Android Hacker's Handbook
IntroductionLike most disciplines, information security began as a cottage industry. It is has
grown organically from hobbyist pastime into a robust industry replete with
executive titles, “research and development” credibility, and the ear of academia
as an industry where seemingly aloof fi elds of study such as number theory,
cryptography, natural language processing, graph theory, algorithms, and niche
computer science can be applied with a great deal of industry impact. Information
security is evolving into a proving ground for some of these fascinating fi elds of
study. Nonetheless, information security (specifi cally “vulnerability research”)
is bound to the information technology sector as a whole and therefore follows
the same trends.
As we all very well know from our personal lives, mobile computing is quite
obviously one of the greatest recent areas of growth in the information technology.
More than ever, our lives are chaperoned by our mobile devices, much
more so than the computers we leave on our desks at close of business or leave
closed on our home coffee tables when we head into our offi ces in the morning.
Unlike those devices, our mobile devices are always on, taken between these
two worlds, and are hence much more valuable targets for malicious actors.
Unfortunately information security has been slower to follow suit, with
only a recent shift toward the mobile space. As a predominantly “reactionary”
industry, information security has been slow (at least publicly) to catch up to
mobile/embedded security research and development. To some degree mobile
security is still considered cutting edge, because consumers and users of mobile
devices are only just recently beginning to see and comprehend the threats
associated with our mobile devices. These threats have consequently created a
market for security research and security products.
xxvi Introduction
For information security researchers, the mobile space also represents a
fairly new and sparsely charted continent to explore, with diverse geography
in the form of different processor architectures, hardware peripherals, software
stacks, and operating systems. All of these create an ecosystem for a diverse set
of vulnerabilities to exploit and study.
According to IDC, Android market share in Q3 2012 was 75 percent of the
worldwide market (as calculated by shipment volume) with 136 million units
shipped. Apple’s iOS had 14.9 percent of the market in the same quarter, BlackBerry
and Symbian followed behind with 4.3 percent and 2.3 percent respectively. After
Q3 2013, Android’s number had risen to 81 percent, with iOS at 12.9 percent and
the remaining 6.1 percent scattered among the other mobile operating systems.
With that much market share, and a host of interesting information security
incidents and research happening in the Android world, we felt a book of this
nature was long overdue.
Wiley has published numerous books in the Hacker’s Handbook series, including
the titles with the terms “Shellcoder’s,” “Mac,” “Database,” “Web Application,”
“iOS,” and “Browser” in their names. The Android Hacker’s Handbook represents
the latest installment in the series and builds on the information within the
entire collection.
Overview of the Book and Technology
The Android Hacker’s Handbook team members chose to write this book because
the fi eld of mobile security research is so “sparsely charted” with disparate and
confl icted information (in the form of resources and techniques). There have been
some fantastic papers and published resources that feature Android, but much
of what has been written is either very narrow (focusing on a specifi c facet of
Android security) or mentions Android only as an ancillary detail of a security
issue regarding a specifi c mobile technology or embedded device. Further, public
vulnerability information surrounding Android is scarce. Despite the fact that
1,000 or more publicly disclosed vulnerabilities affect Android devices, multiple
popular sources of vulnerability information report fewer than 100. The team
believes that the path to improving Android’s security posture starts by understanding
the technologies, concepts, tools, techniques, and issues in this book.
How This Book Is Organized
This book is intended to be readable cover to cover, but also serves as an indexed
reference for anyone hacking on Android or doing information security research
on an Android-based device. We’ve organized the book into 13 chapters to cover
Introduction xxvii
virtually everything one would need to know to fi rst approach Android for
security research. Chapters include diagrams, photographs, code snippets, and
disassembly to explain the Android software and hardware environment and
consequently the nuances of software exploitation and reverse engineering on
Android. The general outline of this book begins with broader topics and ends
with deeply technical information. The chapters are increasingly specifi c and
lead up to discussions of advanced security research topics such as discovering,
analyzing, and attacking Android devices. Where applicable, this book
refers to additional sources of detailed documentation. This allows the book to
focus on technical explanations and details relevant to device rooting, reverse
engineering, vulnerability research, and software exploitation.
■ Chapter 1 introduces the ecosystem surrounding Android mobile devices.
After revisiting historical facts about Android, the chapter takes a look at
the general software composition, the devices in public circulation, and
the key players in the supply chain. It concludes with a discussion of
high-level diffi culties that challenge the ecosystem and impede Android
security research.
■ Chapter 2 examines Android operating system fundamentals. It begins
with an introduction to the core concepts used to keep Android devices
secure. The rest of the chapter dips into the internals of the most securitycritical
■ Chapter 3 explains the motivations and methods for gaining unimpeded
access to an Android device. It starts by covering and guiding you through
techniques that apply to a wide range of devices. Then it presents moderately
detailed information about more than a dozen individually
published exploits.
■ Chapter 4 pertains to security concepts and techniques specifi c to Android
applications. After discussing common security-critical mistakes made
during development, it walks you through the tools and processes used
to fi nd such issues.
■ Chapter 5 introduces key terminology used to describe attacks against
mobile devices and explores the many ways that an Android device can
be attacked.
■ Chapter 6 shows how to fi nd vulnerabilities in software that runs on
Android by using a technique known as fuzz testing. It starts by discussing
the high-level process behind fuzzing. The rest of the chapter takes a look
at how applying these processes toward Android can aid in discovering
security issues.
■ Chapter 7 is about analyzing and understanding bugs and security vulnerabilities
in Android. It fi rst presents techniques for debugging the
xxviii Introduction
different types of code found in Android. It concludes with an analysis
of an unpatched security issue in the WebKit-based web browser.
■ Chapter 8 looks at how you can exploit memory corruption vulnerabilities
on Android devices. It covers compiler and operating system internals, like
Android’s heap implementation, and ARM system architecture specifi cs.
The last part of this chapter takes a close look at how several published
exploits work.
■ Chapter 9 focuses on an advanced exploitation technique known as
Return Oriented Programming (ROP). It further covers ARM system
architecture and explains why and how to apply ROP. It ends by taking
a more detailed look at one particular exploit.
■ Chapter 10 digs deeper into the inner workings of the Android operating
system with information about the kernel. It begins by explaining how
to hack, in the hobbyist sense, the Android kernel. This includes how to
develop and debug kernel code. Finally, it shows you how to exploit a
few publicly disclosed vulnerabilities.
■ Chapter 11 jumps back to user-space to discuss a particularly important
component unique to Android smartphones: the Radio Interface Layer
(RIL). After discussing architectural details, this chapter covers how you
can interact with RIL components to fuzz the code that handles Short
Message Service (SMS) messages on an Android device.
■ Chapter 12 details security protection mechanisms present in the Android
operating system. It begins with a perspective on when such protections
were invented and introduced in Android. It explains how these protections
work at various levels and concludes with techniques for overcoming
and circumventing them.
■ Chapter 13 dives into methods and techniques for attacking Android, and
other embedded devices, through their hardware. It starts by explaining
how to identify, monitor, and intercept various bus-level communications.
It shows how these methods can enable further attacks against hard-toreach
system components. It ends with tips and tricks for avoiding many
common hardware hacking pitfalls.
Who Should Read This Book
The intended audience of this book is anyone who wants to gain a better
understanding of Android security. Whether you are a software developer, an
embedded system designer, a security architect, or a security researcher, this
book will improve your understanding of the Android security landscape.
Introduction xxix
Though some of the chapters are approachable to a wide audience, the bulk of
this book is better digested by someone with a fi rm grasp on computer software
development and security. Admittedly, some of the more technical chapters
are better suited to readers who are knowledgeable in topics such as assembly
language programming and reverse engineering. However, less experienced
readers who have suffi cient motivation stand to learn a great deal from taking
the more challenging parts of the book head on.
Tools You Will Need
This book alone will be enough for you to get a basic grasp of the inner workings
of the Android OS. However, readers who want to follow the presented code
and workfl ows should prepare by gathering a few items. First and foremost,
an Android device is recommended. Although a virtual device will suffi ce for
most tasks, you will be better off with a physical device from the Google Nexus
family. Many of the chapters assume you will use a development machine with
Ubuntu 12.04. Finally, the Android Software Developers Kit (SDK), Android
Native Development Kit (NDK), and a complete checkout of the Android Open
Source Project (AOSP) are recommended for following along with the more
advanced chapters.
What’s on the Website
As stated earlier, this book is intended to be a one-stop resource for current
Android information security research and development. While writing this
book, we developed code that supplements the material.
No comments:
Post a Comment