附近的威胁:逆转,分析和攻击谷歌在Android上的“附近连接”

D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen
{"title":"附近的威胁:逆转,分析和攻击谷歌在Android上的“附近连接”","authors":"D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen","doi":"10.14722/ndss.2019.23367","DOIUrl":null,"url":null,"abstract":"Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android\",\"authors\":\"D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen\",\"doi\":\"10.14722/ndss.2019.23367\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period.\",\"PeriodicalId\":20444,\"journal\":{\"name\":\"Proceedings 2019 Network and Distributed System Security Symposium\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2019 Network and Distributed System Security Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/ndss.2019.23367\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2019.23367","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20

摘要

b谷歌的附近连接API允许任何Android(和Android Things)应用程序为其用户提供基于邻近的服务,而不管他们的网络连接情况如何。API使用蓝牙BR/EDR,蓝牙LE和Wi-Fi让“附近”客户端(发现者)和服务器(广告商)连接并交换不同类型的有效载荷。API的实现是专有的、闭源的和模糊的。API的更新由谷歌自动安装在不同版本的Android上,无需用户交互。公众对API提供的安全保证知之甚少,尽管它呈现了一个重要的攻击面。在这项工作中,我们提出了谷歌的附近连接API的第一个安全分析,基于其Android实现的逆向工程。我们发现并实现了几种攻击,分为两大类:连接操纵攻击(connection manipulation, CMA)和范围扩展攻击(range extension attacks, REA)。cma攻击允许攻击者将自己作为中间人插入并操纵连接(甚至与附近无关),并篡改受害者的接口和网络配置。rea攻击允许攻击者通过隧道将任何附近的连接连接到远程位置,甚至是两个诚实设备之间的连接。我们的攻击是通过REArby实现的,这是我们在逆转API实现时开发的一个工具包。REArby包括一个动态二进制仪器,一个数据包解析器,以及自定义附近连接客户端和服务器的实现。我们计划在一个负责任的披露期后开源REArby。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android
Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信