Android Kernel and OS Security Assessment with Iron Crow

Presented at Black Hat Europe 2014, Oct. 17, 2014, 11:45 a.m. (30 minutes)

Android is a pliable environment bent into different shapes by different OEMs. While Android offers several security mechanisms at the framework and at the application levels, there's little it offers to an OEM that customizes Android. We have seen vulnerabilities in Android stemming out of excess file permissions, processes left running as root or system after a debug cycle, privileged security capabilities in an attempt to avoid setuid files, and so on. While there are tools to run partial checks at either the Android framework level or at the Linux layer, we do not have a powerful tool that can scan for platform level vulnerabilities. We announce our tool called Iron Crow that can greatly benefit Android BSP developers and OEMs to catch vulnerabilities of this nature - thereby protecting end users, improving the security of Android, and also protect themselves from media reprimand.


Presenters:

  • Sumanth Naropanth - Intel
    Sumanth Naropanth leads security assessment efforts for Intel mobile platforms. He brings in nearly 10 years of background in security in a broad range of technologies. He focuses on security architecture and code reviews, fuzzing and whitebox penetration testing. In prior roles, Sumanth ran the PSIRT at Palm and also led several vulnerability hunting exercises for the webOS platform. Before that, he served at Sun Microsystems working on Solaris security. He has a Masters from Columbia University specializing in system security.
  • Akhil Arora - Xerox Research Center India
    Akhil is a Data Mining and a Machine Learning Enthusiast. He is currently working as a Research Engineer in the field of Text and Graph Analysis at the Xerox Research Center India. Prior to this, he was a Security Engineer at Intel India and explored platform security assessments via security code-reviews, penetration testing, and fuzzing. He has an affinity towards research and always likes to keep himself involved with various related events.

Links:

Similar Presentations: