Description
The first comprehensive guide to discovering and preventing attacks on the Android OS
As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.
If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox.
- A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis
- Covers Android application building blocks and security as well as debugging and auditing Android apps
- Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack
Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.
Chapter
Chapter 1 Looking at the Ecosystem
Understanding Android’s Roots
Examining the Device Pool
Understanding Android Stakeholders
Grasping Ecosystem Complexities
Chapter 2 Android Security Design and Architecture
Understanding Android System Architecture
Understanding Security Boundaries and Enforcement
Looking Closer at the Layers
The Dalvik Virtual Machine
Complex Security, Complex Exploits
Chapter 3 Rooting Your Device
Understanding the Partition Layout
Determining the Partition Layout
Understanding the Boot Process
Locked and Unlocked Boot Loaders
Stock and Custom Recovery Images
Rooting with an Unlocked Boot Loader
Rooting with a Locked Boot Loader
Gaining Root on a Booted System
NAND Locks, Temporary Root, and Permanent Root
Zygote: Zimperlich and Zysploit
Ashmem: KillingInTheNameOf and psneuter
File Permission and Symbolic Link–Related Attacks
Adb Restore Race Condition
Chapter 4 Reviewing Application Security
Insecure Transmission of Sensitive Data
Information Leakage Through Logs
Case Study: Mobile Security App
Chapter 5 Understanding Android’s Attack Surface
An Attack Terminology Primer
Classifying Attack Surfaces
Client-side Attack Surface
Exploring the File System
Finding Other Local Attack Surfaces
Other Physical Attack Surfaces
Third-Party Modifications
Chapter 6 Finding Vulnerabilities with Fuzz Testing
Crafting Malformed Inputs
Fuzzing Broadcast Receivers
Fuzzing Chrome for Android
Selecting a Technology to Target
Fuzzing the USB Attack Surface
Chapter 7 Debugging and Analyzing Vulnerabilities
Getting All Available Information
Debugging with Crash Dumps
Showing Framework Source Code
Debugging with a Non-AOSP Device
Alternative Debugging Techniques
Dynamic Binary Instrumentation
Chapter 8 Exploiting User Space Software
A History of Public Exploits
Exploiting the Android Browser
Chapter 9 Return Oriented Programming
Separate Code and Instruction Cache
Combining Gadgets into a Chain
Identifying Potential Gadgets
Case Study: Android 4.0.1 Linker
Pivoting the Stack Pointer
Executing Arbitrary Code from a New Mapping
Chapter 10 Hacking and Attacking the Kernel
Extracting from Stock Firmware
Getting the Kernel from a Boot Image
Running Custom Kernel Code
Setting Up a Build Environment
Using Custom Kernel Modules
Obtaining Kernel Crash Reports
Chapter 11 Attacking the Radio Interface Layer
The Android Telephony Stack
Telephony Stack Customization
Short Message Service (SMS)
Sending and Receiving SMS Messages
Interacting with the Modem
Emulating the Modem for Fuzzing
Chapter 12 Exploit Mitigations
Protecting Against Integer Overflows
Preventing Data Execution
Address Space Layout Randomization
Format String Protections
Access Control Mechanisms
Pointer and Log Restrictions
Summary of Exploit Mitigations
Disabling Mitigation Features
Changing Your Personality
Overcoming Exploit Mitigations
Overcoming Stack Protections
Overcoming Data Execution Protections
Overcoming Kernel Protections
Official Projects Underway
Community Kernel Hardening Efforts
Chapter 13 Hardware Attacks
Interfacing with Hardware Devices
I2C, SPI, and One-Wire Interfaces
Difficulty Identifying Components
Intercepting, Monitoring, and Injecting Data
I2C, SPI, and UART Serial Interfaces
Stealing Secrets and Firmware
Accessing Firmware Unobtrusively
Destructively Accessing the Firmware
What Do You Do with a Dump?
Boot Loader Passwords, Hotkeys, and Silent Terminals
Customized Boot Sequences
Image Encryption, Obfuscation, and Anti-Debugging
Firmware Extraction and Flashing Tools
Hooking and Instrumentation Tools
IDA Pro and Hex-Rays Decompiler
Application Testing Tools
Drozer (Mercury) Framework
iSEC Intent Sniffer and Intent Fuzzer
Appendix B Open Source Repositories