[APP][GPL]SecDroid - Android Hardening [BETA] [Hiatus]

x942 · Jan 6, 2013

SecDroid V 1.1 Beta
Created by x942
Released under GPLV2

PROJECT IS ON HIATUS

New project over here

Introduction

SecDroid hardens the android kernel by disable certain binaries that have internet access or can be used as an attack vector. Some of these are:
SSH
SSHD
Telnet
NC (net cat)
Ping
PM (Package Manager - Can't install apps via CLI/ADB)
ADBD (ADB is disabled until reboot)

And by securing the TCP Stack using Systctl (Until Next boot).

More info

Why disable ADB and PM?

ADB and PM are both disabled to help prevent an attacker from being able to install apps via the command line or adb shell. Both of these are potential attack vectors. You can install apps via the playstore and GUI

What license is this released under?

All code is released under GPLV2 Unless otherwise noted.

Thanks/Credits

Many Thanks to Adam Outler for his Shell class that was used in this project (until V0.3 - See Changelog).
Many thanks to XDA-TV and XDA for their hard work!
And thanks to SANS for their Android Security whitepaper which inspired this project.

Downloads:

View attachment SecDroid.apk

Source Code

Latest Version (always up to date)

Play Store ] [URL="http://xdaforums.com/showpost.php?p=41204527&postcount=101"](OUT-OF-DATE) [/URL]

Please note this is my first android app. As such bugs may be present and the code may not be pretty. If anyone can help me make it look nicer and more efficient that would be great

UPDATE 2013-05-06:
Version 1.1 Beta

* Fixed script to properly handled errors on some devices
* Fixed layout issue
* Added disable bluetooth feature (Disabled bluetoothd )
* Added enable bluetooth feautre ( Reverses above action)

koz · Jan 10, 2013

x942 - Thanks for letting me know this is in the works - looks really promising. With things like SSH/SSHD being disabled, will apps (like Connectbot) still work, allowing for SSH/SSHD on a per app basis?

Richy19 · Jan 11, 2013

Does this just disable these things during the current running session?
IE after rebooting it does everything go back to normal?
If not is there a way to enable them again?

fluxgfx · Jan 11, 2013

I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.

Mika83AC · Jan 11, 2013

fluxgfx said:
I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.

I assume it's not a good thing because the applications are missing (which is unlikely) or they are moved to a different location

hisname · Jan 11, 2013

http://www.xda-developers.com/android/secure-your-android-device-with-secdroid/

featured on Xda portal!

PnoT · Jan 11, 2013

So the "hardening" is only applied after running the app and upon next boot everything should be back to normal correct?

fluxgfx · Jan 11, 2013

Mika83AC said:
I assume it's not a good thing because the applications are missing (which is unlikely) or they are moved to a different location

I agree with you. Although after a manual verification the application in questions aren't located on the device in any folders Internel, External or within any of the root folder.

Cheers,

WattB006 · Jan 11, 2013

fluxgfx said:
I agree with you. Although after a manual verification the application in questions aren't located on the device in any folders Internel, External or within any of the root folder.

Cheers,

I also has the same issue when running the app and I confirmed the apps are not located on my device.

bushako · Jan 11, 2013

First of all thank you so much for the effort to keep our devices safe. Im using Droidwall to block certain programs and would like to install SecDroid but not sure if it would conflict in any way. Could you please confirm?

x942 · Jan 12, 2013

koz said:
x942 - Thanks for letting me know this is in the works - looks really promising. With things like SSH/SSHD being disabled, will apps (like Connectbot) still work, allowing for SSH/SSHD on a per app basis?

Sadly no. The apps are disabled by removing their permisions to execute (chmod 000). This means no one can run it. I suppose I could have it set to only allow Connectbot to run it based on UID or something. But something like Droidwall or AFWall+ is better suited for that. I am planning to add in a switch for each item. So you could for example leave ssh enabled but disabled everything else.

Richy19 said:
Does this just disable these things during the current running session?
IE after rebooting it does everything go back to normal?
If not is there a way to enable them again?

Yes at this time everything is reset on reboot. I am looking into having it auto-run every boot.

fluxgfx said:
I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.

Correct. I have tested on CM9/10/10.1 and AOKP on both of these if it can't find anything then they aren't present in the system. Stock roms may be different. All AOSP should all be the same though.

hisname said:
http://www.xda-developers.com/android/secure-your-android-device-with-secdroid/

featured on Xda portal!

Nice! xD That is awesome!

PnoT said:
So the "hardening" is only applied after running the app and upon next boot everything should be back to normal correct?

Yes. Everything is reset upon reboot. i will add an auto-run version shortly

bushako said:
First of all thank you so much for the effort to keep our devices safe. Im using Droidwall to block certain programs and would like to install SecDroid but not sure if it would conflict in any way. Could you please confirm?

No problem. I have no issues with Droidwall or AFWall+

SecDroid doesn't touch iptables so everything should be fine

electricpete1 · Jan 12, 2013

Are these vulnerabilities dependent upon whether USB debugging is enabled or disabled?

...and will this interfere with Apps that require USB debuggin enabled such as Titanium Backup and Gemini Apps manager.

x942 · Jan 12, 2013

electricpete1 said:
Are these vulnerabilities dependent upon whether USB debugging is enabled or disabled?

...and will this interfere with Apps that require USB debuggin enabled such as Titanium Backup and Gemini Apps manager.

The only vulnerabilities dependant on USB Debugging is Kos' p2p-adb. The rest prevent network (remote) attacks. Some of which could be used over ADB but don't depend on it (installing malware). I have not tested with TB but it may break it. I am trying to make individual on/off switches for each option so you can only disable what you want to and leave the rest alone

I have posted a Play Store link now too!

apatal · Jan 12, 2013

fluxgfx said:
I have to assume that it's a good thing if the application wasn't able to find any of the noted application to harden.

WattB006 said:
I also has the same issue when running the app and I confirmed the apps are not located on my device.

Same result here. Does that mean our devices are more secure since we don't have these files? I'm running pure AOSP, BTW.

jas0nsg · Jan 12, 2013

I'm having the same problem.

Sent from my INO_ONE using xda premium

Mika83AC · Jan 12, 2013

apatal said:
Same result here. Does that mean our devices are more secure since we don't have these files? I'm running pure AOSP, BTW.

No, you are not "safe". All the things are not located in system/xbin, but in system/bin! So the pathes which the app checks are wrong...

Under system/xbin are many many links, but the real "files" are located elsewhere! So the dev should chance his app so that it can check the right locations

Sent from my GT-I9300 using xda app-developers app

WattB006 · Jan 12, 2013

I checked and scp is located in the system/bin folder. All the other ones though I cannot find. Here is a screen shot of mine.

Sent from my SGH-I747 using xda premium

SkyandDirt · Jan 12, 2013

Can you also include in this app ARP, DOS,and MITM type of attack protection. That would be cool.

x942 · Jan 12, 2013

apatal said:
Same result here. Does that mean our devices are more secure since we don't have these files? I'm running pure AOSP, BTW.

New version coming in a few days

I will post a patched version today, it looks like I uploaded the wrong version by mistake.

jas0nsg said:
I'm having the same problem.

Sent from my INO_ONE using xda premium

Mika83AC said:
No, you are not "safe". All the things are not located in system/xbin, but in system/bin! So the pathes which the app checks are wrong...

Under system/xbin are many many links, but the real "files" are located elsewhere! So the dev should chance his app so that it can check the right locations

Sent from my GT-I9300 using xda app-developers app

Oops looks like I messed up and uploaded the wrong version I will fix this. Originally it did use xbin and also disabled more things (bluetooth and NFC) but I corrected this as most users don't want those disabled. I will post the proper APK

With the proper paths. It's alread compiled so expect it in a few min.

SkyandDirt said:
Can you also include in this app ARP, DOS,and MITM type of attack protection. That would be cool.

I can include these

I will do so in a future update.

x942 · Jan 12, 2013

Fixed the issue. It doesn't give any errors on CM10/10.1 on my N4. Path is now /system/bin for the binaries that are there and xbin is only used for a couple binaries that are only in that folder.

Also moved repo to github as google code is annoying. Update also pushed to Play Store.

[APP][GPL]SecDroid - Android Hardening [BETA] [Hiatus]

What should I add first?

Auto-Run

Better UI

Widget

Other?

x942

Guest

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

x942

Guest

Senior Member

x942

Guest

Senior Member

Attachments

Member

Attachments

Senior Member

Senior Member

Attachments

Senior Member

x942

Guest

x942

Guest

Similar threads

Top Liked Posts