The widely publicised malware on the Android Marketplace relies on the fact that users do not review permissions when installing applications. A lesser known fact is that an installed application with no special permissions will often be able to access a user's most sensitive data regardless. Upon reviewing multiple Android handsets and applications, the sheer number of information disclosure vulnerabilities found was alarming.
A live demonstration will be conducted on well-known Android phones, showing how a person's most sensitive data can be compromised by an attacker. After discovering many vulnerabilities in Android applications that allows information to be leaked and privileges to be escalated, it was clear that there was a need for a tool that allows security specialists to view the attack surface of applications from an unprivileged context and interact with them in an intuitive manner.
Mercury is a tool that allows its user to dynamically examine the attack surface of applications that reside on a device and exploit them. It is split into two parts, using a client/server model in order to meet its goals.
The design of the system works by placing a low-privileged server application that is deployed on the Android device which interacts with a command-line interface on the user's computer. This model provides users with a rich experience that will not disappoint. This class of tool is very different from source code analysis is as it is aimed to be a practical interactive platform for Android bug hunters.
The main objective of Mercury is to be an auditing tool that can be used for many purposes. Some features which make this possible are the following:
- The ease with which a user can find relevant information about exposed application attack vectors
- Command-line interaction with applications on the device in order to find vulnerabilities
- The ability to write proof-of-concept exploits for vulnerabilities using a range of pre-defined commands. This effectively removes the need for custom application writing in order to perform tests against the target vulnerability.
- MWR Labs research that allows the exploitation of debuggable applications, SQL injection on content providers and various other privilege escalation techniques
The exploitation wing of Mercury is currently under heavy development, finding innovative ways of escalating privileges from an unprivileged context. It is the hope that this tool will be released to the public as part of Tyrone's talk at BlackHat EU 2012. This talk would present multiple vulnerabilities found in Android handsets and techniques for exploiting different applications using Mercury.
Žádné komentáře:
Okomentovat