How to crash any Android app in 30s?

Other
Talk
intermediate
English
03/13/2016 - 12:00 to 12:30
Roma

Session abstract: 

The number of Android available applications on Play Store has grown explosively in the last years (currently there are over 1.5M apps on official store). This, along with the number of Android new vulnerabilities that appear every month, and the price of a 0day reported by Zerodium which might be up to 100K $ per vulnerability, brings the Android OS on the spotlight. Usually an Android bug may impact around 1B devices at once, so we are entitled to say it is important to defend Android devices and to develop safer apps. One important target for the attackers is the Inter-Process Communication (IPC) mechanism through which applications communicate. This is crucial for the integrity of the Android system, given its high privileges, and this way IPC fuzzing becomes fundamental to Intel's customers.

Drozer is a comprehensive security audit and attack framework for Android. It provides various modules to analyze its IPC mechanism but it does not support fuzzing testing methods upon the intents in Android. This paper presents our solution, named “intents.fuzzinozer”. It allows us to send fuzzed intents to applications installed on the device, and monitor their behavior under attack. Its replay functionality gives the developer the opportunity to validate the fixing patches he applies on the crashing app. Furthermore, “intents.fuzzinozer” could trigger a DoS attack by flooding the activity manager with intents. On our test sessions we found thousands of Java exceptions like SecurityException, IllegalStateException, IllegalArgumentException, javaNullPointerException.

This talk will be about the “intents.fuzzinozer” module and the improvements it brings to Android Security. At the end of it, you will understand how you can use our module, step by step, following plenty of examples, in order to assess your Android apps' Security. The module has been submitted to Drozer's official module's repository and it is waiting team's official review. In case of acceptance, it will bring more visibility for Intel.