Skip to content
No description, website, or topics provided.
Java C# C Assembly C++ Objective-C Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
SecureTextView
apps
evaluation
keyexporter/keyexporter_lib
lockscreen_patch
pmdump @ cb124e4
.gitmodules
README.md

README.md

Total Recall

This repository contains code for the following research.

Publication

"Total Recall: Persistence of Passwords in Android," Jaeho Lee, Ang Chen and Dan S. Wallach, The 26th Network and Distributed System Security Symposium (NDSS '19), San Diego, CA, USA, February 2019 [PDF] [Slides] [Slides_pptx] [BibTex]

Motivation

In memory disclosure attacks, an unprivileged attacker can steal sensitive data from device memory. A good security practice for handling sensitive data, such as passwords, is to overwrite the data buffers with zeros once the data is no longer in use. This protects against attackers who gain a snapshot of a device’s physical memory. For instance, the recent memory dumping vulnerability in the Nexus 5X phone allows an attacker to obtain the full memory dump of the device even if the phone is locked.

e.g., Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB

Problem

However, the password retention in memory is widespread in Android, and password strings are easily recognizable from memory dump. The lack of support in the Android framework and developers' various mistakes cause this retention problem.

Solutions

We offer two solutions:

  • SecureTextView: a secure version of Android TextView that can eliminate password retention in the Android framework.
  • KeyExporter: a simple abstraction for accessing passwords that helps developers follows stronger cryptographic practices to prevent password misuse.

Contents

  • apps: list of analyzed password authentication apps
  • pmdump: process memory acquisition tool on Linux or Android
  • keyexporter: Standalone KeyExporter APIs
  • SecureTextView: Android framework patch for SecureTextView
  • lockscreen_patch: Android framework patch for lockscreen process
  • evaluation: apps after applying KeyExporter APIs

People

You can’t perform that action at this time.