Android Hackers Handbook eBook Tutorials
Description
The first comprehensive guide to discovering and preventing attacks on the Android OS
As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.
If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.
A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis
Covers Android application building blocks and security as well as debugging and auditing Android apps
Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack
Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.
If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.
A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis
Covers Android application building blocks and security as well as debugging and auditing Android apps
Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack
Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
PASSWORD: marklex
DOWNLOAD FREE
DOWNLOAD FREE
Table of Contents
Introduction xxvChapter 1 Looking at the Ecosystem 1
Understanding Android’s Roots 1
Company History 2
Version History 2
Examining the Device Pool 4
Open Source, Mostly 7
Understanding Android Stakeholders 7
Google 8
Hardware Vendors 10
Carriers 12
Developers 13
Users 14
Grasping Ecosystem Complexities 15
Fragmentation 16
Compatibility 17
Update Issues 18
Security versus Openness 21
Public Disclosures 22
Summary 23
Chapter 2 Android Security Design and Architecture 25
Understanding Android System Architecture 25
Understanding Security Boundaries and Enforcement 27
Android’s Sandbox 27
Android Permissions 30
Looking Closer at the Layers 34
Android Applications 34
The Android Framework 39
The Dalvik Virtual Machine 40
User-Space Native Code 41
The Kernel 49
Complex Security, Complex Exploits 55
Summary 56
Chapter 3 Rooting Your Device 57
Understanding the Partition Layout 58
Determining the Partition Layout 59
Understanding the Boot Process 60
Accessing Download Mode 61
Locked and Unlocked Boot Loaders 62
Stock and Custom Recovery Images 63
Rooting with an Unlocked Boot Loader 65
Rooting with a Locked Boot Loader 68
Gaining Root on a Booted System 69
NAND Locks, Temporary Root, and Permanent Root 70
Persisting a Soft Root 71
History of Known Attacks 73
Kernel: Wunderbar/asroot 73
Recovery: Volez 74
Udev: Exploid 74
Adbd: RageAgainstTheCage 75
Zygote: Zimperlich and Zysploit 75
Ashmem: KillingInTheNameOf and psneuter 76
Vold: GingerBreak 76
PowerVR: levitator 77
Libsysutils: zergRush 78
Kernel: mempodroid 78
File Permission and Symbolic Link–Related Attacks 79
Adb Restore Race Condition 79
Exynos4: exynos-abuse 80
Diag: lit / diaggetroot 81
Summary 81
Chapter 4 Reviewing Application Security 83
Common Issues 83
App Permission Issues 84
Insecure Transmission of Sensitive Data 86
Insecure Data Storage 87
Information Leakage Through Logs 88
Unsecured IPC Endpoints 89
Case Study: Mobile Security App 91
Profi ling 91
Static Analysis 93
Dynamic Analysis 109
Attack 117
Case Study: SIP Client 120
Enter Drozer 121
Discovery 121
Snarfing 122
Injection 124
Summary 126
Chapter 5 Understanding Android’s Attack Surface 129
An Attack Terminology Primer 130
Attack Vectors 130
Attack Surfaces 131
Classifying Attack Surfaces 133
Surface Properties 133
Classification Decisions 134
Remote Attack Surfaces 134
Networking Concepts 134
Networking Stacks 139
Exposed Network Services 140
Mobile Technologies 142
Client-side Attack Surface 143
Google Infrastructure 148
Physical Adjacency 154
Wireless Communications 154
Other Technologies 161
Local Attack Surfaces 161
Exploring the File System 162
Finding Other Local Attack Surfaces 163
Physical Attack Surfaces 168
Dismantling Devices 169
USB 169
Other Physical Attack Surfaces 173
Third-Party Modifi cations 174
Summary 174
Chapter 6 Finding Vulnerabilities with Fuzz Testing 177
Fuzzing Background 177
Identifying a Target 179
Crafting Malformed Inputs 179
Processing Inputs 180
Monitoring Results 181
Fuzzing on Android 181
Fuzzing Broadcast Receivers 183
Identifying a Target 183
Generating Inputs 184
Delivering Inputs 185
Monitoring Testing 185
Fuzzing Chrome for Android 188
Selecting a Technology to Target 188
Generating Inputs 190
Processing Inputs 192
Monitoring Testing 194
Fuzzing the USB Attack Surface 197
USB Fuzzing Challenges 198
Selecting a Target Mode 198
Generating Inputs 199
Processing Inputs 201
Moni
No hay comentarios:
Write comentarios