Is constant root on a device really safe?
On pc's i woulnd recommend it and with smartphones being sort of small pc's.
So my question is, how insecure is my rooted android.
I too am concerned about leaving a phone with root access without any password. At least as I understand the rooting process, it is
Exploit a weakness in the OS
Install su/sudo without any password
Allow "any" app to use su/sudo
In my experience, leaving any box with unprotected root access that has network connectivity is just asking for trouble.
While it is true that malicious software could exploit the same weakness, why make it trivial?
I never installed gainroot on my N900 since I could do anything I needed to by using $ ssh [email protected]
Is there a su/sudo that respects the Android equivalent of password authentication for the root user?
Related
Hello all. I'm currently taking a computer security class and to make the long story short, at the end of the semester I will have to turn in a research paper and do a 30 minute presentation on it. The topic I chose for this is "Exploring the techniques used to gain access to personal information on Android devices; the methods hackers use and the type of data they are seeking." So if you could please post links to any articles that you come across that talk about security of android devices. Also, I could really use any magazine or book suggestions. Thanks!
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Sent from my ASUS Transformer Pad TF300T using XDA Premium HD app
You should write about the easiest method - allowing to isntall ab with lots of different permisions.
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet. Considering that it requires the user to sideload questionable apps or to download from unprotected app sites it's not the worst thing ever.
Anti-virus/Anti-malware apps still remain next to useless on Android devices. The other main exploits that are used such as spoofing, etc, are simply able to function on any device operating over an unsecured wifi network and aren't unique to Android. I really don't think you're going to find much in the way of peer-reviewed articles on this topic, but I'd recommend that you used the databases available to you through your school rather than just taking articles handed to you by others.
MissionImprobable said:
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet.
Click to expand...
Click to collapse
Not really the only flaw, there is a way to get android to install a rootkit which needs no extra priveleges to do what it wants on your android device. It isn't out in the wild but it can be, and has been, done to highlight an android vulnerability.
http://m.networkworld.com/news/2012...tkit&client=ms-opera-mini-android&channel=new
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
keynith said:
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Click to expand...
Click to collapse
With all due respect, have you ever *tried* to intercept SSL traffic for a non-browser-based Android app? It's hard as hell to do with a phone & fake AP under your direct rooted control, and damn near *impossible* to casually pull off against a random stranger's phone at Starbucks.
Android MITM is *hard*, and the #1 method of reliably doing it for penetration testing is to hack the app's decompiled SMALI to replace the certificate-validation logic with a dummy class that ignores cert errors.
Put another way, if somebody sniffs your password to something over wifi, it's because the idiot who wrote the app submitted your credentials without using SSL, and not because the access point was "open". Successful Android non-browser SSL MITM isn't "black hat", it's "black magic."
Also, WPA(2), WEP, etc might give some speedbump-like protection against totally random strangers who stumble upon an access point from the outside, but they won't do jack to protect you from the guy sipping a lattè next to you & running Wireshark while connected to the AP using the same key YOU are.
Wifi encryption is there to keep people from leeching free internet service, not to keep your traffic safe from other connected users. That's why ipsec & SSL exist.
There's exactly one safe way to use public wifi -- through a PPTP vpn tunnel (L2TP has a few known Android vulnerabilities).
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
adrian816 said:
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
Click to expand...
Click to collapse
Thanks a lot!!
#### Sent from my GN7 #### B0$N4 ####
A Chairde
I am wondering if anyone can help me. I have heard there are Rooting methods on Android devices not involving third party software on the device, could you tell me what they are, and what phones support them. I have read the XDA Developers book, and the closest I have come is the Google Nexus phone on Chapter 8, Unlockable device, but still needs to load Busybox APK, and SuperUser binaries.
This question revolves around sound forensic techniques, I believe XRY load tools into RAM when using physical extraction.
Any help / pointers would be greatly appreciated
crumdub12 said:
A Chairde
I am wondering if anyone can help me. I have heard there are Rooting methods on Android devices not involving third party software on the device, could you tell me what they are, and what phones support them. I have read the XDA Developers book, and the closest I have come is the Google Nexus phone on Chapter 8, Unlockable device, but still needs to load Busybox APK, and SuperUser binaries.
This question revolves around sound forensic techniques, I believe XRY load tools into RAM when using physical extraction.
Any help / pointers would be greatly appreciated
Click to expand...
Click to collapse
By default, Android doesn't have the ability to substitute the current user for the root user, which is why the 'su' binary has to be installed. By adding a particular line to '/data/local.prop', you can trick the ADB into thinking it's communicating with an emulator, which would temporarily give the ADB elevated permissions, but most of the techniques needed to do so require other binaries that Android doesn't have by default, hence the need for Busybox.
XRY physical extraction, on the other hand, doesn't communicate with Android at all, so there are no "root" permissions to be gained. It relies more on very low level communication with the hardware itself and extracting raw data (i.e. ones and zeros). Highly specialized software would then be needed to translate that data into a more human readable format.
So, to answer your question...
As far as I'm aware, there is no way to achieve permanent "root" permissions on Android without (at the very minimum) installing the 'su' binary.
soupmagnet said:
By default, Android doesn't have the ability to substitute the current user for the root user, which is why the 'su' binary has to be installed. By adding a particular line to '/data/local.prop', you can trick the ADB into thinking it's communicating with an emulator, which would temporarily give the ADB elevated permissions, but most of the techniques needed to do so require other binaries that Android doesn't have by default, hence the need for Busybox.
XRY physical extraction, on the other hand, doesn't communicate with Android at all, so there are no "root" permissions to be gained. It relies more on very low level communication with the hardware itself and extracting raw data (i.e. ones and zeros). Highly specialized software would then be needed to translate that data into a more human readable format.
So, to answer your question...
As far as I'm aware, there is no way to achieve permanent "root" permissions on Android without (at the very minimum) installing the 'su' binary.
Click to expand...
Click to collapse
SoupMagnet,
You answered my question fully, you are a legend !!
Hello XDA Developers, I have a Debian subsystem of sorts on my phone which is created by an application called Lil' Debi. For those of you unfamiliar with it, it essentially creates a Debian install on an .iso that can be mounted onto the disk. Once mounted, a user can access a shell to interact with this Debian subsystem by running /debian/shell as root, which will chroot to its own directory system separate system accessible from the Android Terminal.
Within this Debian subsystem I have created a non-root user account for the purpose of running a few networking applications that if compromised for some reason, won't give the attacker root privileges to break everything on my phone. There's only one small problem with this setup: I can't access the internet from a non-root account.
Both my terminal emulator and Lil' Debi have full network access, even when not run as root. I am curious then, why a non-root user account should have an incapability of accessing the network. A sample of wget on my phone using Google's IP address (I use the IP address because it cannot do DNS lookup obviously) gives a Permission Denied error. At the current moment I am not sure whether this problem lies with Android or with Debian. Does the user need to be explicitly granted permissions to use the network through Debian, or is the application somehow only able to access the network if it's root?
Additional information: The ROM used is PAC ROM, so you can assume any settings changes that could be made from Cyanogenmod or Paranoid Android can be made if necessary. The phone itself is a Oneplus One. No I don't have invites, so don't bother asking.
Opinions on the matter?
Also, on an unrelated note, g++ will only run under root. If I launch it as a non-root user, it will tell me that execvp failed because cc1plus doesn't exist. Why?
Thread's fallen onto the third page, so I'm going to bump.
One day has passed, and no help offered. Bump again.
Another bump. I thought XDA was supposed to be the most knowledgeable forum on Android.
Daily bump until this problem is solved...
Still bumping...
I hope people aren't just looking at the number of replies and assuming it's resolved...
Bumping again. At least 100 people have seen this thread, and not a single one has anything to say.
Bump again. It's now been a week since I asked this question.
Bump.
This is something I have been wondering for a while and after searching the forums and Google I have not been able to find a clear answer. As a long time Linux user the idea of running your system as root all the time is appalling. It is a huge security risk. But for some reason that is really the only way to gain root access on an Android device (as far as i am aware). Apps like SuperSU allow you to pick the apps that are allowed to run as root, but there is no password or verification that the entity approving the access actually has the authority to do so. I hear all the time that rooting your phone is a trade-off between customizability and security, but every Linux system has a root user and it is incredibly secure when properly administered. What is the reason for the difference?
From what I have read, it sounds like part of the issue has to do with Android handling users differently. I would love to be able to maintain a more limited root function on my devices. Thanks.
funkbuqet said:
This is something I have been wondering for a while and after searching the forums and Google I have not been able to find a clear answer. As a long time Linux user the idea of running your system as root all the time is appalling. It is a huge security risk. But for some reason that is really the only way to gain root access on an Android device (as far as i am aware). Apps like SuperSU allow you to pick the apps that are allowed to run as root, but there is no password or verification that the entity approving the access actually has the authority to do so. I hear all the time that rooting your phone is a trade-off between customizability and security, but every Linux system has a root user and it is incredibly secure when properly administered. What is the reason for the difference?
From what I have read, it sounds like part of the issue has to do with Android handling users differently. I would love to be able to maintain a more limited root function on my devices. Thanks.
Click to expand...
Click to collapse
You can set a passcode with SuperSU....
Thanks for the reply. That is good to know. Does that really fill the security gap though? I guess if I set My non-background root permissions to expire every 15 minutes that does help for apps that do not need to run as root in the background.
I am more referring to the distinction between regular user land and the root user. Titanium Backup for example; If I want it to be able to run a full backup (including system apps and settings) of my phone every night I have to give it permanent root permissions. That root permission applies to both the automatic process and anything that I as a user (or any entity that can get control of TB) to act as root as well. Ideally there would be 2 separate instances of the program; the back-up process (a daemon perhaps) initiated by the root user and a second available in regular user space. This sort of thing is common on Linux systems.
My knowledge of Android is not particularly deep. I cannot tell if there is actually a separate root user or how user/group permissions work. It seems that the Android framework is designed around the user not having root access. Which is a bit confusing for an OS that prides itself on customization and "Be together not the same". I can't imagine buying a desktop PC that didn't allow me to have system level (root) access. Why should it be any different on a mobile device?
This is Easy Root Tool for various devices (Yuphoria Tested). It's almost one-click root. The tool should work on all devices.
What is Rooting?
Root: Rooting means you have root access to your device—that is, it can run the sudo command, and has enhanced privileges allowing it to run apps like Wireless Tether or SetCPU. You can root either by installing the Superuser application or by flashing a custom ROM that includes root access.
Why to Root?
When you take your phone out of the box, while there are plenty of settings you can tweak, you can only alter what the manufacturer allows you to. By gaining root access you can modify the device's software on the very deepest level.
What are the Risks?
You can turn your smartphone into a brick. Well, not literally, but if you goof up the rooting process, meaning the code modifications, your phone software can get so damaged that your phone will basically be as useless as a brick.
our phone warranty turns void. It’s legal to root your phone; however, if you do it, your device gets straight out of warranty. Say you root your phone and some time after that, you experience a phone malfunction – hardware or software related. Because of the Android rooting, the warranty is no longer valid, and the manufacturer will not cover the damages.
Malware can easily breach your mobile security. Gaining root access also entails circumventing the security restrictions put in place by the Android operating system. Which means worms, viruses, spyware and Trojans can infect the rooted Android software if it’s not protected by effective mobile antivirus for Android. There are several ways these types of malware get on your phone: drive-by downloads, malicious links, infected apps you download from not so reputable app stores. They take over your phone and make it act behind your back: forward your contact list to cybercrooks, sniff your e-mails, send text messages to premium numbers, racking up your phone, and collect personal data such as passwords, usernames, credit card details that you use while socializing, banking and shopping from your smartphone.
Now that you know Everything lets Start Rooting.
1. Go to settings, Security - Device Administration
Enable - Unknown Sources, Allow installation of apps from unknown sources.
2. Now GO to www.kingoapp.com
Download the App from Android.
3. Install It.
4.Make Sure you have good Internet Connection.
5. Press ONE CLICK ROOT.
6. Wait for the process to complete. [it might take around 4-5minutes]
7. Check the status using Root Checker.