Android hacker's handbook
The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security re...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, Indiana :
John Wiley & Sons
2014.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009849069506719 |
Tabla de Contenidos:
- Cover; Title Page; Copyright; Contents; Chapter 1 Looking at the Ecosystem; Understanding Android's Roots; Company History; Version History; Examining the Device Pool; Open Source, Mostly; Understanding Android Stakeholders; Google; Hardware Vendors; Carriers; Developers; Users; Grasping Ecosystem Complexities; Fragmentation; Compatibility; Update Issues; Security versus Openness; Public Disclosures; Summary; Chapter 2 Android Security Design and Architecture; Understanding Android System Architecture; Understanding Security Boundaries and Enforcement; Android's Sandbox; Android Permissions
- Looking Closer at the LayersAndroid Applications; The Android Framework; The Dalvik Virtual Machine; User-Space Native Code; The Kernel; Complex Security, Complex Exploits; Summary; Chapter 3 Rooting Your Device; Understanding the Partition Layout; Determining the Partition Layout; Understanding the Boot Process; Accessing Download Mode; Locked and Unlocked Boot Loaders; Stock and Custom Recovery Images; Rooting with an Unlocked Boot Loader; Rooting with a Locked Boot Loader; Gaining Root on a Booted System; NAND Locks, Temporary Root, and Permanent Root; Persisting a Soft Root
- History of Known AttacksKernel: Wunderbar/asroot; Recovery: Volez; Udev: Exploid; Adbd: RageAgainstTheCage; Zygote: Zimperlich and Zysploit; Ashmem: KillingInTheNameOf and psneuter; Vold: GingerBreak; PowerVR: levitator; Libsysutils: zergRush; Kernel: mempodroid; File Permission and Symbolic Link-Related Attacks; Adb Restore Race Condition; Exynos4: exynos-abuse; Diag: lit / diaggetroot; Summary; Chapter 4 Reviewing Application Security; Common Issues; App Permission Issues; Insecure Transmission of Sensitive Data; Insecure Data Storage; Information Leakage Through Logs
- Unsecured IPC EndpointsCase Study: Mobile Security App; Profiling; Static Analysis; Dynamic Analysis; Attack; Case Study: SIP Client; Enter Drozer; Discovery; Snarfing; Injection; Summary; Chapter 5 Understanding Android's Attack Surface; An Attack Terminology Primer; Attack Vectors; Attack Surfaces; Classifying Attack Surfaces; Surface Properties; Classification Decisions; Remote Attack Surfaces; Networking Concepts; Networking Stacks; Exposed Network Services; Mobile Technologies; Client-side Attack Surface; Google Infrastructure; Physical Adjacency; Wireless Communications
- Other TechnologiesLocal Attack Surfaces; Exploring the File System; Finding Other Local Attack Surfaces; Physical Attack Surfaces; Dismantling Devices; USB; Other Physical Attack Surfaces; Third-Party Modifications; Summary; Chapter 6 Finding Vulnerabilities with Fuzz Testing; Fuzzing Background; Identifying a Target; Crafting Malformed Inputs; Processing Inputs; Monitoring Results; Fuzzing on Android; Fuzzing Broadcast Receivers; Identifying a Target; Generating Inputs; Delivering Inputs; Monitoring Testing; Fuzzing Chrome for Android; Selecting a Technology to Target; Generating Inputs
- Processing Inputs
