Normal view MARC view ISBD view

Android Hacker's Handbook.

By: Drake, Joshua J.
Contributor(s): Lanier, Zach | Mulliner, Collin | Fora, Pau Oliva | Ridley, Stephen A | Wicherski, Georg.
Material type: TextTextSeries: eBooks on Demand.Publisher: Hoboken : Wiley, 2014Description: 1 online resource (577 p.).ISBN: 9781118922255.Subject(s): Android (Electronic resource) | Application software -- Development | Computer hackers | Computer security | Mobile computingGenre/Form: Electronic books.Additional physical formats: Print version:: Android Hacker's HandbookDDC classification: 005.276 LOC classification: QA76.76 .A65Online resources: Click here to view this ebook.
Contents:
Cover; Title Page; Copyright; Contents; Chapter 1 Looking at the Ecosystem; Understanding Android's Roots; Company History; Version History; Examining the Device Pool; Open Source, Mostly; Understanding Android Stakeholders; Google; Hardware Vendors; Carriers; Developers; Users; Grasping Ecosystem Complexities; Fragmentation; Compatibility; Update Issues; Security versus Openness; Public Disclosures; Summary; Chapter 2 Android Security Design and Architecture; Understanding Android System Architecture; Understanding Security Boundaries and Enforcement; Android's Sandbox; Android Permissions
Looking Closer at the LayersAndroid Applications; The Android Framework; The Dalvik Virtual Machine; User-Space Native Code; The Kernel; Complex Security, Complex Exploits; Summary; Chapter 3 Rooting Your Device; Understanding the Partition Layout; Determining the Partition Layout; Understanding the Boot Process; Accessing Download Mode; Locked and Unlocked Boot Loaders; Stock and Custom Recovery Images; Rooting with an Unlocked Boot Loader; Rooting with a Locked Boot Loader; Gaining Root on a Booted System; NAND Locks, Temporary Root, and Permanent Root; Persisting a Soft Root
History of Known AttacksKernel: Wunderbar/asroot; Recovery: Volez; Udev: Exploid; Adbd: RageAgainstTheCage; Zygote: Zimperlich and Zysploit; Ashmem: KillingInTheNameOf and psneuter; Vold: GingerBreak; PowerVR: levitator; Libsysutils: zergRush; Kernel: mempodroid; File Permission and Symbolic Link-Related Attacks; Adb Restore Race Condition; Exynos4: exynos-abuse; Diag: lit / diaggetroot; Summary; Chapter 4 Reviewing Application Security; Common Issues; App Permission Issues; Insecure Transmission of Sensitive Data; Insecure Data Storage; Information Leakage Through Logs
Unsecured IPC EndpointsCase Study: Mobile Security App; Profiling; Static Analysis; Dynamic Analysis; Attack; Case Study: SIP Client; Enter Drozer; Discovery; Snarfing; Injection; Summary; Chapter 5 Understanding Android's Attack Surface; An Attack Terminology Primer; Attack Vectors; Attack Surfaces; Classifying Attack Surfaces; Surface Properties; Classification Decisions; Remote Attack Surfaces; Networking Concepts; Networking Stacks; Exposed Network Services; Mobile Technologies; Client-side Attack Surface; Google Infrastructure; Physical Adjacency; Wireless Communications
Other TechnologiesLocal Attack Surfaces; Exploring the File System; Finding Other Local Attack Surfaces; Physical Attack Surfaces; Dismantling Devices; USB; Other Physical Attack Surfaces; Third-Party Modifications; Summary; Chapter 6 Finding Vulnerabilities with Fuzz Testing; Fuzzing Background; Identifying a Target; Crafting Malformed Inputs; Processing Inputs; Monitoring Results; Fuzzing on Android; Fuzzing Broadcast Receivers; Identifying a Target; Generating Inputs; Delivering Inputs; Monitoring Testing; Fuzzing Chrome for Android; Selecting a Technology to Target; Generating Inputs
Processing Inputs
Summary: The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various syst
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.76 .A65 (Browse shelf) http://uttyler.eblib.com/patron/FullRecord.aspx?p=1662701 Available EBL1662701

Cover; Title Page; Copyright; Contents; Chapter 1 Looking at the Ecosystem; Understanding Android's Roots; Company History; Version History; Examining the Device Pool; Open Source, Mostly; Understanding Android Stakeholders; Google; Hardware Vendors; Carriers; Developers; Users; Grasping Ecosystem Complexities; Fragmentation; Compatibility; Update Issues; Security versus Openness; Public Disclosures; Summary; Chapter 2 Android Security Design and Architecture; Understanding Android System Architecture; Understanding Security Boundaries and Enforcement; Android's Sandbox; Android Permissions

Looking Closer at the LayersAndroid Applications; The Android Framework; The Dalvik Virtual Machine; User-Space Native Code; The Kernel; Complex Security, Complex Exploits; Summary; Chapter 3 Rooting Your Device; Understanding the Partition Layout; Determining the Partition Layout; Understanding the Boot Process; Accessing Download Mode; Locked and Unlocked Boot Loaders; Stock and Custom Recovery Images; Rooting with an Unlocked Boot Loader; Rooting with a Locked Boot Loader; Gaining Root on a Booted System; NAND Locks, Temporary Root, and Permanent Root; Persisting a Soft Root

History of Known AttacksKernel: Wunderbar/asroot; Recovery: Volez; Udev: Exploid; Adbd: RageAgainstTheCage; Zygote: Zimperlich and Zysploit; Ashmem: KillingInTheNameOf and psneuter; Vold: GingerBreak; PowerVR: levitator; Libsysutils: zergRush; Kernel: mempodroid; File Permission and Symbolic Link-Related Attacks; Adb Restore Race Condition; Exynos4: exynos-abuse; Diag: lit / diaggetroot; Summary; Chapter 4 Reviewing Application Security; Common Issues; App Permission Issues; Insecure Transmission of Sensitive Data; Insecure Data Storage; Information Leakage Through Logs

Unsecured IPC EndpointsCase Study: Mobile Security App; Profiling; Static Analysis; Dynamic Analysis; Attack; Case Study: SIP Client; Enter Drozer; Discovery; Snarfing; Injection; Summary; Chapter 5 Understanding Android's Attack Surface; An Attack Terminology Primer; Attack Vectors; Attack Surfaces; Classifying Attack Surfaces; Surface Properties; Classification Decisions; Remote Attack Surfaces; Networking Concepts; Networking Stacks; Exposed Network Services; Mobile Technologies; Client-side Attack Surface; Google Infrastructure; Physical Adjacency; Wireless Communications

Other TechnologiesLocal Attack Surfaces; Exploring the File System; Finding Other Local Attack Surfaces; Physical Attack Surfaces; Dismantling Devices; USB; Other Physical Attack Surfaces; Third-Party Modifications; Summary; Chapter 6 Finding Vulnerabilities with Fuzz Testing; Fuzzing Background; Identifying a Target; Crafting Malformed Inputs; Processing Inputs; Monitoring Results; Fuzzing on Android; Fuzzing Broadcast Receivers; Identifying a Target; Generating Inputs; Delivering Inputs; Monitoring Testing; Fuzzing Chrome for Android; Selecting a Technology to Target; Generating Inputs

Processing Inputs

The first comprehensive guide to discovering and preventing attacks on the Android OS As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various syst

Description based upon print version of record.

Author notes provided by Syndetics

<p> JOSHUA J. DRAKE is a Director of Research Science at Accuvant LABS.</p> <p> PAU OLIVA FORA is a Mobile Security Engineer with viaForensics.</p> <p> ZACH LANIER is a Senior Security Researcher at Duo Security.</p> <p> COLLIN MULLINER is a postdoctoral researcher at Northeastern University.</p> <p> STEPHEN A. RIDLEY is a Principal Researcher with Xipiter.</p> <p> GEORG WICHERSKI is a Senior Security Researcher with CrowdStrike.</p>

There are no comments for this item.

Log in to your account to post a comment.