Mobile Hacking - Fundamentals

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 34

Mobile Hacking -

Fundamentals
Mobile Hacking -
The Mobile threat landscape

Who are the top contenders in the global mobile OS


market?

 Android – 84.1%
 IOS – 14.8%
 Microsoft – 0.7%
 RIM – 0.2%

http://www.statista.com/statistics/266136/global-market-
share-held-by-smartphone-operating-systems/
Mobile Hacking -
The Mobile threat landscape

Over 1.4 billion people across the world are using


Android devices, according to Google. Unlike Apple’s iOS,
Android is not tied to a specific manufacturer, making
it's OS the top dog of the global OS market (Statistica).
However, since Android dominates the smartphone market,
it presents an ideal opportunity for hackers to tap into
a large base of user information. It’s essential for
Android users, as well as iOS users, to learn how to
protect themselves.

https://www.blackhat.com/latestintel/05122016-mobile-hacking.html
Mobile Hacking -
Attack Vectors

Possible vectors for exploitation include:

 Manual Installation
– Direct Access to the device
– Use of client-server programs – ex: ADB
 Social Engineering
 Text Messages – ex: stagefright
 RCE vulnerabilities – ex: ADB
– exploit/android/adb/adb_server_exec
 Etc.
Mobile Hacking -
Hacking Android – Example 1

Example 1
 Manual Installation
 Raw payload saved in apk format generated with
msfvenom
 Standard reverse meterpreter
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 1
Mobile Hacking -
Hacking Android – Example 2

Android Debug Bridge - ADB

Android Debug Bridge (ADB) is a versatile command line


tool that lets you communicate with an emulator instance
or connected Android-powered device. It is a client-
server program.

In order to use ADB; developer options must be unlocked


and USB debugging enabled.
On Android 4.2 and higher, the Developer options screen
is hidden by default.
When running Android 4.2.2 or higher, there is a
security mechanism (refereed to as secure USB debugging)
where the android system shows a dialog asking the user
to accept an RSA key that allows debugging through the
computer.
Mobile Hacking -
Hacking Android – Example 2

Vulnerabilities have been found in Android that allow attackers


to bypass Android’s secure USB debugging which allows them to:

 Install Applications
 Bypass Android's lock screen - Pattern/PIN locks
 Obtain Shells
 Etc..

https://developer.android.com/studio/command-line/adb.html
Mobile Hacking -
Hacking Android – Example 2
Mobile Hacking -
Hacking Android – Example 3

Embed a payload into any android application

The Injection process high level:


Disassemble the apk files – apktool
Both payload and our original application
Copy our payload in smali format to the original
application
Modify the Android Manifest file – AndroidManifest.xml
from the original application to include any additional
permission required for the payload in addition to
services.
Modify the smali code in original application to inject
new smali code to invoke our payload when the original
application is launched.
Assemble the new apk file – apktool
Generate new keys & sign the apk file
Deploy
Mobile Hacking -
Hacking Android – Example 3

Embed payload Preamble:

Apktool - https://ibotpeaches.github.io/Apktool/
A tool for reverse engineering Android apk files

Manifest
Every application must have an AndroidManifest.xml file (with
precisely that name) in its root directory. The manifest file
provides essential information about your app to the Android
system, which the system must have before it can run any of the
app's code.
https://developer.android.com/guide/topics/manifest/manifest-intro.html

Smali
Smali/Baksmali is an assembler/disassembler for the dex format
used by dalvik, Android's Java VM implementation. The names
"Smali" and "Baksmali" are the Icelandic equivalents of
"assembler" and "disassembler" respectively.

https://www.youtube.com/watch?v=h98KtUgUOsg
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
Hacking Android – Example 3
Mobile Hacking -
HELP

What can we do to protect ourselves?

Start with the basics...


 Keep your OS up to date
 Keep your applications up to date
 Never install anything untrusted
 Don't leave your phone laying around
 Don't root your phone
 Turn off external communication when not in
use/needed; ex: Bluetooth
 Be mindful of the wireless network that you are
connecting to
 Use Anti-virus software

You might also like