Android Hacking + Pentesting
Upcoming SlideShare
Loading in...5
×
 

Android Hacking + Pentesting

on

  • 1,592 views

Basic Android OS security mechanism, ...

Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)

Statistics

Views

Total Views
1,592
Views on SlideShare
661
Embed Views
931

Actions

Likes
3
Downloads
54
Comments
0

8 Embeds 931

http://sinamanavi.wordpress.com 898
http://www.slideee.com 20
http://plus.url.google.com 5
https://sinamanavi.wordpress.com 4
http://feedly.com 1
http://webcache.googleusercontent.com 1
http://translate.googleusercontent.com 1
http://www.google.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Use Strong password (Swipe is very weak password is top most difficult)
  • So what do you think now ?
  • Process power for DDOS attack and having Zombies

Android Hacking + Pentesting Android Hacking + Pentesting Presentation Transcript

  • Android Hacking + Pentest EC Council Malaysia Instructure: Sina Manavi 27 March 2014
  • About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
  • Agenda: • Android OS • Android Security Architectures • Malwares • Attacking Android Platform • Hacking with Android View slide
  • What is Android ? • Everywhere(TV, Phones, tablets) • Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over 4,000,000 apps (Google Market) View slide
  • Android History Version
  • Android OS
  • Android Security • Linux based • Open source • Wide available for everyone • Everyone can develop apps and malwares 
  • How to have a safe Device • Install apps from authorized market (Google Play) • Read the review before downloading • Read Permission warning before installing the apps. • Phishing/SMS? • Lock Screen to avoid unauthorized access
  • How to have a safe Device cont. • Using Antivirus • Encrypt your device and data • While using public hotspots such as Starbucks, use VPN to encrypt your network connection • Enable Remote Wipe feature
  • Security layers of Android OS
  • Android App Installation
  • Android Permission • ACESS_COARSE_LOCATION • ACESS_FINE_LOCATION • BRICK • CALL_PHONE • INTERNET • GET ACCOUNTS • PROCESS_OUTGOING_CALLS
  • Android Permission • READ_OWNER_DATA • READ_SMS • RECEIVE_SMS • SEND_SMS • USER_CREDNTIALS • WRITE_OWNER_DATA • REORD_AUDIO
  • Android Vulnerability or User?
  • Malware • Anything that breaks the security model (without the users consent) • Deceptive/hide true intent • bad for user / good for attacker e.g. surveillance, collecting passwords, etc. • Applications that are detrimental to the user running the device.
  • Malware Harms a user • Financial • Privacy • Personal information – location (surveillance) , • Stealing resources – cracking, botnets – processing power Breaks Network policy
  • Malware Example • GEO Location ? • IP Address / 3G/4G or on WiFi network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc. • SMS Receiving, Sending, Fobricating.
  • Malware Sample Code (Java)
  • Popular Malware • Zeus • DroidDream • Geinmi- Android malware with botnet-like capabilities • Trojan-SMS for Android FakePlayer • iCalendar acbcad45094de7e877b65db1c28ada 2 • SMS_Replicator_Secret.apk
  • Demo Hacking Android Phone: – Information stealing – Remote Access – Social Engineering – Malware attack Hacking with Andorid : – Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing….etc) – Installing kali linux on android to perform attack