Scribd Logo
Upload

Welcome to Scribd!

  • Mobile Hacking - Fundamentals

    Uploaded by

    jaya prasanna
    52 views34 pages
    The document discusses mobile hacking and Android vulnerabilities. It notes that Android dominates the global mobile OS market with 84.1% market share. This large user base presents opportunities for hackers but also means Android users must learn to protect themselves. It provides examples of ways to hack Android, including manually installing payloads, exploiting the Android Debug Bridge tool, and embedding payloads within other applications. The document stresses the importance of keeping systems and applications updated, only installing trusted software, and using basic security practices like antivirus to help protect against mobile threats.

    Original Description:

    Original Title

    mobile hacking

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses mobile hacking and Android vulnerabilities. It notes that Android dominates the global mobile OS market with 84.1% market share. This large user base presents opportunities for hackers but also means Android users must learn to protect themselves. It provides examples of ways to hack Android, including manually installing payloads, exploiting the Android Debug Bridge tool, and embedding payloads within other applications. The document stresses the importance of keeping systems and applications updated, only installing trusted software, and using basic security practices like antivirus to help protect against mobile threats.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    52 views34 pages

    Mobile Hacking - Fundamentals

    Uploaded by

    jaya prasanna
    The document discusses mobile hacking and Android vulnerabilities. It notes that Android dominates the global mobile OS market with 84.1% market share. This large user base presents opportunities for hackers but also means Android users must learn to protect themselves. It provides examples of ways to hack Android, including manually installing payloads, exploiting the Android Debug Bridge tool, and embedding payloads within other applications. The document stresses the importance of keeping systems and applications updated, only installing trusted software, and using basic security practices like antivirus to help protect against mobile threats.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    Mobile Hacking -

    Fundamentals
    Mobile Hacking -
    The Mobile threat landscape

    Who are the top contenders in the global mobile OS


    market?

     Android – 84.1%
     IOS – 14.8%
     Microsoft – 0.7%
     RIM – 0.2%

    http://www.statista.com/statistics/266136/global-market-
    share-held-by-smartphone-operating-systems/
    Mobile Hacking -
    The Mobile threat landscape

    Over 1.4 billion people across the world are using


    Android devices, according to Google. Unlike Apple’s iOS,
    Android is not tied to a specific manufacturer, making
    it's OS the top dog of the global OS market (Statistica).
    However, since Android dominates the smartphone market,
    it presents an ideal opportunity for hackers to tap into
    a large base of user information. It’s essential for
    Android users, as well as iOS users, to learn how to
    protect themselves.

    https://www.blackhat.com/latestintel/05122016-mobile-hacking.html
    Mobile Hacking -
    Attack Vectors

    Possible vectors for exploitation include:

     Manual Installation
    – Direct Access to the device
    – Use of client-server programs – ex: ADB
     Social Engineering
     Text Messages – ex: stagefright
     RCE vulnerabilities – ex: ADB
    – exploit/android/adb/adb_server_exec
     Etc.
    Mobile Hacking -
    Hacking Android – Example 1

    Example 1
     Manual Installation
     Raw payload saved in apk format generated with
    msfvenom
     Standard reverse meterpreter
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 1
    Mobile Hacking -
    Hacking Android – Example 2

    Android Debug Bridge - ADB

    Android Debug Bridge (ADB) is a versatile command line


    tool that lets you communicate with an emulator instance
    or connected Android-powered device. It is a client-
    server program.

    In order to use ADB; developer options must be unlocked


    and USB debugging enabled.
    On Android 4.2 and higher, the Developer options screen
    is hidden by default.
    When running Android 4.2.2 or higher, there is a
    security mechanism (refereed to as secure USB debugging)
    where the android system shows a dialog asking the user
    to accept an RSA key that allows debugging through the
    computer.
    Mobile Hacking -
    Hacking Android – Example 2

    Vulnerabilities have been found in Android that allow attackers


    to bypass Android’s secure USB debugging which allows them to:

     Install Applications
     Bypass Android's lock screen - Pattern/PIN locks
     Obtain Shells
     Etc..

    https://developer.android.com/studio/command-line/adb.html
    Mobile Hacking -
    Hacking Android – Example 2
    Mobile Hacking -
    Hacking Android – Example 3

    Embed a payload into any android application

    The Injection process high level:


    Disassemble the apk files – apktool
    Both payload and our original application
    Copy our payload in smali format to the original
    application
    Modify the Android Manifest file – AndroidManifest.xml
    from the original application to include any additional
    permission required for the payload in addition to
    services.
    Modify the smali code in original application to inject
    new smali code to invoke our payload when the original
    application is launched.
    Assemble the new apk file – apktool
    Generate new keys & sign the apk file
    Deploy
    Mobile Hacking -
    Hacking Android – Example 3

    Embed payload Preamble:

    Apktool - https://ibotpeaches.github.io/Apktool/
    A tool for reverse engineering Android apk files

    Manifest
    Every application must have an AndroidManifest.xml file (with
    precisely that name) in its root directory. The manifest file
    provides essential information about your app to the Android
    system, which the system must have before it can run any of the
    app's code.
    https://developer.android.com/guide/topics/manifest/manifest-intro.html

    Smali
    Smali/Baksmali is an assembler/disassembler for the dex format
    used by dalvik, Android's Java VM implementation. The names
    "Smali" and "Baksmali" are the Icelandic equivalents of
    "assembler" and "disassembler" respectively.

    https://www.youtube.com/watch?v=h98KtUgUOsg
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    Hacking Android – Example 3
    Mobile Hacking -
    HELP

    What can we do to protect ourselves?

    Start with the basics...


     Keep your OS up to date
     Keep your applications up to date
     Never install anything untrusted
     Don't leave your phone laying around
     Don't root your phone
     Turn off external communication when not in
    use/needed; ex: Bluetooth
     Be mindful of the wireless network that you are
    connecting to
     Use Anti-virus software

    You might also like