Download pptx - Android Hacking + Pentesting

Transcript
Page 1: Android Hacking + Pentesting

Android Hacking + Pentest

EC Council Malaysia Instructure: Sina Manavi27 March 2014

Page 2: Android Hacking + Pentesting

About Me

My name is Sina Manavi , Master of Computer Security and Digital ForensicsC|EH & C|HFI Certificate holder Contact : [email protected]: sinamanavi.wordpress.com

mailto:[email protected]
Page 3: Android Hacking + Pentesting

Agenda:

• Android OS• Android Security Architectures• Malwares• Attacking Android Platform• Hacking with Android

Page 4: Android Hacking + Pentesting

What is Android ?

• Everywhere(TV, Phones, tablets)• Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over

4,000,000 apps (Google Market)

Page 5: Android Hacking + Pentesting

Android History Version

Page 6: Android Hacking + Pentesting

Android OS

Page 7: Android Hacking + Pentesting

Android Security

• Linux based• Open source• Wide available for everyone • Everyone can develop apps and

malwares

Page 8: Android Hacking + Pentesting

How to have a safe Device

• Install apps from authorized market (Google Play)

• Read the review before downloading

• Read Permission warning before installing the apps.

• Phishing/SMS?• Lock Screen to avoid unauthorized

access

Page 9: Android Hacking + Pentesting

How to have a safe Device cont.

• Using Antivirus• Encrypt your device and data• While using public hotspots such as

Starbucks, use VPN to encrypt your network connection

• Enable Remote Wipe feature

Page 10: Android Hacking + Pentesting

Security layers of Android OS

Page 11: Android Hacking + Pentesting

Android App Installation

Page 12: Android Hacking + Pentesting

Android Permission

• ACESS_COARSE_LOCATION• ACESS_FINE_LOCATION• BRICK• CALL_PHONE• INTERNET• GET ACCOUNTS• PROCESS_OUTGOING_CALLS

Page 13: Android Hacking + Pentesting

Android Permission

• READ_OWNER_DATA• READ_SMS• RECEIVE_SMS• SEND_SMS• USER_CREDNTIALS• WRITE_OWNER_DATA• REORD_AUDIO

Page 14: Android Hacking + Pentesting

Android Vulnerability or User?

Page 15: Android Hacking + Pentesting

Malware

• Anything that breaks the security model (without the users consent)

• Deceptive/hide true intent • bad for user / good for attacker e.g.

surveillance, collecting passwords, etc. • Applications that are detrimental to

the user running the device.

Page 16: Android Hacking + Pentesting

Malware

Harms a user • Financial • Privacy • Personal information – location

(surveillance) , • Stealing resources – cracking,

botnets – processing power Breaks Network policy

Page 17: Android Hacking + Pentesting

Malware Example

• GEO Location ? • IP Address / 3G/4G or on WiFi

network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc.• SMS Receiving, Sending, Fobricating.

Page 18: Android Hacking + Pentesting

Malware Sample Code (Java)

Page 19: Android Hacking + Pentesting

Popular Malware

• Zeus• DroidDream• Geinmi- Android malware with

botnet-like capabilities• Trojan-SMS for Android FakePlayer• iCalendar

acbcad45094de7e877b65db1c28ada2

• SMS_Replicator_Secret.apk

Page 20: Android Hacking + Pentesting

Demo

Hacking Android Phone:– Information stealing– Remote Access – Social Engineering – Malware attack

Hacking with Andorid :– Installing Dsploit for running attack with android

(MITM, XSS, traffic sniffing….etc)– Installing kali linux on android to perform attack


Recommended

Android App Hacking - Erez Metula, AppSec
Android App Hacking - Erez Metula, AppSec Technology
Hand’s on Web Hacking BalCCon 2k13 · Pentesting Web Applications o OSINT / Google Hacking o Passive analysis o Automated analysis o Social Engineering . My toolbox •Proxy (BurpSuite)
Hand’s on Web Hacking BalCCon 2k13 · Pentesting Web Applications o OSINT / Google Hacking o Passive analysis o Automated analysis o Social Engineering . My toolbox •Proxy (BurpSuite) Documents
Android Hacking for Nexus7 2012-11-19 Part1
Android Hacking for Nexus7 2012-11-19 Part1 Documents
Android Hacking for the Nexus 7: Part 2 - · PDF file31.01.2013 · Android Hacking for the Nexus 7: Part 2 ... Appendix C –AOSP Tools for the Android Platform Engineer ... (all
Android Hacking for the Nexus 7: Part 2 - · PDF file31.01.2013 · Android Hacking for the Nexus 7: Part 2 ... Appendix C –AOSP Tools for the Android Platform Engineer ... (all Documents
Pentesting Android Apps
Pentesting Android Apps Technology
TOP 10 DE PRUEBAS DE PENETRACIÓN Y HACKING … ethical hacking, Pentesting, Wifi Security, ... en Kali Linux, se requiere una tarjeta inalámbrica con capacidad de inyección y un
TOP 10 DE PRUEBAS DE PENETRACIÓN Y HACKING … ethical hacking, Pentesting, Wifi Security, ... en Kali Linux, se requiere una tarjeta inalámbrica con capacidad de inyección y un Documents
Android Mobile Application Pentesting - owasp.org · suatu aplikasi sistem bukan merupakan tanggung jawab dari pengarang Peace out yoo! Android Mobile Application Security Testing
Android Mobile Application Pentesting - owasp.org · suatu aplikasi sistem bukan merupakan tanggung jawab dari pengarang Peace out yoo! Android Mobile Application Security Testing Documents
Hacking Android OS
Hacking Android OS Technology
PowerPoint Presentationmrkto.b2bmarketing.net/rs/085-VAB-435/images/Advancement 1035 … · hacking. pentesting. injection, injection. sql injection. sql injection, heavy connection
PowerPoint Presentationmrkto.b2bmarketing.net/rs/085-VAB-435/images/Advancement 1035 … · hacking. pentesting. injection, injection. sql injection. sql injection, heavy connection Documents
Android hacking and protective measures - ISACA Curacaoisacacuracao.com/wp...Android-App-Hacking-v1.8.pdf · Android hacking and protective measures. 2 Android App HackingDemo. Disclaimer
Android hacking and protective measures - ISACA Curacaoisacacuracao.com/wp...Android-App-Hacking-v1.8.pdf · Android hacking and protective measures. 2 Android App HackingDemo. Disclaimer Documents
0. introduction Hacking Information Security - uni … · Hacking Information Security ... • Pentesting is a subset of ethical hacking ... code of Android OS, 8pt? 31 Thomas Kemmerich
0. introduction Hacking Information Security - uni … · Hacking Information Security ... • Pentesting is a subset of ethical hacking ... code of Android OS, 8pt? 31 Thomas Kemmerich Documents
Pentesting con android - Nipper Toolkit Web Scan
Pentesting con android - Nipper Toolkit Web Scan Software
CANDY haCking infotAiNment AnDroid sYstems · Hacking CAN bus vehicle communications by ... Running the attack: the target device 6 Bosion Android Radio with Android 4.4 KitKat Installed
CANDY haCking infotAiNment AnDroid sYstems · Hacking CAN bus vehicle communications by ... Running the attack: the target device 6 Bosion Android Radio with Android 4.4 KitKat Installed Documents
Android Hacking
Android Hacking Documents
Learning Pentesting for Android Devices - Packt · PDF fileof Android framework for exploitation, ... and advanced web application hacking. ... Learning Pentesting for Android Devices
Learning Pentesting for Android Devices - Packt · PDF fileof Android framework for exploitation, ... and advanced web application hacking. ... Learning Pentesting for Android Devices Documents
Hacking phones from 2013 to 2016 - Power Of Communitypowerofcommunity.net/poc2016/keen.pdf · Hacking phones from 2013 to 2016 ... iOS hacking • Part 2: Android hacking ... •
Hacking phones from 2013 to 2016 - Power Of Communitypowerofcommunity.net/poc2016/keen.pdf · Hacking phones from 2013 to 2016 ... iOS hacking • Part 2: Android hacking ... • Documents
DefCamp 2013 - Android hacking techniques
DefCamp 2013 - Android hacking techniques Technology
Sławomir Jasek - smartlockpicking.com · Pentesting, consultancy, training - web, ... Hacking RFID is not as hard as you may think. ... Android applications: NFC Tools:
Sławomir Jasek - smartlockpicking.com · Pentesting, consultancy, training - web, ... Hacking RFID is not as hard as you may think. ... Android applications: NFC Tools: Documents