Ce hv8 module 16 hacking mobile platforms

H a c k in g

M

o b ile

P la t f o r m

s

M o d u le 16

Ethical Hacking and Countermeasures
Hacking Mobile Platforms

Exam 312-50 Certified Ethical Hacker

H ack in g M o b ile P latform s
M o d u le 16

Engineered by Hackers. Presented by Professionals.

CEH

Q

E t h ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8
M o d u le 16: H a c k in g M o b ile P la t f o r m s
E x a m 312-50

Module 16 Page 2393

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.



Security N ew s

CEH

M obile M a lw a re C a s e s N e a rly Triple
in F irst H alf of 2012, S a y s N etQ in
July 31,2012 09:40 A M ET

In Ju ne, 3.7 m illion phones w o rld w id e becam e infected w ith
m alw are, Beijing researcher finds.
M obile m alware is rising fast, infecting nearly 13 million phones in the
world during the year first half of 2012, up 177% from the same
period a year ago, according to Beijing-based security vendor NetQin.
I n a report detailing the world's mobile security, the com pany
detected a m ajor spike in m alw arecases in June, with about 3.7
m illion phones becoming infected, a historic high. This came as the
security vendor found 5,582 malware programs designed for Android
during the month, another unprecedented num ber for the period.
During this year's first half, NetQin found that most of the detected
m alw are, at 78%, targeted sm artphones running Android, with much
of the remainder designed for handsets running Nokia's Symbian OS.
This is a reversal from the same period a year ago, when 6 0 % of the
detected mobile m alw are w as designed for Symbian phones.

http://www.com
puterworld.com
Copyrigh t © b y

E&Cauaci. A ll Rights R eserve d. R eproduction is Strictly Prohibited.

Security News
■ m m
at

M o b ile M a lw a r e C a s e s N e a r ly T r ip le in F ir s t H a lf o f
2012, S a y s N e t Q in

Source: http://www.cornputerworld.com
In June, 3.7 million phones worldwide became infected with malware, Beijing researcher finds.
Mobile malware is rising fast, infecting nearly 13 million phones in the world during the year
first half of 2012, up 177% from the same period a year ago, according to Beijing-based security
vendor NetQin.
In a report detailing the world's mobile security, the company detected a major spike in
malware cases in June, with about 3.7 million phones becoming infected, a historic high. This
came as the security vendor found 5,582 malware programs designed for Android during the
month, another unprecedented number for the period.
During this year's first half, NetQin found that most of the detected malware, at 78%, targeted
smartphones running Android, with much of the remainder designed for handsets running
Nokia's Symbian OS. This is a reversal from the same period a year ago, when 60% of the
detected mobile malware was designed for Symbian phones.

Module 16 Page 2394




In total, NetQin detected 17,676 mobile malware programs during 2012's first half, up 42%
from the previous six months in 2011.
About a quarter of the detected malware came from China, which led among the world's
countries, while 17% came from Russia, and 16.5% from the U.S.
In China, malware is mainly spread through forums, ROM updates, and third-party app stores,
according to NetQin. So-called "remote control" Trojan malware that sends spam ads infected
almost 4.7 million phones in China.
NetQin also detected almost 3.9 million phones in China being infected with money-stealing
malware that sends out text messages to trigger fee-based mobile services. The high number of
infections would likely translate into the malware's creators netting $616,533 each day.
The surge in mobile malware has occurred at the same time that China has become the world's
largest smartphone market by shipments. Android smartphone sales lead with a 68% market
share, according to research firm Canalys.
The country's Guangdong and Jiangsu provinces, along with Beijing, were ranked as the three
highest areas in China for mobile malware.

Copyright © 1994 -2012 Computerworld Inc
By Michael Kan
http://www.c0mputerw0rld.c0m/s/article/92298Q2/M0bile m alware cases nearly triple in first
half of 2012 says NetQin

Module 16 Page 2395




M od u le O b jectiv es
r-j
j

—

Mobile Attack Vectors

CEH

J

Mobile Platform Vulnerabilities and
Risks

Guidelines for Securing Windows OS
Devices

J

Blackberry Attack Vectors

j

Android OS Architecture

J

Guidelines for Securing BlackBerry

j

Android Vulnerabilities

j

Android Trojans

J

j

Securing Android Devices

J

j

Jailbreaking iOS

j

Guidelines for Securing iOS Devices

J

Mobile Protection Tools

j

Windows Phone 8 Architecture

J

Mobile Pen Testing

Devices
Mobile Device Management (M DM )
General Guidelines for Mobile Platform
Security

U

[

Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.

M odule Objectives
The main objective of this module is to educate you about the potential threats of
mobile platforms and how to use the mobile devices securely. This module makes you
familiarize with:
9

Mobile Attack Vectors

9

9

Mobile Platform
and Risks

9

9

Android OS Architecture

9

Blackberry Attack Vectors

9

Android Vulnerabilities

9

Guidelines for Securing BlackBerry Devices

9

Android Trojans

9

Mobile Device Management (MDM)

9

Securing Android Devices

9

9

Jailbreaking iOS

9

Guidelines
Devices

Module 16 Page 2396

for

Vulnerabilities

Securing

iOS

Windows Phone 8 Architecture
Guidelines
Devices

General
Security

for

Securing

Guidelines for

9

Mobile

OS

Platform

Mobile Protection Tools

9

Windows

Mobile Pen Testing




Copyright © b y E C - C o u id . A ll Rights R e s e r v e d Rep rodu ction is S tric tly Prohibited.

Ml

M odule Flow

For better understanding, this module is divided into various sections and each section
deals with a different topic that is related to hacking mobile platforms. The first section deals
with mobile platform attack vectors.

Mobile Platform Attack Vectors

||

^

'

1‫׳‬

Hacking BlackBerry

Hacking Android iOS

Mobile Device Management

Hacking iOS

Mobile Security Guidelines and Tools

Hacking Windows Phone OS

^

Mobile Pen Testing

This section introduces you to the various mobile attack vectors and the associated
vulnerabilities and risks. This section also highlights the security issues arising from app stores.

Module 16 Page 2397




Mobile Threat Report Q2 2012
•

Symbian

•

M obile Threat
by Type Q2 2012

Android

•

M obile Threat
Report Q2 2012

C EH

Pocket PC

(5 ) J2M E

21
01

21
01

21
01

21
01

21
02

21
02

T rojan

h t t p : / / www.f-secure.com

M onitoring R is k w a r e A p p lica tio n
Tool

A d w a re

http://www.hotforsecurity.com

Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.

M obile Threat Report Q2 2012
Source: http://www.f-secure.com
In the report, malware attacks on Android phones continue to dominate the other mobile
platforms. The most attacks were found in the third quarter of 2011. And in 2012, Q2 came in
at 40%.

Module 16 Page 2398




21
01

21
01

21
01

21
01

21
02

21
02

FIGURE 16.1: Mobile Threat Report Q2 2012

Note: The threat statistics used in the mobile threat report Q2 2012 are made up of families
and variants instead of unique files.

M obile Threat by Type Q 2 2012
Source: http://www.hotforsecuritv.com
Attacks on mobile phones were mostly due to the Trojans, which according to the Mobile
Threat by Type Q2 2012. is about 80%. From the graph or report it is clear the major threat
associated with mobile platforms is Trojan when compared to other threats such as monitoring
tools, riskware, application vulnerabilities, and adware.
M o b ile T h re a t
by T y p e Q2 2012

T r o ja n

M o n ito r in g

R is k w a r e

A p p lic a tio n

A d w a re

Tool

F IG U R E 16.2: M o b ile Threat by Type Q2 2012

Module 16 Page 2399




CEH

T erm in ology
S to c k ROM

It is the default ROM (operatingsystem ) of an Android device
supplied by the manufacturer

CyanogenM od
It is a modified device ROM w ith o u tth e restrictions imposed by
device’s original ROM

Bricking the Mobile Device
A lteringthe device OS using rooting or jailbreaking in a way that
causes the mobile device to become unusable or inoperable

Bring Your Own Device (BYOD)
Bring your own device (BYOD) is a business policy that allows
employees to bring their personal mobile devices to their work
place


Term inology
The following is the basic terminology associated with mobile platform hacking:
© Stock ROM: It is the default ROM (operating system) of an android device supplied by
the manufacturer
© CyanogenMod: It is a modified device ROM without the restrictions imposed by device's
original ROM
© Bricking the Mobile Device: Altering the device OSes using rooting or jailbreaking in a
way that causes the mobile device to become unusable or inoperable
© Bring Your Own Device (BYOD): Bring your own device (BYOD) is a business policy that
allows employees to bring their personal mobile devices to their work place

Module 16 Page 2400




M ob ile Attack Vectors
,d ata s t r e a k

Extracted
Print screen

tand rootkit

and

and ematt

screen

scrap’‫® ״‬
*

USB^eV a n d '°ss

A P P lic a tio n

0 b ck p
f a u

o copvto

m °drficati0 n

0s n ° dificatic
‫׳‬

o

$

r/1

Wp ti0 v«ca n
V)napPr0

°

o

Copyright © by E & C tlia c fl. All Rights Reserved. Reproduction is Strictly Prohibited.

M obile A ttack V ectors
Similar to traditional computer systems, most modern mobile devices are also prone
to attacks. Mobile devices have many potential attack vectors using which the attacker tries to
gain unauthorized access to the mobile devices and the data stored in or transferred by the
device. These mobile attack vectors allow attackers to exploit the vulnerabilities present in
operating systems or applications used by the mobile device. The attacker can also exploit the
human factor. The various mobile attack vectors include:
Malware:
9

Virus and rootkit

9

Application modification

9

OS modification

Data Exfiltration:
9

Data leaves organization and email

9

Print screen and screen scraping

9

Copy to USB key and loss of backup

Module 16 Page 2401




Data Tampering:
© Modification by another application
© Undetected tamper attempts
© Jail-broken device
Data Loss:
© Application vulnerabilities
© Unapproved physical access
© Loss of device

Module 16 Page 2402




M ob ile P latform V u ln erab ilities
and R isk s
M o b ile Application

App Stores
1

Privacy Issues (G eolocation)

M o b ile M a lw a re

2

7

Vulnerabilities

8
App Sandboxing

Data Security

Device and App Encryption

Excessive Perm issions

OS and App U pdates

Com m unication Security

‫י‬

9

3

1 0

4

5

]

V
c
6

]

Jailb re ak in g a n d Rooting

1

1 1

‫׳' —דז‬
‫ר‬

Physical Attacks

1 2

--------------- - ■ ...:-------J
..

M obile Platform Vulnerabilities and Risks
Mobile platform vulnerabilities and risks are the challenges faced by mobile users due
to the functionality and increasing use of mobile devices at work and in other daily activities.
The new functionalities amplify the attraction of the platforms used in mobile devices, which
provide an easy path for attackers to launch attacks and exploitation. Attackers use different
technologies such as Androids and other multiple instances to insert malicious applications
with hidden functionality that stealthily gather a user's sensitive information. The companies
that are into developing mobile applications are more concerned about security because
vulnerable applications can cause damage to both parties. Thus, levels of security and data
protection guarantees are mandatory. But the assistances and services provided by mobile
devices for secure usage are sometimes neutralized by fraud and security threats.
The following are some of the risks and vulnerabilities associated with mobile platforms:
0

App Stores

© Mobile Malware
0

App Sandboxing

0

Device and App Encryption

0

OS and App Updates

Module 16 Page 2403



e

Jailbreaking and Rooting

e

Mobile Application Vulnerabilities

e


Privacy Issues (Geolocation)

Q Data Security
e

Excessive Permissions

e

Communication Security

e

Physical Attacks

Module 16 Page 2404




Security Issues Arising from
App Stores

CEH

J Insufficient or no vetting of apps leads to
malicious and fake apps entering app
marketplace

Attackers can also social engineer users
to download and run apps outside the
official app stores

J App stores are common target for attackers
to distribute malware and malicious apps

Malicious apps can damage other application
and data, and send your sensitive data to
attackers

App Store

■

11 n 11

• >d f ‫ יי‬i m
:.... <
JLp h i ® ’
A •
»*>

:

Third Party
■
App Store
M o b ile A pp

No Vetting

.... >

.....

Malicious app sends sensitive data to attacker
Call logs/photo/videos/sensitive docs


S ecurity Iss u e s A risin g from App Stores
--- An authenticated developer of a company creates mobile applications for mobile
users. In order to allow the mobile users to conveniently browse and install these mobile apps,
platform vendors have created centralized marketplaces, but security concerns have resulted.
Usually mobile applications that are developed by developers are submitted to these
marketplaces (official app stores and third-party app stores) without screening or vetting,
making them available to thousands of mobile users. If you are downloading the application
from an official app store, then you can trust the application as the hosting store has vetted it.
However, if you are downloading the application from a third-party app store, then there is a
possibility of downloading malware along with the application because third-party app stores
do not vet the apps. The attacker downloads a legitimate game and repackages it with malware
and uploads the mobile apps to a third-party application store from where the end users
download this malicious gaming application, believing it to be genuine. As a result, the malware
gathers and sends user credentials such as call logs/photo/videos/sensitive docs to the
attacker without the user's knowledge. Using the information gathered, the attacker can
exploit the device and launch many other attacks. Attackers can also socially engineer users to
download and run apps outside the official app stores. Malicious apps can damage other
applications and data, and send your sensitive data to attackers.

Module 16 Page 2405




Call logs/photo/videos/sensitive docs
FIGURE 16.3: Security Issues Arising from App Stores

Module 16 Page 2406




T hreats of M obile M alw are

CIEH

T h re a ts of M obile M a lw are
In recent years, many system users are moving away from using personnel computers
toward smartphones and tablets. This increased adoption of mobile devices by users for
business and personal purposes and comparatively lesser security controls has shifted the
focus of attackers and malware writers for launching attacks on mobile devices. Attackers are
attacking mobile devices because more sensitive information is stored on them. SMS spoofing,
toll frauds, etc. are attacks performed by attackers on mobile devices. Mobile malware include
viruses, SMS-sending malware, mobile botnets, spyware, destructive Trojans, etc. The malware
is either application or functionality hidden within other application. For infecting mobile
devices, the malware writer or attacker develops a malicious application and publishes this
application to a major application store and waits until users install these malicious mobile
applications on their mobile devices. Once the user installs the application hosted by the
attacker, as a result, the attacker takes control over the user's mobile device. Due to mobile
malware threats, there may be loss and theft, data communication interruption, exploitation
and misconduct, and direct attacks.
According to the threats report, the security threats to mobile devices are increasing day by
day. In 2004, malware threats against mobile devices were fewer when compared to recent
years. The frequency of malware threats to mobile devices in the year 2012 drastically
increased.

Module 16 Page 2407




FIGURE 16.4: Threats of Mobile Malware

Module 16 Page 2408




App Sandboxing I s s u e s

CEH

Sandboxing helps protect systems and users by limiting the resources
the app can access in the mobile platform; however, malicious
applications may exploit vulnerabilities and bypass the sandbox

Copyright © by E & C a u a c i. All Rights Reserved. Reproduction is Strictly Prohibited.

App Sandboxing Issu e s
Sandboxing separates the running program with the help of a security mechanism. It
helps protect systems and users by limiting the resources the app can access in the mobile
platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox.
Sandboxing is clearly explained by comparing a computer and a smartphone. In normal
computers, a program can access any of the system resources such as entire RAM i.e. not
protected, hard drive information, and more can be read easily by anyone, unless and until it is
locked. So if any individual downloads malicious software believing it as genuine, then that
software can read the keystrokes that are typed in your system, scan the entire hard drive for
useful file types, and then send that data back through the network. The same occurs in mobile
devices; if an application is not given a working environment, it accesses all the user data and
all the system resources. If the user downloads a malicious application, then that application
can access all the data and resources and can gain complete control over the user's mobile
device.
Secure sandbox environment
In a secure sandbox environment, each individual application is given its own working
environments. As a result, the application is restricted to access the other user data and system
resources. This provides protection to mobile devices against malware threats.

Module 16 Page 2409




Other
User Data

N o A ccess

s
A
N
Unrestricted
D
Access
B

*•

App

O
System
Resources

‫ו‬

User Data

rriwiiif System

X

Resources

FIGURE 16.5: Secure sandbox environment

Vulnerable Sandbox Environment
In vulnerable sandbox environment, the malicious application exploits loopholes or weaknesses
for bypassing the sandbox. As a result, the application can access other user data and system
resources that are restricted.

s
User Data

1“

A

n r

M

Unrestricted
Access

A ccess

System
Resources

User Data

Bypass
the
Sandbox

App
System
Resources

FIGURE 16.6: Vulnerable Sandbox Environment

Module 16 Page 2410




c EH

M odu .le Flow

Urtiftod

•

•
f^^
l :‫־‬

1 1 eH
.

IU k j I lUchM

•
-

Mobile Platform
Attack Vectors

Copyright © by E & C a i n d . All Rights Reserved. Reproduction is Strictly Prohibited.

M odule Flow
So far, we have discussed various potential attack vectors of mobile platforms. Now
we will discuss hacking the Android OS.
w

Mobile Platform Attack Vectors

* '< Hacking BlackBerry
1 f>

flBSi Hacking Android iOS
v
---/

Mobile Device Management

■^‫׳‬

Hacking iOS

Hacking Windows Phone OS

Module 16 Page 2411

‫^׳‬
‫־‬

Mobile Security Guidelines and Tools

Mobile Pen Testing




This section introduces you to the Android OS and its architecture, various vulnerabilities
associated with it, Android rooting and Android rooting tools, various Android Trojans, Android
security tools, Android penetration testing tools, and Android device tracking tools.

Module 16 Page 2412




CEH

Android OS
Android is a software environment developed by Google for mobile devices
that includes an operating system, middleware, and key applications

Features
A pplication fram ew ork enabling reuse and replacem ent of
com ponents

Dalvik virtual m achine optim ized for mobile devices

Integrated b row ser based on the open source W ebK it engine

SQ Lite for structured data storage

M e d ia support for common audio, video, and still image form ats (M P E G 4 , H.264,
M P3 , AAC, A M R , JP G , PNG, GIF)
Rich developm ent environment including a device emulator, tools for debugging,
memory and performance profiling, and a plugin for the Eclipse IDE

http://developer.android.com
Copyright © by E & C a u a c ! . All Rights Reserved. Reproduction is Strictly Prohibited.

A ndroid OS
Android is a software stack developed by Google specifically for mobile devices such
as smartphones and tablet computers. It is comprised of an operating system, middleware, and
key applications. Android's mobile operating system is based on the Linux kernel. The Android
application runs in a sandbox. The sandbox security mechanism is explained on a previous slide.
Antivirus software such as Lookout Mobile Security, AVG Technologies, and McAfee are
released by security firms for Android devices. However, the sandbox is also applicable to the
antivirus software. As a result, though this antivirus software has the ability to scan the
complete system, it is limited to scanning up to a certain environment.
The features of android operating system include:
© Application framework enabling reuse and replacement of components
0

Dalvik virtual machine optimized for mobile devices

© Integrated browser based on the open source WebKit engine
0

SQLite for structured data storage

0

Media support for common audio, video, and still image formats (MPEG4, H.264, MP3,
AAC, AMR, JPG, PNG, GIF)

Module 16 Page 2413



Q


Rich development environment including a device emulator, tools for debugging,
memory and performance profiling, and a plugin for the Eclipse IDE

Module 16 Page 2414




Android OS A rchitecture

CEH

(•rtifwd

itkitjl

APPLICATION
Contacts

Phone

APPLICATION FR A M EW O R K
Activity Manager

Window ManagerContentProviders

Package Manager
Telephony
Manager

Surface Manager
L IBRA R IES

Resource
Manager

Location Manager

Media Framework

Notification
Manager

AND RO ID RUN TIM E
Core Libraries

OpenGL | ES

Dalvik Virtual Machine

SGI

LINUX KERNEL
Display Driver

Camara Driver

Flash Memory Driver

Binder (IPC) Driver

Keypad Driver

WiFi Driver

Audio Driver

Power Management


A ndroid OS A rch ite c tu re
Android is a Linux-based operating system especially designed for portable devices
such as smartphones, tablets, etc. The pictorial representation that follows shows the different
layers such as application, application framework, libraries, android runtime, and Linux kernel,
which make up the Android operating system.

Module 16 Page 2415




J<PPLI CATION
Home

Phone

Contacts

Browser

A P PL IC A T IO N F R A M E W O R K

A ctivity Manager

W ind ow M anager

Content Providers

Telephony

Resource
Manager

V iew System

Location Manager

Package Manager

Manager

N o t if ic a t io n

Surface Manager

S Q lite

O penGL | ES

FreeType

W ebKit

SGL

L IB R A R IE S

M edia Fram ework

SSL

Manager

libc

A N D R O ID R U N T IM E
Core Libraries

Dalvik Virtual Machine

L IN U X K E R N EL
Display Driver

Camara Driver

Flash M e m o ry Driver

Binder (IPC) Driver

Keypad Driver

W iFi Driver

Audio Driver

Power Managem ent

FIGURE 16.7: Android OS Architecture

Applications:
The applications provided by Android include an email client, SMS, calendar, maps, Browser,
contacts, etc. These applications are written using the Java programming language.
Application Framework
Q

As Android is an open development platform, developers have full
that is used in the core applications

access tothe

©

The View System can be used to develop lists, grids, text boxes,buttons,
application

API

etc. in the

Q The Content Provider permits applications to access data from other applications in
order to share their own data
© The Resource Manager allocates the non-code resources like localized strings, graphics,
etc.
Q The Notification Manager helps applications to show custom messages in the status bar
Q

The Activity Manager controls the lifecycle of applications

Libraries
Libraries comprise each and every code that provides the main features of an Android OS. For
example, database support is provided by the SQLite library so that an application can utilize it
for storing data and functionalities for the web browser provided by the Web Kit library. The

Module 16 Page 2416




Android core library includes Surface Manager, Media Framework, SQLite, OpenGL | ES,
FreeType, WebKit, SGL, SSL, libc, SQLite (database engine), and LibWebCore (web browser
engine).
Android Runtime
Android Runtime includes core libraries and the Dalvik virtual machine. The set of core
libraries allows developers to write the Android applications using the Java programming
language. Dalvik virtual machine is helpful in executing Android applications. Dalvik can run
multiple VMs efficiently.
Linux Kernel
The Android operating system was built based on the Linux kernel. This layer is made up of all
the low-level device drivers such as Display Driver, Camara Driver, Flash Memory Driver, Binder
(IPC) Driver, Keypad Driver, WiFi Driver, Audio Driver, and Power Management for various
hardware components of an Android device.

Module 16 Page 2417




A n d ro id D e v ic e A d m in is tra tio n A PI I C E H
J

The Device Administration API introduced in Android 2.2 provides device adm inistration features
at the system level

J

»

These A PIs allow developers to create security-aware applications that are useful in enterprise
settings, in which IT professionals require rich control over employee devices

I*

Policies supported by
the Device Administration API
6

Password enabled
Minimum password length

Minimum uppercase letters
required in password

Alphanumeric password

© Password expiration timeout

required

© Password history restriction

Complex password required
Minimum letters required in
password

9

Maximum failed password
attempts

a

Maximum inactivity time lock


0

Require storage encryption

Minimum non-letter characters

o

Disable camera

«

Prompt user to set a new
password

Minimum lowercase letters

Minimum numerical digits

9

Minimum symbols required in
password

Lock device immediately

S

Wipe the device's data
h t t p : / / d e v e l o p e r . a n d r o id , c o m

A ndroid D evice A d m in istratio n API
",“ "■
‫'׳‬

Source: http://developer.android.com

The Device Administration API introduced in Android 2.2 provides device administration
features at the system level. These APIs allow developers to create security-aware applications
that are useful in enterprise settings, in which IT professionals require rich control over
employee devices. The device admin applications are written using the Device Administration
API. These device admin applications enforce the desired policies when the user installs these
applications on his or her device. The built-in applications can leverage the new APIs to
improve the exchange support.

Policy

Description

Password enabled

Requires that devices ask for PIN or passwords.

Minimum password
length

Set the required number of characters for the password. For
example, you can require PIN or passwords to have at least six
characters.

Alphanumeric password
required

Requires that passwords have a combination of letters and numbers.
They may include symbolic characters.

Module 16 Page 2418




Complex password
required

Requires that passwords must contain at least a letter, a numerical
digit, and a special symbol. Introduced in Android 3.0.

Minimum letters required
in password

The minimum number of letters required in the password for all
admins or a particular one. Introduced in Android 3.0.

Minimum lowercase
letters required in
password

The minimum number of lowercase letters required in the password
for all admins or a particular one. Introduced in Android 3.0.

Minimum non-letter
characters required in
password

The minimum number of non-letter characters required in the
password for all admins or a particular one. Introduced in Android
3.0.

Minimum numerical digits

The minimum number of numerical digits required in the password

Minimum symbols

The minimum number of symbols required in the password for all
admins or a particular one. Introduced in Android 3.0.

Minimum uppercase
letters required in
password

The minimum number of uppercase letters required in the password

Password expiration
timeout

When the password will expire, expressed as a delta in milliseconds
from when a device admin sets the expiration timeout. Introduced in
Android 3.0.

Password history
restriction

This policy prevents users from reusing the last ‫ ו‬unique passwords.
‫ר‬
This
policy
is
typically
used
in
conjunction
with
setPasswordExpirationTimeout(), which forces users to update their
passwords after a specified amount of time has elapsed. Introduced
in Android 3.0.

Maximum failed
password attempts

Specifies how many times a user can enter the wrong password
before the device wipes its data. The Device Administration API also
allows administrators to remotely reset the device to factory
defaults. This secures data in case the device is lost or stolen.

Maximum inactivity time
lock

Sets the length of time since the user last touched the screen or
pressed a button before the device locks the screen. When this
happens, users need to enter their PIN or passwords again before
they can use their devices and access data. The value can be
between 1 and 60 minutes.

Require storage
encryption

Specifies that the storage area should be encrypted, if the device
supports it. Introduced in Android 3.0.

Disable camera

Specifies that the camera should be disabled. Note that this doesn't
have to be a permanent disabling. The camera can be
enabled/disabled dynamically based on context, time, and so on.
Introduced in Android 4.0.
TABLE16.1: A ndroid Device A dm inistration API

Module 16 Page 2419




I

S M o 2:0977]
App/Device Admin

Demonstration of ‫ ג‬DeviceAdmin class for
administering the user's device.

FIGURE 16.8: Android Device Administration API

Module 16 Page 2420




CEH

Android R ooting
J

Rooting allows Android users to attain privileged control (know n as "ro o t access") within Android's subsystem

J

Rooting process involves exploiting security vulnerabilities in the device firm w a re , and copying the su binary to a
location in the current process's PATH (e.g. /system/xbin/su) and granting it executable permissions with the
chmod command

Rooting enables all the user-installed

Rooting also comes with many

applications to run privileged

security and other risks to your

commands such as:

device including:

Modifying or deleting system files, module,
ROMs (stock firmware), and kernels

Low-level access to the hardware that are
typically unavailable to the devices in their
default configuration

Voids your phone's warranty

»
Removing carrier- or manufacturerinstalled applications (bloatware)

&

Poor performance

© Malware infection
6

Bricking the device

Improved performance
Wi-Fi and Bluetooth tethering
Install applications on SD card
Better user interface and keyboard


A ndroid R ooting
Rooting is the process of removing the limitations and allowing full access. It allows
Android users to attain "super user" privileged control (known as "root access") and permission
within Android's subsystem. After rooting the Android phone, an Android user will have control
over SETTINGS, FEATURES, and PERFORMANCE of his or her phone and can even install
software that is not supported by the device. The root users will have "super -user" privileges
using which they can easily alter or modify the software code on the device. Rooting is basically
hacking Android devices and is equivalent to "jailbreaking" in iPhone. Rooting exploits a
security vulnerability in the device firmware, and copying the su binary to a location in the
current process's PATH (e.g. /system/xbin/su) and granting it executable permissions with the
chmod command.
Rooting enables all the user-installed applications to run privileged commands such as:
Q

Modifying or deleting system files, module, ROMs (stock firmware), and kernels

Q

Removing carrier- or manufacturer-installed applications (bloatware)

Q

Low-level access to the hardware that are typically unavailable to the devices in their
default configuration

© Improved performance

Module 16 Page 2421




© Wi-Fi and Bluetooth tethering
© Install applications on SD card
© Better user interface and keyboard
Rooting also comes with many security and other risks to your device including:
© Voids your phone's warranty
© Poor performance
© Malware infection
© Bricking the device

Module 16 Page 2422




R ooting Android P hones u sin g
SuperO neC lick

CEH

D f1
f-V ‫ זת«ווזז״,י‬H

J

Plug in and connect your android device to your
computervia USB

USB debugging
Debug mode *when use « (OAMnM

PC M ode

©

W ind ow s M edia Sync

O

U S B M ass Storage

O

Charge O nly

Q

Stay awa ke
Serft n will neve* sleep *hile (tw png

J

Install driver for the device if prompted

J

Unplug and re-connect, but this time select
"Charge only" to sure that your phone's SD Card
is not mounted to your PC

J

Run SuperOneClick.exe(availableinToolsDVD)

J

Click on the "Root" button

J

Wait for some time until you see a "Running a
Su test Success!" message

J

Now check out the installed apps in your phone

J

Allownock loe&ions

Go to Settings ‫ >־‬Applications ‫ >־‬Development
‫־‬
and enable USB Debugging to put yourandroid
into USB Debugging mode

J

Allow mock locations

Superusericon means you now have root access
(reboot the phone if you do not see it)

!5]
Superuser Request

App: drocap2 (10104)
pAckdga: cam guv* nig. Jtudrcx4!)3
Requested U1D: root(O)
Com nwltd: /sys1 1 1
« n‫׳‬bl Vsh

Rcmember

J

R ooting A ndroid P h o n es u sin g S u p erO n eC lick
SuperOneClick is a tool designed especially for rooting an Android phone. The step-bystep procedure for rooting an Android phone with the help of SuperOneClick follows:
© Plug in and connect your Android device to your computer via a USB.
Q

Install the driver for the device if prompted.

© Unplug and re-connect, but this time select Charge only to ensure that your phone's SD
Card is not mounted to your PC.
Q

Go to Settings ‫ >־‬Applications ‫ >־‬Development and enable USB Debugging to put your
‫־‬
‫־‬
android into USB Debugging mode.

Q

Run SuperOneClick.exe (available in Tools DVD).

© Click the Root button.
Q

Wait for some time until you see a "Running a Su test Success!" message

Q

Now check out the installed apps in your phone.

© Superuser icon means you now have root access (reboot the phone if you don't see it).

Module 16 Page 2423



Li
©


—
USB connection

USB debugging

o
o
o
o

1 PC Mode
1

Windows Media Sync
USB Mass Storage

1 Charge Only
|

OK
Text M «

BfOWStr

Debug m od* when USB Is connected

Stay awake

mm

Screen will never sleep while charging

Allow mock locations

m

Allowm locations
ock

Cancel
Market

©

VO K em ji!

1

Su p e ru se r Req u est
The following app is requesting superuser
access:
App: drocap2 (10104)

Package: c0m ail.nag...atu.df0cap2
.gm
Requested UID: root (0)
Com m and: /system/bin/sh

FIGURE 16.9: Rooting Android Phones using SuperOneClick

Module 16 Page 2424

Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil



R ooting Android P hones U sing
Superboot

.
-------

D ow nload and extract the S u p e rb o o t files

ft

Put your Android phone in
bootloader mode

Depending on your com puter's
O S, do one of the following:

m

J

Turn off the phone, remove the battery,
and pluginthe USB cable

Windows: Double click "install-superbootwindows.bat"

J

When the battery icon appears onscreen,
pop the battery back in

Mac: Open a terminal window to the directory
containing the files, and type "chmod + installx
superboot-mac.sh" followed by "./installsuperboot-mac.sh"

al Now tap the Power button while holding
down the Camera key
J

1

Linux: Open a terminal window to the directory
containing the files, and type "chmod + installx
superboot-linux.sh" followed by 1
'./installsuperboot-linux.sh"

For Android phoneswithatrackbalLTurn
off the phone, press and hold the trackball,
then turn the phone backon

r~ 1
* j .

Your device has been ro o ted

m


R ooting A ndroid P h o n es u sin g S uperkoot
Superboot is a boot.img. It is designed specifically to root Android phones. It roots
Android phones when they are booted for the very first time. Any individual can root the
Android phone using superboot by following these steps:
Step 1: Download and extract the Superboot files.
Step 2: Put your Android phone in bootloader mode:
Q Turn off the phone, remove the battery, and plug in the USB cable.
9

When the battery icon appears onscreen, pop the battery back in.

© Now tap the Power button while holding down the Camera key.
Q

For Android phones with a trackball: Turn off the phone, press and hold the trackball,
then turn the phone back on.

Step 3: Depending on your computer's OS, do one of the following:
Q

Windows: Double-click install-superboot-windows.bat.

© Mac: Open a terminal window to the directory containing the files, and type chmod +
x
install-superboot-mac.sh" followed by ./install-superboot-mac.sh.

Module 16 Page 2425



6


Linux: Open a terminal window to the directory containing the files, and type chmod +
x
install-superboot-linux.sh" followed by ./install-superboot-linux.sh.

Step 4: Your Android device has been rooted.

Module 16 Page 2426




Android R ooting Tools
i( ] □ !

CEH

@ D s1:5.
B < 26
(D B

?!

a ‫ ׳‬m a 9:15 am
a

un re v o k e d
1« th» tutron to root your phono

y r

Wo don't antiripa!!

U n iv e r s a l A n d r o o t

Do you want to install this
application?

UnlockRoot.com

a t

Allow this application to:

A Storage
modify/delete SD card contents

A Phone calls
read phone state and identity

A System tools
c neWFsa ,peetpoefr m
tag i i t te r vn hn o
s ein
lep g

O

i n i

Sh o w all

R eco very F la sh e r

‫ר‬

U niversal Androot

U nlock Root

A n d r o id R o o t in g T o o ls
C O

J

In addition to SuperOneClick and Superboot, there are many other tools that can be
used for rooting Android phones:
© Unrevoked available at http://unrevoked.com
© Recovery Flasher available at https://sites.google.com/site/adlxmod
© Universal Androot available at http://forum.xda-developers.com
© Unlock Root available at www.unlockroot.com

Module 16 Page 2427



AH□ ‫ י‬B


gfflj® 1:5*
26
i

& B D 0 9:15 AM

un r e v o k e d
Press the button to root your phone. We don't anticipate
orealdng your prion*, but w e're noi liable if It do•* On Ev
you’l hare to do thi5 each time you reboot. Have fun!

, u Universal Androot
UntocfcRoot v2 0

application?

Donate | Follow us on Twitter.

UnlockRoot.com

A

Storage
modify/delete 50 card contents

A

i n

Phone calls
read phone state and tdentlty

A

System tools
change Wi-Fi slate, prevent phone from
sleeping

O S h o w a ll
Install

1
||

Cancel

_

.

Root

I

Contort devic• with U S8 coble and

FIGURE 16.10: Android Rooting Tools

Module 16 Page 2428




Session Hijacking Using
DroidSheep
J

•. © * v

DroidSheep is a simple Android tool for web session hijacking
(sidejacking)

? i n s■

Connect edt o *••‫יי»י‬

2:02 pm

‫■״‬
«

Spoofing IP: 192.168.0.1

J

It listens for HTTP packets sent via a wireless (802.11) network
connection and extracts the session IDs from these packets in order
to reuse them

m

‫צ‬

». .

^

[http7/w w w .facebook...

IP=192.168 0.100 Anil Sardiw al [h ttp V M w ..

http://www.google.co.in
IP=192.168.0.100 ID : 1239002684

http://xsltcache.alexa.com

J

IP=192.168.0.100 ID : 1120334729

DroidSheep can capture sessions using the libpcap library and

http://api.mywot.com

supports: O PEN N etw orks, W E P encrypted networks, W P A and

IP-192.168.0.100 ID : 166224861

http://apis.google.com

W P A 2 (P SK only) encrypted n etw orks

IP=192.168 0.100 ID : -561222905

http://www.blogger.com
IP=192.168.0.100 ID : •70447663

o

in

n

■
A

A

User

Internet
ARP
Spoofing

Attacker modifies the

m

*«.

http://platf orm .twitter.com
IP-192.168.0.100 ID : 1933430236

http://s7.addthis.com
IP-192.168 0.100 ID : 1667993814

http://www .stum bleupon.com

session IDs and relay them
to web server

Attacker intercepts
client's request for a
web page

w
W

http://platform .linkedln.com
I P “ 192.168.0.100 ID : •2082712684

Attacker

IP-192.168.0.100 ID : •1486882064

✓

o

c

R U N N IN G AN D
S P O O F IN G


Session H ijack in g U sing D roidS heep
Most web applications use a session ID to verify the user's identity with the
application. This session ID is transmitted in subsequent requests within HTTP packets in order
to maintain the session with the user. The attacker uses the DroidSheep tool to read the all the
packets sent via a wireless network and captures the session ID. Once the attacker captures the
victim's legitimate session ID, he or she may use this stolen session ID to access the target web
application on behalf of the victim.
DriopSheep listens and captures HTTP packets sent via a wireless (802.11) network and then
analyzes the captured packets to extract and reuse the session IDs. DriopSheep accomplishes
this using the libcap library. It supports OPEN Networks, WEP encrypted networks, WPA, and
WPA2 (PSK only) encrypted networks.

Module 16 Page 2429




A

User

A

Internet

ARP
Spoofing
A ttacker intercepts
client's request for a

*»«

A ttacke r modifies the
session IDs and relay them
to W e b s e rv e r

w ebpage

Attacker
FIGURE 16.11: Session Hijacking Using DroidSheep

Module 16 Page 2430




^

rid I

©

2:02 PM

Connected to - • ■
• • ‫•י״יייי‬
Spoofing IP: 192.168.0.1

[http://www.facebook....
IP=192.168.0.100 Anil Sardiwal [http://ww...

http://www.google.co.in
IP=192.168.0.100 ID: 1239002684

http://xsltcache.alexa.com
IP=192.168.0.100 ID: 1120334729

http://api.mywot.com
IP=192.168.0.100 ID: 166224861

http://apis.google.com
IP=192.168.0.100 ID: -561222905

http://www.blogger.com
IP=192.168.0.100 ID: -70447663

http://platform.linkedin.com
IP=192.168.0.100 ID: -2082712684

http://platform.twitter.com
IP=192.168.0.100 ID: -1933430236

http://s7.addthis.com
IP=192.168.0.100 ID: -1667993814

http://www.stumbleupon.com
IP=192.168.0.100 ID: -1486882064

M

o

ARP-Spoofing

a
i

G eneric mode

RUNNING AND
SPOOFING

FIGURE 16.12: DroidSheep Screenshot

Module 16 Page 2431




Android-based Sniffer: FaceNiff I C EH
FaceNiff is an Android app that allows you to sniff

It is possible to hijack sessions only when W iF i is

and intercep t w e b session profiles over the W iFi

not using EAP, but it should work over any private

that you r mobile is connected to

n etw orks (Open/W EP/W PA-PSK/W PA2-PSK)

|‫ז‬
Vibration
Vibrate when new praMe is foutd

MAC TO Vendor resolving
Try fimfcng oul Jhe device *ewdor

Filter services
Selecl wtnch twvictt you want to be shown

h ttp://faceniff.ponury. net

H

A n d ro id -b ased Sniffer: F aceN iff
Source: http://faceniff.ponury.net

FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the
Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not
using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK).
Note: If webuser uses SSL this application won't work.

Module 16 Page 2432




m

L _ J

u

Fitter services

STOP

Vibration

amazon.com

Vibratewt*n new proMe it found

f71f| bponury

p bl
ue

MAC TO Vendor resolving

amazon.co uk

Try frying 014 (he device vendor

Filter services

bponury

Setecl which servicesyou want to be •hown

amazon.de

Intel Corporate (30.88.b4:

tuenti.com

BartoszTestowy

nk.pl
10 0 ‫(6 ו 00 ו‬

twitter.com

tumblr.com

meinvz.net

%

&
Unlock mu

Request new key

•
Go to website

Export sessions

r t
Import sessions

©
Settings

studivz.net

blonoer com

FIGURE 16.13: FaceNiff Screenshot

Module 16 Page 2433




A n d ro id T ro ja n : Z itM o (ZeuS-inth e -M o b ile )

r cu
!z —?

Zitmo is the notorious mobile
component of the Zeus banking
Trojan that circumvents twofactor authentication by

Ml
C a r H om e

Contacts

intercepting SMS confirmation
codes to access bank accounts

H

The new versions for Android
and BlackBerry have now added

Em ail

Galery

»
Custom
local*

m

Q

M nugng

botnet-like features, such as
enabling cybercriminals to
control the Trojan via SMS

r m

»
Dev Tool!

* 4

commands

Music

C Home
ar

‫יי‬

conucn

»
»
cus*‫״״‬
lAa
rU

^ 5 Zertifikat
Installation erfolgreich
Ihr Aktivierungskode lautet
7725486193

Copyrigh t © b y

E&Cauaci. A ll Rights R eserve d. R eproduction is Strictly Prohibited.

A ndroid T rojan: ZitM o (ZeuS‫־‬in ‫־‬th e ‫־‬M obile)
Zitmo refers to a version of the Zeus malware that specifically targets mobile devices.
It is a malware Trojan horse designed mainly to steal online banking details from users. It
circumvents mobile banking app security by simply forwarding the infected mobile's SMS
messages to a command and control mobile owned by cybercriminals. The new versions of
Android and BlackBerry have now added botnet-like features, such as enabling cybercriminals
to control the Trojan via SMS commands.

Module 16 Page 2434




S B D ® 10:53 am I

Car H om e

C o n ta c ts

C u s to m

D e v T o o ls

L o c a le

E m a il

G a lle r y

M e s sa g in g

Phone

S e ttin g s

S p a r e P a rts

M usk

Sp eech
R e co rd e r

FIGURE 16.14: ZitMo (ZeuS-in-the-Mobile) Screenshot

Module 16 Page 2435




Android Trojan: GingerBreak

GingerBreak v l.l
O p tio ns

Q ) GingerBreak
Please make sure of the
following before rooting:
- You have an SD card inserted
and mounted
- USB debugging is enabled

AndroidOS/GingerBreak is a
trojan that affects mobile devices
running the Android operating
system
It drops and executes another
trojan detected as Exploit:
Android0s/CVE-2011-1823,
which, if run successfully, gains
administrator privileges on the
device

p

CEH

GingerBreak

application?


A System tools
re»d system log riles

Copyrigh t © b y

EfrCaincl. A ll Rights R eserve d.

R eproduction is Strictly Prohibited.

A ndroid T rojan: G in g erB reak
AndroidOS/GingerBreak is a Trojan that affects mobile devices running the Android
operating system. It drops and executes another Trojan detected as Exploit: AndroidOS/CVE2011-1823, which, if run successfully, gains administrator privileges on the device.

Module 16 Page 2436




GingerBreak

|PS GingerBreak

GingerBreak v1.1
APK: Chainfire
Exploit: The Android Exploid Crei
Options________________

Do you w ant to install this
application?


A System tools
read system log files

FIGURE 16.15: GingerBreak Screenshot

Module 16 Page 2437

Ethical Hacking and Countermeasures Copyright © by EC-C0UnGil



Android Trojan: AcnetSteal and
Cawitt
A c n e tS te a l
J

C a w it t

AcnetSteal is a program that harvests data and

J

Cawitt.A operates silently in the background,
gathering device inform ation which it later

inform ation from the device
J

CEH

forw ards to a remote server

Trojan sends the contact inform ation to a
remote location using Triple DES Encryption

J

Collected information includes d evice ID,
International Mobile Equipment Identity (IM E I)

(DESede)

number, phone num ber, Bot ID, and modules
8:06 AM

a

n

a

8:06 AM

Quote!!! Slim
Be social! plugin
32.C0KB
A
v R ),

ookb

Your messages
rctcrvc SMS

E xam ple w a llp a p e rs
A

Network communication

A

Storage

(til Iniffnrt K e n t

•

S am ple Soft K eyboard

10K
60R

rroaity/ddtteSOcard content?

A

Services that cost you
money
send SMS rnesuges

A

Phone calls
read phone sute a‫ ״‬identity
td

Copyrigh t © b y E f r C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.

A ndroid T rojan: A cnetSteal a n d C aw itt
A cnetSteal
AcnetSteal is a program that harvests data and information from the device. The Trojan
sends the contact information to a remote location using Triple DES Encryption (DESede).

FIGURE 16.16: AcnetSteal Screenshot

Module 16 Page 2438



IM


C aw itt

Cawitt operates silently in the background, gathering device information which it later
forwards to a remote server. Collected information includes device ID, International Mobile
Equipment Identity (IMEI) number, phone number, Bot ID, and modules. This Trojan doesn't
place any launcher icon in the application menu in order to avoid being detected by the device
user.

t r iR & G

8:06 A M

Manage applications

Application Info

com.android.gesture.builder
32.00KB
Perm issions

H
wT)

Be social! plugin
32.00KB

This application can access the following on your
phone:

A
20.00KB

Your messages
receive SMS

Example Wallpapers
A

Network communication
full Internet access

Sample Soft Keyboard
3600KB

A

Storage
m
odify/delete SOcard contents

A

Services that cost you
money
send SMS m
essages

A

Phone calls

FIGURE 16.17: Cawitt Screenshot

Module 16 Page 2439




Android Trojan: Frogonal and
G am ex

c EH

to M Itc Jl IlM
ftN fM h
M

Frogonal
J

Frogonal.A is a repackaged version of an original application
where extra functionalities used for malicious intent have
been added into the new package

J

It harvests the following information from the compromised
device such as identification of the Trojaned application,
phone number, IMEI number, IMSI number, SIM serial
number, device model, operating system version, root
availability

G am ex
-I Gamex.A hides its malicious components inside the package
file
_J Once it is granted a root access by the user, it connects to a
command and control (C&C) server to download more
applications and to forward the device IMEI and IMSI numbers
J

It also establishes a connection to an external link which
contains a repackaged APK file, and proceeds to downloading
and installingthe file
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited

A ndroid T rojan: F ro g o n al a n d G am ex
F ro g o n a l
Frogonal is a repackaged version of an original application where extra functionalities
used for malicious intent have been added into the new package. It harvests the following
information from the compromised mobile devices:
9

Identification of the Trojanized application:
•

Package name

•

Version code

9

Phone number

9

IMEI number

9

IMSI number

9

SIM serial number

9

Device model

9

Operating system version

9

Root availability

Module 16 Page 2440




m

@My Games

application?

✓

Your m essages

receive SMS
✓

m

ft

N e t w o r k c o m m u n ic a t io n

Jull Internet access

✓ Storage
modify/delete SO card contents
✓

H a r d w a r e c o n t r o ls

take pictures and videos
✓

P h o n e c a lls

read ohone state and identity

*s

‫«יא‬
»‫מ‬

FIGURE 16.18: Frogonal and Gamex Frogonal Screenshot

G am ex
Gamex is an Android Trojan that downloads and installs the files on a compromised
mobile device. It hides the malicious content inside the file that is to be installed; once it is
granted a root access by the device owner, it connects to a command and control (C&C) server
to download more applications and to forward the device's IMEI and IMSI numbers. It also
establishes a connection to an external link that contains a repackaged APK file, and proceeds
to download and install the file.
*m e 1: 1P
2 M
2
Manage a p i a i n
plctos

Q Bi< 1:2 P
8 3 22 M
A p ication i f
pl
no

c o m . a n d r o id .g e s t u r e . b u ild e r

32.00KB
E x a m p le W a l l p a p e r s

20.00KB
S a m p le S o f t K e y b o a r d

* 7

36.00KB

This application can access the following on your
phone:

A Storage


A Network communication
ful Internet access

A Phone calls


FIGURE 16.19: Gamex Screenshot

Module 16 Page 2441




Android Trojan: KabStamper and
M ania
K a b S ta m p e r
J

KabStamper.A is a m alw are distributed via Trojaned

CEH

M an ia
J

M ania.A is an SMS-sending m alw are that sends

applications that deliver new s and videos on the
AKB48 group
J

out messages with the content "te l" or "quiz" to
the number 84242

Malicious code in the m alware is highly destructive;

J

it destroys im agesfound in th esd card /D C IM

Any reply from this number is redirected to
an oth er device to prevent user from becoming

/cam era fo ld e rth a t stores images taken with the

suspicious

device's camera
J
J

Eve ry five m inutes, the m alw are checks this folder
and modifies a found image by overwriting it with a

Mania.A is known for using the trojanization
technique, w h ere it is repackaged with another
original application in order to dupe victim s

predefined image
U f f i ]<Li 6:M AM I

£ |

ce«

^

t 1M *e w a 11pjpen

0

rtflDa*26AM

y ! S B

6:2* AM

h

})• H t*n

wujpn
ap c

H

c m n ro .g s re u e
o .a d ld e tu .b lld r

W m

3*.00KB


A ndroid T rojan: K ab S tam p er a n d M a n ia
K a b S ta m p e r
KabStamper is an Android Trojan that modifies images found in the target mobile
device by overwriting them with a predefined image. It is distributed via Trojanized
applications that deliver news and videos about the AKB48 group. It is very destructive and
destroys images found in the sdcard/DCIM/camera folder that stores images taken with the
device's camera.

Module 16 Page 2442




6 S4 AM

6:54 A M

r r- ‫־‬
704 1 *‫ז 2 י‬KB

•
•

c o m .a n d ro id .g e stu re.b u lld er

3.0a
20

■ R j 7 E x a m p le W a llp a p e r s
S t / 20.00KB
S a m p le So ft K e yb o a rd
36.00KB

FIGURE 16.20: KabStamper and Mania Kabstamper Screenshot

M a n ia
Mania is an Android Trojan that pretends to perform license checking to cover up its
SMS-sending activities in the background. It is SMS-sending malware that sends out messages
with the content "tel" or "quiz" to the number 84242. Any reply from this number is redirected
to another device to prevent the device owner from becoming suspicious. While running,
Mania appears to be performing license checking, but this process always fails and never seems
to be completed. The license checking is a coverup for the SMS sending activities that are taking
place in the background.
a

n

e

6:26 A M

y b S G

6:28 A M

FIGURE 16.21: Mania Screenshot

Module 16 Page 2443




Android Trojan: PremiumSMS and
SmsSpy
Sm sSpy

P re m iu m S M S
Prem iu m SM S.A is a Trojan that reaps profit from

J

into a secsuite.db

It has a configuration file that contains data on
recipient numbers
Example of the sent messages:

SmsSpy.F poses as an Android Security Suite
application that records received SM S messages

its S M S sending activities

th e content of the S M S messages and the

CEH

J

Thism alw aretargetsbankingconsum ers in Spain
w here it is spammed via a message indicatingthat
an extra Security Protection program that
protects the device is availablefor download

1. Number: 1151
f t 8 1 ® 7:14AM

Content: 692046 169 BG QCb5T3w
2. Number: 1161
s .

* 7

3. Number: 3381

1

•

<1

*

f t

*

q

(«•<

‫/ §ז‬
&*r.y

f t
Snlun

f e
W.K

Pho
ne

&
S g Sp rehits
ettin *
o

m


A ndroid T rojan: Prem ium SM S a n d Sm sSpy
P r e m iu m S M S
PremiumSMS is an Android Trojan that reaps profit from its SMS-sending activities. It
has a configuration file that contains data on the content of the SMS messages and the
recipient numbers.
Example of send messages:
1. Number: 1151
2. Number: 1161
3. Number: 3381
4. Number: 1005
Content: kutkut clsamg 6758150
5. Number: 5373
Module 16 Page 2444




6.

Number: 7250
Sm sSpy

SmsSpy is an Android Trojan that poses as an Android Security Suite application that
actually does nothing in ensuring the device's security. However, it records received SMS
messages into secsuite.db instead. It targets banking consumers in Spain, posing as an Android
Security Suite application.

FIGURE 16.22: SmsSpy Screenshot

Module 16 Page 2445




Android Trojan: DroidLive SMS
and UpdtKiller

CEH

U p d tK ille r

D roidLive S M S
DroidLive masquerades as a Google Library,

J

UpdtKiller.A connects to a command and
control (C&C) server, w h ere it forw ards users'

attempts to utilize Device A dm inistration A PI

data to and receives further commands from

It attempts to install itself as a device
administration app, and is capable of tapping

J

This m alware is also capable of killing

into personal data and performing a mixture of

antivirus processes in order to avoid being

nefarious activities on android mobile devices

detected

Text M essa g es

i 1 • 4P S

A

U‫׳‬n(»M

S h u td o w n R e c e iv e r

; DroidLive Main
A
Controller

Add

»

D e vice
A d m in

‫י‬

llrowv*

O O tO CiHfnnm
M iM r

‫י‬

ty Ia*l
m

Cn
o tact* D loolt
«v

‫ 8 &ז‬fe

SmsMessageReceiver
Call P h o n e
W a k e L o c k R e c e iv e r

N u m b ers

DeviceAdmin

(P
fll

W

Copyrigh t © b y E f r C o in c l. A ll Rights R eserve d. R eproduction is Strictly Prohibited.

Android Trojan: DroidLive SMS and UpdtKiller
I

| D r o id L iv e S M S

DroidLive SMS is an Android Trojan masquerading as a Google Library; it attempts to
utilize a device administration API. It attempts to install itself as a device administration app,
and is capable of tapping into personal data and performing a mixture of nefarious activities on
Android mobile devices. It attempts to disguise itself as a Google library, and receives
commands from a Command and Control (C&C) server, allowing it to perform functions
including sending text messages to premium numbers, initiating phone calls, and collecting
personal data.

Module 16 Page 2446




Send
Text Messages

BootReceiver

A
LiveReceiver

DroidLive Main
Controller

ShutdownReceiver

Add
Device
Admin

SmsMessageReceiver

V
Call Phone
Numbers

WakeLockReceiver

DeviceAdmin

FIGURE 16.23: DroidLive SMS and UpdtKiller DroidLive SMS

A n d r o i d T r o j a n : U p d t K ille r
UpdtKiller is an Android Trojan that terminates processes belonging to antivirus products in
order to avoid detection. It connects to a command and control (C&C) server, where it forwards
harvested user data to and receives further command from.
7:51 AM

•‫־‬
Alarm Clock

#

&

Browser Calculator

CameraContacts

Dev Tools

$!7 5
Gallery

5
Calendar

Email

P

&

Gestures Messaging

Music

Builder

B

PhoneSettings

# ‫־‬E

Sparc Parts

FIGURE 16.24: UpdtKiller Screenshot

Module 16 Page 2447




Android Trojan: FakeToken

CEH
C«rt1fW4

itfciul ■U
ckw

FakeToken steals both bankingauthentication factors (Internet
password and mTAN) directly from the mobiledevice

P erm issio n s

Distribution T ech n iq u e s
• T h ro u g h p h is h in g e m a ils p re te n d in g t o b e

P erm issio n s

This application can access th e following on
yo u r phone:

This application can access the following on
your phone:

✓ Your messages
receive SM S

s e n t b y th e ta r g e te d ban k
•

receive SMS

✓ Network communication

In je c t in g w e b p a g e s fro m in fe c te d

full In te rn e t access

co m p u te rs , s im u la tin g a fa k e s e c u r ity a p p
t h a t p re s u m a b ly a v o id s t h e in te rc e p tio n

‫✓י‬

o f S M S m e s s a g e s b y g e n e r a tin g a u n iq u e

✓ Your messages

Your personal information
read contact data

full In te rn et access

✓ Storage
m odify/delete SD card contents

d ig ita l c e r t ific a te b a s e d o n th e p h on e

■ Storage
S

n u m b e r o f th e d e v ic e

✓ Phone calls

m odify/delete SD card contents
•

In je c t in g a p h is h in g w e b p a g e th a t
r e d ire cts u s e rs t o a w e b s it e p re te n d in g to

read phone state and Identity

b e a s e c u r ity v e n d o r t h a t o ffe rs th e
" e B a n k in g S M S G u a rd " a s p ro te ctio n
a g a in s t " S M S m e s s a g e in te rc e p tio n a n d
m o b ile P h o n e S IM c a rd c lo n in g "

✓ Phone calls

A

✓ Services that cost you
money
send SM S messages


money
send SM S messages

NEW VERSION

Copyrigh t © b y E & C a in c f l. A ll Rights R eserve d. R eproduction is Strictly Prohibited.

^

Android Trojan: FakeToken

FakeToken steals both authentication factors (Internet password and mTAN) directly
from the mobile device.
Distribution Techniques:
© Through phishing emails pretending to be sent by the targeted bank
© Injecting web pages from infected computers, simulating a fake security app that
presumably avoids the interception of SMS messages by generating a unique digital
certificate based on the phone number of the device
© Injecting a phishing web page that redirects users to a website pretending to be a
security vendor that offers the "eBanking SMS Guard" as protection against "SMS
message interception and mobile Phone SIM card cloning"

Module 16 Page 2448




Permissions

Permissions

your phone:

your phone:

✓ Your messages
receive SMS

receive SMS



✓ Your personal information
read contact data

✓ Storage

✓ Storage

✓ Phone calls


✓ Phone calls

money
send SMS messages

V Your messages


money
send SMS messages

NEW VERSION

FIGURE 16.25: FakeToken Screenshot

Module 16 Page 2449




1

■
C o pyrigh t © b y

EC-Coind. A ll Rights R e s e r v e d Rep rodu ction is S tric tly Prohibited.

|J Securing Android Devices
--- Security of Android devices is a major concern as most people at present using these
devices as substitutes for computers. Similar to a traditional computer, security is mandatory
for Android devices to avoid being infected by a malicious application or data loss. The
following are a few key points that help you in securing your Android device:
© Enable screen locks for your Android phone for it to be more secure
© Never root your Android device
© Download apps only from official Android market
© Keep your device updated with Google Android antivirus software
© Do not directly download Android package files (APK)
© Keep updated with the operating system as and when updates arrive
© Use free protectors Android apps such as Android Protector. Where you can assign
passwords to text messages, mail accounts, etc.
© Customize your locked home screen with the user's information

Module 16 Page 2450




Google Apps Device Policy
Google Apps Device Policy app allows Google

J

CEH

This app allows IT ad m inistrato rto enforce

Apps dom ain admin to set security policies for

security policies and rem otely w ipe your

yo ur Android d evice

device

It is a device adm inistration app for Google

J

Additionally, this app allows you to ring, lock,

Apps for Business, Education, and G overnm ent

or locate yo ur Android devices through the

acco un tsthat makes your Android d evice more

M y Devices page:

secure for enterprise use

h t t p s : / / w w w . g o o g le . c o m / a p p s / m y d e v ic e s

Device .irtnnist'ffd urdef google
Domair odrwwstfatof s can sel
po1
c*« nrxl reirnlriy wif*• Ihe

qooqe ccnVapca/mytfcvces
cl 1 changrpauvora
c
irk tin M Cn*««t not b• gr•*•' than /
MM
Accourt register<d

JrreQistef !his account 80 I ‫ גו‬no
Of0#f rnuMOPfl hy your domain
xin niitn itw i

https://ploy.google.com

Google Apps Device Policy
Source: https://play.google.com
The Google Apps Device Policy app allows a Google Apps domain admin to set security policies
for your Android device. It is a device administration app for Google Apps for Business,
Education, and Government accounts that makes your Android device more secure for
enterprise use. This app allows an IT administrator to enforce security policies and remotely
wipe your device. Additionally, this app allows you to ring, lock, or locate your Android devices
through the My Devices page: https://www.google.com/apps/mydevices■

Module 16 Page 2451




©
Device administered under rpogle
I com
Dama r administrators can set
policies and remotely wipe the
device.

91

ocate your device at m & J l m x i .
google com/apps/mydevices
google.com/apps/mydevices
Successfully synced w ‫׳‬th server at
Succe!

O ‫22ו‬
:‫. ו‬

Unregister this account so it is no
Icngcr managed by your domain
administrators.

uoorgtoxMnpIc.cOTi

A

Some device details are shared with
domain administrators

✓

Successfully synced with
server

Click 10view •haied < W‫ ♦־‬Mailt
t* K
server

Dcvicc password must contort
numbers.

Calary Ncnic

Hsidworc ID

Successfully sy n ce J with
server.
✓

Phone Num
b?'
Ocvicc OS;

Android 4 0.4

server.

Bu»ld Num
ber

IM /bH
M

server.

Iasi Sync:
kUCAdd’ess

Click to change password
Lock timeout must not be greaier than
15 minutes.
Click to change timeout

IVvict• Model
0«vtce IO

Click to choogc password
Device password must have at least 8
characters

Domain administrators can v
details about your device

✓

T Mobk

3 08-fl0J4feC9
Kernel version
Basftv.no Version IS?SOXXI A?
2012rtWQ316:IS
a:

Account registered.

Domain administrators w il be able to
remotely wipe the device

Jnregister

FIGURE 16.26: Google Apps Device Policy

Module 16 Page 2452




‫נ‬

R em ote W ipe Service: R em ote W ipe

CEH

(•rtifwd

J

itkitjl

If users h ave G o o g le Syn c installed on a su p p orted m o b ile d ev ice o r an A n d ro id d evice
w ith th e G o o g le A p p s D evice P o licy ap p , th e y can use th e G o o g le A p p s control p anel
to re m o te ly w ip e th e device

To remote wipe
a lost or stolen device:

Mobile settings
O nSM »»

ActMton

Sign in to your Google Apps control
panel.
Click Settings ‫ >־־‬M o b ile.
In the Devices tab, hover your cursor
over the user w hose device you w ant to
wipe.
Click Rem ote W ip e in the box that
appears.
A second box appears asking you to
confirm that you w ant to remotely wipe
the device. Ify o u a r e s u r e y o u r w a n tt o
w ipe the device, click W ip e D evice.
http://support.google.com

Remote Wipe Service: Remote Wipe
'

Source: http://support.google.com

Remote Wipe Service is a feature service that allows you to reset or erase the information in
the lost or stolen device. To use this service the device should install Google Sync or Device
Policy. This can also delete all the information in the device such as mail, calendar, and
contacts, etc. and cannot delete data stored on the device's SD card. When this service
completes its task, it prompts the user with a message as acknowledgement to the delete
function.
To remote wipe a lost or stolen device:
1. Sign in to your Google Apps control panel.
2. Click Settings ‫ >־‬Mobile.
3. On the Devices tab, hover your cursor over the user whose device you want to wipe.
4. Click Remote Wipe in the box that appears.
5. A second box appears asking you to confirm that you want to remotely wipe the device.
If you are sure you want to wipe the device, click Wipe Device.

Module 16 Page 2453




Mobile settings
P fB » « « |n a »

D e v ic e .

Se arch
□

A a tV rtO T

A ! vxr.r,

B 'o c k

R e m o t)

E a p crtA i

‫׳‬

[ D e v ic e ID

OS

vrrm—

)u tr e iir tm ft n n ^ a a liM c o t n

□

M t f .X U P m

□

A p p L JS S M Q

E rro u ?
m Zn

• o w u n # u * *•os to* tc o «1

□

A d o !..0 K 3 3 N R

Bustos Dormxa

t» sU » <

■ Prun e 3 G »

10

a w c q < a a o * ttM c o fl

1

* n a o s lt M c o m
6 ‫« ט טו ג. -׳ פ פ‬

kLWSSi

□

3 6 c S 8 7 8 *c 0

□

A 00LB9KA4I

La m n e M 0 H !

‫ם‬

A b 07. . ‫׳‬B W M P

H « T L B a c f» l1 «

‫ם‬

A dcK 7 T T A 4 T

D o c to r B r o d e

‫ם‬

App! 0 U 0 A 4 T

H i ifa a rt O u M n

□

Am U E X M I

l- . k l r o R . f o d I

c

A do! JC S A 4 T

Ju c q u K R e tm i

‫ם‬

A « IP * 1 A 4 *

V ic l a

‫ם‬

Acd

‫ם‬

App! S G X A 4 T

EYD 3N S

N *m o

G o o g le S y n e
C o o g le S y n c

11/4/11

A p p ro ve d

iO S S

G o o g le S y n c

11/4/11

A p p ro ve d

G o o g le S y n c

11/4/11

A p proved

Phone 7
■OS 4 2

G o o g le S y n c

11/2/11

Ap oro vod

M ann S

A n droid 2 3 6

Android

1 0F2*11

A p o ro ve d

G o o g le S y n c

10/26/11

A p erovo d

IS

G o o g le S y n c

10/28/11

A p proved

IS

G o o g le S y n c

10/20/11

A p proved

IS

G o o g le S y n c

10/20/11

A p p ro ve d

IS

G o o g le S y n c

10/20/11

A p proved

IS

G o o g le S y n c

10/15/11

A p provod

‫ר‬
1 A. IS

G o o g le S y n c

10/18/11

A p provod

S u w * iM 1 r« l1
■ i n — ■ a n a l— n a ta r

0 0 v < « ID

30c6d5d

H d t « n lO

86743096675309

F T»t S y n c

4/1(111 9 2 6 P M

Last Syn c
[

1 (^ 2 *1 1 2 08 P M

B lo c k

Ap v d
p ro e

S 5

O S 4 0

N exus S
a

M

‫ר‬

IS

1 1 1

■

S ta tu s

‫* ז ־‬r
‫ר‬am

■ Prun e 3 G

* w e m lra K l» * a e o a V * l< o m

3

Laat S y n c .

‫—חזזדר‬

7

a v e tto m * e a o tlr a lc o a i

S n a ro ?

iO

,P r o n e 4

On m ouseover hovercards
‫ם‬

■Phone 3 G »

Typ e

‫־5 ־ 5 ס ד ־‬

V ia • D e la t e

R e m o te W ip e

M cw i

1

Tom C a stro

to a K a t U o - - a a o » t r e lc o n

■ Plu n e 3 G e

■OS 4 3

G o o g le S y n c

10/14/11

A p p ro ve d

G e r v a s lo M o n to n o p ro

e e c v m to m o n • 4 K « t1 M c o m

1

Pro n e 4

i O S 4 .3

G o o g le S y n c

10/13/11

A p p ro ve d

C

3cSO

Ie 7 a0 §

E r ik L O f U lM

e t k l o m o t > a la a t f * t c o m

O q t«d M T

A ndn»d235

Android

1013/11

‫ם‬

Ad o

W Q 8A4T

B < w tr f V it n r b o

b e a tn n a w b o • a a n tra tc o m

■ Prun e 4

!o s 4 ‫נ‬

G o o g le S y n c

10/8/11

Bocaod

P lo f r o M o n o i d

p te r ie m e m r d ia lo t t ia lc o e i

UqwdM T

A n droid 2 3 5

Android

1<y7/11

A p proved

S ila s H a s la m

s to s lm h m ia a o a t ia t c o n i

iP a d 2

■OS 4 3

G o o g le S y n c

1a6/11‫׳‬

□

3336

604a6d

A 0 P 1 ..Z P D F H W

1

‫׳‬

‫ן‬

FIGURE 16.27: Remote Wipe Service

Module 16 Page 2454




Android Security Tool:
DroidSheep Guard
DroidSheep Guard monitors

CE
H

. ^ 1 ‫< ! • ג י ״ יי י‬
* ® * 27.12.2011 20005

your phones ARP-Table and
pop-up alerts in case it
detects suspicious entries in

m

-

‫וז מ ח ה‬

the phones ARP-Table
It can immediately disable
WiFi connection to protect

Checks per M
inute: 6
0

your accounts
DroidSheep Guard works
with all ARP-Based attacks,
like DroidSheep and Faceniff

V ' Auloslart/ stop depending WiFi

S O M E O N E S E E M S TO B E HIJACKING USING
A R P S P O O F IN G ON THIS NETWORK'

V / Disable W iFi on alert
Open DroidSheep Guard
Notify m system

. /

mnrfe (MIGHT cause false alerts)
ruutious mode 1 lun
‫״‬
W iF i w as

H k•!Y ud
iiK o

1-‫י‬MC
, A

h ttp ://d ‫־׳‬o ‫׳‬d s h e e p '

Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.

A n d r o i d S e c u r i t y T o o l: D r o i d S h e e p G u a r d
Source: http://droidsheep.de
DroidSheep Guard monitors your phone's ARP-Table and it warns you by pop-up alerts in case
it detects malicious entries. It can instantly disable a Wi-Fi connection to protect your accounts.
This can guard against all ARP-based attacks, such as DroidSheep and Faceniff, man-in-middle
attacks, handmade attacks, etc. You can use Facebook, eBay, Twitter, and Linkedin accounts on
public Wi-Fis securely.

Module 16 Page 2455




*SS

T

< 2: 0
30
0

Status: Running
<last check 27 12 2011 20:00 51>

4^^ L ^KTrr
‫־‬
111 mil
Checks per Minute: 60
V '' Autostart/ stop depending WiFi

SOMEONE SEEM S TO BE HIJACKING USING
ARPSPOOFING ON THIS NETWORK!

/ Disable WiFi on alert

f

Notify in system

V / Cautious mode (MIGHT cause false alerts)
Start
protection

Stop
protection

S a / e and
hide

If* 10 167.21S718 MAC Q?s0f3a>0000
IIP 19 1 # 11 MAC t04t7l to(M1l
2 6

FIGURE 16.28: DroidSheep Guard Screenshot

Module 16 Page 2456




Android Vulnerability
Scanner: X-Ray

CE
H

X-Ray scans yo ur Android device to determ ine
I

w h eth er there are vulnerabilities that rem ain

^
|

r

_

♦1 ‫י‬

unpatched by yo urcarrier

X I ‫׳ ״‬

‫•<»׳‬

Wunderbar

It presents you with a list of vulnerabilities
1

that it is able to identify and allows you to
check for the presence of each vulnerability

Mcmpodroid
Y u (kWtell nXmMlr 1
o!
C

A

jO

ASHMEM
Uilfr.*,‫ ! ״‬Jjl, ?.'.>. :02
1

on yo ur device

ZcrgRuch
U1l«.KWrl Jjl, 71^ JtW
Gingerbr^nk
t M rrvV J m W
l y/M V

X-Ray is autom atically updated w ith the
ability to scan for new vulnerabilitiesas
they are discovered and disclosed

V‫׳‬

l?

7im *1li4:h
|M

©

♦
‫כד־‬

L

V‫׳‬
O

‫י ם‬

____________________

http://w w w .xray.io


A ndroid V u ln erab ility S canner: X-Ray
Source: http://www.xray.io
X-Ray scans your Android device to determine if there are vulnerabilities that remain
unpatched by your carrier. It presents you with a list of vulnerabilities that it is able to identify
and allows you to check for the occurrence of vulnerabilities on your device. This is
automatically updated with the ability to scan for new vulnerabilities as they are discovered
and disclosed. X-Ray has detailed information about a class of vulnerabilities known as
"privilege escalation" vulnerabilities. Such vulnerabilities can be exploited by a malicious
application to gain root privileges on a device and perform actions that would normally be
restricted by the Android operating system.

FIGURE 16.29: X-Ray Screenshot
Module 16 Page 2457




Android Penetration Testing Tool:
Android Network Toolkit - Anti

CEH

On each run, Anti will map yo ur netw o rk, scan for active devices

A ‫« ״‬i

and vu lnerabilities, and will display the inform ation accordingly:
Green led signals an A ctive device, Yellow led signals
Available ports, and Red led signals Vulnerability found

J

Each device will have an icon representing
the type of the device

J

W h en finished scanning, Anti will produce
an autom atic report specifying which
vulnerabilities you have or bad practices
used, and how to fix each one of them

http://www.zantiapp.com

A n d r o i d P e n e t r a t i o n T e s t i n g T o o l: A n d r o i d N e t w o r k
T o o lk it ‫ ־‬A n ti
Source: http://www.zantiapp.com
Android Network Toolkit ‫ ־‬Anti is an Android penetration testing tool. It is a network scanner
that allows you to scan for active devices and vulnerabilities and shows the evidence
accordingly: Green signals an "Active device," yellow signals "available ports," and red signals
"Vulnerability found.. Each device has an icon representing the type of device. When finished
scanning, it produces an automatic report specifying which vulnerabilities you have or bad
practices are used, and how to fix each one of them.

Module 16 Page 2458




‫ יי‬t 9 t *
IDHQ.3

v 1 4 • IN
▼ 4 ■»« « | f M
X
L ca Tifjrti
o l

1 0 JV 4
00 2

ft■
Sa
cr

‫׳‬W

•M
M
■ •iMI U M
M
« « M l•
R

I

M M 1■^
J.T

1 ; 10001
w ; ip
10 J
0.0
100
0 2

•
•
•

CnM
en i

9 ‫91 ־‬
100
0 6
«» : mW
V 1«
!‫׳‬
A 0

•
•
•
•
•
•

10 s
0 .0
A k
ltx

^

•
•
•

FIGURE 16.30: Android Network Toolkit ‫ ־‬Anti

Module 16 Page 2459




Android D evice Tracking Tools

CEH

(•rtifwd

ithiul •UtkM

^f|ID 1
75 w
Security Settings

p r e y

Find My Phone

Prey Anti-Theft

Android Anti Theft Security

Wheres My Droid

http://findmyphone. mangobird. com

http://preyproject.com

http://www.5nuko.com

http://wheresmydroid. com

Total Equipment

Pr tection
app

□ Btctup my ptauw fromQniMvKi

o
iHound

GadgetTrak Mobile Security

Total Equipment Protection App

AndroidLost.com

https://www.ihoundsoftware. com

http://www. gadgettrak. com

https://protection.sprint, com

http ://www. androidlost, com


A n d ro id D e v ic e T r a c k i n g T o o ls
Android device tracking tools help you to track and find the locations of an Android
device in case it is lost, stolen, or misplaced cases. A few Android device tracking tools are
listed as follows:
F in d M y P h o n e
Source: http://findmyphone.mangobird.com
Find My Phone is an Android phone app that helps you find your lost, stolen, or misplaced
phone. When you lose your phone, just send it a text msg (SMS) and the phone will reply with
its current location. You can also make your phone ring loudly if you lose it somewhere close,
like inside your home.

Module 16 Page 2460




FIGURE 16.31: Find My Phone Screenshot

P r e y A n ti- T h e f t
Source: http://preyproject.com
Prey lets you keep track of your laptop, phone, or tablet if it is stolen or missing. It supports
geolocation. It's lightweight, open source software that gives you full and remote control, 24/7.

FIGURE 16.32: Prey Anti-Theft Screenshot

A n d r o id A n ti- T h e f t S e c u r it y
—

Source: http://www.snuko.com

The Android anti-theft security tool Snuko is anti-theft software that allows you to use it on
multiple platforms protecting thousands of PCs, mobile phones, laptops, etc. It offers a
complete online back-up solution; as part of the anti-theft package Snuko subscribers' files can
be stored safely and securely in the cloud. This can generate important tracking information
and security for your data by using its Mobile Dashboard. If the mobile device is lost, then the
device is locked to prevent any unauthorized access. If the device's SIM card is replaced without

Module 16 Page 2461




your knowledge, the new SIM card number, phone number, and the IMEI/IMSI numbers will be
recorded. The phone cannot be used until the correct PIN code is entered.
•0 ■ a

1•
M.

on

b|fSf»*r>

ANDROID ANTI-THEFT
OtvK• location
y

.

m
I
y

•

-_‫• ־‬
'*

V

* #
‫•*-־‬

Accu• ytoiM € r«c««no
c
hn 0
f
to o Ckt1ruf»«orrMrwTVtnjp ,
cjd n

FIGURE 16.33: Android Anti-Theft Security Screenshot

W h e r e s M y D r o id
Source: http://wheresmydroid.com
Where's My Droid is an Android device tracking tool that allows you to track your phone from
anywhere, either with a text messaged attention word or with an online Commander. The app
can also get the GPS coordinates with a link to Google Maps; if you're not near enough to your
phone to hear the ringer, it can turn the ringer volume up and make your phone ring. One of
the features is Activity Log, which enables you to see what the app does, when it does it, and
who is using it.
%!■)< ‫י‬•> ™•

FIGURE 16.34: Wheres My Droid Screenshot

iH o u n d
-----

Source: https://www.ihoundsoftware.com

Module 16 Page 2462




iHound is an Android device tracking tool that allows you to track your mobile using its GPS and
WiFi, 3G, or Edge signals built into your devices to determine its location. Using its tracking
website, you can track the location of your device, remotely lock your phone, and remotely
erase important personal information such as: SMS messages, contacts, phone call logs, photos,
videos, and/or SD storage data. You can also set Geofencing location alerts by its intuitive
mobile website optimized for iPhone, iPod Touch, and Android phones. You can track multiple
devices on multiple platforms and set up Geofences.

FIGURE 16.35: iHound Screenshot

G a d g e t T r a k M o b ile S e c u r it y
Source: http://www.gadgettrak.com
GadgetTrak Mobile Security tool helps you to moderate the risk of mobile device loss or theft.
It allows you to track its location, back up data, and even wipes the data in the device remotely.
With the combination of GPS, Wi-Fi positioning, and cell tower triangulation, you can easily
track the location of your device. If your device is lost or stolen, you can remotely enable a
piercing alarm, even if it's in silent mode. Once tracking is activated, the software settings
cannot be modified unless deactivated.
' B f f f l U l 224 PM

I wane to be ab e to wipe my pictures
if this Susan s Nexjs One gets stolen

I

I Backup n y pictures from ths device

o
F IG U R E 16.36: GadgetTrak M o b ile Secu rity

Module 16 Page 2463


Ce hv8 module 16 hacking mobile platforms

Ce hv8 module 16 hacking mobile platforms

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to Ce hv8 module 16 hacking mobile platforms

Similar to Ce hv8 module 16 hacking mobile platforms (20)

Recently uploaded

Recently uploaded (20)

Ce hv8 module 16 hacking mobile platforms