Typical case Attack case
![Page 31: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/31.jpg)
31
ATTACK #3: Man in the Middle
ShowtimeSearch
Results UI
IMDb AppHandles Action: willUpdateShowtimes,showtimesNoLocation Error
Malicious Receiver
Handles Action: willUpdateShowtimes,showtimesNoLocationError
Man-in-the-Middle App
Action: willUpdateShowtimes
Action: showtimesNoLocationError
![Page 32: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/32.jpg)
ATTACK #4: System Intent Spoofing Background – System Broadcast
Event notifications sent by the system Some can only be sent by the system
Receivers become accessible to all applications when listening for system broadcast
32
![Page 33: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/33.jpg)
33
System BroadcastComponent
App 1
Handles Action: BootCompleted
Component
App 2
Handles Action: BootCompleted
Component
App 3
Handles Action: BootCompleted
SystemNotifier
Action:BootCompleted
![Page 34: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/34.jpg)
34
System Intent Spoofing: Failed Attack
Handles Action: BootCompleted
MaliciousComponent
Malicious App
Action: BootCompleted
Component
App 1
![Page 35: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/35.jpg)
35
System Intent Spoofing: Successful Attack
Handles Action: BootCompleted
MaliciousComponent
Malicious App
Component
App 1
To: App1.Component
![Page 36: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/36.jpg)
Real World Example: ICE App ICE App: Allows doctors access to
medical information on phones
Contains a component that listens for the BootCompleted system broadcast
On receipt of the Intent, it exits the application and locks the screen
36
![Page 37: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/37.jpg)
Real World Example: ICE
37
![Page 38: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/38.jpg)
ComDroid
![Page 39: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/39.jpg)
ComDroid
Disassemble application DEX files using Dedexer tool
Parses the disassembled output and logs potential component and Intent vulnerabilities
![Page 40: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/40.jpg)
ComDroid
![Page 41: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/41.jpg)
ComDroid
Permission Normal and Dangerous
Intent Analysis Intents, IntentFilters, registers, sinks
(e.g., sendBroadcast(), startActivity(), etc.) and components
![Page 42: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/42.jpg)
ComDroid
Intent Whether it has been made explicit Whether it has an action Whether it has any flags set Whether it has any extra data
Sinks Implicit or not?
![Page 43: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/43.jpg)
ComDroid
Component Analysis Public or not? Main, launching Activity is public but is
less likely to be attackable registerReceiver() With data / without data System broadcast
Intent.getAction() Misuse
![Page 44: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/44.jpg)
ComDroid
Limitation and discussion Do not distinguish between paths
through if and switch statements False negatives
Pending Intent Future work
![Page 45: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/45.jpg)
Evaluation
![Page 46: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/46.jpg)
Evaluation
![Page 47: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/47.jpg)
Evaluation
![Page 48: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/48.jpg)
Evaluation
![Page 49: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/49.jpg)
Evaluation
![Page 50: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/50.jpg)
Evaluation
![Page 51: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/51.jpg)
![Page 52: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/52.jpg)
![Page 53: Analyzing Inter-Application Communication in Android](https://reader036.vdocuments.site/reader036/viewer/2022062315/56816661550346895dd9ec60/html5/thumbnails/53.jpg)