Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Android hacking techniques
Marius Barat
Alexandru Citea
Bitdefender Anti-Malware Laboratories, Romˆnia
a

Nov 30th, 2013

...
Agenda
1

Motivation
Global devices evolution
Operating systems market share

2

Repackaging an APK
What is a repackage?
W...
1. Motivation

Marius Barat Alexandru Citea

1.1. Global devices evolution

Android hacking techniques

Nov 30th, 2013

3 ...
1. Motivation

1.2. Operating systems market share

International Data Corporation (IDC) - Smartphones OS statistics

Mari...
2. Repackaging an APK

2.1. What is a repackage?

Decompile or Disassemble the APK
Modify the smali/java code
Add new func...
2. Repackaging an APK

2.2. White hat

Cheetah Theme for Facebook

Marius Barat Alexandru Citea

Android hacking technique...
2. Repackaging an APK

2.2. White hat

Green W Socialize for Facebook

Marius Barat Alexandru Citea

Android hacking techn...
2. Repackaging an APK

2.3. Grey hat

Add a new Advertising SDK
Change the Advertiser ID from the original app
Most used a...
2. Repackaging an APK

2.4. Black hat

More than 1 percent of some 420,646 apps are stolen from other
developers and re-en...
2. Repackaging an APK

2.4. Black hat

The original application developer loses a lot of money and client
The repackaged a...
2. Repackaging an APK

2.4. Black hat

Having enough permissions, even if the device is not rooted, sensitive
data can be ...
2. Repackaging an APK

2.5. Android repackaging. The on-device way

Modify on-the-system apks to inject a payload
Repack a...
3. Applovin/Vulna vulnerability

Applovin/Vulna vulnerability

Advertising framework
Vulnerable versions: 2.0.74 through 5...
4. Questions & Answers

Marius Barat Alexandru Citea

Android hacking techniques

Nov 30th, 2013

14 / 14
Upcoming SlideShare
Loading in …5
×

DefCamp 2013 - Android hacking techniques

1,908 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

DefCamp 2013 - Android hacking techniques

  1. 1. Android hacking techniques Marius Barat Alexandru Citea Bitdefender Anti-Malware Laboratories, Romˆnia a Nov 30th, 2013 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 1 / 14
  2. 2. Agenda 1 Motivation Global devices evolution Operating systems market share 2 Repackaging an APK What is a repackage? White hat Grey hat Black hat Android repackaging. The on-device way 3 Applovin/Vulna vulnerability 4 Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 2 / 14
  3. 3. 1. Motivation Marius Barat Alexandru Citea 1.1. Global devices evolution Android hacking techniques Nov 30th, 2013 3 / 14
  4. 4. 1. Motivation 1.2. Operating systems market share International Data Corporation (IDC) - Smartphones OS statistics Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 4 / 14
  5. 5. 2. Repackaging an APK 2.1. What is a repackage? Decompile or Disassemble the APK Modify the smali/java code Add new functionalities and new resources Adjust permissions Repack and Resign the APK Tools: ApkTool, APK OneClick Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 5 / 14
  6. 6. 2. Repackaging an APK 2.2. White hat Cheetah Theme for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 6 / 14
  7. 7. 2. Repackaging an APK 2.2. White hat Green W Socialize for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 7 / 14
  8. 8. 2. Repackaging an APK 2.3. Grey hat Add a new Advertising SDK Change the Advertiser ID from the original app Most used adware SDKs: Airpush Apperhand InMobi Leadbolt Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 8 / 14
  9. 9. 2. Repackaging an APK 2.4. Black hat More than 1 percent of some 420,646 apps are stolen from other developers and re-engineered for illicit gains Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 9 / 14
  10. 10. 2. Repackaging an APK 2.4. Black hat The original application developer loses a lot of money and client The repackaged app is often distributed as a free app: contains Advertising SDKs contains code for stealing sensitive data from the device Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 10 / 14
  11. 11. 2. Repackaging an APK 2.4. Black hat Having enough permissions, even if the device is not rooted, sensitive data can be stolen: Mail accounts, passwords and mails are located in: Data/data/com.android.email/databases/EmailProvider.db Facebook messages, contacts, photos urls are located in: Data/data/com.facebook.katana/databases in databases: contacts db2, threads db2 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 11 / 14
  12. 12. 2. Repackaging an APK 2.5. Android repackaging. The on-device way Modify on-the-system apks to inject a payload Repack and resign, replace the original apk Possibly clean your own app of the payload (repackage yourself after injection without the malicious code) The payload could represent anything. you can easily modify permissions to give yourself more access Do that without actually implementing the unpacker and root access exploit yourself Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 12 / 14
  13. 13. 3. Applovin/Vulna vulnerability Applovin/Vulna vulnerability Advertising framework Vulnerable versions: 2.0.74 through 5.0.3 The update process has no authentication mechanism Update performed via HTTP protocol The APK that the app uses for update can be replaced with a custom one Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 13 / 14
  14. 14. 4. Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 14 / 14

×