ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code

Security analysis of hardware crypto wallets

Tato práce analyzuje bezpečnost moderních hardwarových krypto peněženek. Různé modely ohrožení a hrozby jsou zhodnoceny. Několik současných hardwarových peněženek je podrobeno recenzi. Potenciální uživatelé jsou poučeni o tom, jak vybrat správnou hardwarovou peněženku a na nekalé praktiky některých výrobců. Původní hardwarová peněženka, Trezor One, je podrobena detailní analýze jak z hardwarové, tak softwarové perspektivy a tvrzení výrobce jsou ověřena. Zvláštní důraz je kladen na útoky postranním kanálem a experimenty s Trezor One.The thesis analyzes the security of modern hardware crypto wallets. Different threat models and threats for users are assessed with some of the current hardware wallets reviewed. Potential users are educated how to choose the right hardware wallet and warned about misleading advertising of some vendors. The original hardware wallet, Trezor One, is thoroughly analyzed from both hardware and software perspective and the security claims of the vendor are verified. A particular emphasis is placed on side-channel attacks and experiments with Trezor One

Ubicomp: Using iStuff

Ubiquitous computing, ubicomp, represents a scenario where computer devices are omnipresent usually with a look like not traditional computers. For this, is also known with the term "disappearing computer". There exists also a close relation between ubicomp and human to computer interaction. With the appearing of new computer devices spread along the environment, new interfaces to resolve human to computer interaction. This master thesis presents a ubiquitous computing scenario that uses iStuff toolkit as communication path. Nintendo's WiiRemote, known as wiiMote, is used as new human to computer device to allow user's interaction. WiiMote is communicated with a computer using WiiGee java libraries that incorporates an iStuff proxy that lets communicating with the scenario. The scenario also includes a collaborative application, called Collaborative Tetris, to interact with. The first chapter presents technical concepts and tools: Starting with definitions of terms ubiquitous computing and human to computer interaction concept and then the main tools used to develop this master thesis: iStuff toolkit, WiiMote and WiiGee java libraries The second chapter describes the start up of mentioned tools and the description of test scenarios. Third chapter summarizes the test results of the scenarios: iStuff start up scenario, communication between iStuff and WiiMote using wiiGee and a possible ubiquitous computing environment with a collaborative application: collaborative Tetris. Finally the conclusions of tests, possible effects over environment in a green study and personal conclusions are present

Audio DSP Amplifier

The key concept of this project is to create a microcontroller system that serves as an interface between a DSP board and a total of 4 amplifier channels. The fully integrated system will provide a fully inclusive audio DSP amplifier for use in 2.1 or bi-amplified stereo speaker setups. The project will focus on developing an intuitive interface that is operable from the device or a computer that programs the DSP board for various speaker applications. The finished design will provide a custom computer sound amplifier in one package, eliminating the need for multiple components by interfacing two stereo amplifiers, a DSP unit, and an LCD menu using a microcontroller. This solution will provide a more affordable alternative to the current market solution for creating a DSP enabled, 2.1 sound system. The system will provide higher quality audio with more customization options than current competing market solutions

Hooking Java methods and native functions to enhance Android applications security

Mobile devices are becoming the main end-user platform to access the Internet. Therefore, hackers’ interest for fraudulent mobile applications is now higher than ever. Most of the times, static analysis is not enough to detect the application hidden malicious code. For this reason, we design and implement a security library for Android applications exploiting the hooking of Java and native functions to enable runtime analysis. The library verifies if the application shows compliance to some of the most important security protocols and it tries to detect unwanted activities. Testing of the library shows that it successfully intercepts the targeted functions, thus allowing to block the application malicious behaviour. We also assess the feasibility of an automatic tool that uses reverse engineering to decompile the application, inject our library and recompile the security-enhanced application. I dispositivi mobile rappresentano ormai per gli utenti finali la principale piattaforma di accesso alla rete. Di conseguenza, l’interesse degli hacker a sviluppare applicazioni mobile fraudolente è più forte che mai. Il più delle volte, l’analisi statica non è sufficiente a rilevare tracce di codice ostile. Per questo motivo, progettiamo e implementiamo una libreria di sicurezza per applicazioni Android che sfrutta l’hooking di funzioni Java e native per effettuare un’analisi dinamica del codice. La libreria verifica che l’applicazione sia conforme ad alcuni dei principali protocolli di sicurezza e tenta di rilevare tracce di attività indesiderate. La fase di testing mostra che la libreria intercetta con successo le funzioni bersaglio, consentendo di bloccare il comportamento malevolo dell’applicazione. Valutiamo altresì la fattibilità di un programma che in modo automatico sfrutti tecniche di reverse engineering per decompilare un’applicazione, inserire al suo interno la libreria e ricompilare l’applicazione messa in sicurezza

Bluetooth Accelerometer Mouse

The reason of inventing such device is to overcome problem faced in using wired mouse and also the need of a surface for its movement. It applies even for the wireless mouse too since a surface is always a priority for its usage. This could be a hassle when users are left with limited space. In order to overcome this difficulty, this particular wireless accelerometer based mouse is developed