Bestand wählen
Merken

Inside Android’s SafetyNet Attestation: Attack and Defense

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
to it and
if it is and I have a and that is welcome everybody to this next talk inside and right safety net attestation attack and defence 1st of all I would like to see a show of hands who among you has already developed an Android app that's almost everybody I would say something between 90 and 98 per cent of few and who of you has already used a safety net attestation API please another show of hands that feels more like 5 or 6 men who of you has already heard about this API before coming here today that's more perfect that's why you are all here I guess on the sole gear up for a very informative talk by Colin Molenaar an expert in the field of security research and she's also the co-author of the Android Hacker's Handbook and break cited for talk peas given the warm round of applause on the animal by writing this is
basically just some I I did
a bunch of like more world security and development some years ago wrote a bunch of times guides and helps to have done this book but that's get right to the
heart so what are the gold and stock them the main goal of this talk is of course understanding of what Android safety net and especially that the station API as and actually how to really implement and deploy it as you will see a throughout the talk it's not like that straightforward unfortunately and that is going to look at that that station IPI really what can it do for you and what can they do for you and I guess with most like with most security and systems or or features that's very interesting that the part what it can do is the most interesting part and then we gonna look at some attacks and bypasses I'm from other people and some of my own work and the this 2nd main goal of this talk is like basic document this API because due to stock annotation is not very good and that's like how I thought like a that's that's
talk a little bit about solve course lists and tire and her system and to this entire talk is about at security and back in the day of the apps the not in communicate but these days if you have said that doesn't communicate like who cares if and mostly communicates was like and have specific back and end of the AP and like the back and everything works the users happy everybody's happy and dumb a 4 doesn't work everybody's unhappy and the company will not make any money and like people like to discontinue the service so the to mobile app security of some is really really interesting because these days Adnan apple like a more well up you just the gateway to like but they can't service and these days there's a lot of like online service which are basically mobile only or abused well 1st if you think about something except that they don't even have like that of upside or anything and as security is also about some basic controlling data so who all of that displaying data managing data like up and making sure somebody like is not allowed to copy all data that is like managed by the and altogether basically more is really about protecting like your service here revenue your brand and hopefully hopefully a really hopefully your customer are like the consumer so if we look at
hacks in general what are you looking at here that the main part is like always modification basically on and right a like rooting and retain as basis like the break the assumptions of the security model but because of you root make your phone use and you are able to make basic take content from apps that didn't want to their to we taken in the 1st place and you can do this by just like reading data are like taking screenshots or like instrumenting gap and pulling data out of it and of course agalsidase modify the ab directly and then use like change whatever the ATPase doing our like the what gaps enforcing and of course is also network traffic from but in this talk i'm not gonna like looking at the traffic at all so if you look at rooting what is rooting actually is basically a scary gaining full control over device because these days any kind of phone or tablet and basically you don't have would anyone like you don't have full access to everything like a new computer and fruiting you gain like a success again you gain accessories also you can read and write any file and modify parts of the US or like the suffer framework and all of this routine capable is really highly depend on Android regressions and really new 100 road versions of them of much much more hardened due to example um as those policies and I'm not going to jump into that
part so if look at executing the all what what do you have and there like basic routine checks absolute implement something like pays the system with a system expan as you exist as a so I was just checking at some we're at the file and reinstall as you and if that was true they would just say like ii utilizes likely rooted in the steps of our work and the same was labs they would just like take if like a specific packages present although check if like explosions installed and maybe the try to detect emulators by just seeing somewhat get device that he returns and if it returns 0 is often like an emulator so that's like really they
all days and the all day some of us for the developers really really easy to implement because it has been you Davis of they can just like check for certain files a certain packages and of like really easy to implement you don't have to be the like a genius just like check follows file and then can very easily for that that do would deploy deployed as kind of text but of course for the attack ads that the easy even as well because they also understand how this works biggest like renamed some files all move files around them and then they can again at the use of those applications someone an abnormal without
security really works by collecting data basically you have some some piece of code that just like collects data on descendants the back and and you back and will make the decision a specific and secure like the specific things happen for example there's this new devices rooted and the idea behind that the attacker cannot just like patch showed you have like Petrarch ex ante up because of the I imagine if you just like to do of file access checked to like and system been you you can like remove that and then the apple does work but if you collect a lot of really a lot of data on the device you really don't know what is useful what and you basically have to fake all the data and if you collect read a lot of data from you can't really do that so that's basically what all modern from some apps that have like a high demand a higher demand for security do these days but then also that as what safety of the station will do for you so
understood go little bit back to like android so in the early days of home and road was worried I would say for very open but these days some a lot of openness like when the way they have like you would know and just basic this a trust anchor and basically they just like the AI able to like tell tell if you like unlocked would loader and things like that and of course as we monitor Linux restriction so if like much that stricter sandboxes and then Google added this platform security service called safety net and safety net is really
just a brand name for like security services on Android they have a bunch of different and services like from verified AV stage 1 and 2 like check for PHA switches who builds nicer term for like Muller and you have at the station and you have like a capture service and as an assistant general is designed to like run on any Android device that has to go play and so it's like part of Google Play services and and then I started like independent from the manufacturer so this exist on any on any Android devices but not only on like the Google devices and station you can do remote some device and that stage the so
and of course Google also made a heavily he uses them their own API as for example if you ever use Android patent and saw all this and this nice pop up that meant um safety net actually failed to validate your attest to devise like you are item I guess then right payouts and the selling you modified something and and 1 of their intentions I think behind the attestation part was them they can really control security off like other manufacturers devices but they wanted to support Apple Pay on them so what do they do what did they do the basically um and found a way to like measure it's like you device that all the devices apple and retain that is running on it was modified and the nice part of some they can really change and saved that's like detestation part on the fly you don't have to like made of for like a system of sulfur update it like basically they push cook can called to the device at any point to like check for some of of the modern modifications and for that they can like really fast for of react to say new routes or something without like having any like software updates being delivered to the devices um
the so it was so what what is actually the attestation part them it's really the attestation of the device and the specific at the call the API that's basically all of the things that people used to implement themselves as a set of like part of the Google Play services from and basically you just call API invalidated you happen devices like that they're they're the device of the you there was not unfortunately it
this to her documentation of the native said in the introduction is not not super um detailed and they leave a lot of things to like your interpretation or just like you have to basically use it to make final others really works and so over time it that much better about when it started looking at it not which is playing against 1 a half 2 years ago in some of the documentation was like really bad and add new features without really documenting them but they have like a private mailing list them with a non some stuff but and the others approach
against the only piece of code actually initialize spaces like colored so safety net as part of the Google API Client you may see just say I want a connection to the safety-net API and then use like college for so
how does that part of the picture works on here I'm in the middle of the box in the middle is basically that's the self that is running on the phone or the of the back and the Google Play vacant and your applications and bacon so if you if you have doesn't have its own back and you really can't use safety net at all but and you will see in a 2nd so basic what happens uh if you're you have like talks you back and from maybe maybe once to love not like some very specific operational and then you back and will say havior application so I need you know how I request you to like at test yourself so the back and basically send a request to its apple and the apple and like all the safety of the station API and in this in the step if you see some the from the uh the attestation code on the device will inspected the device itself so like the operating system was iterative and animals will also inspect the actual applications there are
some minor detail like in the in the call should be of announced select from prevent replaced so slick for documentation and so
on that's basically you instead of having you implement everything from yourself Kansas the scholars API and you will have a all all the work done by a group of engineers to do you're on use a curious security configurations are con security at the station and so what happens after the after uh at the station has checked you happen the device will send the data vector Google Google likes analyze it and then that those determine the state of your device and you have an issue for the response to your app um in order to allow it to make sure the have because if you modify the up and the space and as it would not be assigned some you could just like temporal flood attestation response so the was science so the bank and you should validate that signature and then validate the at the station and then if you know what you're dealing with that's basically what you get
back it's really really really simple to some blocks of pay 64 encoding
so who has a signature validation API which is basically just for a development purposes um but the ad that that was that you pretty well documented guess some day they do that a lot like as a solid circle edition
but let's go look at the attestation data Saul devastation data that's basically the main blog you go back everything else is just like a chain and the signature so you see and the CTS profile match and that refers to that's basic the core the core that core device integrity measure and CTS come at refers to the Google some come Attila come to bed compatibility test suites so basically whenever you build an Android device after run looks like test suite and give Google the results and basically what the sale of the some API allows the base the collects data from your phone and then to compare the 2 from the data the manufacturer and by this they can determine if you modified of like your System file system and then you see languages which APK called the API and then you get a digest of some of the MAPK itself you get Q norms back and then you also have like timestamps and the basic integrity of those an indicator about routine so
this is cumbersome nice table was actually only I guess probably were added to link their documentation maybe like 7 months ago and the 4th was like yeah that's the true true and false fields and yeah so as you can see in um CTS will only be true if you devices like genuine and past like the the city of the CTS data con corresponds to the data that was collected and if as soon as you look it would lower that goes to false and the basic integrity will still be there so if you just unlucky would of and but the modified she the content of your fault systems you basic integrity Strong Arm and that's basically those 2 different dead tho indicators so basically help you to understand the state of the device and this is my stable you can do some the young basically implement like checks so I
I wrote this like small them like I actually implemented that for like a bigger company but I wasn't there a bill just small demo of a tremendous show you at the end the and you see some there are 2 ways like runners attestation animal tell you like if devices through the and what the AP integrity is and you see the blob of data from the law the sea they pay everything as some this passes all of the checks you gonna have some some more fun with this later yeah the
big the big issue both food safety nets and that the station Napier's like error method of like error states there's a ton of different errors and if you don't know what you're dealing with the can basically very easy bypass the entire system but the again if if he hasn't implemented don't don't are why on aware of like error messages so for example this is 1 of the nice some in terms of of of basic errors basically for some reason the API round of the EPA quality work but somehow being in the the code inside the API like dislike encountered some random error you will get this and they basically say it's like have the state random error message a New year than a like we are you going to find out of like what the hell is that she looks like because this is not really document and the there are basically just means call the API again and try again most of the time it's like 0
and we had this is the 1 of the more interesting errors this basically says you can't really determine which API called the JDK called the API also the kind of thing the at devices generally entrusted for this like removed a bunch of some fields from the from this Jason response which is also a very confusing if you like implement this the 1st time because it's only get like Broken jet data blocks that end of of again of course was like not not really documented
so now you know like basically our we have we have this API and like there maybe the Jason Phillips strains of so this you know if can go like implement from your app and talk have the interaction between you have a back end and you have running the attestation some but anthologies like still not that simple so also also all of the API calls can kind of feel and then she will fail in the wild like air like all of the every every API you call the likely fail at some point if you the depending on like you user group if you have if you're playing at home with we've all a few devices you will never see any of those errors the like say on the New very few have brands unlike me 100 thousand or millions of devices you will see every every error eventually in we have some but things like all die Google Play Services doesn't support SafetyNet yet so what should you do and 1 part is a can I just update play force the user to update their place services but for the they 1 then there's like just that general error connection errors and in those cases like really have to be tried and if you forget to employed to like handle 1 of those areas that i mean some some of the some clients will basically not work on Unit for quot some client will be a lot like connectives service even at was tempered with like the the law the case so that's like really something you should actually and be able to go to see during development because of the announcers short of lecture just like fail even if it was like directly fail and there are some some more
examples so just like install I like uninstalled they're all play services updates on on this like Nexus 7 which is like an Android form it also doesn't have secure would and then if you like to study application you just like nothing really work like because you really need to have those play services so a lot of a lot of the
API favorite things are basically a temporary failures so you basically have to start the 3 trying everything generic arrows networking errors and in general you should be like a good citizen and like basically do an exponential backoff the after each round failed to try also you can look into some of the states field of this chasing blob on the device itself and then determine if you do the honor to retry and you don't have to do will fall on the round trip to your back and but basically what you really need to do is report any of the failures to you back and the and really plan what you gonna do if like some device keeps just like throwing errors because that's in the worst case a customer of all user of you add that can never use the because if they have some random error um so if they have to be like really we have to really think hard about what you gonna do unfortunate this of course was not specific behavior because in some cases like our maybe useful like let let the person user by tries but maybe you say like you never want anybody who fail 1st take down to ever use or service and was like really what specific them meaning decisions so let's look at some of yeah so the 1st and of the the main function of 1 of the the 2 function as is like the OS and device integrity check and that's basic just like those 2 fields which give you like true or false but absent tarity works a little bit different because they cheat who we can actually we can't really tell you if you're up and head of the of integrity of those is there and you have those to feel the APK digest and the start by just an aside I just is really like that I just off Europe the key you reassigned you the cave of but so on the EV mode so if your assignment application there's sir just will be of course different so if somebody you despite uses a P K 2 on you have modified the up reinstalled that the p k the assert by just to be different so the most easy check to check for up integrity as basis like compare maybe Kayser digest a new kind of a safe you have 5 different apps and you can kind of most likely they will all be some and signed the same search you may only have to like hot cold like so they just and you back and once can just like always compare that and yet it's like really if you like done this like it's basically a very a very simple comparison and that that you can always like you have to use the up it's like a not
tampered but he can also go into advanced mode and basically also compare they became a digest of some with that's of course I'm a little bit different it more difficult because of that means for every single APK ever released and to the end of story element you base it has to record that that I just of the file because if you didn't do that you just like reject people go on sale IKEA we don't recognizes that some yeah you probably modified your app but in reality maybe just like for forgot like collect the data to after we have like very tight control over you release process but you can do cool stuff like revokes the Pacific ABK versions at this like very early pardon the communication with the server just like deleting that specific 8 digest from your database and then safety net or basically block was a k for you so we have that so yeah basically
so to do the implementation and deployment um yet on the client side you really have to check for error conditions we try and report failure codes in the back and you really have to make sure to validate the signature of the attestation data and unchecked really all fields timestamps norms and really make a decision about the failures and what you want to do and especially like things like do you have the force from user stop at the place of business and maybe have something megabyte of listing mechanism but very can bite is maybe specific kind of devices because you will run into problems and you probably don't want to go on prevent a like a specific user group from not using being able to use the
service so on so yeah so that's basically the the part about borders that as a net attestation how does that work but what you should look out for undue trying to implement and deploy it but of course it time as I anybody was like interested and security and if you like and implement or a menu security system you really want to come in all you can actually trusted system or is it just like does nothing in so when I when I 1st looked at was like let's see how good this actually has and can be do like bypasses and also what are the limitations some obvious limitations I guess I'm where I'm and reader of different Android versions because an Android phone 5 you really don't have like this and C-Cube with state like some applications cannot determining the services that would state so anything that would be based on some unlocking the you bootloader and some of what the basically work because if you can detect the woodlot also unlocked and you can block of unlocked board loaded it on and on and the Android 6 the yeah I of course it can detect from the board state and then you can actually rely on everything that has some based on near to seek you would want but this of course already shows you dumb all devices um kind of some of know our heart rate are much harder to like judge I'm in terms of attestation system because of certain limitations of the actual S so when you're your security policy in your back and you basically have to to know that pay for if something like 105 for 5 devices must be might not be able to see certain things if you just use 15 and and nearly other things of and
reforms you don't have the emeriti that means seek industry mount and ride on change files and on the system partition so that you can do to find things like gum change or rename or move like a system exoplanets you to some other directory and then if you describe run your safe that enabled application you will totally bypass from all election not during a bypass will you just pass station because the system will say yeah fine nothing finger was modified and um and then after using that Abby can basically restore SU 2 like by copying it back up and you go so and that also was like another another basically indicator what you should do if you only like basic around 16 on on Apr start our you can do with things like that but safe use it more often like at random intervals just the beckons the they cancerous like at random and there was just like says taking area and this attestation for me those things become a little bit harder of course none of this like this documented at all so this my
whose like small them application again I think this was like a nexus 5 x was spend rate 6 anatase unlock the boot loader and then if few Lagrangian station will see something like this like C-Cube would more that that she doesn't come from the attestation guide I just like read that from the system properties but it basically detects on bootloader uh and um so uh it will change earlier where is that the other profile in the middle to false and would also give you like an advice it's like a should we look you would log and this advice the there's also something that just like added I think earlier this year just on the like gives added you're like you looking I was looking at the this Jason files like a there's a new field of like undocumented nice
so um Sue Haydn and just so but obviously have if a system like that exists people try to bypass of and 1 of the 1st bypasses for this this follows as you hide basically at some you can call them a rootkit because at some religious hiding a trying to hide them and that the basically that the rooted your device on safety net and some that the as you I was very simple and you google very easily actually detected and you could actually read and forums like that people post all I can't like use hide anymore that it's not detect that in 9 2 weeks later was like why maybe like 2 days later there was like an updated and worked again and that was like detected again and that's really well it's like short some some iteration cycle due to like code pushing comes into play a bigger we just like really fast and reacts to whatever changes not and then so I was discontinued because the guy with is that like I give up like they they can like change their detection so fast and I I want to do something else with my life than just like updating and but then there's managers from villages so the more the more modern whales like that basically hiding route um but medicines based on unlocking the boot-loader and touching as Linux policies and so on and actually this is as far as i know completely undetected undetectable at the moment um due to the safe detection of running the full system privileges but there are some yeah and this this faces value you have to like some on unlock and modify unlucky woodlot and like heavy modifications so it's like not probably done by a lot of users and by uh basically all of those 2 is always the real real rootkits to like hide route from security service on and right and it was playing a nice cat and mouse game them so I yeah I know so that
those 2 embrace the users try to hide system modifications rooting which is only 1 aspect of some of safety net but the system at a station in the the and
so I was more interested in have integrity but young because you the other the other 2 is the other to like text can obviously be bypassed and really nobody ever looked at have integrity and I was really wondering why it was like yeah that's kind of interesting us so look it was looking into have interest the I'm and basically the the the I'd the goal behind have integrity is likely needed to dead is really to detect it from somebody modified your application from and you do that by looking at the a P. K. digest of the sort that test the cause if he could modify the APK can do something like removed like the TLS are pending and like modified traffic and single things like that them so and you probably don't want that to happen so that have integrity is like very interesting
and so more Hollis hollows ever integrity your whole just like that of the sir digests actually work for the the you can adjust the interesting part of some variables to some values are calculated on the AP on the k file that stored on disk but if you know of how and where actually works you know like under a doesn't actually execute DAP k because they decays contained X files and Angeline right forward cells would be converted to order it's like optimized expenses like a bytecode Android for 4 and 5 and later would just like to compile the decks code to native code and there was some of 3 years ago there was like some work done on upon patching um Audix files and so this this like problem of some calculating checksums on on our digest on 1 4 and 1 file but executing another file can on a thing of the CB attacks
so who is the like rehash the the right of code running again so 104 fighter base the data directly and have 180 of Fabry like a p k sets the and then you have like the program the program data and then you have a cold on and data cash and then you have this like super-long Posner of filename just basic very like the optimized exits 106 and later you have so just like your package directory and the package territory you have p k and you have the basal who layer of the base sort X file but in this case a section on all expire was like notify lattices contains native code the interesting part of those files all owned by the system and they can only be red red and rot road broken by actually installed the and I got so you don't have connection not read its own like binary which makes us very interesting camps on the uh because I got I get the value of display loads into memory and executes so all you have doesn't really need to be able to read it some code
so um to go back and look at generic at modification how how the lecture work not only you do something like a p k tool the use like unpack the fire modify the Somali code use APK tool like rebuild the k these just on it's like sign the file and then you can just like run the modified a k of course in this case the signature would be broken because you don't have that all authors like the keys and on on the device from educator compiled using DEC's all they can to say the expose the old file and then you have the modified it k I so what then what you do and that's all X file but you've still you still have to like patch the old the modified audit file to be some at the building site contains like it's here see 32 of the text file was generated from this is not a security check at all it just for the VM so the VM can see all of those that maybe they decay was updated and know this here see doesn't match let the text file and just like we compiler that's just like the purer let's not run all called feature is not a security features feature in order to patch CAC phylum made a small tools like really tiny and that cycles open-source they can just like patch patches here see some of the Unix file so what you can do
basically which will work on any Android words and then you can just like the you need to override the Old EXE file some of the specific so few devices rooted you can display go like this override that specific file and so either in the dollar catcher in the up in the upper arm them all cash and in this like stop the Appen restarted and I'm you just have this modified APK and Alexi bypass all of the all of the checks because you only modify them with only modify the code that's executed but not the actually are originally became and then of course you have to like on route because you want to still um of the past like the general device integrity checks so if you go back to all of them if you think back about earlier slides early on and rate for you can really be can really detect if the woodlot unlocked that basic means on an right for you can truly but trivially bypassed at integrity checks because we are if you have a route to the face on on on on the bootloader you can't do that yeah so that those that is
bypassed so but was like yeah that's all I bet you can also find other ways to do this so the main goal for this attack as like as before we really want to override the swan all excited them but we know of only basically to 2 so the 2 we have the demons can actually like right up to 2 wineries section have their semantics privileges to write to the file to others classifiers is installed the invite but who else can write to any file and the file system of course of the kernel of the Linux kernel because if X is true excess slum any anything that's like a like as the limits of 5 emissions do not exist for the kernel itself and uh here 2 years ago no 1 year ago there was like nice kernel bark by the name of sturdy column which and for the sort stick them you basically allowed you to label overrides any file and the file system then you can that you can read so as I'm shall user you can obviously read all AAC files so now we can go and basically says he can read any order file without rooting the device
we can actually some of this attack to those wishing a phone so basic the same procedure you the APK tool from the file of modify the the Audix violent patch everything of um but the 1 with the 1 small had issues like dirty coconut like can only over from files but like basically not depend like or increase the size of files and the 1 easy trick that our founders and its anomaly thick solid runs them was like come up with processor-specific optimizations as you can see down here it like or takes a if a 53 and how optimizations newly makefiles much bigger so if you just like 1 of you just like compiled from hazardous Frontex old without optimizations you'll actually get a much smaller file so even if you had like a lot of culture to like the patch have you file so the smaller and you can very nicely override and the audit file using dirty cops
and yet nature gonna show the little life tomorrow because it's actually dead that
simple the 1st going show so thanks in into sister rate of little bit until the camera adjust to the wide get so this is like the stem elaborate you and the powers all of the checks and to basically on what if 1 were to devise some unmodified AB develops good but back so this is
readable I think that's OK that's fine but some of those like this is the a p k a so if it's like on Texas APK quickly if the with an image they can modify some code so all this is just like some smaller code which ongoing respect patch into the suffocation that's all we need an so on and now you can do
stuff no just like rebuild was basically using the k 2 again like those sign uh some use like the draws final afflicted default and key sort like just have a self-signed procuring what are
the this evidence that the path from but
so I where it is can who
knows where farmers we 10 truth but
what
is it
then no bias the passenger center the command arguments suggest yeah yeah that's I guess you should have which
the 4 is that come from
the outside her JDK decays that's exactly what happens 1st JDK does she not
here where the k the to there we
go and it
will missions the mode should be marvelous yeah yeah has pretty sure our theory go
and they say
and
then we can excel at so this again
yeah so now we re re signed the
so so what the what else do we need to do so we have our our recent out so we want to compile this AP on the device the lives basically a group
of pushing that burden within europe
UK and getting the modified the compiled code X and now we want to your original beyond their original base file because we need to extract the original scene and
only can do it this way this
is the this is the original form and this 1
is the 1 we want to change so much of the
gonna do here this to change the song to this not sure about those but
the notes here she knew scarcity
yeah it's always nice if you forget the
command line of your own applications
and now we modified yet notes
modified so this is like purged and for
the attack basically push this modified at of the what effect what X file to the to the device and then run the wonder to town so another nice find a failure in this demo
22 and a bit work contrite try again and I have a few moments yeah like life that I
like lifetime was just like turn to sometimes it's like do not work on the 1st try of small good and so the the
the the the strands and it was so SCO reinstalled era j
k since URI have all the modified files you can just skip everything else so stride 1 more time the and it worked
so let's go to the camera it's
not mission to build the the weight you know you see those most probably in and you'll see all those checks person and a few
so the other and basically up on route to devise but complete basically up compromise from the integrity
level and so is the actual impact of this attack on yeah that's of course limited to render a device that's the loanable too dirty call there's probably like a lot of them um the nice part is that basically the owner of the device has to like performs attack himself because ABS so like if you malicious apps that run the new device that could not modifying other up because apps cannot open an old files so that's good of course the attack goes way beyond safety I'm at the station so any any device that um any any check you do on like like some old exposes something will be more able to this attack the nice part is an red 7 devices will not be vulnerable because some who will change basically the policy for the CTS test so they would like to check if your kernel has a still has a spot and and you will not be get food certification 407 devices yeah the generic attacker told you like many by our guess now thankfully 2 years ago so the anode but of some the like as hot fix Copperhead as like Android and cloning them they should be by not by accident by by design mitigate any kind of these attacks but recompiling every up on every start so that would become kill like modified
X files so made some observations over time so basic entirety will states like due drew July 2016 and suddenly like from those and was like a does anybody know because it's not really documented and then again in against may this year they added this advice field that will tell you about like you bootloader like researcher utilize because we determined the devices like temperature so those like kind of interesting and now there's also like a mailing list where you can like subscribe and they will tell you I guess about new features but that said the so will not be updated like in a timely way at all also
on data and that would more interesting parts so some at the station this basin CTS data and CTS is run by manufacturers from before they come release but the and update or patch for phone serves and data as not up to date of course the CTS test will fail will tell you like a device has been modified and actually found that on like some your telephone like against their old all the security patch and did not submit the test status on all of those 2 patch devices actually all of those who just failed just because 2 wouldn't have the up-to-date data and actually go to the themselves some here in March this year and you will have to like pull a security update from the for the next 7 because it like broke them their safety net and thereby also an and retained part probably some that the last part on all like call that happened but basically if from a station at the station has an outage and you can't react to like this outage you will have an outage to have like an app developer and you probably do
not want that and the fun part about them yeah the deceased and general and who really improve that like all the time if you like follow forms rooting for instance on very closely you'll see this cat-and-mouse game some and down that's mostly for moving us most about protecting and retained and the and there no but the other the big the big on Monday as the big benefit off of safety nets on behalf of the station part of that really you have a bunch of people at Google who constantly like work on improving basically the results for safety net so if you use that to secure your own you get like a lot of the security for free right very otherwise would have to like employ a bunch of people or by like a 3rd party product that does like Apple and device integrity checks for year service the nice
part is that the spatial stream but of course it can go down and have altered just debut base so you don't get an SOA there's rate limits which you should never be able to reach on the islands free it's like from if you compared to like third-party service that Merrill that are not free but this should be interesting
on a side note about molar so there's a lot of Android molar that basically is repackaged Android apps so basic people dislike add there like so whatever they want to do to like Angry Birds and then you like download that modified Angry Birds of that of that game more like that I have what I hear and safety nets and they would basically have to yeah basically that repackaging wouldn't work because the apple just like say hey I'm was modified and I don't work so they have to like either we cut out a lot of functionality of that specific out and they probably won't do that because they will just like go off to some of other so you can basically uses to basically prevent your product from being targeted by Apple packaging Marlboro in as like a site as a side um some has a side effect so
summary and conclusions basically it's like 1 of the essential part from security services and if you like to see a serious about like any kind of of security and Android you should really really use that of as I showed you this like a little some the downside for some things have to be aware of it but you have to be aware of those anyway if you use if you roll your own or like by a 3rd party service and in the majority of that so just like benefit from those and really will really get better over time and you can really like see google doing improvements to
that and that that's slides online tools online and my get hub page are like if you go to a minor oxygen right you'll find everything related to this talk some more
references to read up that that bakery
much and they go through the food for classrooms in the US you uh all the thing in the on the end of the line and you do that you made I with it when a safety net Milgrom with food emissions because it runs inside the blue like someplace services like the the basically the sum then the play at the then right like that play service at and that only runs like as like system service and so doesn't run the full services because I am because of that of like runs in like you slightly frivolous like at and I think that's by design also to think about other manufacturers like maybe some song HEC they may be like other companies probably like I do not want to have often super-high privileged who process on their phones notes just by design like that's the only thing I can think of some yeah thank you next question from microphone number 2 peace the you and the political will all look like the under the system using right the m in there you have a more religious on us and when ordinary speech this I used to work do you not want test for the light crude right through life I think that they really depends on like URIs model like if if you know if you're at very concerned about modified of some modified devices of course it makes sense to add your own some checks in addition but I think if you like starting to develop like a new happy should 1st implement them safety net at the station and get all of this right and then you can like start investing money to build your own because of if you've start rolling you only have a common basic you have to have a team that constantly like keeps up to date with Android rather something changes and you have and your own detection has false positives you like just like disable you have for like a lot of people so on yeah as like depending on what you want to do and I come what you want like spend on on the on the on that thank you very much unfortunately time is that by now so whatever else is questions please find Colin after the talk and I know all that right you probably all know that it's pretty nerve-racking when you're on stage and you're
demerol whatever you were planning a presentation doesn't work as planned so I hopped that you're going to shell out of hand and the hand gets another big round of a blast thank you very much thank you want to do in
this and that kind of IP Act
Humanoider Roboter
App <Programm>
Expertensystem
Gewicht <Mathematik>
Datenfeld
Rechter Winkel
Computersicherheit
Adressierung
Unrundheit
Information
Humanoider Roboter
Hacker
Humanoider Roboter
Chipkarte
Proxy Server
Gewicht <Mathematik>
Elektronischer Programmführer
Computersicherheit
Physikalisches System
Humanoider Roboter
Proxy Server
Arbeitsplatzcomputer
Computersicherheit
Mobiles Internet
Elektronischer Programmführer
Softwareentwickler
Hacker
Implementierung
Windows Mobile
Humanoider Roboter
Online-Dienst
Telekommunikation
Bit
Kontrollstruktur
App <Programm>
Mathematisierung
Gateway
Versionsverwaltung
Content <Internet>
Dienst <Informatik>
Computer
Framework <Informatik>
Informationsmodellierung
Datennetz
Lineare Regression
Computersicherheit
Gateway
Mobiles Internet
Kontrollstruktur
Inhalt <Mathematik>
Bildauflösung
App <Programm>
Prozess <Informatik>
Computersicherheit
TLS
Ausnahmebehandlung
Mailing-Liste
Physikalisches System
Elektronische Publikation
Endogene Variable
Software
Dienst <Informatik>
Framework <Informatik>
Wurzel <Mathematik>
Tablet PC
Basisvektor
Gamecontroller
Versionsverwaltung
Umwandlungsenthalpie
Softwareentwickler
NP-hartes Problem
Kartesische Koordinaten
Physikalisches System
Automatische Differentiation
Elektronische Publikation
Kombinatorische Gruppentheorie
Computersicherheit
Emulator
Emulator
Softwareentwickler
Explosion <Stochastik>
Implementierung
Umwandlungsenthalpie
App <Programm>
Gewicht <Mathematik>
App <Programm>
Computersicherheit
Systemplattform
Physikalisches System
Systemplattform
Code
Entscheidungstheorie
Dienst <Informatik>
Offene Menge
Arbeitsplatzcomputer
Computersicherheit
Client
Mobiles Internet
Dateiverwaltung
Booten
Humanoider Roboter
Subtraktion
Mereologie
Punkt
App <Programm>
Computersicherheit
Captcha
Programmverifikation
Routing
Patch <Software>
Dienst <Informatik>
Physikalisches System
Term
Motion Capturing
Software
Dienst <Informatik>
Software
Arbeitsplatzcomputer
Computersicherheit
Einflussgröße
Stochastische Abhängigkeit
Umwandlungsenthalpie
Interpretierer
Dienst <Informatik>
Mereologie
Menge
Code
Systemaufruf
Gasströmung
Mailing-Liste
Dienst <Informatik>
E-Mail
Stochastische Abhängigkeit
Softwaretest
Einfach zusammenhängender Raum
Client
Gewicht <Mathematik>
Quader
Netzbetriebssystem
Arbeitsplatzcomputer
Kartesische Koordinaten
Dienst <Informatik>
Bitrate
Raum-Zeit
Code
DoS-Attacke
App <Programm>
Computersicherheit
Temporale Logik
Gruppenkeim
Systemaufruf
Vektorraum
Information
Elektronische Unterschrift
Endogene Variable
Elektronische Unterschrift
Endogene Variable
Arbeitsplatzcomputer
Ordnung <Mathematik>
Konfigurationsraum
Transaktionsverwaltung
Aggregatzustand
Humanoider Roboter
Resultante
Stereometrie
Web log
Formale Sprache
Programmverifikation
Gewichtete Summe
Extrempunkt
Zeitstempel
Message-Passing
Elektronische Unterschrift
Dateiverwaltung
Zeitstempel
Softwareentwickler
Einflussgröße
Kette <Mathematik>
Softwaretest
Suite <Programmpaket>
Kreisfläche
Matching <Graphentheorie>
Validität
Profil <Aerodynamik>
p-Block
Humanoider Roboter
Physikalisches System
Dateiformat
Elektronische Unterschrift
Endogene Variable
Integral
Verkettung <Informatik>
Speicherabzug
Digitales Zertifikat
Decodierung
Normalvektor
Tabelle <Informatik>
Subtraktion
Multifunktion
Demo <Programm>
Vorzeichen <Mathematik>
Physikalisches System
Gesetz <Physik>
Integral
Physikalisches System
Message-Passing
Datenfeld
Konsistenz <Informatik>
Protokoll <Datenverarbeitungssystem>
Emulator
Indexberechnung
Inhalt <Mathematik>
Demo <Programm>
Tabelle <Informatik>
Aggregatzustand
Proxy Server
Fehlermeldung
Subtraktion
Gewicht <Mathematik>
Unrundheit
Maßerweiterung
p-Block
Physikalisches System
Term
Code
Message-Passing
Datenfeld
Typentheorie
Datennetz
Endogene Variable
Arbeitsplatzcomputer
Randomisierung
Bitrate
Aggregatzustand
Fehlermeldung
Humanoider Roboter
Punkt
Decodierung
Sampler <Musikinstrument>
App <Programm>
Gruppenkeim
Interaktives Fernsehen
Kartesische Koordinaten
Dienst <Informatik>
Gesetz <Physik>
Client
Bildschirmmaske
Einheit <Mathematik>
Softwaretest
Front-End <Software>
Code
Booten
Einfach zusammenhängender Raum
App <Programm>
Fehlermeldung
Systemaufruf
Dienst <Informatik>
Forcing
Flächeninhalt
Bitrate
Fehlermeldung
Telekommunikation
Subtraktion
Bit
Gewicht <Mathematik>
Prozess <Physik>
Kontrollstruktur
Versionsverwaltung
Parser
Unrundheit
Kartesische Koordinaten
Element <Mathematik>
Datenhaltung
Lesezeichen <Internet>
Konsistenz <Informatik>
Code
Datennetz
Proxy Server
Randomisierung
Zeitrichtung
Schreib-Lese-Kopf
Lineares Funktional
ATM
App <Programm>
Fehlermeldung
Prozess <Informatik>
Datenhaltung
p-Block
E-Funktion
Entscheidungstheorie
Integral
Generizität
Dienst <Informatik>
Datenfeld
ATM
Generizität
Basisvektor
Client
Gamecontroller
Server
Digitales Zertifikat
Versionsverwaltung
Schlüsselverwaltung
Aggregatzustand
Fehlermeldung
Humanoider Roboter
Proxy Server
Subtraktion
Decodierung
Gruppenkeim
Versionsverwaltung
Implementierung
Kartesische Koordinaten
Dienst <Informatik>
Term
Whiteboard
Zeitstempel
Entscheidungstheorie
Physikalisches System
Client
Elektronische Unterschrift
Proxy Server
Computersicherheit
Konditionszahl
Inverser Limes
Booten
Zeitstempel
Implementierung
Umwandlungsenthalpie
Kraftfahrzeugmechatroniker
Fehlermeldung
Booten
Computersicherheit
Humanoider Roboter
Physikalisches System
Bitrate
Elektronische Unterschrift
Mechanismus-Design-Theorie
Entscheidungstheorie
Dienst <Informatik>
Datenfeld
Forcing
Konditionszahl
Client
Codierung
Normalvektor
Versionsverwaltung
Fehlermeldung
Aggregatzustand
Humanoider Roboter
Proxy Server
Bit
Prozess <Informatik>
Booten
Kategorie <Mathematik>
Mathematisierung
Profil <Aerodynamik>
Kartesische Koordinaten
Physikalisches System
Elektronische Publikation
Bitrate
Partitionsfunktion
Physikalisches System
Flächeninhalt
Konsistenz <Informatik>
Wurzel <Mathematik>
Proxy Server
Arbeitsplatzcomputer
Booten
Elektronischer Programmführer
Indexberechnung
Verzeichnisdienst
Humanoider Roboter
Proxy Server
Videospiel
Gewicht <Mathematik>
Momentenproblem
Rootkit
Computersicherheit
Iteration
Routing
Physikalisches System
Code
Dienst <Informatik>
Datenmanagement
Webforum
Wurzel <Mathematik>
Spieltheorie
Rechter Winkel
Proxy Server
Arbeitsplatzcomputer
Dreiecksfreier Graph
Booten
Computerunterstützte Übersetzung
Humanoider Roboter
Physikalischer Effekt
Einfache Genauigkeit
Zellularer Automat
TLS
Humanoider Roboter
Maschinensprache
Elektronische Publikation
Quick-Sort
Integral
Gewöhnliche Differentialgleichung
Variable
Konsistenz <Informatik>
Code
Byte-Code
Mini-Disc
Humanoider Roboter
Web Site
Datensichtgerät
Maschinensprache
Code
Gewöhnliche Differentialgleichung
Physikalisches System
Elektronische Unterschrift
Vorzeichen <Mathematik>
Code
Optimierung
Einfach zusammenhängender Raum
Autorisierung
Matching <Graphentheorie>
Computersicherheit
Gebäude <Mathematik>
Physikalisches System
Elektronische Publikation
Elektronische Unterschrift
Quick-Sort
System F
Verbandstheorie
Rechter Winkel
Last
Festspeicher
Generizität
Dreiecksfreier Graph
Garbentheorie
Compiler
Ordnung <Mathematik>
Verzeichnisdienst
Caching
Humanoider Roboter
ARM <Computerarchitektur>
Kernel <Informatik>
Elektronische Publikation
Booten
Routing
Bitrate
Elektronische Publikation
Quick-Sort
Code
Kernel <Informatik>
Formale Semantik
Integral
Gewöhnliche Differentialgleichung
Arithmetisches Mittel
Rechenschieber
Physikalisches System
Wurzel <Mathematik>
Rechter Winkel
Dateiverwaltung
Inverser Limes
Garbentheorie
Wort <Informatik>
Dämon <Informatik>
Ordnung <Mathematik>
Versionsverwaltung
Funktion <Mathematik>
Humanoider Roboter
Kernel <Informatik>
Videospiel
Elektronische Publikation
Randwert
Minimierung
Natürliche Zahl
Hasard <Digitaltechnik>
Elektronische Publikation
Algorithmische Programmiersprache
Gewöhnliche Differentialgleichung
Blu-Ray-Disc
Wurzel <Mathematik>
Code
Zentraleinheit
Demo <Programm>
Humanoider Roboter
Stellenring
Bit
Installation <Informatik>
Reverse Engineering
Regulärer Graph
Bitrate
Bildgebendes Verfahren
Code
Leistung <Physik>
Humanoider Roboter
Stellenring
Elektronische Publikation
Systemplattform
Gebäude <Mathematik>
Extrempunkt
Objektklasse
Quick-Sort
Open Source
Quellcode
Framework <Informatik>
Vorzeichen <Mathematik>
Booten
Emulator
Passwort
Compiler
Schlüsselverwaltung
Default
Humanoider Roboter
Open Source
Parametersystem
Rechenzeit
Total <Mathematik>
Speicherabzug
Volumenvisualisierung
Systemplattform
Skript <Programm>
Booten
Emulator
Information
Schlussregel
Humanoider Roboter
Stellenring
Rechenzeit
Volumenvisualisierung
Spieltheorie
Information
Open Source
Wurzel <Mathematik>
Total <Mathematik>
Disk-Array
Skript <Programm>
Vollständigkeit
Compiler
Humanoider Roboter
ATM
Stellenring
Programm/Quellcode
Spieltheorie
Vektorraum
Dienst <Informatik>
Marketinginformationssystem
Objektklasse
Wurzel <Mathematik>
COM
Total <Mathematik>
Bildschirmsymbol
Vollständigkeit
Humanoider Roboter
Inklusion <Mathematik>
Stellenring
Elektronische Publikation
Langevin-Gleichung
Gruppenkeim
PASS <Programm>
Vektorraum
Vorzeichen <Mathematik>
Gebäude <Mathematik>
Dienst <Informatik>
Elektronische Publikation
Code
Zeitstempel
Quellcode
Disk-Array
Digitales Zertifikat
Passwort
Compiler
Demo <Programm>
Faltung <Mathematik>
Humanoider Roboter
Stellenring
Bildschirmmaske
ATM
Hill-Differentialgleichung
Objektklasse
Compiler
Innerer Punkt
Soundverarbeitung
Demo <Programm>
ATM
Disk-Array
Indexberechnung
Kartesische Koordinaten
Compiler
Objektklasse
Elektronische Publikation
Humanoider Roboter
Gewöhnliche Differentialgleichung
Kernel <Informatik>
Blu-Ray-Disc
Videospiel
Bit
Exploit
Momentenproblem
Wurzel <Mathematik>
Güte der Anpassung
Demo <Programm>
Stellenring
Exploit
Installation <Informatik>
ATM
sinc-Funktion
Elektronische Publikation
Demo <Programm>
Humanoider Roboter
Gewöhnliche Differentialgleichung
Kernel <Informatik>
Blu-Ray-Disc
Stellenring
Gewicht <Mathematik>
Exploit
Wurzel <Mathematik>
Installation <Informatik>
Routing
Demo <Programm>
Integral
Humanoider Roboter
Softwaretest
App <Programm>
Digitales Zertifikat
Element <Mathematik>
App <Programm>
Systemaufruf
Mailing-Liste
Störungstheorie
Elektronische Publikation
Kernel <Informatik>
Übergang
Datenfeld
Betrag <Mathematik>
Zahlenbereich
Generizität
Klon <Mathematik>
Arbeitsplatzcomputer
Disk-Array
Luenberger-Beobachter
E-Mail
Humanoider Roboter
Resultante
Softwaretest
App <Programm>
Gewicht <Mathematik>
Freeware
Computersicherheit
Systemaufruf
Biprodukt
Integral
Dienst <Informatik>
Bildschirmmaske
Umwandlungsenthalpie
Spieltheorie
Arbeitsplatzcomputer
Computersicherheit
Addition
Softwareentwickler
Drei
Instantiierung
Soundverarbeitung
Lineares Funktional
Web Site
Kanalkapazität
Gewicht <Mathematik>
Freeware
App <Programm>
Malware
Dienst <Informatik>
Humanoider Roboter
Bitrate
Biprodukt
Inverser Limes
Streaming <Kommunikationstechnik>
Freeware
Dienst <Informatik>
Spieltheorie
Login
Protokoll <Datenverarbeitungssystem>
Inverser Limes
Bitrate
Humanoider Roboter
Softwareentwickler
Computersicherheit
Systemplattform
Humanoider Roboter
Homepage
Gewöhnliche Differentialgleichung
Dienst <Informatik>
Rechter Winkel
Proxy Server
Rechenschieber
Konditionszahl
Computersicherheit
Drei
Implementierung
Humanoider Roboter
Softwaretest
Addition
Videospiel
Gewicht <Mathematik>
Gewichtete Summe
Ortsoperator
Mathematisierung
Zahlenbereich
Unrundheit
Sprachsynthese
Physikalisches System
Kombinatorische Gruppentheorie
Web log
Gewöhnliche Differentialgleichung
Dienst <Informatik>
Informationsmodellierung
Rechter Winkel
Rechenschieber
Gerade
Hypermedia
Systemprogrammierung

Metadaten

Formale Metadaten

Titel Inside Android’s SafetyNet Attestation: Attack and Defense
Serientitel 34th Chaos Communication Congress
Autor Mulliner, Collin
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34934
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract SafetyNet Attestation is the primary platform security service on Android. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android's SafetyNet Attestation infrastructure to ensure the integrity of your application and the user's device. Unfortunately, SafetyNet Attestation is not well documented by Google. This talk is split into three parts. Part one provides a deep dive into SafetyNet Attestation how it works. Part two is a guide on how to implement and use it for real world applications. This is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. The talk will provide you with everything you need to know about Android’s SafetyNet Attestation and will help you to implement and use it in your app. Part three presents attacks and bypasses against SafetyNet Attestation. The attack method targets not only SafetyNet but other similar approaches. New tools and techniques will be released at this talk.
Schlagwörter Security

Zugehöriges Material

Video wird in der folgenden Ressource zitiert

Ähnliche Filme

Loading...
Feedback