| Description |
1 online resource (577 pages) |
| Contents |
Cover; Title Page; Copyright; Contents; Chapter 1 Looking at the Ecosystem; Understanding Android's Roots; Company History; Version History; Examining the Device Pool; Open Source, Mostly; Understanding Android Stakeholders; Google; Hardware Vendors; Carriers; Developers; Users; Grasping Ecosystem Complexities; Fragmentation; Compatibility; Update Issues; Security versus Openness; Public Disclosures; Summary; Chapter 2 Android Security Design and Architecture; Understanding Android System Architecture; Understanding Security Boundaries and Enforcement; Android's Sandbox; Android Permissions |
|
Looking Closer at the Layers Android Applications; The Android Framework; The Dalvik Virtual Machine; User-Space Native Code; The Kernel; Complex Security, Complex Exploits; Summary; Chapter 3 Rooting Your Device; Understanding the Partition Layout; Determining the Partition Layout; Understanding the Boot Process; Accessing Download Mode; Locked and Unlocked Boot Loaders; Stock and Custom Recovery Images; Rooting with an Unlocked Boot Loader; Rooting with a Locked Boot Loader; Gaining Root on a Booted System; NAND Locks, Temporary Root, and Permanent Root; Persisting a Soft Root |
|
History of Known Attacks Kernel: Wunderbar/asroot; Recovery: Volez; Udev: Exploid; Adbd: RageAgainstTheCage; Zygote: Zimperlich and Zysploit; Ashmem: KillingInTheNameOf and psneuter; Vold: GingerBreak; PowerVR: levitator; Libsysutils: zergRush; Kernel: mempodroid; File Permission and Symbolic Link-Related Attacks; Adb Restore Race Condition; Exynos4: exynos-abuse; Diag: lit / diaggetroot; Summary; Chapter 4 Reviewing Application Security; Common Issues; App Permission Issues; Insecure Transmission of Sensitive Data; Insecure Data Storage; Information Leakage Through Logs |
|
Unsecured IPC Endpoints Case Study: Mobile Security App; Profiling; Static Analysis; Dynamic Analysis; Attack; Case Study: SIP Client; Enter Drozer; Discovery; Snarfing; Injection; Summary; Chapter 5 Understanding Android's Attack Surface; An Attack Terminology Primer; Attack Vectors; Attack Surfaces; Classifying Attack Surfaces; Surface Properties; Classification Decisions; Remote Attack Surfaces; Networking Concepts; Networking Stacks; Exposed Network Services; Mobile Technologies; Client-side Attack Surface; Google Infrastructure; Physical Adjacency; Wireless Communications |
|
Other Technologies Local Attack Surfaces; Exploring the File System; Finding Other Local Attack Surfaces; Physical Attack Surfaces; Dismantling Devices; USB; Other Physical Attack Surfaces; Third-Party Modifications; Summary; Chapter 6 Finding Vulnerabilities with Fuzz Testing; Fuzzing Background; Identifying a Target; Crafting Malformed Inputs; Processing Inputs; Monitoring Results; Fuzzing on Android; Fuzzing Broadcast Receivers; Identifying a Target; Generating Inputs; Delivering Inputs; Monitoring Testing; Fuzzing Chrome for Android; Selecting a Technology to Target; Generating Inputs |
|
Processing Inputs |
| Summary |
The first comprehensive guide to discovering and preventing attacks on the Android OS. As the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them. If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysis; Covers Android application building blocks and security as well as debugging and auditing Android apps; Prepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attack. Android Hacker's Handbook is the first comprehensive resource for IT professionals charged with smartphone security.-- Publisher description |
| Bibliography |
Includes bibliographical references and index |
| Notes |
Copyright © Wiley 2013 |
|
English |
|
Print version record |
| SUBJECT |
Android (Electronic resource) http://id.loc.gov/authorities/names/n2009043077
|
|
Android (Electronic resource) fast |
|
Android (Electronic resource) nli |
| Subject |
Computer security.
|
|
Application software -- Development.
|
|
Mobile computing.
|
|
Hackers.
|
|
Smartphones -- Security measures
|
|
COMPUTERS -- Programming -- Open Source.
|
|
COMPUTERS -- Software Development & Engineering -- Tools.
|
|
COMPUTERS -- Software Development & Engineering -- General.
|
|
Application software -- Development
|
|
Computer security
|
|
Hackers
|
|
Mobile computing
|
|
Computer security.
|
|
Application software -- Development.
|
|
Mobile computing.
|
|
Hackers.
|
| Form |
Electronic book
|
| Author |
Lanier, Zach
|
|
Mulliner, Collin
|
|
Oliva, Pau
|
|
Ridley, Stephen A
|
|
Wicherski, Georg
|
| ISBN |
9781118608616 |
|
1118608615 |
|
9781118922255 |
|
1118922255 |
|
1306638100 |
|
9781306638104 |
|
