Android Hacking + Pentesting

50 %
50 %
Information about Android Hacking + Pentesting
Education

Published on March 27, 2014

Author: sinamanavi

Source: slideshare.net

Description

Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)

Android Hacking + Pentest EC Council Malaysia Instructure: Sina Manavi 27 March 2014

About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com

Agenda: • Android OS • Android Security Architectures • Malwares • Attacking Android Platform • Hacking with Android

What is Android ? • Everywhere(TV, Phones, tablets) • Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over 4,000,000 apps (Google Market)

Android History Version

Android OS

Android Security • Linux based • Open source • Wide available for everyone • Everyone can develop apps and malwares 

How to have a safe Device • Install apps from authorized market (Google Play) • Read the review before downloading • Read Permission warning before installing the apps. • Phishing/SMS? • Lock Screen to avoid unauthorized access

How to have a safe Device cont. • Using Antivirus • Encrypt your device and data • While using public hotspots such as Starbucks, use VPN to encrypt your network connection • Enable Remote Wipe feature

Security layers of Android OS

Android App Installation

Android Permission • ACESS_COARSE_LOCATION • ACESS_FINE_LOCATION • BRICK • CALL_PHONE • INTERNET • GET ACCOUNTS • PROCESS_OUTGOING_CALLS

Android Permission • READ_OWNER_DATA • READ_SMS • RECEIVE_SMS • SEND_SMS • USER_CREDNTIALS • WRITE_OWNER_DATA • REORD_AUDIO

Android Vulnerability or User?

Malware • Anything that breaks the security model (without the users consent) • Deceptive/hide true intent • bad for user / good for attacker e.g. surveillance, collecting passwords, etc. • Applications that are detrimental to the user running the device.

Malware Harms a user • Financial • Privacy • Personal information – location (surveillance) , • Stealing resources – cracking, botnets – processing power Breaks Network policy

Malware Example • GEO Location ? • IP Address / 3G/4G or on WiFi network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc. • SMS Receiving, Sending, Fobricating.

Malware Sample Code (Java)

Popular Malware • Zeus • DroidDream • Geinmi- Android malware with botnet-like capabilities • Trojan-SMS for Android FakePlayer • iCalendar acbcad45094de7e877b65db1c28ada 2 • SMS_Replicator_Secret.apk

Demo Hacking Android Phone: – Information stealing – Remote Access – Social Engineering – Malware attack Hacking with Andorid : – Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing….etc) – Installing kali linux on android to perform attack

Add a comment

Related presentations

Related pages

Android Pentesting

android hacking android pentesting android reverse shell android security apktool arm assembly ARM lab setup arm processor basics c language
Read more

Android Application Hacking - PenTesting Mobile Apps

Overview. Day 1 Introduction to Android Security & AppUse Mobile application threat model - What makes mobile application security so different? • The ...
Read more

Transforming your Android Phone into a Network Pentesting ...

Transforming your Android Phone into a Network Pentesting Device. ... Top Links of Tools Compilation for Pentesting, Forensics, Security, and Hacking;
Read more

Android as a Pentesting Platform

Have you ever wanted to dabble in network security testing? How about to test the security of your own network? The Android Operating System is the perfect ...
Read more

Android Hacking And Pentesting Video Series - Intro - YouTube

Intro To Android Hacking And Pentesting Vidoe Series by 101hacker.com Contact:- john@101hacker.com , Srinivas@101hacker.com.
Read more

ANDROID PENTESTING AND HACKING TOOLS

22TH SEPTEMBER 2013 ANDROID PENTESTING AND HACKING TOOLS - Indian School of Ethical Hacking (#ISOEH) : @ http://www.isoeh.com/ #SpoofApp SpoofApp.
Read more