1
How Android based phone helped me win American IdolElad Shapira (elad.shapira@avg.com)Mobile Security ResearcherAVG Mobila...
Today’s agenda…No worries – it will be Gr347!!!  Let’s get crazy..                                   3
Agenda •   Bad things a malware can do to Android device (Demo). •   Vectors that can be done With SMSs (Demo). •   Artifi...
There are two opponentfootball clubs in Tel Aviv (Israel)Maccabi                   Hapoel                                 ...
Meet our participates for the next few slidesThe Attacker               The Target                                        ...
Greetings Hapoel fans…I’m a fanatic Hapoel fan like you.. ahmm..I want to recommend you my new appwith 24/7 updates about ...
The attacker’s honeypot to the fansIf we want to getmass target base…                                  8
If I want mass Hacker target base                                    9
When scanning the QR code…                                    we can create more                                    “legit...
All is quiet.. But when the match is over..• Background - Changed to Maccabi logo..• Ringtone - Changed to Maccabi song..•...
Different content (Toast)              by physical locationWith that ability it’s a good thing youdidn’t show your face in...
Demo workflow•   Step 1 – User installs External APK file.•   Step 2 – External APK request user to install Internal APK.•...
This may also lead to the following scenario             I’m telling you it’s the app! It’s the app!             I am Hapo...
From demo to real-life (1/3)                Auto starts                                    DogWar            SMS registrat...
From demo to real-life (2/3)Usage of QR code                                End of world Trojan                           ...
From demo to real-life (3/3)                                                 trick?!           RogueSPPushSpyEye          ...
Phone calls can be manipulated as well                                              Capable of ending callsBaseBridge     ...
Vectors that can be done with SMSs (1/2)• Sending SMSs to premium numbers.• Control a botnet for voting for American Idol....
Vectors that can be done with SMSs (2/2)• Target Mobile Provider   – Drop billing SMSs from operator.   – Offer discounts ...
Artificial Intelligence in Android• Automatic chat like famous ‘Eliza’.• Spotting SMSs with questions (W*?)  – “cancel mee...
From ClickJacking to TapJacking• User is mislead into perform undesired  actions.• There is no user indication  – Actions ...
Permission-based security model• Apps are not adequately reviewed before  being placed on the Market.• Permission-based se...
Denial Of Service Attacks• Control a Botnet for Denial Of Service Attacks  – Mobile Operator / Website / Other target.• Ta...
Other ways the bad guys can make $• Blackmail  – Encrypt content.  – Copy user’s files from device to remote server.• Usin...
Current and future trends•   Use a device as hacking platform (Demos!).•   Anti Debugging techniques (Demo).•   Usage of u...
Trend #1 – Use a device as hacking platform • Facesniff.   ‘Point-Click-Root’ • Android Network Toolkit (Anti). • DroidShe...
Trend #2 - Anti Debugging techniques• Detecting if running in emulator.• ‘Debuggable’.• Encryption.• Obfuscation.• Checkin...
Trend #2 - Anti Debugging techniquesChecking if it’s an emulatorNickiSpy                                   Getting IMEI of...
Obfuscation - Can you analyze this?  Yesss!!!!  I can read this!                                  30
Trend #3 – Usage of updated exploits (1/4)• 1.5 “Cupcake”• 1.6 “Donut”• 2.0/2.1 “Éclair”• 2.2 “FroYo”• 2.3 “Gingerbread”• ...
Trend #3 – Usage of updated exploits (2/4)                                        32
Trend #3 – Usage of updated exploits (3/4)GingerBreak                               Levitator                             ...
Trend #3 – Usage of updated exploits (4/4)  Gingerbreak exploit   Scripts                           GingerMaster   34
Trend#4 - Social Engineering   Jimm    NetFlix     Lena                                      35
Trend#5 – Anti ‘Anti Virus’   Checking if Anti virus exist in installed packages                              “Sorry”     ...
Trend#6 – Getting malicious updates (1/2)                                   Connection to remote server                   ...
Trend#6 – Getting malicious updates (2/2)                                                         Plankton                ...
Trend#7 – Signed malware (1/2)                      Original legitimate                      Google certificate           ...
Trend#7 – Signed malware (2/2)                                 40
Trend#8 - Google TV• Google TV is a Smart TV platform from Google.• Announced on May 20, 2010 (Google I/O event).• Co-deve...
Few scenarios for exploiting Google TV1 - Channel Redirection                          How did Jay Leno got higher rating ...
Trend#9 - Android@home• Android phone/tablet   – Interface between you and every electronic device.• Using your phone you’...
Trend#9 - Android@carI repeat. I am in a middle of a car chase!There’s no driver in the vehicle!!!                        ...
Now you know how I won American Idol…Im s-h-o-c-k-e-d.I think you should not sing. Really.But it turns out that the audien...
Will this be the topic for next year?• Feel free to stay in touch..     Elad.Shapira@avg.com• Thanks goes to :  – ClubHack...
Q&AThank you!             47
48
Upcoming SlideShare
Loading in...5
×

How Android Based Phone Helped Me Win American Idol (Elad Shapira)

2,107

Published on

ClubHack 2011 Hacking and Security Conference.
Talk - How Android Based Phone Helped Me Win American Idol
Speaker - Elad Shapira

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,107
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
41
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

How Android Based Phone Helped Me Win American Idol (Elad Shapira)

  1. 1. 1
  2. 2. How Android based phone helped me win American IdolElad Shapira (elad.shapira@avg.com)Mobile Security ResearcherAVG Mobilation
  3. 3. Today’s agenda…No worries – it will be Gr347!!! Let’s get crazy.. 3
  4. 4. Agenda • Bad things a malware can do to Android device (Demo). • Vectors that can be done With SMSs (Demo). • Artificial Intelligence in Android (Demo). • TapJacking Attack (Demo). • Ideas for Denial Of Service attacks. • Current/Future Trends to come in malware (Demos!). • Questions & Answers.Disclaimer:The information contained in this presentation is for learning purposes only.Please dont use this information for other uses, except doing good to the world. 4
  5. 5. There are two opponentfootball clubs in Tel Aviv (Israel)Maccabi Hapoel 5
  6. 6. Meet our participates for the next few slidesThe Attacker The Target 6
  7. 7. Greetings Hapoel fans…I’m a fanatic Hapoel fan like you.. ahmm..I want to recommend you my new appwith 24/7 updates about the team..1337 app… you should install it! The Attacker goes undercover… How will The fans get it?! 7
  8. 8. The attacker’s honeypot to the fansIf we want to getmass target base… 8
  9. 9. If I want mass Hacker target base 9
  10. 10. When scanning the QR code… we can create more “legit” url & apk name that will convince the user to download the app The app downloaded to the device: 10
  11. 11. All is quiet.. But when the match is over..• Background - Changed to Maccabi logo..• Ringtone - Changed to Maccabi song..• SMSs - Sent to all contacts found in the device – “We are losers… I don’t believe this! Im such a lame to support this team. Maccabi rulez..”• GPS coordinates (Latitude/longitude)… 11
  12. 12. Different content (Toast) by physical locationWith that ability it’s a good thing youdidn’t show your face in the stadium! Don’t forget to tell your friends you witnessed that shame with your own eyes! 12
  13. 13. Demo workflow• Step 1 – User installs External APK file.• Step 2 – External APK request user to install Internal APK.• Step 3 – Removing External APK (Internal APK still running).• Step 4 – Date Changed (Trigger for coming actions).• Step 5 – Background is changed.• Step 6 – A message given to user (based on user’s GPS location, for example inside stadium).• Step 7 – SMS sent to contact (Another Device).• Step 8 – Ringtone is changed.• Step 9 – SMS from Mobile provider is dropped.• Step 10 – If the device boots the Internal APK auto starts. 13
  14. 14. This may also lead to the following scenario I’m telling you it’s the app! It’s the app! I am Hapoel fan! Aiiiiiiiii!!!!Tip: This will work for Cricket too.. 14
  15. 15. From demo to real-life (1/3) Auto starts DogWar SMS registration sent to PETA service SMS text sent to contacts 15
  16. 16. From demo to real-life (2/3)Usage of QR code End of world Trojan Background changedJifake RogueSPPushDropping and deleting the SMS Checking whether SMS originated from mobile operator or provider 16
  17. 17. From demo to real-life (3/3) trick?! RogueSPPushSpyEye Usage of high priority to get SMSs before other apps 17
  18. 18. Phone calls can be manipulated as well Capable of ending callsBaseBridge Capable of answering calls Setting volume to ‘0’ Delete record from the call log Catch coming phone calls What else can we do with SMSs? 18
  19. 19. Vectors that can be done with SMSs (1/2)• Sending SMSs to premium numbers.• Control a botnet for voting for American Idol.• Running Linux commands on device via SMSs.• Get & use information of user’s accounts – Used in banks, mobile payments.• Phishing – Man in the Middle - redirect to website. – Download my malicious app (with an exploit?)• SPAM. 19
  20. 20. Vectors that can be done with SMSs (2/2)• Target Mobile Provider – Drop billing SMSs from operator. – Offer discounts in the name of provider. – Change billing value.• Search for specific words – ‘revolution’ , ‘bomb’ , ‘password recovery’..• Used in other ’interesting’ places – We can steal a car using SMS, SCADA Systems. 20
  21. 21. Artificial Intelligence in Android• Automatic chat like famous ‘Eliza’.• Spotting SMSs with questions (W*?) – “cancel meeting” or “can’t come to the interview”…• Spot co-workers and send them SMS – “I don’t like working with you! You smell bad!!!!”• Spot close relation contacts and ‘play Cupid’ – “Goodbye… I don’t want to see you anymore… I cheated you with…”. 21
  22. 22. From ClickJacking to TapJacking• User is mislead into perform undesired actions.• There is no user indication – Actions taking place in the background.• Examples for undesired actions: – Installing malicious applications. – Changing security settings. – Performing a full device wipe. – More… 22
  23. 23. Permission-based security model• Apps are not adequately reviewed before being placed on the Market.• Permission-based security model – average user in charge of critical security decisions.• The following example will be demonstrated:What does ‘READ_PHONE_STATE” means? 23
  24. 24. Denial Of Service Attacks• Control a Botnet for Denial Of Service Attacks – Mobile Operator / Website / Other target.• Target current Mobile provider/Manufacturer – Disable the internet & connectivity on the phone.• Target a person – disable his connectivity for a while..• Cause battery loss.• Erase content and data on the device. 24
  25. 25. Other ways the bad guys can make $• Blackmail – Encrypt content. – Copy user’s files from device to remote server.• Using devices CPU from remote with botnet. We love Android! 25
  26. 26. Current and future trends• Use a device as hacking platform (Demos!).• Anti Debugging techniques (Demo).• Usage of updated exploits (Demo).• Social Engineering.• Anti ‘Anti Virus‘.• Getting malicious updates.• Signed malware.• Google TV.• Android@home + Android@car. 26
  27. 27. Trend #1 – Use a device as hacking platform • Facesniff. ‘Point-Click-Root’ • Android Network Toolkit (Anti). • DroidSheep. • Caribou. • More to come.. 27
  28. 28. Trend #2 - Anti Debugging techniques• Detecting if running in emulator.• ‘Debuggable’.• Encryption.• Obfuscation.• Checking Checksum. 28
  29. 29. Trend #2 - Anti Debugging techniquesChecking if it’s an emulatorNickiSpy Getting IMEI of the device Encryption Algorithm Lena 29
  30. 30. Obfuscation - Can you analyze this? Yesss!!!! I can read this! 30
  31. 31. Trend #3 – Usage of updated exploits (1/4)• 1.5 “Cupcake”• 1.6 “Donut”• 2.0/2.1 “Éclair”• 2.2 “FroYo”• 2.3 “Gingerbread”• 3.0/3.1 “Honeycomb”• 4.X “Ice Cream Sandwich” Android Versions 31
  32. 32. Trend #3 – Usage of updated exploits (2/4) 32
  33. 33. Trend #3 – Usage of updated exploits (3/4)GingerBreak Levitator GingerBreak Zimperlich KillingInTheNameOF RATC Exploid 33
  34. 34. Trend #3 – Usage of updated exploits (4/4) Gingerbreak exploit Scripts GingerMaster 34
  35. 35. Trend#4 - Social Engineering Jimm NetFlix Lena 35
  36. 36. Trend#5 – Anti ‘Anti Virus’ Checking if Anti virus exist in installed packages “Sorry” The name says it all..“Application (in the process) stoppedunexpectedly, please try again” “forced off” BaseBridge 36
  37. 37. Trend#6 – Getting malicious updates (1/2) Connection to remote server Information collected and sent to remote server Jar file to download from the remote server Plankton 37
  38. 38. Trend#6 – Getting malicious updates (2/2) Plankton Dalvik executable Dynamically loading the file 38
  39. 39. Trend#7 – Signed malware (1/2) Original legitimate Google certificate DroidKungFu – Signed with a ‘fake’ certificate 39
  40. 40. Trend#7 – Signed malware (2/2) 40
  41. 41. Trend#8 - Google TV• Google TV is a Smart TV platform from Google.• Announced on May 20, 2010 (Google I/O event).• Co-developed by Google, Intel, Sony and Logitech.• Integrates Google’s Android operating system and the Linux version of Google Chrome browser.• create an interactive television overlay on top of existing internet television and WebTV sites. 41
  42. 42. Few scenarios for exploiting Google TV1 - Channel Redirection How did Jay Leno got higher rating than the Super bowl??? 2 - Adding commercials & Hidden frames3 - Information warfare Not a Google TV.. 42
  43. 43. Trend#9 - Android@home• Android phone/tablet – Interface between you and every electronic device.• Using your phone you’ll be able to: – dim the lights. – turn up the heating. – switch on your television.• Your device has GPS -> – Switch off the lights – Put the TV on standby – turn the heating back down. 43
  44. 44. Trend#9 - Android@carI repeat. I am in a middle of a car chase!There’s no driver in the vehicle!!! 44
  45. 45. Now you know how I won American Idol…Im s-h-o-c-k-e-d.I think you should not sing. Really.But it turns out that the audience at home love you.. Simon Cowell Judge in American Idol 45
  46. 46. Will this be the topic for next year?• Feel free to stay in touch.. Elad.Shapira@avg.com• Thanks goes to : – ClubHack organizers. – AVG Mobilation founder & CTO, Dror Shalev. Hacked Windows Phone 7 46
  47. 47. Q&AThank you! 47
  48. 48. 48
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×