using sensitive information on android based …stolen device up-to-date cve-2015-3860 “android 5
TRANSCRIPT
![Page 1: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/1.jpg)
Using Sensitive Information on Android Based Smartphone
Romke van Dijk
![Page 2: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/2.jpg)
Android 6:To what extent is
sensitive information protected?
![Page 3: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/3.jpg)
Methodology
RQ2 & RQ3Android’s security features
RQ1Requirements
RQ4Sensitive information sufficiently protected?
RQ5Improvements
![Page 4: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/4.jpg)
Related work• Guidelines generic (NIST)
• Platform specific guidelines (CESG)• Android project
Contribution• Why?• How?
• (Individual researcher)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 5: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/5.jpg)
“Sensitive information refers to the majority of information processed (or created) by large enterprises or public services that are used in routine
business operations and services and could have damaging consequences if lost, stolen or published in the media”
Source: Government Security Classifications by CESG (2011)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 6: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/6.jpg)
Protect against attackers with bounded capabilities and resources.
investigative journalist competent individual hacker the majority of criminal
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 7: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/7.jpg)
Attack landscape
Source: Cyber Threats to Mobile Phones by US-Cert
Stolen Device ExploitsMalicious apps Eavesdropping
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 8: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/8.jpg)
Data protection• Data at-rest• Data in-transit• Authentication
Platform integrity• Application segregation• Secure boot sequence• Malicious code execution (detection
and prevention)• Update policy
Based on:
“End user device strategy: security framework and controls” by CESG (2013) “Guidelines on cell phone and PDA security” by NIST (2011)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 9: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/9.jpg)
Data protection• Data at-rest• Data in-transit• Authentication
Platform integrity• Application segregation• Secure boot sequence• Malicious code execution (detection
and prevention)• Update policy
Based on:
“End user device strategy: security framework and controls” by CESG (2013) “Guidelines on cell phone and PDA security” by NIST (2011)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 10: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/10.jpg)
To what extent is sensitive information protected on an Android 6 based smartphone?
It depends…
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 11: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/11.jpg)
Stolen device•Trusted Execution Environment (TEE) must be implemented
•Strong authentication•Up-to-date
•Locked bootloader•Mobile Device Management (MDM)
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 12: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/12.jpg)
Secure World
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 13: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/13.jpg)
Data protection• Data at-rest• Data in-transit• Authentication
Platform integrity• Application segregation• Secure boot sequence• Malicious code execution (detection and
prevention)• Update policy
Based on:
“End user device strategy: security framework and controls” by CESG (2013) “Guidelines on cell phone and PDA security” by NIST (2011)
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 14: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/14.jpg)
“Encryption keys protecting sensitive data remain in device memory when the device is locked.”
Source: End User Devices Security Guidance: Android 6 by CESG (2016)
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 15: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/15.jpg)
Stolen deviceUp-to-date
CVE-2015-3860“Android 5 <= 5.1.1 does not restrict the number of characters in the passwordEntry
input field, which allows physically proximate attackers to bypass intended accessrestrictions via a long password that triggers a SystemUI crash“
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3860
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 16: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/16.jpg)
Stolen deviceLocked bootloader
Muller et al. (2013) “FROST: Forensic Recovery Of Scrambled Telephones”
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 17: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/17.jpg)
Authentication
•PIN
•Pattern
•Password
•Fingerprint
Max entropy 104 = 10000
“The lock screen authentication MUSTrate limit attempts and SHOULD have an
exponential backoff algorithm as implemented in the Android Open Source
Project.”Source: http://source.android.com/compatibility/android-cdd.html
Solution: MDM, Wipe data after maximum failed attempts
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 18: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/18.jpg)
Authentication
•PIN
•Pattern
•Password
•Fingerprint
What is stronger 4-digit random PINs or the practical entropy of patterns?
Entropy practically 210.90 ≈ 1910,85Source: “Quantifying the security of graphical passwords: The case of android
unlock patterns” by Sebastian Uellenbeck et al.
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 19: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/19.jpg)
Authentication
•PIN
•Pattern
•Password
•Fingerprint
Enter complex password???
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 20: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/20.jpg)
Authentication
•PIN
•Pattern
•Password
•Fingerprint
Use of lock screen authentication increased from 50% to 90% on Google
Nexus devices.Source: Google I/O 2016 Security Update
Artificial gummy fingers
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 21: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/21.jpg)
Authentication
•PIN
•Pattern
•Password
•Fingerprint
What is stronger: fingerprint or 5 Digit PIN?
“MUST have a false acceptance rate not higher than 0.002%.”
Source: http://source.android.com/compatibility/android-cdd.html
𝑘" = 1
𝐹𝑀𝑅=
10,00002
= 50000
𝑘" = effective keyspace of biometric authentication105 = 100000
Introduction | Stolen device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 22: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/22.jpg)
Malicious Application•Trusted Applications (White-listing)
•Up-to-date
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 23: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/23.jpg)
ANDROIDOS_GODLESS.HRX aka Godless•Targets Android <= 5.1
Source: Trendmicro(2016) “‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices”
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 24: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/24.jpg)
Android Security Issues“LG will be providing security updates on a monthly basis which carriers will then be
able to make available to customers immediately.”“Samsung Electronics will implement a new Android security update process that fast tracks the security patches over the air when security vulnerabilities are uncovered.
These security updates will take place regularly about once per month.”Source: https://www.wired.com/2015/08/google-samsung-lg-roll-regular-android-security-updates/
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 25: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/25.jpg)
Data protection• Data at-rest• Data in-transit• Authentication
Platform integrity• Application segregation• Secure boot sequence• Malicious code execution (detection
and prevention)• Update policy
Based on:
“End user device strategy: security framework and controls” by CESG (2013) “Guidelines on cell phone and PDA security” by NIST (2011)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 26: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/26.jpg)
Exploit•Locked bootloader
•Up-to-date
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 27: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/27.jpg)
Eavesdropping•Use a the native VPN in Always-On mode
•Educate users to not disable this
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 28: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/28.jpg)
Data protection• Data at-rest• Data in-transit• Authentication
Platform integrity• Application segregation• Secure boot sequence• Malicious code execution (detection
and prevention)• Update policy
Based on:
“End user device strategy: security framework and controls” by CESG (2013) “Guidelines on cell phone and PDA security” by NIST (2011)
Introduction | Stolen Device | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 29: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/29.jpg)
Conclusion•TEE must be implemented•Strong authentication
•Up-to-date•Locked bootloader
•MDM•Use a the native VPN in Always-On mode•Trusted Applications (White-listing)
Introduction | Device theft | Malicious Applications | Exploits | Eavesdropping | Conclusion
![Page 30: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/30.jpg)
Sources
• Image slide 2: www.perspecsys.com
• Lego: hacker (https://www.flickr.com/photos/99717434@N04/), criminal (https://www.flickr.com/photos/sunface13/), cameraman (https://www.flickr.com/photos/gordon_mckinlay/)
• Pickpocket sign: https://www.flickr.com/photos/doctorow/ Bluescreen: https://www.flickr.com/photos/fsse-info/ App: https://www.flickr.com/photos/osde-info/Eavesdropper: https://www.flickr.com/photos/smoovey/
• Yummy bears: https://www.flickr.com/photos/pocait/
• Linux: https://www.flickr.com/photos/doctorserone/, Selinux: https://www.flickr.com/photos/xmodulo/
• Android Malware: https://www.flickr.com/photos/cyberhades/, Stagefright: https://en.wikipedia.org/wiki/Stagefright_(bug)
![Page 31: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/31.jpg)
iOS EncryptionPasscode KeyDevice key
Class Key
File MetadataFile Key
Data
File System Key
![Page 32: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/32.jpg)
Full disk encryption
TEETrusted Execution Environment
DEKDisk Encryption Key
KEKKey Encryption Key
User’s passcode HBKHardware-bound private key
Encrypts
![Page 33: Using Sensitive Information on Android Based …Stolen device Up-to-date CVE-2015-3860 “Android 5](https://reader033.vdocuments.us/reader033/viewer/2022042111/5e8d0b0938516778871cfd6d/html5/thumbnails/33.jpg)
eCryptfs++
Class Key
FEKFile Encryption Key
Data
KEKKey Encryption Key
User’s passcode
HBKHardware-bound private
Key
Defines
Defines
Encrypts
Encrypts
Encrypts
HBEKHardware-bound Encryption
Key
Encrypts