Device Management und Sicherheit
Transcrição
Device Management und Sicherheit
Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Freitag, 4. Februar 2011 Introducing Stephan Linzner Benjamin Reimold • Consultant, Software Engineer • Mobile Developer • Founder of Stuttgart GTUG Contact: Freitag, 4. Februar 2011 (DH Stuttgart) • Mobile Developer • Member of Stuttgart GTUG Contact: @onlythoughtwork XING, Facebook [email protected] Introduction • Bachelor-Thesis 2011 Attack Vectors Security Model @elektrojunge XING [email protected] Best Practices 3rd Party Solutions Conclusion Agenda •Once upon a time... •Attack vectors •Security model •Best practices •3rd party solutions •…and they lived happily ever after – a conclusion. Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion BACKGROUND INFORMATION Freitag, 4. Februar 2011 consumerized IT •Inversion of technology adaption •Usage of private mobile devices to access corporate infrastructure •Consumer market devices used as business devices Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Once upon a time… •Until 2007 Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Freitag, 4. Februar 2011 Freitag, 4. Februar 2011 Freitag, 4. Februar 2011 Once upon a time… •Until 2007 •Blackberry OS, Windows Mobile OS & Symbian OS •In 2007 Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Freitag, 4. Februar 2011 Once upon a time… •Until 2007 •Blackberry OS, Windows Mobile OS & Symbian OS •In 2007 •iPhone •Today •Various mobile platforms for businesses Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Once upon a time… •Until 2007 •Blackberry OS, Windows Mobile OS & Symbian OS •In 2007 •iPhone •Today •Various mobile platforms for businesses •Future!? Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Freitag, 4. Februar 2011 Once upon a time… Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Why android matters •300,000 activated devices per day (Google 12/2010) •Strong growth in the last year and still growing • Likely one of the future dominant mobile platforms (Gartner, Nielsen, Comscore) •Lots of different devices with different form factors and in different price segments (smartphones, tablets, ruggedized devices) •Open source (Apache 2.0) & free Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Usage scenarios •Mobile interface to enterprise communication backends •PIM (Lotus Notes, MS Outlook) •CRM (Salesforce, Google Apps) •VPN •Remote desktop on mobile devices (Parallels mobile for iPhone/Android) •Custom B2B solutions •Sales force applications •Mobile assistance systems Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion ATTACK VECTORS Freitag, 4. Februar 2011 General threats •Private/Corperate data stored on the device •Log Files stored on the device •Continuous data collection (ie. geolocation tracking) •Synchronization •Contacts •Calendar •Data theft •3rd party Code Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Freitag, 4. Februar 2011 Attack vectors •Technical vectors •„Standard“ malicious software (viruses, trojans) •Unpatched mobile browsers •Usage of open wi-fi •Rooting the device (jailbreak) •Bluetooth, radio vulnerabilities Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Attack vectors •Social vectors •Loosing the device •Apps (access to corporate/private data, location) •„(Your) kids!“ Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Attack vectors •Android specific vectors •Log-cat output •Attack on application messaging framework •Sniffing, Fuzzing, Exploiting of •Intents, Content providers •Steal certificate and roll out malicious „update“ (in theory) •NDK code can bypass Android security model!? Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion ANDROID‘S SECURITY CONCEPT Freitag, 4. Februar 2011 Freitag, 4. Februar 2011 Coarse-grained security model •Process isolation enforced by underlying linux kernel •UID •Group ID •Sandboxing •Ressources can only be accessed by the owner application •Each application running in it‘s own VM •Explicitly sharing of resources to relax strict process boundaries •(Broadcast-) Intents, Services, Content Providers, AIDL interfaces to exchange data Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Fine-grained security model •Permissions •"A permission is a mechanism that enforces restrictions on the specific operations that a particular process can perform" •End-user model Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion System permissions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Declaring permissions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Enforce permissions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Enforce permissions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Enforce permissions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Criticism of the security model •Sandboxing & permissions are nice, but •Permissions not granular enough •No permission transparency •Partial permissions not possible •Granted permissions can‘t be changed (unless re-installation of the app) •No approval process in android market •Possibility to install apps without android market •App certification Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion S E C I T C A R P T S E B Freitag, 4. Februar 2011 Managing android phones with Google Apps •Restrict synchronization (with Google account) •Password policies (strength, length, require password) •Automatically lock the device •Number of invalid passwords allowed before wipe •Perform remote wipe Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Microsoft Exchange? •Very basic •Full support with BES •All (Windows Mobile) or fewer than iOS (Windows Phone 7) •Fewer than iOS •14 policies Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion The device management API •Introduced with Android 2.2 (Froyo) •Enforce password policies •quality (alphabetic, numeric, alpha-numeric) •length •reset passwort •maximum failed passwords until wipe •Lock screen (maximum time to lock device) •Lock screen password •Wipe phone Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion New policies in Android 3.0 (Honeycomb) •New policies DeviceAdminInfo.USES_ENCRYPTED_STORAGE DeviceAdminInfo.USES_POLICY_FORCE_LOCK DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY •Encrypted storage system getStorageEncryptionStatus() setStorageEncryption(ComponentName admin, boolean encrypt) Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion New policies in Android 3.0 (Honeycomb) •Proxy support setGlobalProxy(ComponentName admin, Proxy proxySpec, List<String> exclusionList) •Immediately lock lockNow() •The password policies were also beefed up, e.g. setPasswordExpirationTimeout() Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Techniques •Use a custom ROM •Use alternative browsers from other vendors (Opera, Firefox, Dolphin) as standard browser will be patched with OS updates only •Store your data in the cloud with HTTPS •Prevent all logging output •Educate your employees! •Define policies for usage (application/permission whitelist agreements, usage agreements) •Don‘t allow installation from unknown sources (nonandroid market sources) Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Use encryption •No encrypted preferences by default •No encrypted application data on SD card •Encrypt ALL Data •Databases •Preferences •SD card •Obfuscate Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion 3rd party solutions •Companies start to provide security solutions Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Freitag, 4. Februar 2011 …and they lived happily ever after - a conclusion. Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion …and they lived happily ever after - a conclusion. •Android will be one of the major mobile platforms in the future •"Don´t take kindness for weakness"- Android‘s openness might be its biggest drawback but as well as its biggest strength •Custom builds are very powerful, you can tailor the platform to your very own business needs •Android already has security features but they do not come out of the box, you have to use them in your implementation! •Android 3.0 (Honeycomb) is a big improvement •Administration and policy management has to be improved •Google Apps and 3rd party products to secure the devices are already available Introduction Freitag, 4. Februar 2011 Attack Vectors Security Model Best Practices 3rd Party Solutions Conclusion Q&A ? ? Introduction Freitag, 4. Februar 2011 ? ? ? Any Questions? ? Attack Vectors ? ? Security Model Solutions ? Best Practices ? ? Other Solutions ? ? Conclusion THX! Freitag, 4. Februar 2011