All Questions
26 questions
2
votes
1
answer
1k
views
Capturing packets in an android application or ios application?
I've an android and ios app. They run on the same application server on Linux. I want to capture the packets when users are trying to log in to the app. How do I proceed? I'm thinking of doing it with ...
- 141
1
vote
1
answer
339
views
Is it possible to recover data from a bricked smartphone?
I have a smartphone that got bricked last year without warning, and it was deemed unrepairable by multiple repair centers. I did have personal stuff on it.
If I recycle this phone, can someone down ...
0
votes
1
answer
137
views
Vulnerability in which part of the Android architecture would allow an attacker to take control of the hardware [closed]
This question is intended for better understanding of security features of Android architecture.
In particular, I want to know what part of the architecture needs to be secure to prevent an attacker ...
- 103
2
votes
1
answer
178
views
Is there a good reason (and what can it be) to require DAC restriction on IPC in addition to SELinux rules?
Our company is developing an AOSP-based platform for our customer. Some of our vendor services are using HWBinder for IPC which is using SELinux to restrict service discovery and access. The problem ...
- 121
1
vote
1
answer
321
views
Mobile Hotspot, Smartphone or Router?
I am using a laptop with dual boot Windows and Ubuntu. In addition, I am having another Linux distro installed on a usb thumb drive and using it only for certain things.
Generally speaking - if ...
- 19
1
vote
0
answers
1k
views
Dirty-COW CVE-2016-5195 not working
I'm working on an Android 4.4.4 device (armeabi-v7a architecture) and I'm testing the SELinux behavior using the Dirty-COW CVE-2016-5195 exploit for escalation priviledge and see what happens. I've ...
- 11
2
votes
1
answer
255
views
ELF so file got flagged as Exploit, how to confirm if this malicious
VirusTotal is claiming that file contains exploit: https://www.virustotal.com/#/file/31dd9c543e653c0cacfe152f735573e85b49df519c37a32ff76469d0dee6d63b/relations
How to confirm it is not just false ...
- 205
0
votes
1
answer
419
views
What kind of attack vectors are made possible as a result of Java being hopelessly intertwined with Android? [closed]
"All the security of Linux … plus Java! “Java: The malware compatibility layer of choice” Android can be engineered for security, but when you’re done you have a hermetically sealed self contained ...
- 3
15
votes
2
answers
3k
views
Does a compromised kernel give complete control over a device?
It seems that a recent vulnerability in WiFi firmware allows an attacker to run code in kernel space, e.g. replace a kernel function with malicious code. In Android/Linux:
Would that give an ...
- 333
3
votes
2
answers
278
views
How to protect a legacy Android smartphone from new exploits?
My Android smartphone is many years old though still satisfies more than absolutely, I really don't want to change it for a new one. The vendor, however, doesn't seem to issue updates any more. ...
- 361
-1
votes
1
answer
393
views
Few questions about kernel attacks
Yesterday I read something about kernel and possible attacks on it. And I have some questions about this attack approach:
1. Kernel is a core for whole OS. So if I take control over kernel can I do ...
- 125
6
votes
1
answer
3k
views
CVE-2016-5195 Dirty Cow on Android [duplicate]
I was wondering if there is a possibility to exploit the CVE-2016-5195 vulnerability on Android?
Since Android runs on linux kernel, I would expect the answer to be yes.
Yet, I was not able to find ...
- 161
2
votes
1
answer
3k
views
how to access freenet on a remote machine from android
The goal is to use freenet on non-rooted android devices.
It is far out of my capabilities to actually port Freenet to android, but I am attempting to use and provide a functioning solution for ...
- 23
1
vote
1
answer
218
views
how to debug for DNS changing Maleware on (linux/android)?
So by opening an application/browser on my Android device, I found that it pops open a set of ads. I channeled a proxy through my laptop trying to track the first web site it connects to. Later I ...
6
votes
3
answers
3k
views
Can I test my own network?
I'm currently trying to enter the field of information security and I was just wondering if there was anything barring me from testing my own network for security vulnerabilities? I only have a couple ...
- 83
2
votes
0
answers
1k
views
web view addjavascriptinterface exploit
I have been banging my head around this for almost 56 hours now (+/- a few that I took out to have a couple of naps and RedBulls) and have not been able to get anywhere with it so far.
I am trying ...
- 1,522
0
votes
1
answer
381
views
Is it reckless to use an Android app to login to a server with SSH?
There is a very similar question here.
Recently I came across an Android app that facilitates SSH and requires no permissions. Specifically, "Telnet / SSH Simple Client" by Advanced Planning Corp..
...
- 261
4
votes
2
answers
772
views
Secure Android app development [closed]
I'm beginning with Android App development and I want to make sure that I'm taking the proper security precautions since most apps will handle sensitive data.
What security precautions should be ...
- 73
6
votes
2
answers
3k
views
Security implications of android rooting [duplicate]
I know this question has been asked many times, but I didn't see a clear answer to it from security experts, or it is from several years ago and things might have changed.
My question is double:
...
- 61
7
votes
2
answers
5k
views
How to secure a local socket?
I have made a service written in c that runs on the Android operating system as a core service. I have a few Android apps which communicate with this service via a socket connection (Java -> C).
My ...
- 223
11
votes
2
answers
1k
views
Why does Android use SELinux?
To restrict/sandbox processes Android uses SELinux. Why was that chosen and not the linux capabilities or cgroups+namespaces solution? After all the cgroups+namespaces is kind of home grown for them ...
- 913
9
votes
2
answers
3k
views
Is connecting to an open WiFi router with DHCP in Linux susceptible to Shellshock?
Source: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
For the same reason, userland DHCP clients that invoke configuration scripts and use variables to pass down ...
- 5,367
2
votes
1
answer
463
views
What is a secure mechanism for wireless communication between Android and Ubuntu?
I have come across a few Android apps that provide various features for communicating with a desktop machine (sending text or typing in one direction or another, controlling the desktop pointer with ...
- 3,610
10
votes
3
answers
19k
views
Storing SSH private keys on an Android device
(I'm not sure if this better belongs on unix.se or android.se, but since it's primarily security-related, I'm asking it here)
I use my Android device to access servers for quick on-the-go ...
- 6,843
10
votes
4
answers
8k
views
Is GPG suitable as part of a password manager and generator?
I assume that GPG is very strong to crack, guess, etc. Since I have confidence in GPG, would it be appropriate to use my GPG key as the master key for a password manager or generator?
- 332
5
votes
2
answers
3k
views
How can I use nmap to distinguish between a normal linux machine and an android device?
According to this link: here, nmap 5.2 onwards is now supposed to detect android smartphones. I am using nmap 6.01 but it only identifies android devices as running a linux kernel.
- 153