Security Issues in VoWiFi implementations [372295137]

Assigned

Bug

[AOSP] assigned

Status Update

No update yet.

Description

hw...@kentech.ac.kr

created issue #1

Oct 8, 2024 11:39PM

To avoid the possibility of sharing private information, please share bugreports and screenshots from Google Drive. Share files with android-bugreport@google.com and include only Google drive links in your bug. If attaching bug reports or other sensitive data directly to issues, please mark the attachment(s) as “Restricted (

https://developers.google.com/issue-tracker/concepts/restricted-content)” when creating a bug or adding a comment. Restricting or deleting your comment or attachment can also be done using the overflow menu after submitting.

Disclaimer:
Please note, by submitting this bug report, you acknowledge that Google may use information included in the bug report to diagnose technical issues and to improve our products and services, in accordance with our Privacy Policy (

https://policies.google.com/privacy), and you agree that we may share it with engineering partners potentially impacted by your issue.

Bug reports include personal information logged on your device or by apps, such as:
File names
Installed apps and usage
Email addresses of the profiles on the device
Device identifiers, such as phone number
Web history information, including URLs / URIs
Location information, including limited location history
Network information, such as IP/SSID/MAC addresses and saved or scanned APNs
System or device information, such as memory and processes

=====
Dear,

I am Hyunwoo Lee, an assistant professor at KENTECH in South Korea.
I was a postdoc at Purdue from 2020-2022 and I and my colleagues at Purdue developed the security testing framework for the VoWiFi smartphones.
With it, we have analyzed security of VoWiFi android phones and have found some issues.
We want to share the result with you. Most of the issues are not directly related to the Android framework, but we are reporting the results because those phones are running over Android and just in case there is something that we have missed.

I have shared the report with android-bugreport@google.com through Google Drive.
Please let me know if it does not work or if you have any question.

Sincerely,
Hyunwoo Lee.

Security_Issues_of_VoWiFi_Android_Smartphones.pdf -

https://drive.google.com/open?id=1JX_PHvb9x-KsKAdccBB7qheRLFBcQIFW

Comments

vi...@google.com <vi...@google.com> #2Oct 9, 2024 01:45PM

Assigned to vi...@google.com.

failed in

${AOSP}/device/generic/goldfish-opengl/system/hals/mapper3.cpp

vi...@google.com <vi...@google.com> #3Oct 22, 2024 06:20PM

We have shared this with our product and engineering team and will update this issue with more information as it becomes available.

hw...@kentech.ac.kr <hw...@kentech.ac.kr> #4Oct 25, 2024 02:06AM

NNAPI VTS wrong usage?

Yes. Our gralloc passed CtsNativeHardwareTestCases and CtsGraphicsTestCases.

vi...@google.com <vi...@google.com> #5Oct 26, 2024 07:45PM

thanks, I will try to modify NNAPI code.

vi...@google.com <vi...@google.com> #6Nov 3, 2024 08:36AM

I don't know how to close this issue.

hw...@kentech.ac.kr <hw...@kentech.ac.kr> #7Nov 8, 2024 12:05AM

Hi teams, As attend picture, function comment says if buffer format is AHARDWAREBUFFER_FORMAT_BLOB, it can be locked with read/write simultaneously. So I think NNAPI is not wrong. Android I check CtsNativeHardwareTestCases and CtsGraphicsTestCases source code, I didn't find testcase about "AHARDWAREBUFFER_FORMAT_BLOB" lock in different thread or process. Can someone help on this?

hw...@kentech.ac.kr <hw...@kentech.ac.kr> #8Nov 8, 2024 11:31PM

Can NNAPI association team also have a look on this? nnapi AHardwareBuffer is AHARDWAREBUFFER_FORMAT_BLOB

hw...@kentech.ac.kr <hw...@kentech.ac.kr> #9Nov 9, 2024 11:29PM

I didn't find testcase about "AHARDWAREBUFFER_FORMAT_BLOB" lock in different thread or process.

You can't lock for reading in one thread and for writing in another thread. You can lock for reading+writing in one thread and to use as regular memory. Once you unlock it, you can use it in another place.

vi...@google.com <vi...@google.com> #10Nov 12, 2024 01:27AM

raise another issue for Nnapi at https://issuetracker.google.com/issues/332002373