What steps will reproduce the problem?
1. adb shell
2. su
3. service call iphonesubinfo 1
What is the expected output? What do you see instead?
The hard-coded dummy IMEI "357242043237511" should appear.
Instead, a full-zero IMEI is returned.
What version of the product are you using? On what operating system?
DroidBox 4.1, Ubuntu 12.04 x64 and Windows 7 x64
Please provide any additional information below.
The problem is due to an incorrect implementation of dummy IMEI.
The dummy IMEI is at droidbox4.1.1/patches/framework_base.patch:2147
We note that the dummy IMEI should be implemented in IPhoneSubinfo.java instead
of TelephonyManager.java.
A malicious application can bypass the TelephonyManager and directly talks to
the iphonesubinfo service with Binder IPC. Therefore, the dummy IMEI cannot
cheat a malicious app to believe that it is not in an emulator.
Furthermore, "357242043237511" is not a valid IMEI.
A fix can be found at droidbox23/framework_base.patch:377
We are security researchers from SEFCOM, Arizona State University
(http://sefcom.asu.edu). We have discussed this issue in our paper "Morpheus:
Automatically Generating Heuristics to Detect Android Emulators", which will
appear at the 30th Annual Computer Security Applications Conference
(http://www.acsac.org/2014).
Should you have any comments please feel free to let us know.
Please contact Yiming Jing (ymjing@asu.edu) and Dr. Gail-Joon Ahn
(gahn@asu.edu).
Original issue reported on code.google.com by yji...@asu.edu on 4 Sep 2014 at 11:48
Original issue reported on code.google.com by
yji...@asu.eduon 4 Sep 2014 at 11:48