Current State of Android Privilege Escalation

Transcript

1. Current State of Android Privilege Escalation Ryan Welton Marco Grassi

2. Who are we? Ryan Welton Twitter: @fuzion24 Security Research @

   NowSecure Marco Grassi Twitter: @marcograss Security Researcher at KEEN Team Former Security Researcher at NowSecure

3. What is privilege escalation? In general, it means gain more

   capabilities than you were granted. Android applications run in a sandbox as separate Linux users. Applications communicate with services via IPC to accomplish things and restricted by the permission model. Escalating privileges can include gaining code execution in mediaserver (as does stagefright bugs), system_server (as system user), or the ultimate privilege escalation: root with a good selinux context.

4. • Devices ship very locked down ◦ Remove carrier/OEM bloatware

   ◦ Install custom ROM like Cyanogenmod ◦ Enable restricted features like WiFi tethering • Change the behavior of applications. Using injection framework like xposed ◦ Remove advertisements and tracking from applications (minminguard) ◦ Restrict data on app-by-app basis (Xprivacy) ◦ Hijacking Google IAPs =D • Root applications ◦ Call recorder ◦ Change/modify/backup application data ◦ Ability to inspect the device to look for (other) vulnerabilities Why would you want to root your device?

5. • Malevolent applications ◦ Gain full control of the phone

   and run a service that connects to c&c (RAT) ◦ Encrypt all app data, images, etc. and hold hostage for Bitcoin (ransomware) ◦ Stealth stalking of user / pervasive monitoring ▪ Report user location ▪ Monitor camera/video/audio ▪ Listen to phone calls ▪ Monitor SMS • Law enforcement ◦ Forensically look at emmc ◦ Grab private application data ◦ Sidestep lockscreen (in some cases) Privilege Escalation vulnerabilities can harm you

6. History of Android Exploitation • Symlink/logic bugs • OEM Framework

   bugs ◦ Stumproot ◦ Weaksauce ◦ Samsung Keyboard RCE • Weak kernel drivers with large attack surface ◦ MSM Camera/audio drivers ◦ QSEE driver / Diag Driver

7. Past Exploits • ln -s /data/ <world writable root owned

   file> • adb reboot • echo ‘ro.kernel.qemu=1’ > /data/local.prop • adb reboot • ??? • profit

8. Kernel Exploitation - Weak kernel drivers Qualcomm has market dominance.

   Kernel bugs here affect most devices. IOCTLs that result in write-what-where, uncontrolled mmap, out of bounds array index, etc.. These bugs in device drivers (MSM Camera) were previously touchable via an unprivileged app

9. Kernel Exploitation Create a service that interacts with the device

   drivers. Make apps request a permission to interact with that service and not directly to the device driver. As the device driver attack surface shrinks, we’ve seen a move to exploit more generic vulnerabilities: Futex bug (towel root) / UAF in linux socket (ping pong) These bugs are touchable from within the sandbox (in the case of towelroot, a very restricted sandbox) TOWELROOT

10. OEM Modifications are disastrous (1/∞) Diversification in a software ecosystem

    is not advantageous as it is in bio ecosystem AOSP is generally much more secure than any particular OEM. Divergence from AOSP causes longer patching cycles, slower updates, and a shorter lifespan. There are advantages to being able to quickly apply and release patching cycles. Heavy modifications that deviate from AOSP require extra time and energy to patch. Practical Android Exploitation by @jcase is a good resource for OEM bugs

11. Stumproot • The emmc (/dev/block/mmcblk0) is writable by “lg_fota” group

    • The group is added to any unprivileged app by requesting the permission: “com.lge. permission.ACCESS_LGFOTA” • Search the emmc and replace a few lines of one of the shell scripts init runs • Reboot to root OEM modifications are disastrous

12. • Unix socket (/dev/socket/dmagent) ran by root process (dmagent) opens

    and listens to commands • CopyFileCtl copies files as root from arbitrary source to arbitrary destination Weaksauce OEM modifications are disastrous

13. Samsung / Swiftkey Remote Code as System • Samsung signed

    code from Swiftkey to run as system user • Blindly download and extract Zip file with directory traversal ◦ Arbitrary file write as system user • Overwrite dalvik-cache for system application • Remote code execution as system user OEM modifications are disastrous

14. Samsung / Swiftkey Remote Code as System Link: https://www.youtube.com/watch?v=uvvejToiWrY OEM

    modifications are disastrous

15. pwn2own was won on the S5 because of OEM framework

    customizations. Samsung added Absolute’s “persistent endpoint security” to the framework An intent from UID 1000 gains you arbitrary method invocation with arbitrary args Samsung RCE from “endpoint security” OEM modifications are disastrous

16. Android Volume Daemon Directory Traversal Android Secure containers did not

    properly sanitize the container id and followed symlinks You could use this to mount over any folder on the system • Create a symlink : /data/local/tmp/blah.asec -> /sbin/ • Create and mount a container named ../../../../.. /data/local/tmp/blah with vdc asec create • Write a patched adbd to /sbin/ ◦ adbd is ran as root by init • Restart adbd and your binary is ran OEM modifications are disastrous

17. Android Volume Daemon Directory Traversal (cont’ d) selinux policy properly

    blocked vold directory traversal without vold being patched in 4.4.3 Motorola modified (read: broke) this policy and allowed allowing the device to affect later versions of Android than it should have. This allowed the vold directory traversal to work on later versions of android that it should have: Motorola Pie Root OEM modifications are disastrous

18. OEM bugs/backdoors on Nexus devices OEM modifications are disastrous LG

    devices have a “Download Mode” which speak a proprietary protocol The device can be booted into this mode and part of the protocol is sending shell commands An attacker can then easily grab data off a victim’s device in the case of an unencrypted disk Even when encryption is used, evil-maid attack could be performed or encrypted disk could be pulled and bruteforced -- fairly easy with pins/patterns

19. OEM bugs/backdoors on Nexus devices (cont’d) OEM modifications are disastrous

20. Loose signing keys OEMs can sign third party applications This

    greatly increases the attack surface as these apps have capabilities that normal applications cannot request If these apps have issues, your device is less secure Applications are not as tightly audited as they should be OEM modifications are disastrous

21. Loose signing keys - Cont’d Certifi-gate, presented at BH USA

    2015 by Check Point Independently found by us in July in the TeamViewer application plugin for Samsung devices. The plugin is signed with the OEM keys to access permissions protected with the “signature” access level, to inject events and grab the screen. They completely screwed up the IPC authentication, relying on a custom implementation. OEM modifications are disastrous

22. Loose signing keys - Teamviewer • A privileged add on

    is signed by every OEM that ‘bought into’ Teamviewer • X509Certificate.getSerialNumber() is used to check if the calling application is ‘signed’ properly • The serialNumber of an x509 cert can be arbitrarily set -- create your app and set the serial • The vuln is kind of lame as it only gains you local touch input injection and screen cap • Our POC is located at github. com/fuzion24/teamviewerpoc OEM modifications are disastrous

23. Loose signing keys - Cont’d Cisco AnyConnect -- signed as

    a system app with a busybox binary it wrote to disk An BackupManagerService vulnerability was exploited that restored malicious busybox binary over the original While Cisco Anyconnect wasn’t the root cause of this issue, exploitation would have been more difficult without this app being signed with more privileges OEM modifications are disastrous

24. Attacking system_server • system_server runs as system user • system

    is the closest thing to root on android ◦ Very few resources that you can't access with system ▪ Access GPS/Camera/Mic/SMS ▪ Can load kernel modules?!! in some cases • Large attack surface • Not particularly hardened or difficult to exploit ◦ Forked from zygote -- same memory layout as all apps

25. Attacking system_server (cont’d) • system_server is also a very valuable

    target as a stepping stone to root • After system_server exploitation, you have a much larger attack surface • @retme7 did this with CVE-2014- 7911 and CVE-2014-4322 • app -> system_server -> kernel • CVE-2014-7911 is a serialization issue in system_server → exploit to get system • CVE-2014-4322 is a bug in /dev/qseecom which requires system user to access

26. Attacking system_server (cont’d) - CVE-2015-1528 • Integer overflow leading to

    heap corruption • Multi-stage exploit of heap corruption • mediaserver is not forked from zygote so ASLR bypass is a bit tricky • surfaceflinger runs as system but needs a better selinux context, hence the jump to system_server • Paper and POC OEM modifications are disastrous

27. Serialization Issues First published issue of this kind in 2014

    was CVE-2014-7911 on FD mailing list - Bug present in all Android versions prior to 5.0 - system_server run as system, so if we get code exec from a regular app, we escalated our privileges - It’s a vulnerability in AOSP, so it’s not manufacturer specific, which is great for targeting a large number of devices :)

28. CVE-2014-7911

29. CVE-2014-7911

30. CVE-2014-7911

31. CVE-2014-7911 - Very good writeup by Palo Alto: http: //researchcenter.

    paloaltonetworks. com/2015/01/cve-2014- 7911-deep-dive-analysis- android-system-service- vulnerability-exploitation/ - When the Garbage Collector kicks in, it will invoke finalize() on our object, which will call destroy() native method.

32. Generic Patterns and Problems in those exploits In all those

    serialization exploits we will face some shared problems, so it’s good to come up with techniques and reuse them The first problem is that we need to bypass some mitigations, namely DEP and ASLR. The second problem is that we need to influence the lifecycle of an object in a remote process (trigger the garbage collection reliably to make the memory corruption more deterministic, since the GC by itself, it’s not.)
33. None
34. None
35. None
36. None

37. CVE-2014-7911

38. CVE-2014-7911

39. CVE-2014-7911

40. CVE-2014-7911

41. CVE-2014-7911

42. CVE-2014-7911

43. CVE-2014-7911

44. CVE-2014-7911

45. None

46. Moar Serialization bugs - X509Certificate CVE-2015-3825 • Conscrypt, a Java

    crypto lib, keeps pointers to native objects (arguably a bad idea) • OpenSSLX509Certificate extends a class which is serializable, making it serializable • ‘transient’ keyword in Java tells the serializer/deserializer to ignore that field

47. • mContext is reference counted. • When OpenSSLX509Certificate is garbage

    collected, the finalize method decrements *(mContext + 0x10) • We can decrement any address that has a positive integer value • Write pointer to first ROP gadget over native function pointer callback Moar Serialization bugs - X509Certificate exploit CVE-2015-3825

48. • This bug is even easier to exploit than -7911.

    • When we trigger the function pointer pointing to our first ROP gadget, our ROP payload is pointed to by a register -- no need to heap spray • We can find which register points to our buffer and which addresses our gadgets our at in our own process Moar Serialization bugs - X509Certificate exploit CVE-2015-3825

49. Even Moar! Serialization Issues There are still other unpatched issues

    related to deserialization in AOSP. Crash PoC demo on Android M 6.0 running on Nexus 7 2013. Responsibly disclosed, fix is on the way. It got low priority because reliable memory corruption was not achieved. Thanks to @flanker_hqd for the help on the PoC!

50. Quick Demo

51. We still need to go from system to root right?

    From system_server we have more attack surface, in fact system_server is one of the most privileged context in the system. It has CAP_SYS_MODULE, so it’s able to load modules into the kernel, even without being root! So if kernel modules support is enabled, it’s trivial to code and compile a kernel module and load it and get root after getting system.

52. CVE-2014-4323 (with demo and PoC code) write (almost)what-where, we can

    write a 24bits address (0x00XXXXXX) anywhere we want thanks to a vulnerability in the Qualcomm’s mdp driver. Since that kind of address resides in userspace portion of memory and there is no PAN or PXN (equivalents of SMAP and SMEP on ARM), we can hijack a function pointer in the kernel and execute our code mapped in userspace, to achieve arbitrary kernel code execution. Details and writeup (credits for discovery and writeup to laginimaineb): http://bits- please.blogspot.com/2015/08/android-linux-kernel-privilege_26.html We are releasing a PoC since none wrote it so far

53. CVE-2014-4323 DEMO PoC: https://github.com/marcograss/cve-2014-4323

54. Kernel issues are still alive and well (Amazon Fire Phone)

    • Kernel memory corruption issue triggerable from the sandbox • Responsibly disclosed (and now collaborating for a fix) with the Amazon Security Team • Still unpatched, so we will not release any details in this presentation, just a panic demo from the sandbox. • Stay tuned for the update and fix, so far the Amazon Security Team took this issue very seriously and reworked the implementation “the right way”, not just applying a quick fix, kudos! DEMO!

55. Fire OS DEMO

56. Kernel issues are still alive and well (Tegra touchscreen) •

    Kernel memory corruption issue triggerable from the sandbox on some devices, dep on the touchscreen device permissions and SELinux policy. • Responsibly disclosed to Blackphone first (different implementation that resulted in only a “panic” triggerable from the sandbox with 0 privileges) • Then to AOSP for the tegra kernel line, where a more serious corruption could happen for a different implementation. However it was already internally fixed in 3.10 kernel branch tmpbuf is allocated on kernel stack, and count is user controlled. Too bad that kernel stack is just 1-2 memory pages.

57. Ways forward • Modular, updatable components ◦ Google Play updatable

    System Webview • Fast patching cycle(s) and decent support lifetimes ◦ Android Handset Alliance -- dead? ◦ Device support is often measured on the order of months • System hardening ◦ Copperhead OS // security concise fork of CM • Visibility into device vulnerabilities ◦ Android VTS

58. Patching • Fast patching cycles are critical • Updates times

    are ridiculous ◦ Sometimes almost a year between updates ◦ OEMs blame carriers ◦ Carriers can blame OEMs, etc.. • The lifetime of devices is extremely short ◦ Use a 3rd party ROM like CM ◦ Buy a Nexus device • Some OEMs agreed to monthly security updates (not HTC -- it’s unrealistic?!) ◦ Arguably still too slow ◦ Lack of follow through on similar promises in the past • Modularity of more system components like webview to update piecewise Ways forward

59. ASLR and Hardening system_server • ASLR on android is still

    in a very poor state ◦ Only a few bits of entropy in many cases • Attacking system_server locally isn’t even probabilistic because of zygote forking model • People claimed to exploit Stagefright bugs in about a handful of tries ◦ Combination of a few different issues including choice of heap allocator • Copperhead has done some nice nice work in this realm and changed the forking model of zygote to randomize mem layout of system_server Ways forward

60. • One of the few ‘secure device’ projects that actually

    makes the device more secure • Adds PaX kernel protections • Changes the zygote forking mechanism to fix ASLR • Swap heap allocator from jemalloc to OpenBSD malloc make heap exploitations more difficult • Enables integer overflow protections to prevent a class of stagefright-like bugs • A technical overview here: https://copperhead. co/docs/technical_overview Copperhead Ways forward

61. Android VTS • In depth view into device vulnerabilities •

    Designed in a way which will not cause system instabilities • Open Source / community driven • Can be used as a type of ‘report card’ for OEM patching • It should become a comprehensive suite to device security • Sourcecode code and binary builds are located at : https://github.com/nowsecure/android-vts • Download, run, and contribute :D Understand which vulnerabilities your device is susceptible to Ways forward

62. Questions? Ryan Welton Security Researcher, NowSecure [email protected] Twitter: @fuzion24 github.com/fuzion24

    Marco Grassi Security Researcher, KEEN Team Twitter: @marcograss Thank you!