Android is one of the fastest growing mobile operating system from google has caught large amount of developer attention due to its open nature. We see large amount of community developers working on Custom aftermarket ROM’s and various stats suggest people using the stock OS is far less then the custom ROM users. Some of the Major Custom ROM makers Include Cyanogen and MIUI. This talk will focus on generic approaches taken by custom rom developers and number of security issues arising due to this. Along with ways and means to make sure the user remains secured. we will also be launching a custom application checking all these settings and suggesting action you need to take to get back to secure state.
Slides
Whitepaper
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.
This presentation examines the security risks inherent in Android custom ROMs, covering common misconfigurations found in aftermarket firmware and demonstrating a proof-of-concept data theft tool.
Key Topics Covered
Custom ROM Ecosystem:
Android ROM is the OS firmware layer consisting of kernel, Dalvik, libraries, framework, and vendor applications
Stock ROMs are pre-installed by manufacturers; custom ROMs are aftermarket versions not officially supported
Popular custom ROMs include CyanogenMod, MIUI (Chinese origin, mimics iPhone), and OMFGB
Sources include cyanogenmod.com, miui.org, XDA Developers, and various underground forums
ROM cookers create custom versions for fun, profit, or the “they can” attitude
Why Security Review is Needed:
Android malware and exploits are increasing rapidly
Employees pressure organizations to integrate Android into corporate infrastructure
CyanogenMod is considered a viable corporate alternative, but security has not been thoroughly evaluated
Custom ROMs may contain undisclosed modifications
Security Issues Identified:
USB Debugging Enabled: ADB allows file push/pull, system partition remount, silent software installation, and fastboot with different kernels
ADB Shell Root Mode: Special setting making ADB run as root, activated at boot time via build.prop in boot image ramdisk
ADB Shell over WiFi: Allows ADB access over wireless network, combining with root mode effectively hands over the device
System Permissions: /system should be read-only, but many ROM cookers set 777 permissions, opening doors for rootkits, trojans, and malware
