Black Hat //Webcast 30

Android Security Overview, Threats, and Best Practices
// Stuart O. Anderson

thursday, june 23, 2011

0900 HRS PDT/ 1200 HRS EDT • FREE

Register now and receive $300 off of a new Black HAT USA 2011 Registration see details below

Register Now


Android Security Overview, Threats, and Best Practices

Android Security Overview, Threats, and Best Practices


With the Black Hat USA event just around the corner and Android quickly becoming a new prime stomping ground for all manner of malware, of Whisper Systems will be giving an in-depth discussion on the Android Security Model, along with the current threats, defenses and best practices. Don't let your droid wander around in the wild. You never know who's looking for them.

Here is a quick outline of the topics Stuart will cover:

A Security Oriented Overview of Android

  • System Architecture
  • Controlled Data Access
    • Content Providers
    • Permissions Whitelist
  • Process Separation
    • Zygote
    • Intents
    • Dalvik VM and Native Code
    • UIG:GID
    • IBinder
  • Bionic
  • Kernel Changes
    • ashmem
  • Structural/Market Issues
    • OEM/Carriers push updates VERY slowly
    • Orphaned devices
    • Provisioning
      • Market
      • Code signing model
      • Remote pull and push


    • Leaky apps
      • Location, Contacts, SD/Card, SMS database
      • Authtokens problem
      • Data leaving the device
      • Permissions Granularity
    • GSM weaknesses
    • Remote exploits
      • Prelinked binaries, apriori linker is non-relocatable
      • No sandbox, arbitrary native code
    • Device loss
    • Privilege Elevation
      • App to app
      • App to OS

    Solutions and Best Practices

    • Data protection
      • Dynamic information flow tracking
      • Fine grained permissions enforcement
        • service spoofing
    • Dynamic firewall / egress filtering
    • Intrusion detection
    • App layer encryption
      • Voice
      • SMS/MMS
      • Email
    • Exploit mitigation techniques
      • Retouching
      • NX bits
    • Device Loss
      • Enchanced Screenlock
      • Disk Encryption
      • Secure Backup and Remote Wipe


    Stuart O. Anderson is co-founder of Whisper Systems, where he designs mobile security and management solutions for the enterprise. Before founding Whisper Systems he worked with Moxie Marlinspike as a fellow at the Institute for Disruptive Studies, where he applied a background in robotics, applied math, systems integration, and machine learning.

    Special Offer for Black Hat USA 2011:

    If you register for the free upcoming webcast on June 23rd, you will receive $300 off a new registration to the Black Hat USA 2011 Briefings. Simply register for the webcast and we will send you a discount code in your confirmation email to use when registering for the Black Hat USA 2011 Briefings.

    * Standard Terms & Conditions apply. To view the Black Hat Terms & Conditions, visit: Black Hat USA 2011 Terms - This discount code can only be used for new online registration to Black Hat Briefings (Training classes are excluded).

    sponsor guest:

    Alex Horan, Product Manager, Core Security Technologies. As a Product Manager at Core Security Technologies, Alex Horan is responsible for driving development of Core’s desktop family of automated security testing solutions, including design of the products’ functional capabilities and technical architecture.

    Horan most recently spearheaded development of WebVerify, the company’s solution for automated Web Application Security testing, WebVerify goes beyond testing the web application to illustrate how vulnerabilities in the web application can lead to exposures in the connected environment. Having worked previously in operational security roles for a range of large and mid-sized companies, Alex has over 15 years of experience working with hardware and software-based security tools, vulnerability assessment and penetration testing technologies, and systems and network administration and auditing.


    Core Security Technologies provides organizations with real-world security intelligence. In today’s highly secured organizations, there is no shortage of available security data, but there is a shortage of security intelligence. Core’s security test and measurement solutions fill the gap between the mass of security data and the intelligence to constantly know where the real exposures reside. Core’s customers gain real intelligence and visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations and manage IT risks.

    Core Security’s software solutions are used by more than a thousand commercial and government organizations. Solutions range from desktop software tools for technical security experts to infrastructure-wide automated testing and measurement platforms and services that leverage over a decade of trusted research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: