Android Hacking + Pentesting

5,519 views
5,332 views

Published on

Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)

Published in: Education
0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,519
On SlideShare
0
From Embeds
0
Number of Embeds
1,585
Actions
Shares
0
Downloads
333
Comments
0
Likes
9
Embeds 0
No embeds

No notes for slide
  • Use Strong password (Swipe is very weak password is top most difficult)
  • So what do you think now ?
  • Process power for DDOS attack and having Zombies
  • Android Hacking + Pentesting

    1. 1. Android Hacking + Pentest EC Council Malaysia Instructure: Sina Manavi 27 March 2014
    2. 2. About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
    3. 3. Agenda: • Android OS • Android Security Architectures • Malwares • Attacking Android Platform • Hacking with Android
    4. 4. What is Android ? • Everywhere(TV, Phones, tablets) • Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over 4,000,000 apps (Google Market)
    5. 5. Android History Version
    6. 6. Android OS
    7. 7. Android Security • Linux based • Open source • Wide available for everyone • Everyone can develop apps and malwares 
    8. 8. How to have a safe Device • Install apps from authorized market (Google Play) • Read the review before downloading • Read Permission warning before installing the apps. • Phishing/SMS? • Lock Screen to avoid unauthorized access
    9. 9. How to have a safe Device cont. • Using Antivirus • Encrypt your device and data • While using public hotspots such as Starbucks, use VPN to encrypt your network connection • Enable Remote Wipe feature
    10. 10. Security layers of Android OS
    11. 11. Android App Installation
    12. 12. Android Permission • ACESS_COARSE_LOCATION • ACESS_FINE_LOCATION • BRICK • CALL_PHONE • INTERNET • GET ACCOUNTS • PROCESS_OUTGOING_CALLS
    13. 13. Android Permission • READ_OWNER_DATA • READ_SMS • RECEIVE_SMS • SEND_SMS • USER_CREDNTIALS • WRITE_OWNER_DATA • REORD_AUDIO
    14. 14. Android Vulnerability or User?
    15. 15. Malware • Anything that breaks the security model (without the users consent) • Deceptive/hide true intent • bad for user / good for attacker e.g. surveillance, collecting passwords, etc. • Applications that are detrimental to the user running the device.
    16. 16. Malware Harms a user • Financial • Privacy • Personal information – location (surveillance) , • Stealing resources – cracking, botnets – processing power Breaks Network policy
    17. 17. Malware Example • GEO Location ? • IP Address / 3G/4G or on WiFi network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc. • SMS Receiving, Sending, Fobricating.
    18. 18. Malware Sample Code (Java)
    19. 19. Popular Malware • Zeus • DroidDream • Geinmi- Android malware with botnet-like capabilities • Trojan-SMS for Android FakePlayer • iCalendar acbcad45094de7e877b65db1c28ada 2 • SMS_Replicator_Secret.apk
    20. 20. Demo Hacking Android Phone: – Information stealing – Remote Access – Social Engineering – Malware attack Hacking with Andorid : – Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing….etc) – Installing kali linux on android to perform attack

    ×