Custom cover image
Android Hacker's Handbook
Contributor(s): Resource type: Ressourcentyp: Buch (Online)Book (Online)Language: English Publisher: [s.l.] : Wiley, 2014Edition: 1. AuflDescription: Online Ressource (12977 KB, 576 S.)ISBN:- 111860864X
- 005.276
- 005.8 23
- QA76.76 .A65
- QA76.9.A25
Contents:
Summary: The first comprehensive guide to discovering and preventing attacks on the Android OSAs the Android operating system continues to increase its share of the smartphone market, smartphone hacking remains a growing threat. Written by experts who rank among the world's foremost Android security researchers, this book presents vulnerability discovery, analysis, and exploitation tools for the good guys. Following a detailed explanation of how the Android OS works and its overall security architecture, the authors examine how vulnerabilities can be discovered and exploits developed for various system components, preparing you to defend against them.If you are a mobile device administrator, security researcher, Android app developer, or consultant responsible for evaluating Android security, you will find this guide is essential to your toolbox. A crack team of leading Android security researchers explain Android security risks, security design and architecture, rooting, fuzz testing, and vulnerability analysisCovers Android application building blocks and security as well as debugging and auditing Android appsPrepares mobile device administrators, security researchers, Android app developers, and security consultants to defend Android systems against attackAndroid Hacker's Handbookis the first comprehensive resource for IT professionals charged with smartphone security.PPN: PPN: 807242470Package identifier: Produktsigel: ZDB-26-MYL | ZDB-30-PAD | ZDB-30-PQE
Cover; Title Page; Copyright; Contents; Chapter 1 Looking at the Ecosystem; Understanding Android's Roots; Company History; Version History; Examining the Device Pool; Open Source, Mostly; Understanding Android Stakeholders; Google; Hardware Vendors; Carriers; Developers; Users; Grasping Ecosystem Complexities; Fragmentation; Compatibility; Update Issues; Security versus Openness; Public Disclosures; Summary; Chapter 2 Android Security Design and Architecture; Understanding Android System Architecture; Understanding Security Boundaries and Enforcement; Android's Sandbox; Android Permissions
Looking Closer at the LayersAndroid Applications; The Android Framework; The Dalvik Virtual Machine; User-Space Native Code; The Kernel; Complex Security, Complex Exploits; Summary; Chapter 3 Rooting Your Device; Understanding the Partition Layout; Determining the Partition Layout; Understanding the Boot Process; Accessing Download Mode; Locked and Unlocked Boot Loaders; Stock and Custom Recovery Images; Rooting with an Unlocked Boot Loader; Rooting with a Locked Boot Loader; Gaining Root on a Booted System; NAND Locks, Temporary Root, and Permanent Root; Persisting a Soft Root
History of Known AttacksKernel: Wunderbar/asroot; Recovery: Volez; Udev: Exploid; Adbd: RageAgainstTheCage; Zygote: Zimperlich and Zysploit; Ashmem: KillingInTheNameOf and psneuter; Vold: GingerBreak; PowerVR: levitator; Libsysutils: zergRush; Kernel: mempodroid; File Permission and Symbolic Link-Related Attacks; Adb Restore Race Condition; Exynos4: exynos-abuse; Diag: lit / diaggetroot; Summary; Chapter 4 Reviewing Application Security; Common Issues; App Permission Issues; Insecure Transmission of Sensitive Data; Insecure Data Storage; Information Leakage Through Logs
Unsecured IPC EndpointsCase Study: Mobile Security App; Profiling; Static Analysis; Dynamic Analysis; Attack; Case Study: SIP Client; Enter Drozer; Discovery; Snarfing; Injection; Summary; Chapter 5 Understanding Android's Attack Surface; An Attack Terminology Primer; Attack Vectors; Attack Surfaces; Classifying Attack Surfaces; Surface Properties; Classification Decisions; Remote Attack Surfaces; Networking Concepts; Networking Stacks; Exposed Network Services; Mobile Technologies; Client-side Attack Surface; Google Infrastructure; Physical Adjacency; Wireless Communications
Other TechnologiesLocal Attack Surfaces; Exploring the File System; Finding Other Local Attack Surfaces; Physical Attack Surfaces; Dismantling Devices; USB; Other Physical Attack Surfaces; Third-Party Modifications; Summary; Chapter 6 Finding Vulnerabilities with Fuzz Testing; Fuzzing Background; Identifying a Target; Crafting Malformed Inputs; Processing Inputs; Monitoring Results; Fuzzing on Android; Fuzzing Broadcast Receivers; Identifying a Target; Generating Inputs; Delivering Inputs; Monitoring Testing; Fuzzing Chrome for Android; Selecting a Technology to Target; Generating Inputs
Processing Inputs
No physical items for this record
Online-Ausg.