Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs

Presented at Black Hat USA 2014, Aug. 7, 2014, 10:15 a.m. (25 minutes).

While Google Play has little malware, many vulnerabilities exist in the apps as well as the Android system itself, and aggressive ad libs leak a lot of user privacy information. When they are combined together, more powerful targeted attacks can be conducted. We will present one practical case of such attacks called "Sidewinder Targeted Attack." It targets victims by intercepting location information reported from ad libs, which can be used to locate targeted areas such as a CEO's office or some specific conference rooms. When the target is identified, "Sidewinder Targeted Attack" exploits popular vulnerabilities in ad libs, such as Javascript-binding-over-HTTP or dynamic-loading-over-HTTP, etc. During the exploit, it is a well-known challenge to call Android services from injected native code due to the lack of Android application context. So we will also demonstrate how attackers can invoke Android services such as taking photos, calling phone numbers, sending SMS, reading/writing the clipboard, etc. Once intruding into the target, the attackers can exploit several Android vulnerabilities to get valuable privacy information or initiate more advanced attacks. We will reveal how to exploit new vulnerabilities we discovered in this phase. In this talk, we will show demos using real-world apps downloaded from Google Play. Although we notified Google, ad vendors and app developers about related issues half a year ago, there are still millions of users under the threat of "Sidewinder Targeted Attacks" due to the slow patching/upgrading/fragmentation of the Android ecosystem.

Presenters:

  • Tao Wei - FireEye, Inc.
    Tao Wei is a Senior Staff Research Scientist at FireEye, Inc. Prior to joining FireEye, he was an Associate Professor at Peking University and a visiting Project Scientist at UC Berkeley. His research interests include software analysis and system protection, web trust and privacy, programing languages, and mobile security. He led his team to publish the first four papers from China at IEEE S&P (Oakland), the top-tier academic security conference. He also led the team to win the special recognition award of the Bluehat prize contest 2012 by proposing a high-performance software hardening approach. Now, he leads the mobile security research team at FireEye to discover mobile vulnerabilities, identify malwares, and prevent privacy leakage.
  • Yulong Zhang - FireEye, Inc.
    I am currently working in FireEye conducting the research and development of the next generation methodologies to analyze advanced mobile malware, and to design security products to detect and defend mobile threats.

Links:

Similar Presentations: