Thursday 1 October 14:30 - 15:00, Red room
William Lee (Sophos)
Rowland Yu (Sophos)
download slides (PDF)
SEAndroid and containerization have become buzzwords in the mobile security field over the last year. Both of them supply an isolated working environment for Android devices. Moreover, both have the main goal of trying to minimize the damage that can be caused by malicious applications, intruders, exploits and vulnerabilities.
SEAndroid stands for 'Security Enhancements for Android', which defines and enforces a system-wide security policy over all processes, objects and operations. It blocks extra privileges escalated by applications, separates applications from each other and the system, and prevents the bypass of security features. On the other hand, 'containerization' refers to the ability to separate an encrypted zone on a device and manage access to that zone. In other words, it not only secures data on the device, but also controls how applications can access, share and use the data.
Android 5.0 is trying to set itself up as a safe corporate mobile operating system by touting SEAndroid and containerization. The enforcement of SEAndroid and containerization have been changing the way OEMS and security vendors respond to security issues. However, this paper will prove that, even with these security enhancements, you can still be infected, still have data stolen, still have corporate data leaked, and experience exploration of kernel vulnerabilities.
William Lee is a senior threat researcher at SophosLabs and holds a Master's degree in IT from the University of Sydney. Prior to joining Sophos, he developed mobile platforms and applications at Samsung for Samsung's Galaxy and Bada devices and he also implemented static and dynamic analysis systems for Android at Symantec. He currently spends his time carrying out in-depth analysis of Android malware and research on malware clustering. In his free time, William enjoys playing tennis and kayaking in Sydney.
Rowland Yu has been a senior threat researcher at SophosLabs since 2006. He specializes in malware reverse engineering and remediation, spam and DLP (data leakage protection). Over the last four years, his main interest has been Android-related threats. Now Rowland is the primary researcher responsible for Android malware analysis and emerging threats. He has published several papers related to Android, presented at Virus Bulletin and AVAR conferences over the last few years. Currently, Rowland lives with his wife and son in Sydney, Australia.