How I forced an Android Vulnerability into bypassing MDM restirctions + DIY - Android Malware analysis

No ratings

Presented at AVAR 2014 by

Zubair Ashraf

So you have got an Android malware, but you don't know how to analyze it, a=other than submitting it to automatic analysis portal. We can help you change this state, come to the session and we will walk you through how to analyze an Android Malware, using freely available static and dynamic tools, discover anti VM / anti emulator / anti RE techniques, bypass them using scripts, recompiling Android source, running your image in an emulator, we will also walk you through finding a simple code vulnerability, and how we came up with an idea to exploit it to bypass MDM restriction, what do we mean by that ... so your employer wants you to install an MDM, and let it control your password, length, device lockout time, etc, you may find it quite annoying but you still want to access corporate resources on your Android device, we will show you how we used a simple bud and did various manipulation and arm twisting to use it to trick MDM into believing that we were meeting all the safe practices while we did not even have password on device. Outline - step by step walk through of analyzing OBAD - discovering anti VM / anti RE obstacles, bypassing them - discovering a vulnerability and smart use / twisting of it to cheat MDM solutions, vulnerability is only patched in kitkat and earlier versions are still vulnerable, we have worked with MDM solution providers to make sure they will not be affected by issuing a patch (if they care), before we present this Keywords: Android, Malware, DIY, MDM, Android vulnerability search and exploitation What do you hope attendees will gain from the presentation? - ability to manually analyze mobile malware on Android - understanding of various tools out there - importance of having protection features like code signing / obfuscation / etc to strengthen MDM