DefCamp 2013 - Android hacking techniques

DefCamp 2013 - Android hacking techniques
Android hacking techniques Marius Barat Alexandru Citea Bitdefender Anti-Malware Laboratories, Romˆnia a Nov 30th, 2013 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 1 / 14
Agenda 1 Motivation Global devices evolution Operating systems market share 2 Repackaging an APK What is a repackage? White hat Grey hat Black hat Android repackaging. The on-device way 3 Applovin/Vulna vulnerability 4 Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 2 / 14
1. Motivation Marius Barat Alexandru Citea 1.1. Global devices evolution Android hacking techniques Nov 30th, 2013 3 / 14
1. Motivation 1.2. Operating systems market share International Data Corporation (IDC) - Smartphones OS statistics Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 4 / 14
2. Repackaging an APK 2.1. What is a repackage? Decompile or Disassemble the APK Modify the smali/java code Add new functionalities and new resources Adjust permissions Repack and Resign the APK Tools: ApkTool, APK OneClick Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 5 / 14
2. Repackaging an APK 2.2. White hat Cheetah Theme for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 6 / 14
2. Repackaging an APK 2.2. White hat Green W Socialize for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 7 / 14
2. Repackaging an APK 2.3. Grey hat Add a new Advertising SDK Change the Advertiser ID from the original app Most used adware SDKs: Airpush Apperhand InMobi Leadbolt Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 8 / 14
2. Repackaging an APK 2.4. Black hat More than 1 percent of some 420,646 apps are stolen from other developers and re-engineered for illicit gains Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 9 / 14
2. Repackaging an APK 2.4. Black hat The original application developer loses a lot of money and client The repackaged app is often distributed as a free app: contains Advertising SDKs contains code for stealing sensitive data from the device Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 10 / 14
2. Repackaging an APK 2.4. Black hat Having enough permissions, even if the device is not rooted, sensitive data can be stolen: Mail accounts, passwords and mails are located in: Data/data/com.android.email/databases/EmailProvider.db Facebook messages, contacts, photos urls are located in: Data/data/com.facebook.katana/databases in databases: contacts db2, threads db2 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 11 / 14
2. Repackaging an APK 2.5. Android repackaging. The on-device way Modify on-the-system apks to inject a payload Repack and resign, replace the original apk Possibly clean your own app of the payload (repackage yourself after injection without the malicious code) The payload could represent anything. you can easily modify permissions to give yourself more access Do that without actually implementing the unpacker and root access exploit yourself Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 12 / 14
3. Applovin/Vulna vulnerability Applovin/Vulna vulnerability Advertising framework Vulnerable versions: 2.0.74 through 5.0.3 The update process has no authentication mechanism Update performed via HTTP protocol The APK that the app uses for update can be replaced with a custom one Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 13 / 14
4. Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 14 / 14

Check these out next

DefCamp 2013 - Android hacking techniques

Recommended

More Related Content

Similar to DefCamp 2013 - Android hacking techniques(20)

More from DefCamp(20)

Recently uploaded(20)

DefCamp 2013 - Android hacking techniques