網路城邦
回本城市首頁 全民監督
市長:uskmt  副市長:
加入本城市推薦本城市加入我的最愛訂閱最新文章
udn城市政治社會公共議題【全民監督】城市/討論區/
討論區建言 字體:
上一個討論主題 回文章列表 下一個討論主題
FBI 破解安卓手機會有什麼後果
 瀏覽425|回應0推薦0

uskmt
等級:8
留言加入好友

美國司法部已設法解除由槍手賽義德RIZWAN Farook,誰與他的妻子在聖貝納迪諾,加利福尼亞州殺害了14人使用的iPhone 5C去年12月。在備受關注的案件已對蘋果,這打了法律秩序來解決它的密碼安全功能給執法訪問手機上的數據進站聯邦執法機構。美國聯邦調查局說,它依賴於第三方破解手機的加密數據,提高對iPhone的安全性和是否聯邦機構應當披露他們的方法的問題。
但是,如果該設備已經什麼運行Android?將同樣的技術和法律劇都發揮出來呢?
我們是Android用戶和研究人員,我們也當FBI蘋果之爭打到流行的媒體讀取Android的全磁盤加密文檔的第一件事。
我們試圖複製什麼聯邦調查局本來想在Android手機上做,發現了一些有用的結果。除了Android生態系統涉及更多企業事實上,我們發現了一些技術上的差異,其中一種方式來遠程更新,從而解開加密密鑰,東西FBI無法對自身的iPhone 5C的事情。
最簡單的方式
在智能手機上的數據加密包括該電話通過組合1)用戶的解鎖碼(如果有)(通常是一個四至六位密碼)創建,以及2)一長的,複雜的特定的個別設備號被使用的密鑰。攻擊者可以嘗試直接或者破解的關鍵 - 這是非常困難 - 或者密碼和設備特定的數字,這是隱藏的大體相同難以猜測的組合。
這個解碼強大的加密是非常困難的。但有時獲得從手機訪問加密數據不涉及任何密碼破譯的。具體方法如下:
自定義應用程序可能的目標手機上安裝提取信息。 2011年3月,谷歌遠程安裝清理惡意軟件感染手機的程序。目前還不清楚,如果Android的仍然允許這樣做。
許多應用程序使用Android的備份API。該備份,從而直接從備份站點訪問的信息,取決於其應用程序安裝在手機上。
如果目標數據被存儲在可移動SD卡上,它可以是未加密的。僅適用於Android的最新版本允許用戶加密整個移動SD卡;並非所有的應用程序加密存儲在SD卡上的數據。
一些電話具有指紋讀取器,其可以與手機擁有者的指紋的圖像被解鎖。
有些人修改了其手機的操作系統,給他們的“根”特權 - 訪問設備的數據超出了正常操作期間允許 - 可能削弱安全性。
一個電話可以嘗試每一種可能的密鑰來解鎖
但是,如果這些選項不可用,密碼破譯是在剩下的路。在所謂的“暴力”攻擊,一個電話可以嘗試每一種可能的加密密鑰(即所有的字符組合可能的),直到正確的解鎖一個是達到和裝置(或數據)解鎖。
開始攻擊
有兩種類型的暴力攻擊:脫機和聯機。在某些方面離線攻擊更容易 - 通過複製數據關閉設備並到達一個更強大的計算機,專用軟件和其他技術可用於嘗試所有不同的通行碼的組合。
但脫機攻擊,也可以更難,因為他們需要或者想每一個可能的加密密鑰,或者找出用戶的密碼和設備專用鍵(在蘋果唯一的ID,並在Android的新版本硬件結合的關鍵)。
要想盡一切可能的解決方案,嘗試所有100 undecillion(1038)可能的解決方案一個相當標準的128位AES關鍵手段 - 足以採取超過十億十億年以上的超級計算機。
猜測密碼可以相對快:對於只有數字六位數密碼,這只是一個萬美元的期權。如果字母,如“$”和“#”特殊符號是允許的,將有更多的選擇,但目前仍只在數千億美元。然而,猜測特定於設備的關鍵很可能是一樣堅硬如猜測的加密密鑰。
考慮到網上攻擊
這使得網上的攻擊,這直接發生在手機上。用容易獲得的操作系統的特定於設備的密鑰,這降低了任務的僅嘗試所有可能的通行碼的小得多的負擔。
然而,手機本身可以被配置為抵抗在線攻擊。例如,手機可以插入一個失敗的密碼猜測,並允許另一次嘗試之間的時間延遲,甚至一定數量的失敗嘗試後刪除數據。
蘋果的iOS擁有這兩個功能,每次失敗後自動引入越來越長的延遲,並且在用戶的選擇,經過10密碼失敗擦拭設備。
攻擊Android手機
當一個人試圖破解成鎖定的Andr​​oid手機,會發生什麼?不同的廠家建立自己的Andr​​oid設備不同; Nexus手機運行谷歌的Andr​​oid標準配置。我們使用了運行Android的股票5.1.1和全磁盤加密啟用了的Nexus 4設備。
不同的是iPhone,延誤沒有得到隨後再失敗
我們開始與一個已經運行的手機,但有一個鎖定的屏幕。機器人允許PIN,密碼和基於模式的鎖定,其中用戶必須連接一系列點按正確的順序來解鎖電話;我們進行這個試驗與每種類型。我們曾手動分配在手機上的實際密碼,但隨機生成的解鎖我們嘗試。
經過五次失敗的嘗試密碼的Andr​​oid讓闖闖之前實行了30秒的延遲。不同的是iPhone,延誤沒有得到隨後的故障時間較長; 40多嘗試,我們只遇到每五個失敗後有30秒的延遲。這款手機保持多少連續嘗試失敗計數,但沒有擦拭的數據。 (來自其他廠商的Andr​​oid手機可以插入類似增加至iOS延誤。)
這些延遲強加給攻擊者一個顯著時間損失。暴力破解一個六位數的密碼(百萬組合)可能招致剛剛超過69天,最壞情況下的延遲。如果輸入的密碼是六個字符,甚至只用小寫字母,最壞情況下的延遲將超過58年。
該簽名的軟件公司或公司將是FBI需要persuad的那些
當我們重複已被關閉,才剛剛開始了一個手機上的攻擊,我們被要求重新啟動設備後,10次失敗的嘗試。經過20次嘗試失敗和兩次重啟,Android的開始嘗試失敗,將觸發設備擦除的倒計時。我們繼續進攻,並在第30的嘗試 - 在屏幕上和Android文檔中的警告 - 該設備進行“恢復出廠設置”,擦所有的用戶數據。
相反,脫機攻擊,有網上蠻力攻擊Android和iOS之間的差異。在IOS,無論是鎖定畫面和啟動過程可以在一個固定數目的失敗嘗試之後擦拭用戶數據,但只有當用戶明確允許此。在機器人,在引導過程中始終擦拭固定數目的失敗嘗試之後用戶數據。然而,我們的Nexus 4設備並沒有讓我們來設置鎖屏失靈的限制。這就是說,無論是Android和iOS具有遠程管理選項,而如果使能,一定數量的失敗嘗試後擦拭的數據。
使用專用工具
在聖貝納迪諾情況下,iPhone 5C是由射手之一的雇主所擁有,並安裝了移動設備管理(MDM)軟件,讓該公司跟踪它,並通過遙控器在手機上執行其它功能。這樣的MDM應用程序通常安裝於Android手機上的“設備管理器”應用程序,並設置使用適用於iOS的“蘋果配置”工具。
我們建立了自己的MDM應用程序對我們的Andr​​oid手機,並驗證密碼可以不經用戶明確同意復位;這也更新了手機的加密密鑰。然後,我們可以使用新密碼才能從鎖定屏幕,並在啟動時解鎖手機。 (這種攻擊遠程工作時,手機必須是和有互聯網連接,以及MDM應用程序必須已設置為在命令密碼從遠程MDM服務器復位。)
搞清楚哪裡獲得更多幫助
如果攻擊者需要幫助從一個手機製造商或軟件公司,Android的呈現出更多樣化的景觀。
通常,操作系統軟件與該證明是正版的數字代碼,並且該電話實際安裝之前需要簽署。只有公司與正確的數字代碼可以創建一個更新的操作系統軟件 - 這可能包括對誰已獲得該公司的協助攻擊者一個“後門”或其他入口點。對於任何iPhone,這是蘋果公司。但許多公司製造和銷售Android手機。
谷歌的Andr​​oid操作系統的主要開發者,對於簽署的旗艦Nexus設備的更新。三星標誌其設備。移動運營商(如AT&T或Verizon公司)可能還註冊。而許多用戶安裝Android的定制版本(如CyanogenMod的)。該簽名的軟件公司或公司將是FBI需要說服的 - 或迫使 - 編寫軟件允許的方式。
相比iOS和Android
Android有用於在啟動網絡攻擊更加安全的默認
總體而言,運行的是最新的iOS和Android版本的設備同等保護,免受脫機攻擊,經手機製造商和最終用戶都能夠正確配置的時候。舊版本可能會更脆弱;一個系統可以在不到10秒被破解。此外,通過手機廠商的配置和軟件漏洞也可能會影響Android和iOS設備的安全性。
但是,我們發現網絡攻擊的差異,基於用戶和遠程管理配置:Android已經為在啟動網絡攻擊更安全的默認值,但是我們的Nexus 4沒有允許用戶從鎖定設置失敗嘗試的最大次數屏幕(其它設備可能有所不同)。運行iOS的設備同時擁有這些功能,但用戶必須事先手動啟用它們。
Android安全也可通過遙控軟件,取決於所使用的軟件減弱。雖然FBI無法通過重置密碼這種方式獲得的iPhone 5C,我們成功與我們的Andr​​oid設備上類似的攻擊。
威廉·恩克是計算機科學的北卡羅萊納州立大學的助理教授和Adwait Nadkarni是博士在北卡羅來納州立大學計算機科學的學生。

Here's what would happen if the FBI tried to hack an Android phone

The Justice Department has managed to unlock an iPhone 5c used by the gunman Syed Rizwan Farook, who with his wife killed 14 people in San Bernardino, California, last December. The high-profile case has pitted federal law enforcement agencies against Apple, which fought a legal order to work around its passcode security feature to give law enforcement access to the phone’s data. The FBI said it relied on a third party to crack the phone’s encrypted data, raising questions about iPhone security and whether federal agencies should disclose their method.

But what if the device had been running Android? Would the same technical and legal drama have played out?

We are Android users and researchers, and the first thing we did when the FBI-Apple dispute hit popular media was read Android’s Full Disk Encryptiondocumentation.

We attempted to replicate what the FBI had wanted to do on an Android phone and found some useful results. Beyond the fact the Android ecosystem involves more companies, we discovered some technical differences, including a way to remotely update and therefore unlock encryption keys, something the FBI was not able to do for the iPhone 5c on its own.

The easy ways in

Data encryption on smartphones involves a key that the phone creates by combining 1) a user’s unlock code, if any (often a four- to six-digit passcode), and 2) a long, complicated number specific to the individual device being used. Attackers can try to crack either the key directly — which is very hard — or combinations of the passcode and device-specific number, which is hidden and roughly equally difficult to guess.

Decoding this strong encryption can be very difficult. But sometimes getting access to encrypted data from a phone doesn’t involve any code-breaking at all. Here’s how:

  • A custom app could be installed on a target phone to extract information. In March 2011, Google remotely installed a program that cleaned up phones infected by malicious software. It is unclear if Android still allows this.

  • Many applications use Android’s Backup API. The information that is backed up, and thereby accessible from the backup site directly, depends on which applications are installed on the phone.

  • If the target data are stored on a removable SD card, it may be unencrypted. Only the most recent versions of Android allow the user to encrypt an entire removable SD card; not all apps encrypt data stored on an SD card .

  • Some phones have fingerprint readers, which can be unlocked with an image of the phone owner’s fingerprint.

  • Some people have modified their phones' operating systems to give them “root” privileges — access to the device’s data beyond what is allowed during normal operations — and potentially weakening security.

A phone can be unlocked by trying every possible encryption key

But if these options are not available, code-breaking is the remaining way in. In what is called a “brute force” attack, a phone can be unlocked by trying every possible encryption key (i.e., all character combinations possible) until the right one is reached and the device (or data) unlocks.

Starting the attack

There are two types of brute-force attacks: offline and online. In some ways an offline attack is easier — by copying the data off the device and onto a more powerful computer, specialized software and other techniques can be used to try all different passcode combinations.

But offline attacks can also be much harder, because they require either trying every single possible encryption key, or figuring out the user’s passcode andthe device-specific key (the unique ID on Apple, and the hardware-bound key on newer versions of Android).

To try every potential solution to a fairly standard 128-bit AES key means trying all 100 undecillion (1038) potential solutions — enough to take a supercomputer more than a billion billion years.

Guessing the passcode could be relatively quick: for a six-digit PIN with only numbers, that’s just a million options. If letters and special symbols like “$” and “#” are allowed, there would be more options, but still only in the hundreds of billions. However, guessing the device-specific key would likely be just as hard as guessing the encryption key.

Considering an online attack

That leaves the online attack, which happens directly on the phone. With the device-specific key readily available to the operating system, this reduces the task to the much smaller burden of trying only all potential passcodes.

However, the phone itself can be configured to resist online attacks. For example, the phone can insert a time delay between a failed passcode guess and allowing another attempt, or even delete the data after a certain number of failed attempts.

Apple’s iOS has both of these capabilities, automatically introducing increasingly long delays after each failure, and, at a user’s option, wiping the device after 10 passcode failures.

Attacking an Android phone

What happens when one tries to crack into a locked Android phone? Different manufacturers set up their Android devices differently; Nexus phones run Google’s standard Android configuration. We used a Nexus 4 device running stock Android 5.1.1 and full disk encryption enabled.

Unlike the iPhone, the delays did not get longer with subsequent failures

We started with a phone that was already running but had a locked screen. Android allows PINs, passwords and pattern-based locking, in which a user must connect a series of dots in the correct sequence to unlock the phone; we conducted this test with each type. We had manually assigned the actual passcode on the phone, but our unlocking attempts were randomly generated.

After five failed passcode attempts, Android imposed a 30-second delay before allowing another try. Unlike the iPhone, the delays did not get longer with subsequent failures; over 40 attempts, we encountered only a 30-second delay after every five failures. The phone kept count of how many successive attempts had failed, but did wipe the data. (Android phones from other manufacturers may insert increasing delays similar to iOS.)

These delays impose a significant time penalty on an attacker. Brute-forcing a six-digit PIN (one million combinations) could incur a worst-case delay of just more than 69 days. If the passcode were six characters, even using only lowercase letters, the worst-case delay would be more than 58 years.

The company or companies that sign the software would be the ones the FBI needed to persuad

When we repeated the attack on a phone that had been turned off and was just starting up, we were asked to reboot the device after 10 failed attempts. After 20 failed attempts and two reboots, Android started a countdown of the failed attempts that would trigger a device wipe. We continued our attack, and at the 30th attempt — as warned on the screen and in the Android documentation — the device performed a “factory reset,” wiping all user data.

In contrast to offline attacks, there is a difference between Android and iOS for online brute force attacks. In iOS, both the lock screen and boot process can wipe the user data after a fixed number of failed attempts, but only if the user explicitly enables this. In Android, the boot process always wipes the user data after a fixed number of failed attempts. However, our Nexus 4 device did not allow us to set a limit for lock screen failures. That said, both Android and iOS have options for remote management, which, if enabled, can wipe data after a certain number of failed attempts.

Using special tools

The iPhone 5c in the San Bernardino case is owned by the employer of one of the shooters, and has mobile device management (MDM) software installed that lets the company track it and perform other functions on the phone by remote control. Such an MDM app is usually installed as a “Device Administrator” application on an Android phone, and set up using the “Apple Configurator” tool for iOS.

We built our own MDM application for our Android phone, and verified that the passcode can be reset without the user’s explicit consent; this also updated the phone’s encryption keys. We could then use the new passcode to unlock the phone from the lock screen and at boot time. (For this attack to work remotely, the phone must be on and have Internet connectivity, and the MDM application must already be programmed to reset the passcode on command from a remote MDM server.)

Figuring out where to get additional help

If an attacker needed help from a phone manufacturer or software company, Android presents a more diverse landscape.

Generally, operating system software is signed with a digital code that proves it is genuine, and which the phone requires before actually installing it. Only the company with the correct digital code can create an update to the operating system software — which might include a “back door” or other entry point for an attacker who had secured the company’s assistance. For any iPhone, that’s Apple. But many companies build and sell Android phones.

Google, the primary developer of the Android operating system, signs the updates for its flagship Nexus devices. Samsung signs for its devices. Cellular carriers (such as AT&T or Verizon) may also sign. And many users install a custom version of Android (such as Cyanogenmod). The company or companies that sign the software would be the ones the FBI needed to persuade — or compel — to write software allowing a way in.

Comparing iOS and Android

Android has a more secure default for online attacks at start-up

Overall, devices running the most recent versions of iOS and Android are comparably protected against offline attacks, when configured correctly by both the phone manufacturer and the end user. Older versions may be more vulnerable; one system could be cracked in less than 10 seconds. Additionally, configuration and software flaws by phone manufacturers may also compromise security of both Android and iOS devices.

But we found differences for online attacks, based on user and remote management configuration: Android has a more secure default for online attacks at start-up, but our Nexus 4 did not allow the user to set a maximum number of failed attempts from the lock screen (other devices may vary). Devices running iOS have both of these capabilities, but a user must enable them manually in advance.

Android security may also be weakened by remote control software, depending on the software used. Though the FBI was unable to gain access to the iPhone 5c by resetting the password this way, we were successful with a similar attack on our Android device.

William Enck is an assistant professor of computer science at North Carolina State University and Adwait Nadkarni is a Ph.D. student of computer science at North Carolina State University.



本文於 修改第 1 次
回應 回應給此人 推薦文章 列印 加入我的文摘

引用
引用網址:https://city.udn.com/forum/trackback.jsp?no=62934&aid=5461196