1 00:00:00,110 --> 00:00:07,040 You all know the drill by now. So we have decided to change it up a little bit today. 2 00:00:07,040 --> 00:00:12,509 So, raise your hand if this is your first DEF CON as an attendee. 3 00:00:12,509 --> 00:00:18,600 You liars! All right. You on the end. Yes, you. Get up 4 00:00:18,600 --> 00:00:20,110 here. (Laughter) 5 00:00:20,110 --> 00:00:27,110 No, no, get him up on stage. I mean, come on. You can dream, can't you? Here are 1500 6 00:00:30,310 --> 00:00:37,310 of my closest friends. What are you doing? All right, pour him another one. You don't ‑‑ 7 00:00:40,120 --> 00:00:47,120 dude, slow down. Holy shit, he's taking a ‑‑ you know what, hold it. Don't give it to him 8 00:00:48,700 --> 00:00:55,700 until we are ready, because he's scaring me. All right. Our tradition is, first time speakers ‑‑ 9 00:00:57,010 --> 00:01:02,469 Where is mine? First time speakers, how about a round applause 10 00:01:02,469 --> 00:01:09,469 for our first‑time speaker and for our first‑time attendee. 11 00:01:10,560 --> 00:01:13,549 (Applause) Good luck with your talk! 12 00:01:13,549 --> 00:01:17,780 (Laughter) PAU OLIVA FORA: The person type writing 13 00:01:17,780 --> 00:01:20,549 this will have a hard time now. (Chuckles). 14 00:01:20,549 --> 00:01:25,810 I want to point out, he had no accent before that shot. 15 00:01:25,810 --> 00:01:30,760 (Laughter) PAU OLIVA FORA: Yeah, sorry, guys, my English 16 00:01:30,760 --> 00:01:33,420 is Spanglish. (Laughter). 17 00:01:33,420 --> 00:01:40,420 All right. I'm going to talk about SEAndroid, which is as you might know security enhancements 18 00:01:44,240 --> 00:01:51,240 in the Android. It's now been renamed so the name is security enhancement for Android. 19 00:01:56,850 --> 00:02:03,850 My name is Pau Oliva Fora I'm at POF at Twitter. Some of you follow me. If you don't, you should. 20 00:02:07,689 --> 00:02:14,689 I'm mobile security engineer with via forensics. I do R&D in Android security. And I'm also 21 00:02:19,060 --> 00:02:26,060 a co‑Arthur of the Android hacker's handbook, which will helpfully come out later this year. 22 00:02:28,190 --> 00:02:34,050 I brought these postcards. So you are welcome to come after the presentation to grab one. 23 00:02:34,050 --> 00:02:41,050 I have a bunch of them here. This is the agenda for today. First, I will 24 00:02:42,319 --> 00:02:48,920 talk about in which devices I have tested the Android, most of them. Then I will briefly 25 00:02:48,920 --> 00:02:55,920 talk about effectiveness and weaknesses of SEAndroid, and then to the details of the 26 00:02:57,440 --> 00:03:02,540 implementation issues I found on most of these devices. 27 00:03:02,540 --> 00:03:09,540 So, first thing that you will might want to care about the SEAndroid, you can compile 28 00:03:10,190 --> 00:03:17,190 it from public services which is AOSP, Android open source project and the bitbucket, that 29 00:03:18,069 --> 00:03:25,069 the NSA controls. You love the NSA. They are the contributors of the SEAndroid and they 30 00:03:25,989 --> 00:03:31,959 host it in bitbucket. So there is the SEmanager application, which 31 00:03:31,959 --> 00:03:38,959 sets it in enforcing mode and SEadmin, which has replaced the SEmanager. It's better because 32 00:03:43,819 --> 00:03:50,819 it runs the device administrator, while SEmanager runs as a system application. 33 00:03:51,290 --> 00:03:58,290 I have also tested SEAndroid in the Toshiba AT300 tablet. This tablet here. This was first 34 00:04:04,799 --> 00:04:11,799 device in the market with some SEAndroid. It's a bit weird. It's not the same as the 35 00:04:12,340 --> 00:04:19,340 SEAndroid we have seen in other devices. It uses Sealime, Linux security module. It's 36 00:04:22,049 --> 00:04:29,049 based on an early implementation of SELinux. It runs as a Linux security module. 37 00:04:31,119 --> 00:04:37,860 And finally, Android 4.3 came last week and as you might know, it comes with SELinux by 38 00:04:37,860 --> 00:04:44,860 default. So I have also tested it a little bit before coming here, and found little things. 39 00:04:46,379 --> 00:04:52,279 Yeah, you might know that SEAndroid is effective. It's good to enforce fine‑grained mandatory 40 00:04:52,279 --> 00:04:59,279 access control which is different from the discretionary access control that we use in 41 00:05:00,879 --> 00:05:07,879 Linux and UNIX system and also in Android with file permissions and user IDs. So in 42 00:05:08,719 --> 00:05:15,719 SEAndroid, you have also three different branches to test mandatory access control, install 43 00:05:15,909 --> 00:05:22,909 time of application and intent and content providers. 44 00:05:23,029 --> 00:05:29,649 It is good to prevent privilege escalations by isolating context. So a context is a process 45 00:05:29,649 --> 00:05:36,649 runs inside a context. So, for example, we can say, a trusted application, we can define 46 00:05:38,909 --> 00:05:45,909 a rule to set if we allow this entrusted application to access files open the SD card or access 47 00:05:47,589 --> 00:05:54,589 the radio interface, whatever, if we would allow it do or not. 48 00:05:54,990 --> 00:06:01,990 So as every application runs confined in this context, this allows to prevent privilege 49 00:06:05,249 --> 00:06:10,889 escalations since it can not access the file outside of this context. 50 00:06:10,889 --> 00:06:17,889 It's also good to do permissions checks on IPC, on the process communications operations 51 00:06:18,819 --> 00:06:25,819 which mainly binder on Android and it's also good to do permission revocation, or installed 52 00:06:29,270 --> 00:06:36,270 applications but, yeah, not everything is so good, as it might sound. 53 00:06:36,490 --> 00:06:43,490 The most known thing, it runs kernel levels. So it doesn't protect against kernel vulnerabilities. 54 00:06:44,749 --> 00:06:51,409 If an attacker is able to get arbitrary code execution in kernel LAN, it's very easy for 55 00:06:51,409 --> 00:06:58,409 him to disable the security of the Android. So for this, it needs to be enhanced with, 56 00:07:01,069 --> 00:07:06,949 for instance, the typical is to have a secure boot mechanism that makes sure the code we 57 00:07:06,949 --> 00:07:13,360 are running, the kernel is not tampered or modified in any way and also some runtime 58 00:07:13,360 --> 00:07:20,360 integrity check, which can be hypervisor, to make sure that the kernel is not moot or 59 00:07:23,209 --> 00:07:30,209 modified at runtime. Yeah, also vendors or companies deploying 60 00:07:32,909 --> 00:07:39,909 policies for employers using this bring your own device thing, they don't know how to write 61 00:07:41,369 --> 00:07:48,369 policies, right? Because in a commercial device, there can be, like, thousands of policies, 62 00:07:49,110 --> 00:07:54,949 and it's hard to write them, and hard to not make any mistake when there is a high number 63 00:07:54,949 --> 00:08:01,949 of policies. So that is what vendors are more ‑‑ having a hard time, right? And that's where 64 00:08:04,379 --> 00:08:10,309 they screw up as well. So this lets us to see in the implementation 65 00:08:10,309 --> 00:08:17,309 issues. First thing, okay, when you have all of your SEAndroid app working properly, you 66 00:08:18,429 --> 00:08:25,429 set the system to boot in enforcing mode, and some vendors, some people are setting 67 00:08:27,339 --> 00:08:34,339 these apps forget about the recovery image. If you boot in enforcing mode also, don't 68 00:08:34,870 --> 00:08:41,120 get your recovery to be in enforcing mode. Leave it in permissive mode. 69 00:08:41,120 --> 00:08:47,899 I was going to do a demo here, but this is what I will use. It doesn't need a demo. 70 00:08:47,899 --> 00:08:54,899 Another thing is policies screw up of vendors. They say, okay, my device is running in enforcing 71 00:08:55,839 --> 00:09:02,839 mode. So I'm preventing, the root user. They set a mode saying the root user cannot set 72 00:09:05,750 --> 00:09:12,750 the device in permissive. So the user cannot use the set enforce mode, but then they get 73 00:09:13,930 --> 00:09:18,410 about system user. So again... (Laughter). 74 00:09:18,410 --> 00:09:25,410 Again, as you see here, we have the ID command. Our root, if ‑‑ if we do our set enforce 75 00:09:28,750 --> 00:09:35,750 0, it says permission denied. We just have to do the system, once we do system, we can 76 00:09:39,199 --> 00:09:46,199 do setenforce. So a typical screwup, right? Also, this is another issue that I have seen 77 00:09:51,720 --> 00:09:58,449 sometimes. This comes because a lot of people has used the SE manager application, and they 78 00:09:58,449 --> 00:10:05,449 rely on this application to set the system in enforcing mode. So you should never set 79 00:10:06,540 --> 00:10:11,139 enforcing mode from a system application, right? We will see now why. 80 00:10:11,139 --> 00:10:16,430 So if we combine these with fail number one which if you remember was the recovery was 81 00:10:16,430 --> 00:10:23,000 left in permissive mode. It's very easy to reboot into recovery, and pull the system 82 00:10:23,000 --> 00:10:30,000 APK of the SEAndroid manager, just to, and then remount the system mode and then and 83 00:10:34,370 --> 00:10:41,370 they just have to remove the system that sets it in enforcing mode, so we have it permissive. 84 00:10:47,680 --> 00:10:54,680 What if we don't have recovery? Or what if recovery running in enforcing mode? Well, 85 00:10:56,350 --> 00:11:03,350 no problem. This ‑‑ sorry. (Laughter). 86 00:11:05,980 --> 00:11:12,980 Here these is a Galaxy Nexus. We put the system? Enforcing mode. So in this shell here, first 87 00:11:20,500 --> 00:11:27,439 I check if the device is running in enforcing mode. So I use the come and get enforce. I 88 00:11:27,439 --> 00:11:34,439 see it says "enforcing." So now I reboot the device and I set 19er to check every second 89 00:11:37,449 --> 00:11:44,180 that get enforce command. So we see it says "device not found" because the device is still 90 00:11:44,180 --> 00:11:51,180 booting, but when the AP Diamond is running, we will see that the system is booting in 91 00:11:51,800 --> 00:11:57,459 permissive mode, right? And now the Android system, when it finished 92 00:11:57,459 --> 00:12:04,459 the boot, it broadcasts a boot complete event to our application that has resisted to receive 93 00:12:05,490 --> 00:12:10,779 it. So it is now in enforcing mode, because the C manager application has received the 94 00:12:10,779 --> 00:12:14,860 boot complete event and has set the system in enforcing, but you can see that we have 95 00:12:14,860 --> 00:12:21,600 a window there. So we can take this window, while the system is booting, which is still 96 00:12:21,600 --> 00:12:27,290 in permissive mode, and we reboot the device again and we will use this window. We have 97 00:12:27,290 --> 00:12:32,850 a little race condition here but we have plenty of time. 98 00:12:32,850 --> 00:12:39,850 So we prepare this command, which uses the manager. So in the upper terminal, we see 99 00:12:43,670 --> 00:12:47,829 it's booting in permissive, he execute the command but it says error because the package 100 00:12:47,829 --> 00:12:54,829 manager is not loaded yet. Now it says, okay, new state disabled. We have disabled. The 101 00:12:56,399 --> 00:13:02,019 SEAndroid application manager which is a system application, the system is still fully boot 102 00:13:02,019 --> 00:13:09,019 and still in permissive mode. So it's as easy as this to disable a system application, which 103 00:13:12,509 --> 00:13:18,100 sets the system in enforcing mode. So this should be always set in init. You 104 00:13:18,100 --> 00:13:25,100 have to set enforcing mote in init, right before the AP Diamond starts. 105 00:13:26,160 --> 00:13:33,160 So this single one liner here will do this same work we have done in the video. You can 106 00:13:35,079 --> 00:13:40,509 over complicated this and write an Android application with a higher priority and boot 107 00:13:40,509 --> 00:13:45,519 procedure and do the same thing from the Android app. But system, from the shell it's easier 108 00:13:45,519 --> 00:13:51,410 and faster. Now, the Toshiba tablet, if you remember, 109 00:13:51,410 --> 00:13:58,410 this was the Sealime model, that does not allow us to do some things, like, for example, 110 00:13:58,430 --> 00:14:05,430 mounting the system par missioning, even if we have root. Have so this is possible to 111 00:14:06,990 --> 00:14:13,990 do on any Android system but on the Toshiba tablet, it does not allow us to do this. 112 00:14:15,839 --> 00:14:22,839 So I have ‑‑ wait. I have a demo here. Yeah. So we will use the Toshiba tablet and we will disable 113 00:14:30,129 --> 00:14:37,129 these Sealime module which is based on SEAndroid. Okay we run an ATP shell, we see the Sealime 114 00:14:37,680 --> 00:14:44,680 module is loaded. We try to remove it. And it says it failed, right? It doesn't allow 115 00:14:46,680 --> 00:14:53,680 us to remove it. So we try to mount system partition, it says the operation not permitted. 116 00:14:53,800 --> 00:15:00,800 To try to list the proc as SEAndroid and it says operation is not permitted. Okay, now 117 00:15:01,519 --> 00:15:08,519 I will compile this exploit. It will be available after the talk. So don't worry. 118 00:15:08,709 --> 00:15:15,709 So I just ATV push this exploit into the local folder and access the ATV shell again. Just 119 00:15:21,790 --> 00:15:28,160 give execute permissions to the exploit and then run it. 120 00:15:28,160 --> 00:15:35,160 And now we have overwrite counterpointer and run the security ops symbol, which now disables 121 00:15:39,639 --> 00:15:46,639 the Linux security module and allows us to reboot the system, in the SEproc. So we have 122 00:15:50,410 --> 00:15:57,410 effectively disabled this. This works because in a lot of Android devices, not only this 123 00:15:58,749 --> 00:16:05,749 Toshiba tablet but a lot of vendors, there is the config strict def mem kernel memory 124 00:16:08,629 --> 00:16:15,629 operation which says if in doubt say yes, but they have said no. So this allow for full 125 00:16:16,949 --> 00:16:23,949 access to memory on a root process. So you can poke the kernel memory as you wish. 126 00:16:25,119 --> 00:16:32,119 And finally, the Android 4.3. This implementation issues that I have found real quick because 127 00:16:36,309 --> 00:16:42,209 it came last week. One thing is that the ‑‑ over the air update from 4.22 to 4.3 leads 128 00:16:42,209 --> 00:16:49,209 to unabled file system. We see here LS/system and we see that all files there are unlabeled. 129 00:16:54,930 --> 00:17:01,930 This is because the recovery of Android 4.2.2, the recorded image of 4.2.2 is not compiled 130 00:17:02,699 --> 00:17:09,699 with Sealime Linux support. And so this happens. We have reported this so ISOP, and we says 131 00:17:12,279 --> 00:17:19,279 it will be fixed in the next release, because the Android 4.3 is already with Linux support. 132 00:17:21,409 --> 00:17:25,990 And finally, if you want to play with it, you have to know that the enforcing mode in 133 00:17:25,990 --> 00:17:32,990 the Nexus devices isn't really enforcing. If you pull the SC policy file, which sometimes 134 00:17:33,630 --> 00:17:40,120 is a big binary file, which all the policies compile in it and you run the SE info command 135 00:17:40,120 --> 00:17:47,120 on it, you will see that, for example, this is for a Nexus 4. We see that there are 44 136 00:17:47,980 --> 00:17:52,770 permissive domains. So every single domain is set to permissive, and everything is in 137 00:17:52,770 --> 00:17:57,340 confine. So enforcing isn't really enforcing here. Right? 138 00:17:57,340 --> 00:18:03,549 So if you want to play with this, there is a tool, by Joshua Brindle, which is the SC 139 00:18:03,549 --> 00:18:09,429 policy inject that allows to you inject your own policies into this or you can also compile 140 00:18:09,429 --> 00:18:16,429 from ISOP, because ISOP includes all the Android stuff. 141 00:18:16,860 --> 00:18:19,880 And that's it. Thank you very much for attending. (Applause) 142 00:18:19,880 --> 00:18:26,880 And if you care about Android security, you should follow these guys here. They have helped 143 00:18:31,700 --> 00:18:38,240 me in their research and in the making of this presentation and also at the URL at the 144 00:18:38,240 --> 00:18:43,960 bottom, at the via forensics, I will publish the exploit code and video later today. Thank 145 00:18:43,960 --> 00:18:44,210 you very much. (Applause). 146 00:18:44,020 --> 00:18:44,270 If you have any questions, feel free to ask them. 147 00:18:44,240 --> 00:18:46,210 Oh, and don't get to come and take the book.