![Page 1: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/1.jpg)
ON THE SECURITY OF ANDROID COMMUNICATION APPS
September 2015
ByShasi Pokharel
Bachelor Of Information Technology (Honours)
Supervisors: Dr. Raymond Choo,
Dr. Jixue Liu
![Page 2: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/2.jpg)
Why Android:
Share of Total Smartphone Market: 82.8% iOS: 13.9% (up to Quarter 2, 2015; Source: idc.com)
Number of Apps in Google Play: 1.6 million App Store: 1.5 million (up to July, 2015; Source: statista.com)
Share of Mobile attack Target: 99% - as January, 2014; Source: Kaspersky Lab
![Page 3: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/3.jpg)
Focus:
Study popular Android communication apps
An adversary model
Case study apps
![Page 4: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/4.jpg)
Communication Apps:VoIP Apps: Growing popularity Free app to app call, Cheaper app to
phone call Voice Call, Video Call, Conference Call,
Text messages Cross-Platform
Mobile Browsers Application to browse web pages in
Mobile
![Page 5: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/5.jpg)
VoIP Communication
Encoding/Decoding : Analog Voice > Digital data > Analog Voice
Characteristics of Codecs Bit rate (Kbps) Sample Size (Byte) Sample Interval (ms) Packet Per second (PPS)
Constant Bit Rate (CBR) or Variable Bit Rate(VBR)
Proprietary Codecs
![Page 6: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/6.jpg)
Parts of VoIP Communication
Signalling Control Session (SIP) Session establishment Codec negotiation
RTP session Voice data transfer
![Page 7: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/7.jpg)
Identify Codec from intercepted packets
If Signalling Control Session is not encrypted.
![Page 8: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/8.jpg)
VoIP communication security
EncryptionSignalling Control Session EncryptionRTP packets Encryption
Proprietary Codec
![Page 9: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/9.jpg)
Identify Codec from intercepted packets
If Signalling Control Session is encrypted:
Calculate bit rate for each seconds from RTP payloadIf (bitrate is constant)
Constant Bit rate(CBR) codec is used Select matching or closest bitrate codecs
If (bitrate is dynamic) Variable Bit rate (VBR) codec is used Select “opus” decoder tool for decoding
![Page 10: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/10.jpg)
Formula 1: Calculate Bit rate from RTP payload
Input S = Sequence of RTP Packets
Output b = Bit rate of RTP Packets
Do:
Let S1 be the packets per second in S.
If the header of s[0] contains PT, then
Else:
![Page 11: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/11.jpg)
Identify Codec from intercepted packets
Analyze intercepted
traffic in Wireshark
SIP has readable SDP section?
If PT value is readable
Calculate bit rate using Formula 1
Bit rate = 0?
Identify list of possible codecs
Encrypted media (cannot be decoded)
Encrypted media (cannot be decoded)
Get Codec from SDP.rtpmap
filtered by RTP.PT
Bit rate constant?
Check PT value in RTP header
Check Bit rate for multiple seconds
Return Codec(s)
NoYes
YesNo
Yes
No
Yes
Try(codec = “opus”)
No
![Page 12: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/12.jpg)
Decoder Tools
For CBR codec: RTP to wave decoders are freely available:
G.711, G.722, GSM : decoded by CloudShark G.729, ILBC : decoder tool available for download
For VBR: we created a java applications Takes each RTP packet from captured file Decodes using official native libraries Add header for linear wave sound Save as wave file
![Page 13: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/13.jpg)
Result
![Page 14: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/14.jpg)
Part 2: Mobile BrowserLightweight Browsers: Faster for web page loading Growing popularity Limited Plugins
![Page 15: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/15.jpg)
Selected Browsers for Experiment
![Page 16: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/16.jpg)
Browser Cache
Saves web resources when downloaded for the first time
Are loaded to the browser, when user access the same site
Contain: HTML file, CSS, JavaScript and media files
![Page 17: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/17.jpg)
Android File System for applications
• Internal Storage: MODE_PRIVATE; accessible only by creator application, by default
• External Storage: Accessible to all applications
![Page 18: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/18.jpg)
Cache Storage of the browsers
Dolphin: Cache resources: /sdcard/TunnyBrowser/Cache/webViewCache Screenshots of tabs: /sdcard/TunnyBrowser/Cache/tablist_cache Speed dial URLs: /sdcard/TunnyBrowser/Cache/speeddial_covers
UC Browser: Cache resources: sdcard/UCDownloads/cache/com.UCMobile.inti/ Data Traffic detail: /sdcard/UCDownloads/config/TrafficStats.db Detailed browsing data:
/sdcard/UCDownloads/offline/ApplicationCache.db
![Page 19: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/19.jpg)
Cache Storage of the browsers
Samsung Stock Browser: Cache resources: /data/data/com.sec.android.app.sbrowser/cache/Cache/ Screenshots :
/data/data/com.sec.android.app.sbrowser/files/thumbnail.bmp1 (Permission: Mode 644)
CM Browser: Cache Resources:
/data/data/com.ksmobile.cb/app_webview/Cache Browser History: /sdcard/CheetahBrowser/.data/
![Page 20: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/20.jpg)
Why use External storage ?
• Larger Cache storage Capability
• Avoid risk of file deletion by System
![Page 21: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/21.jpg)
Proposed adversary model
Adversary Capability: Install application in user’s device
Goals: Know URLs visited by user Know searched items : searched by user Know the content of the webpage, visited by user
![Page 22: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/22.jpg)
Application
User Permission required: WRITE_EXTERNAL_STORAGE ACCESS_NETWORK_STATE
Permission granted by Android, without users approval READ_EXTERNAL_STORAGE INTERNET
![Page 23: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/23.jpg)
Targeted activities of application
• Know, when user started using browser
• Copy cache files to the Internal storage
• Upload files to the server
• Change content (Poison) in cache
![Page 24: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/24.jpg)
Work Flow of the application
Is WiFi Connected ?
UploadFile()
Yes
CopyFileToPrivateDir()NoCheck If Vulnerable Browser is Installed Yes StartCacheMonitor()
Input:OnFileAccessedEventInput:OnFileAccessedEvent Input:OnWiFiConnectedEventInput:OnWiFiConnectedEvent
![Page 25: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/25.jpg)
Result
![Page 26: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/26.jpg)
Video: Getting Browsed content From Samsung Stock browser.
![Page 27: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/27.jpg)
Conclusion
Many Android users private information is at risk
Adversary can: Listen What the user is talking See what the user is Browsing
![Page 28: ON THE SECURITY OF ANDROID COMMUNICATION APPS September 2015 By Shasi Pokharel Bachelor Of Information Technology (Honours) Supervisors: Dr. Raymond Choo,](https://reader036.vdocuments.site/reader036/viewer/2022062301/5697bf991a28abf838c91832/html5/thumbnails/28.jpg)
Thank You