当前位置:首页 > 报告详情

打破链条:破解安卓密钥认证.pdf

上传人: 竿*** 编号:981920 2025-11-29 34页 4.16MB

1、#BHUSA BlackHatEventsBreaking Chains:Hacking Android Key AttestationAlex Gonzalez#BHUSA BlackHatEventsIntroductionAlex GonzalezSenior Red Team Engineerlinkedin/in/alex-gonzalez-63b01426bdubfr33/dubfreedubfr33#BHUSA BlackHatEventsAgendaBackgroundAndroid Key AttestationBot Fraud/Abuse Use CaseCommon P

2、KI IssuesCertificate Extension PKI IssueRoot Cause AnalysisClosing Remarks#BHUSA BlackHatEventsBackgroundTargeting a service with a bot fraud/abuse problemBot service providers operating in various cloud service providersAutomating API calls to beat out legitimate usersImplemented app and key attest

3、ationMeans to attest traffic sources from a physical deviceInitial disruption but lead to bot TTP shiftIntroduction of the 0-day marketFraudSec campaign objectivesEmulate bot service provider#BHUSA BlackHatEventsAndroid Key AttestationApp Attestation!=Key AttestationApp Attestation(SafetyNet/Play In

4、tegrity)Establishes a mobile apps integritySigned/Official App Store versionRooted device/bootloader checksHooking/Swizzling checksCalls a Google API to retrieve a verdict(JWT)Key AttestationVerifies that a key is stored in secure hardwareEnsures keys cant be extracted from the device(Android Keysto

5、re)Calls an Android OS API to retrieve verdict(PKI/X.509 certificates)#BHUSA BlackHatEventsAndroid KeystoreTwo types of secure storageTrusted Execution Environment(TEE)Utilizes ARM TrustZoneVirtualizes processor to create secure environmentSeparate OS,kernel driver,userspace lib for IPCSecure Elemen

6、t(SE)Hardware Security Module(HSM)Separate chip typically connected via serial interfaceTwo main security protectionsPrevents key extraction Cryptographic material never leaves secure hardwareKey use authorizationsKeys are scoped to the app and for specific use casesTrusty TEE OS DiagramTEEGRIS OS D

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
- Alex Gonzalez在Black Hat USA 2024上介绍了Android Key Attestation的漏洞和攻击方法。 - 研究发现,攻击者可以绕过Android Key Attestation机制,伪造证书链,从而在应用程序中创建声称存储在TEE/SE中的密钥。 - 公共研究显示,攻击者可以获取存储在TEE/SE中的密钥,并破坏PKI信任模型。 - 常见的PKI问题包括证书链信任、证书吊销列表和硬编码证书。 - 研究发现,Android Key Attestation库存在安全漏洞,Google在2023年发布了安全补丁,但补丁存在不足。 - 2024年9月,Google宣布不再修复该漏洞,并建议使用新的库。 - Alex Gonzalez提供了一个名为keyattestor的工具,用于测试Android Key Attestation实现。
**Android密钥验证漏洞揭秘** **破解Android密钥验证,你准备好了吗?** 如何防范?**
客服
商务合作
小程序
服务号
折叠