More Related Content Similar to Ce hv8 module 16 hacking mobile platforms (20) Ce hv8 module 16 hacking mobile platforms1. H a c k in g
M
o b ile
P la t f o r m
s
M o d u le 16
2. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
H ack in g M o b ile P latform s
M o d u le 16
Engineered by Hackers. Presented by Professionals.
CEH
Q
E t h ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8
M o d u le 16: H a c k in g M o b ile P la t f o r m s
E x a m 312-50
Module 16 Page 2393
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
3. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Security N ew s
CEH
M obile M a lw a re C a s e s N e a rly Triple
in F irst H alf of 2012, S a y s N etQ in
July 31,2012 09:40 A M ET
In Ju ne, 3.7 m illion phones w o rld w id e becam e infected w ith
m alw are, Beijing researcher finds.
M obile m alware is rising fast, infecting nearly 13 million phones in the
world during the year first half of 2012, up 177% from the same
period a year ago, according to Beijing-based security vendor NetQin.
I n a report detailing the world's mobile security, the com pany
detected a m ajor spike in m alw arecases in June, with about 3.7
m illion phones becoming infected, a historic high. This came as the
security vendor found 5,582 malware programs designed for Android
during the month, another unprecedented num ber for the period.
During this year's first half, NetQin found that most of the detected
m alw are, at 78%, targeted sm artphones running Android, with much
of the remainder designed for handsets running Nokia's Symbian OS.
This is a reversal from the same period a year ago, when 6 0 % of the
detected mobile m alw are w as designed for Symbian phones.
http://www.com
puterworld.com
Copyrigh t © b y
E&Cauaci. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Security News
■ m m
at
M o b ile M a lw a r e C a s e s N e a r ly T r ip le in F ir s t H a lf o f
2012, S a y s N e t Q in
Source: http://www.cornputerworld.com
In June, 3.7 million phones worldwide became infected with malware, Beijing researcher finds.
Mobile malware is rising fast, infecting nearly 13 million phones in the world during the year
first half of 2012, up 177% from the same period a year ago, according to Beijing-based security
vendor NetQin.
In a report detailing the world's mobile security, the company detected a major spike in
malware cases in June, with about 3.7 million phones becoming infected, a historic high. This
came as the security vendor found 5,582 malware programs designed for Android during the
month, another unprecedented number for the period.
During this year's first half, NetQin found that most of the detected malware, at 78%, targeted
smartphones running Android, with much of the remainder designed for handsets running
Nokia's Symbian OS. This is a reversal from the same period a year ago, when 60% of the
detected mobile malware was designed for Symbian phones.
Module 16 Page 2394
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
4. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
In total, NetQin detected 17,676 mobile malware programs during 2012's first half, up 42%
from the previous six months in 2011.
About a quarter of the detected malware came from China, which led among the world's
countries, while 17% came from Russia, and 16.5% from the U.S.
In China, malware is mainly spread through forums, ROM updates, and third-party app stores,
according to NetQin. So-called "remote control" Trojan malware that sends spam ads infected
almost 4.7 million phones in China.
NetQin also detected almost 3.9 million phones in China being infected with money-stealing
malware that sends out text messages to trigger fee-based mobile services. The high number of
infections would likely translate into the malware's creators netting $616,533 each day.
The surge in mobile malware has occurred at the same time that China has become the world's
largest smartphone market by shipments. Android smartphone sales lead with a 68% market
share, according to research firm Canalys.
The country's Guangdong and Jiangsu provinces, along with Beijing, were ranked as the three
highest areas in China for mobile malware.
Copyright © 1994 -2012 Computerworld Inc
By Michael Kan
http://www.c0mputerw0rld.c0m/s/article/92298Q2/M0bile m alware cases nearly triple in first
half of 2012 says NetQin
Module 16 Page 2395
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
5. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
M od u le O b jectiv es
r-j
j
—
Mobile Attack Vectors
CEH
J
Mobile Platform Vulnerabilities and
Risks
Guidelines for Securing Windows OS
Devices
J
Blackberry Attack Vectors
j
Android OS Architecture
J
Guidelines for Securing BlackBerry
j
Android Vulnerabilities
j
Android Trojans
J
j
Securing Android Devices
J
j
Jailbreaking iOS
j
Guidelines for Securing iOS Devices
J
Mobile Protection Tools
j
Windows Phone 8 Architecture
J
Mobile Pen Testing
Devices
Mobile Device Management (M DM )
General Guidelines for Mobile Platform
Security
U
[
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
M odule Objectives
The main objective of this module is to educate you about the potential threats of
mobile platforms and how to use the mobile devices securely. This module makes you
familiarize with:
9
Mobile Attack Vectors
9
9
Mobile Platform
and Risks
9
9
Android OS Architecture
9
Blackberry Attack Vectors
9
Android Vulnerabilities
9
Guidelines for Securing BlackBerry Devices
9
Android Trojans
9
Mobile Device Management (MDM)
9
Securing Android Devices
9
9
Jailbreaking iOS
9
Guidelines
Devices
Module 16 Page 2396
for
Vulnerabilities
Securing
iOS
Windows Phone 8 Architecture
Guidelines
Devices
General
Security
for
Securing
Guidelines for
9
Mobile
OS
Platform
Mobile Protection Tools
9
Windows
Mobile Pen Testing
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
6. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Copyright © b y E C - C o u id . A ll Rights R e s e r v e d Rep rodu ction is S tric tly Prohibited.
Ml
M odule Flow
For better understanding, this module is divided into various sections and each section
deals with a different topic that is related to hacking mobile platforms. The first section deals
with mobile platform attack vectors.
Mobile Platform Attack Vectors
||
^
'
1׳
Hacking BlackBerry
Hacking Android iOS
Mobile Device Management
Hacking iOS
Mobile Security Guidelines and Tools
Hacking Windows Phone OS
^
Mobile Pen Testing
This section introduces you to the various mobile attack vectors and the associated
vulnerabilities and risks. This section also highlights the security issues arising from app stores.
Module 16 Page 2397
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
7. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Mobile Threat Report Q2 2012
•
Symbian
•
M obile Threat
by Type Q2 2012
Android
•
M obile Threat
Report Q2 2012
C EH
Pocket PC
(5 ) J2M E
21
01
21
01
21
01
21
01
21
02
21
02
T rojan
h t t p : / / www.f-secure.com
M onitoring R is k w a r e A p p lica tio n
Tool
A d w a re
http://www.hotforsecurity.com
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
M obile Threat Report Q2 2012
Source: http://www.f-secure.com
In the report, malware attacks on Android phones continue to dominate the other mobile
platforms. The most attacks were found in the third quarter of 2011. And in 2012, Q2 came in
at 40%.
Module 16 Page 2398
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
8. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
21
01
21
01
21
01
21
01
21
02
21
02
FIGURE 16.1: Mobile Threat Report Q2 2012
Note: The threat statistics used in the mobile threat report Q2 2012 are made up of families
and variants instead of unique files.
M obile Threat by Type Q 2 2012
Source: http://www.hotforsecuritv.com
Attacks on mobile phones were mostly due to the Trojans, which according to the Mobile
Threat by Type Q2 2012. is about 80%. From the graph or report it is clear the major threat
associated with mobile platforms is Trojan when compared to other threats such as monitoring
tools, riskware, application vulnerabilities, and adware.
M o b ile T h re a t
by T y p e Q2 2012
T r o ja n
M o n ito r in g
R is k w a r e
A p p lic a tio n
A d w a re
Tool
F IG U R E 16.2: M o b ile Threat by Type Q2 2012
Module 16 Page 2399
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
9. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
CEH
T erm in ology
S to c k ROM
It is the default ROM (operatingsystem ) of an Android device
supplied by the manufacturer
CyanogenM od
It is a modified device ROM w ith o u tth e restrictions imposed by
device’s original ROM
Bricking the Mobile Device
A lteringthe device OS using rooting or jailbreaking in a way that
causes the mobile device to become unusable or inoperable
Bring Your Own Device (BYOD)
Bring your own device (BYOD) is a business policy that allows
employees to bring their personal mobile devices to their work
place
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Term inology
The following is the basic terminology associated with mobile platform hacking:
© Stock ROM: It is the default ROM (operating system) of an android device supplied by
the manufacturer
© CyanogenMod: It is a modified device ROM without the restrictions imposed by device's
original ROM
© Bricking the Mobile Device: Altering the device OSes using rooting or jailbreaking in a
way that causes the mobile device to become unusable or inoperable
© Bring Your Own Device (BYOD): Bring your own device (BYOD) is a business policy that
allows employees to bring their personal mobile devices to their work place
Module 16 Page 2400
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
10. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
M ob ile Attack Vectors
,d ata s t r e a k
Extracted
Print screen
tand rootkit
and
and ematt
screen
scrap’® ״
*
USB^eV a n d '°ss
A P P lic a tio n
0 b ck p
f a u
o copvto
m °drficati0 n
0s n ° dificatic
׳
o
$
r/1
Wp ti0 v«ca n
V)napPr0
°
o
Copyright © by E & C tlia c fl. All Rights Reserved. Reproduction is Strictly Prohibited.
M obile A ttack V ectors
Similar to traditional computer systems, most modern mobile devices are also prone
to attacks. Mobile devices have many potential attack vectors using which the attacker tries to
gain unauthorized access to the mobile devices and the data stored in or transferred by the
device. These mobile attack vectors allow attackers to exploit the vulnerabilities present in
operating systems or applications used by the mobile device. The attacker can also exploit the
human factor. The various mobile attack vectors include:
Malware:
9
Virus and rootkit
9
Application modification
9
OS modification
Data Exfiltration:
9
Data leaves organization and email
9
Print screen and screen scraping
9
Copy to USB key and loss of backup
Module 16 Page 2401
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
11. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Data Tampering:
© Modification by another application
© Undetected tamper attempts
© Jail-broken device
Data Loss:
© Application vulnerabilities
© Unapproved physical access
© Loss of device
Module 16 Page 2402
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
12. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
M ob ile P latform V u ln erab ilities
and R isk s
M o b ile Application
App Stores
1
Privacy Issues (G eolocation)
M o b ile M a lw a re
2
7
Vulnerabilities
8
App Sandboxing
Data Security
Device and App Encryption
Excessive Perm issions
OS and App U pdates
Com m unication Security
י
9
3
1 0
4
5
]
V
c
6
]
Jailb re ak in g a n d Rooting
1
1 1
׳' —דז
ר
Physical Attacks
1 2
--------------- - ■ ...:-------J
..
M obile Platform Vulnerabilities and Risks
Mobile platform vulnerabilities and risks are the challenges faced by mobile users due
to the functionality and increasing use of mobile devices at work and in other daily activities.
The new functionalities amplify the attraction of the platforms used in mobile devices, which
provide an easy path for attackers to launch attacks and exploitation. Attackers use different
technologies such as Androids and other multiple instances to insert malicious applications
with hidden functionality that stealthily gather a user's sensitive information. The companies
that are into developing mobile applications are more concerned about security because
vulnerable applications can cause damage to both parties. Thus, levels of security and data
protection guarantees are mandatory. But the assistances and services provided by mobile
devices for secure usage are sometimes neutralized by fraud and security threats.
The following are some of the risks and vulnerabilities associated with mobile platforms:
0
App Stores
© Mobile Malware
0
App Sandboxing
0
Device and App Encryption
0
OS and App Updates
Module 16 Page 2403
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
13. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
e
Jailbreaking and Rooting
e
Mobile Application Vulnerabilities
e
Exam 312-50 Certified Ethical Hacker
Privacy Issues (Geolocation)
Q Data Security
e
Excessive Permissions
e
Communication Security
e
Physical Attacks
Module 16 Page 2404
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
14. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Security Issues Arising from
App Stores
CEH
J Insufficient or no vetting of apps leads to
malicious and fake apps entering app
marketplace
Attackers can also social engineer users
to download and run apps outside the
official app stores
J App stores are common target for attackers
to distribute malware and malicious apps
Malicious apps can damage other application
and data, and send your sensitive data to
attackers
App Store
■
11 n 11
• >d f ייi m
:.... <
JLp h i ® ’
A •
»*>
:
Third Party
■
App Store
M o b ile A pp
No Vetting
.... >
.....
Malicious app sends sensitive data to attacker
Call logs/photo/videos/sensitive docs
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
S ecurity Iss u e s A risin g from App Stores
--- An authenticated developer of a company creates mobile applications for mobile
users. In order to allow the mobile users to conveniently browse and install these mobile apps,
platform vendors have created centralized marketplaces, but security concerns have resulted.
Usually mobile applications that are developed by developers are submitted to these
marketplaces (official app stores and third-party app stores) without screening or vetting,
making them available to thousands of mobile users. If you are downloading the application
from an official app store, then you can trust the application as the hosting store has vetted it.
However, if you are downloading the application from a third-party app store, then there is a
possibility of downloading malware along with the application because third-party app stores
do not vet the apps. The attacker downloads a legitimate game and repackages it with malware
and uploads the mobile apps to a third-party application store from where the end users
download this malicious gaming application, believing it to be genuine. As a result, the malware
gathers and sends user credentials such as call logs/photo/videos/sensitive docs to the
attacker without the user's knowledge. Using the information gathered, the attacker can
exploit the device and launch many other attacks. Attackers can also socially engineer users to
download and run apps outside the official app stores. Malicious apps can damage other
applications and data, and send your sensitive data to attackers.
Module 16 Page 2405
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
15. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Call logs/photo/videos/sensitive docs
FIGURE 16.3: Security Issues Arising from App Stores
Module 16 Page 2406
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
16. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
T hreats of M obile M alw are
CIEH
T h re a ts of M obile M a lw are
In recent years, many system users are moving away from using personnel computers
toward smartphones and tablets. This increased adoption of mobile devices by users for
business and personal purposes and comparatively lesser security controls has shifted the
focus of attackers and malware writers for launching attacks on mobile devices. Attackers are
attacking mobile devices because more sensitive information is stored on them. SMS spoofing,
toll frauds, etc. are attacks performed by attackers on mobile devices. Mobile malware include
viruses, SMS-sending malware, mobile botnets, spyware, destructive Trojans, etc. The malware
is either application or functionality hidden within other application. For infecting mobile
devices, the malware writer or attacker develops a malicious application and publishes this
application to a major application store and waits until users install these malicious mobile
applications on their mobile devices. Once the user installs the application hosted by the
attacker, as a result, the attacker takes control over the user's mobile device. Due to mobile
malware threats, there may be loss and theft, data communication interruption, exploitation
and misconduct, and direct attacks.
According to the threats report, the security threats to mobile devices are increasing day by
day. In 2004, malware threats against mobile devices were fewer when compared to recent
years. The frequency of malware threats to mobile devices in the year 2012 drastically
increased.
Module 16 Page 2407
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
17. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
FIGURE 16.4: Threats of Mobile Malware
Module 16 Page 2408
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
18. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
App Sandboxing I s s u e s
CEH
Sandboxing helps protect systems and users by limiting the resources
the app can access in the mobile platform; however, malicious
applications may exploit vulnerabilities and bypass the sandbox
Copyright © by E & C a u a c i. All Rights Reserved. Reproduction is Strictly Prohibited.
App Sandboxing Issu e s
Sandboxing separates the running program with the help of a security mechanism. It
helps protect systems and users by limiting the resources the app can access in the mobile
platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox.
Sandboxing is clearly explained by comparing a computer and a smartphone. In normal
computers, a program can access any of the system resources such as entire RAM i.e. not
protected, hard drive information, and more can be read easily by anyone, unless and until it is
locked. So if any individual downloads malicious software believing it as genuine, then that
software can read the keystrokes that are typed in your system, scan the entire hard drive for
useful file types, and then send that data back through the network. The same occurs in mobile
devices; if an application is not given a working environment, it accesses all the user data and
all the system resources. If the user downloads a malicious application, then that application
can access all the data and resources and can gain complete control over the user's mobile
device.
Secure sandbox environment
In a secure sandbox environment, each individual application is given its own working
environments. As a result, the application is restricted to access the other user data and system
resources. This provides protection to mobile devices against malware threats.
Module 16 Page 2409
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
19. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Other
User Data
N o A ccess
s
A
N
Unrestricted
D
Access
B
*•
App
O
System
Resources
ו
User Data
rriwiiif System
X
Resources
FIGURE 16.5: Secure sandbox environment
Vulnerable Sandbox Environment
In vulnerable sandbox environment, the malicious application exploits loopholes or weaknesses
for bypassing the sandbox. As a result, the application can access other user data and system
resources that are restricted.
s
User Data
1“
A
n r
M
Unrestricted
Access
A ccess
System
Resources
User Data
Bypass
the
Sandbox
App
System
Resources
FIGURE 16.6: Vulnerable Sandbox Environment
Module 16 Page 2410
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
20. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
c EH
M odu .le Flow
Urtiftod
•
•
f^^
l :־
1 1 eH
.
IU k j I lUchM
•
-
Mobile Platform
Attack Vectors
Copyright © by E & C a i n d . All Rights Reserved. Reproduction is Strictly Prohibited.
M odule Flow
So far, we have discussed various potential attack vectors of mobile platforms. Now
we will discuss hacking the Android OS.
w
Mobile Platform Attack Vectors
* '< Hacking BlackBerry
1 f>
flBSi Hacking Android iOS
v
---/
Mobile Device Management
■^׳
Hacking iOS
Hacking Windows Phone OS
Module 16 Page 2411
^׳
־
Mobile Security Guidelines and Tools
Mobile Pen Testing
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
21. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
This section introduces you to the Android OS and its architecture, various vulnerabilities
associated with it, Android rooting and Android rooting tools, various Android Trojans, Android
security tools, Android penetration testing tools, and Android device tracking tools.
Module 16 Page 2412
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
22. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
CEH
Android OS
Android is a software environment developed by Google for mobile devices
that includes an operating system, middleware, and key applications
Features
A pplication fram ew ork enabling reuse and replacem ent of
com ponents
Dalvik virtual m achine optim ized for mobile devices
Integrated b row ser based on the open source W ebK it engine
SQ Lite for structured data storage
M e d ia support for common audio, video, and still image form ats (M P E G 4 , H.264,
M P3 , AAC, A M R , JP G , PNG, GIF)
Rich developm ent environment including a device emulator, tools for debugging,
memory and performance profiling, and a plugin for the Eclipse IDE
http://developer.android.com
Copyright © by E & C a u a c ! . All Rights Reserved. Reproduction is Strictly Prohibited.
A ndroid OS
Android is a software stack developed by Google specifically for mobile devices such
as smartphones and tablet computers. It is comprised of an operating system, middleware, and
key applications. Android's mobile operating system is based on the Linux kernel. The Android
application runs in a sandbox. The sandbox security mechanism is explained on a previous slide.
Antivirus software such as Lookout Mobile Security, AVG Technologies, and McAfee are
released by security firms for Android devices. However, the sandbox is also applicable to the
antivirus software. As a result, though this antivirus software has the ability to scan the
complete system, it is limited to scanning up to a certain environment.
The features of android operating system include:
© Application framework enabling reuse and replacement of components
0
Dalvik virtual machine optimized for mobile devices
© Integrated browser based on the open source WebKit engine
0
SQLite for structured data storage
0
Media support for common audio, video, and still image formats (MPEG4, H.264, MP3,
AAC, AMR, JPG, PNG, GIF)
Module 16 Page 2413
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
23. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Q
Exam 312-50 Certified Ethical Hacker
Rich development environment including a device emulator, tools for debugging,
memory and performance profiling, and a plugin for the Eclipse IDE
Module 16 Page 2414
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
24. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android OS A rchitecture
CEH
(•rtifwd
itkitjl
APPLICATION
Contacts
Phone
APPLICATION FR A M EW O R K
Activity Manager
Window ManagerContentProviders
Package Manager
Telephony
Manager
Surface Manager
L IBRA R IES
Resource
Manager
Location Manager
Media Framework
Notification
Manager
AND RO ID RUN TIM E
Core Libraries
OpenGL | ES
Dalvik Virtual Machine
SGI
LINUX KERNEL
Display Driver
Camara Driver
Flash Memory Driver
Binder (IPC) Driver
Keypad Driver
WiFi Driver
Audio Driver
Power Management
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid OS A rch ite c tu re
Android is a Linux-based operating system especially designed for portable devices
such as smartphones, tablets, etc. The pictorial representation that follows shows the different
layers such as application, application framework, libraries, android runtime, and Linux kernel,
which make up the Android operating system.
Module 16 Page 2415
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
25. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
J<PPLI CATION
Home
Phone
Contacts
Browser
A P PL IC A T IO N F R A M E W O R K
A ctivity Manager
W ind ow M anager
Content Providers
Telephony
Resource
Manager
V iew System
Location Manager
Package Manager
Manager
N o t if ic a t io n
Surface Manager
S Q lite
O penGL | ES
FreeType
W ebKit
SGL
L IB R A R IE S
M edia Fram ework
SSL
Manager
libc
A N D R O ID R U N T IM E
Core Libraries
Dalvik Virtual Machine
L IN U X K E R N EL
Display Driver
Camara Driver
Flash M e m o ry Driver
Binder (IPC) Driver
Keypad Driver
W iFi Driver
Audio Driver
Power Managem ent
FIGURE 16.7: Android OS Architecture
Applications:
The applications provided by Android include an email client, SMS, calendar, maps, Browser,
contacts, etc. These applications are written using the Java programming language.
Application Framework
Q
As Android is an open development platform, developers have full
that is used in the core applications
access tothe
©
The View System can be used to develop lists, grids, text boxes,buttons,
application
API
etc. in the
Q The Content Provider permits applications to access data from other applications in
order to share their own data
© The Resource Manager allocates the non-code resources like localized strings, graphics,
etc.
Q The Notification Manager helps applications to show custom messages in the status bar
Q
The Activity Manager controls the lifecycle of applications
Libraries
Libraries comprise each and every code that provides the main features of an Android OS. For
example, database support is provided by the SQLite library so that an application can utilize it
for storing data and functionalities for the web browser provided by the Web Kit library. The
Module 16 Page 2416
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
26. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android core library includes Surface Manager, Media Framework, SQLite, OpenGL | ES,
FreeType, WebKit, SGL, SSL, libc, SQLite (database engine), and LibWebCore (web browser
engine).
Android Runtime
Android Runtime includes core libraries and the Dalvik virtual machine. The set of core
libraries allows developers to write the Android applications using the Java programming
language. Dalvik virtual machine is helpful in executing Android applications. Dalvik can run
multiple VMs efficiently.
Linux Kernel
The Android operating system was built based on the Linux kernel. This layer is made up of all
the low-level device drivers such as Display Driver, Camara Driver, Flash Memory Driver, Binder
(IPC) Driver, Keypad Driver, WiFi Driver, Audio Driver, and Power Management for various
hardware components of an Android device.
Module 16 Page 2417
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
27. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
A n d ro id D e v ic e A d m in is tra tio n A PI I C E H
J
The Device Administration API introduced in Android 2.2 provides device adm inistration features
at the system level
J
»
These A PIs allow developers to create security-aware applications that are useful in enterprise
settings, in which IT professionals require rich control over employee devices
I*
Policies supported by
the Device Administration API
6
Password enabled
Minimum password length
Minimum uppercase letters
required in password
Alphanumeric password
© Password expiration timeout
required
© Password history restriction
Complex password required
Minimum letters required in
password
9
Maximum failed password
attempts
a
Maximum inactivity time lock
required in password
0
Require storage encryption
Minimum non-letter characters
required in password
o
Disable camera
«
Prompt user to set a new
password
Minimum lowercase letters
Minimum numerical digits
required in password
9
Minimum symbols required in
password
Lock device immediately
S
Wipe the device's data
h t t p : / / d e v e l o p e r . a n d r o id , c o m
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid D evice A d m in istratio n API
",“ "■
'׳
Source: http://developer.android.com
The Device Administration API introduced in Android 2.2 provides device administration
features at the system level. These APIs allow developers to create security-aware applications
that are useful in enterprise settings, in which IT professionals require rich control over
employee devices. The device admin applications are written using the Device Administration
API. These device admin applications enforce the desired policies when the user installs these
applications on his or her device. The built-in applications can leverage the new APIs to
improve the exchange support.
Policy
Description
Password enabled
Requires that devices ask for PIN or passwords.
Minimum password
length
Set the required number of characters for the password. For
example, you can require PIN or passwords to have at least six
characters.
Alphanumeric password
required
Requires that passwords have a combination of letters and numbers.
They may include symbolic characters.
Module 16 Page 2418
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
28. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Complex password
required
Requires that passwords must contain at least a letter, a numerical
digit, and a special symbol. Introduced in Android 3.0.
Minimum letters required
in password
The minimum number of letters required in the password for all
admins or a particular one. Introduced in Android 3.0.
Minimum lowercase
letters required in
password
The minimum number of lowercase letters required in the password
for all admins or a particular one. Introduced in Android 3.0.
Minimum non-letter
characters required in
password
The minimum number of non-letter characters required in the
password for all admins or a particular one. Introduced in Android
3.0.
Minimum numerical digits
required in password
The minimum number of numerical digits required in the password
for all admins or a particular one. Introduced in Android 3.0.
Minimum symbols
required in password
The minimum number of symbols required in the password for all
admins or a particular one. Introduced in Android 3.0.
Minimum uppercase
letters required in
password
The minimum number of uppercase letters required in the password
for all admins or a particular one. Introduced in Android 3.0.
Password expiration
timeout
When the password will expire, expressed as a delta in milliseconds
from when a device admin sets the expiration timeout. Introduced in
Android 3.0.
Password history
restriction
This policy prevents users from reusing the last וunique passwords.
ר
This
policy
is
typically
used
in
conjunction
with
setPasswordExpirationTimeout(), which forces users to update their
passwords after a specified amount of time has elapsed. Introduced
in Android 3.0.
Maximum failed
password attempts
Specifies how many times a user can enter the wrong password
before the device wipes its data. The Device Administration API also
allows administrators to remotely reset the device to factory
defaults. This secures data in case the device is lost or stolen.
Maximum inactivity time
lock
Sets the length of time since the user last touched the screen or
pressed a button before the device locks the screen. When this
happens, users need to enter their PIN or passwords again before
they can use their devices and access data. The value can be
between 1 and 60 minutes.
Require storage
encryption
Specifies that the storage area should be encrypted, if the device
supports it. Introduced in Android 3.0.
Disable camera
Specifies that the camera should be disabled. Note that this doesn't
have to be a permanent disabling. The camera can be
enabled/disabled dynamically based on context, time, and so on.
Introduced in Android 4.0.
TABLE16.1: A ndroid Device A dm inistration API
Module 16 Page 2419
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
29. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
I
S M o 2:0977]
App/Device Admin
Demonstration of גDeviceAdmin class for
administering the user's device.
FIGURE 16.8: Android Device Administration API
Module 16 Page 2420
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
30. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
CEH
Android R ooting
J
Rooting allows Android users to attain privileged control (know n as "ro o t access") within Android's subsystem
J
Rooting process involves exploiting security vulnerabilities in the device firm w a re , and copying the su binary to a
location in the current process's PATH (e.g. /system/xbin/su) and granting it executable permissions with the
chmod command
Rooting enables all the user-installed
Rooting also comes with many
applications to run privileged
security and other risks to your
commands such as:
device including:
Modifying or deleting system files, module,
ROMs (stock firmware), and kernels
Low-level access to the hardware that are
typically unavailable to the devices in their
default configuration
Voids your phone's warranty
»
Removing carrier- or manufacturerinstalled applications (bloatware)
&
Poor performance
© Malware infection
6
Bricking the device
Improved performance
Wi-Fi and Bluetooth tethering
Install applications on SD card
Better user interface and keyboard
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid R ooting
Rooting is the process of removing the limitations and allowing full access. It allows
Android users to attain "super user" privileged control (known as "root access") and permission
within Android's subsystem. After rooting the Android phone, an Android user will have control
over SETTINGS, FEATURES, and PERFORMANCE of his or her phone and can even install
software that is not supported by the device. The root users will have "super -user" privileges
using which they can easily alter or modify the software code on the device. Rooting is basically
hacking Android devices and is equivalent to "jailbreaking" in iPhone. Rooting exploits a
security vulnerability in the device firmware, and copying the su binary to a location in the
current process's PATH (e.g. /system/xbin/su) and granting it executable permissions with the
chmod command.
Rooting enables all the user-installed applications to run privileged commands such as:
Q
Modifying or deleting system files, module, ROMs (stock firmware), and kernels
Q
Removing carrier- or manufacturer-installed applications (bloatware)
Q
Low-level access to the hardware that are typically unavailable to the devices in their
default configuration
© Improved performance
Module 16 Page 2421
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
31. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
© Wi-Fi and Bluetooth tethering
© Install applications on SD card
© Better user interface and keyboard
Rooting also comes with many security and other risks to your device including:
© Voids your phone's warranty
© Poor performance
© Malware infection
© Bricking the device
Module 16 Page 2422
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
32. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
R ooting Android P hones u sin g
SuperO neC lick
CEH
D f1
f-V זת«ווזז״,יH
J
Plug in and connect your android device to your
computervia USB
USB debugging
Debug mode *when use « (OAMnM
PC M ode
©
W ind ow s M edia Sync
O
U S B M ass Storage
O
Charge O nly
Q
Stay awa ke
Serft n will neve* sleep *hile (tw png
J
Install driver for the device if prompted
J
Unplug and re-connect, but this time select
"Charge only" to sure that your phone's SD Card
is not mounted to your PC
J
Run SuperOneClick.exe(availableinToolsDVD)
J
Click on the "Root" button
J
Wait for some time until you see a "Running a
Su test Success!" message
J
Now check out the installed apps in your phone
J
Allownock loe&ions
Go to Settings >־Applications >־Development
־
and enable USB Debugging to put yourandroid
into USB Debugging mode
J
Allow mock locations
Superusericon means you now have root access
(reboot the phone if you do not see it)
!5]
Superuser Request
App: drocap2 (10104)
pAckdga: cam guv* nig. Jtudrcx4!)3
Requested U1D: root(O)
Com nwltd: /sys1 1 1
« n׳bl Vsh
Rcmember
J
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
R ooting A ndroid P h o n es u sin g S u p erO n eC lick
SuperOneClick is a tool designed especially for rooting an Android phone. The step-bystep procedure for rooting an Android phone with the help of SuperOneClick follows:
© Plug in and connect your Android device to your computer via a USB.
Q
Install the driver for the device if prompted.
© Unplug and re-connect, but this time select Charge only to ensure that your phone's SD
Card is not mounted to your PC.
Q
Go to Settings >־Applications >־Development and enable USB Debugging to put your
־
־
android into USB Debugging mode.
Q
Run SuperOneClick.exe (available in Tools DVD).
© Click the Root button.
Q
Wait for some time until you see a "Running a Su test Success!" message
Q
Now check out the installed apps in your phone.
© Superuser icon means you now have root access (reboot the phone if you don't see it).
Module 16 Page 2423
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
33. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Li
©
Exam 312-50 Certified Ethical Hacker
—
USB connection
USB debugging
o
o
o
o
1 PC Mode
1
Windows Media Sync
USB Mass Storage
1 Charge Only
|
OK
Text M «
BfOWStr
Debug m od* when USB Is connected
Stay awake
mm
Screen will never sleep while charging
Allow mock locations
m
Allowm locations
ock
Cancel
Market
©
VO K em ji!
1
Su p e ru se r Req u est
The following app is requesting superuser
access:
App: drocap2 (10104)
Package: c0m ail.nag...atu.df0cap2
.gm
Requested UID: root (0)
Com m and: /system/bin/sh
FIGURE 16.9: Rooting Android Phones using SuperOneClick
Module 16 Page 2424
Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil
All Rights Reserved. Reproduction is Strictly Prohibited.
34. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
R ooting Android P hones U sing
Superboot
.
-------
D ow nload and extract the S u p e rb o o t files
ft
Put your Android phone in
bootloader mode
Depending on your com puter's
O S, do one of the following:
m
J
Turn off the phone, remove the battery,
and pluginthe USB cable
Windows: Double click "install-superbootwindows.bat"
J
When the battery icon appears onscreen,
pop the battery back in
Mac: Open a terminal window to the directory
containing the files, and type "chmod + installx
superboot-mac.sh" followed by "./installsuperboot-mac.sh"
al Now tap the Power button while holding
down the Camera key
J
1
Linux: Open a terminal window to the directory
containing the files, and type "chmod + installx
superboot-linux.sh" followed by 1
'./installsuperboot-linux.sh"
For Android phoneswithatrackbalLTurn
off the phone, press and hold the trackball,
then turn the phone backon
r~ 1
* j .
Your device has been ro o ted
m
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
R ooting A ndroid P h o n es u sin g S uperkoot
Superboot is a boot.img. It is designed specifically to root Android phones. It roots
Android phones when they are booted for the very first time. Any individual can root the
Android phone using superboot by following these steps:
Step 1: Download and extract the Superboot files.
Step 2: Put your Android phone in bootloader mode:
Q Turn off the phone, remove the battery, and plug in the USB cable.
9
When the battery icon appears onscreen, pop the battery back in.
© Now tap the Power button while holding down the Camera key.
Q
For Android phones with a trackball: Turn off the phone, press and hold the trackball,
then turn the phone back on.
Step 3: Depending on your computer's OS, do one of the following:
Q
Windows: Double-click install-superboot-windows.bat.
© Mac: Open a terminal window to the directory containing the files, and type chmod +
x
install-superboot-mac.sh" followed by ./install-superboot-mac.sh.
Module 16 Page 2425
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
35. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
6
Exam 312-50 Certified Ethical Hacker
Linux: Open a terminal window to the directory containing the files, and type chmod +
x
install-superboot-linux.sh" followed by ./install-superboot-linux.sh.
Step 4: Your Android device has been rooted.
Module 16 Page 2426
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
36. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android R ooting Tools
i( ] □ !
CEH
@ D s1:5.
B < 26
(D B
?!
a ׳m a 9:15 am
a
un re v o k e d
1« th» tutron to root your phono
y r
Wo don't antiripa!!
U n iv e r s a l A n d r o o t
Do you want to install this
application?
UnlockRoot.com
a t
Allow this application to:
A Storage
modify/delete SD card contents
A Phone calls
read phone state and identity
A System tools
c neWFsa ,peetpoefr m
tag i i t te r vn hn o
s ein
lep g
O
i n i
Sh o w all
R eco very F la sh e r
ר
U niversal Androot
U nlock Root
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A n d r o id R o o t in g T o o ls
C O
J
In addition to SuperOneClick and Superboot, there are many other tools that can be
used for rooting Android phones:
© Unrevoked available at http://unrevoked.com
© Recovery Flasher available at https://sites.google.com/site/adlxmod
© Universal Androot available at http://forum.xda-developers.com
© Unlock Root available at www.unlockroot.com
Module 16 Page 2427
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
37. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
AH□ יB
Exam 312-50 Certified Ethical Hacker
gfflj® 1:5*
26
i
& B D 0 9:15 AM
un r e v o k e d
Press the button to root your phone. We don't anticipate
orealdng your prion*, but w e're noi liable if It do•* On Ev
you’l hare to do thi5 each time you reboot. Have fun!
, u Universal Androot
UntocfcRoot v2 0
Do you want to install this
application?
Donate | Follow us on Twitter.
UnlockRoot.com
Allow this application to:
A
Storage
modify/delete 50 card contents
A
i n
Phone calls
read phone state and tdentlty
A
System tools
change Wi-Fi slate, prevent phone from
sleeping
O S h o w a ll
Install
1
||
Cancel
_
.
Root
I
Contort devic• with U S8 coble and
FIGURE 16.10: Android Rooting Tools
Module 16 Page 2428
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
38. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Session Hijacking Using
DroidSheep
J
•. © * v
DroidSheep is a simple Android tool for web session hijacking
(sidejacking)
? i n s■
Connect edt o *••יי»י
2:02 pm
■״
«
Spoofing IP: 192.168.0.1
J
It listens for HTTP packets sent via a wireless (802.11) network
connection and extracts the session IDs from these packets in order
to reuse them
m
צ
». .
^
[http7/w w w .facebook...
IP=192.168 0.100 Anil Sardiw al [h ttp V M w ..
http://www.google.co.in
IP=192.168.0.100 ID : 1239002684
http://xsltcache.alexa.com
J
IP=192.168.0.100 ID : 1120334729
DroidSheep can capture sessions using the libpcap library and
http://api.mywot.com
supports: O PEN N etw orks, W E P encrypted networks, W P A and
IP-192.168.0.100 ID : 166224861
http://apis.google.com
W P A 2 (P SK only) encrypted n etw orks
IP=192.168 0.100 ID : -561222905
http://www.blogger.com
IP=192.168.0.100 ID : •70447663
o
in
n
■
A
A
User
Internet
ARP
Spoofing
Attacker modifies the
m
*«.
http://platf orm .twitter.com
IP-192.168.0.100 ID : 1933430236
http://s7.addthis.com
IP-192.168 0.100 ID : 1667993814
http://www .stum bleupon.com
session IDs and relay them
to web server
Attacker intercepts
client's request for a
web page
w
W
http://platform .linkedln.com
I P “ 192.168.0.100 ID : •2082712684
Attacker
IP-192.168.0.100 ID : •1486882064
✓
o
c
R U N N IN G AN D
S P O O F IN G
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Session H ijack in g U sing D roidS heep
Most web applications use a session ID to verify the user's identity with the
application. This session ID is transmitted in subsequent requests within HTTP packets in order
to maintain the session with the user. The attacker uses the DroidSheep tool to read the all the
packets sent via a wireless network and captures the session ID. Once the attacker captures the
victim's legitimate session ID, he or she may use this stolen session ID to access the target web
application on behalf of the victim.
DriopSheep listens and captures HTTP packets sent via a wireless (802.11) network and then
analyzes the captured packets to extract and reuse the session IDs. DriopSheep accomplishes
this using the libcap library. It supports OPEN Networks, WEP encrypted networks, WPA, and
WPA2 (PSK only) encrypted networks.
Module 16 Page 2429
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
39. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
A
User
A
Internet
ARP
Spoofing
A ttacker intercepts
client's request for a
*»«
A ttacke r modifies the
session IDs and relay them
to W e b s e rv e r
w ebpage
Attacker
FIGURE 16.11: Session Hijacking Using DroidSheep
Module 16 Page 2430
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
40. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
^
rid I
©
2:02 PM
Connected to - • ■
• • •י״יייי
Spoofing IP: 192.168.0.1
[http://www.facebook....
IP=192.168.0.100 Anil Sardiwal [http://ww...
http://www.google.co.in
IP=192.168.0.100 ID: 1239002684
http://xsltcache.alexa.com
IP=192.168.0.100 ID: 1120334729
http://api.mywot.com
IP=192.168.0.100 ID: 166224861
http://apis.google.com
IP=192.168.0.100 ID: -561222905
http://www.blogger.com
IP=192.168.0.100 ID: -70447663
http://platform.linkedin.com
IP=192.168.0.100 ID: -2082712684
http://platform.twitter.com
IP=192.168.0.100 ID: -1933430236
http://s7.addthis.com
IP=192.168.0.100 ID: -1667993814
http://www.stumbleupon.com
IP=192.168.0.100 ID: -1486882064
M
o
ARP-Spoofing
a
i
G eneric mode
RUNNING AND
SPOOFING
FIGURE 16.12: DroidSheep Screenshot
Module 16 Page 2431
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
41. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android-based Sniffer: FaceNiff I C EH
FaceNiff is an Android app that allows you to sniff
It is possible to hijack sessions only when W iF i is
and intercep t w e b session profiles over the W iFi
not using EAP, but it should work over any private
that you r mobile is connected to
n etw orks (Open/W EP/W PA-PSK/W PA2-PSK)
|ז
Vibration
Vibrate when new praMe is foutd
MAC TO Vendor resolving
Try fimfcng oul Jhe device *ewdor
Filter services
Selecl wtnch twvictt you want to be shown
h ttp://faceniff.ponury. net
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
H
A n d ro id -b ased Sniffer: F aceN iff
Source: http://faceniff.ponury.net
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the
Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not
using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK).
Note: If webuser uses SSL this application won't work.
Module 16 Page 2432
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
42. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
m
L _ J
u
Fitter services
STOP
Vibration
amazon.com
Vibratewt*n new proMe it found
f71f| bponury
p bl
ue
MAC TO Vendor resolving
amazon.co uk
Try frying 014 (he device vendor
Filter services
bponury
Setecl which servicesyou want to be •hown
amazon.de
Intel Corporate (30.88.b4:
tuenti.com
BartoszTestowy
nk.pl
10 0 (6 ו 00 ו
twitter.com
tumblr.com
meinvz.net
%
&
Unlock mu
Request new key
•
Go to website
Export sessions
r t
Import sessions
©
Settings
studivz.net
blonoer com
FIGURE 16.13: FaceNiff Screenshot
Module 16 Page 2433
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
43. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
A n d ro id T ro ja n : Z itM o (ZeuS-inth e -M o b ile )
r cu
!z —?
Zitmo is the notorious mobile
component of the Zeus banking
Trojan that circumvents twofactor authentication by
Ml
C a r H om e
Contacts
intercepting SMS confirmation
codes to access bank accounts
H
The new versions for Android
and BlackBerry have now added
Em ail
Galery
»
Custom
local*
m
Q
M nugng
botnet-like features, such as
enabling cybercriminals to
control the Trojan via SMS
r m
»
Dev Tool!
* 4
commands
Music
C Home
ar
יי
conucn
»
»
cus*״״
lAa
rU
^ 5 Zertifikat
Installation erfolgreich
Ihr Aktivierungskode lautet
7725486193
Copyrigh t © b y
E&Cauaci. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid T rojan: ZitM o (ZeuS־in ־th e ־M obile)
Zitmo refers to a version of the Zeus malware that specifically targets mobile devices.
It is a malware Trojan horse designed mainly to steal online banking details from users. It
circumvents mobile banking app security by simply forwarding the infected mobile's SMS
messages to a command and control mobile owned by cybercriminals. The new versions of
Android and BlackBerry have now added botnet-like features, such as enabling cybercriminals
to control the Trojan via SMS commands.
Module 16 Page 2434
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
44. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
S B D ® 10:53 am I
Car H om e
C o n ta c ts
C u s to m
D e v T o o ls
L o c a le
E m a il
G a lle r y
M e s sa g in g
Phone
S e ttin g s
S p a r e P a rts
M usk
Sp eech
R e co rd e r
FIGURE 16.14: ZitMo (ZeuS-in-the-Mobile) Screenshot
Module 16 Page 2435
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
45. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: GingerBreak
GingerBreak v l.l
O p tio ns
Q ) GingerBreak
Please make sure of the
following before rooting:
- You have an SD card inserted
and mounted
- USB debugging is enabled
AndroidOS/GingerBreak is a
trojan that affects mobile devices
running the Android operating
system
It drops and executes another
trojan detected as Exploit:
Android0s/CVE-2011-1823,
which, if run successfully, gains
administrator privileges on the
device
p
CEH
GingerBreak
Do you want to install this
application?
Allow this application to:
A System tools
re»d system log riles
Copyrigh t © b y
EfrCaincl. A ll Rights R eserve d.
R eproduction is Strictly Prohibited.
A ndroid T rojan: G in g erB reak
AndroidOS/GingerBreak is a Trojan that affects mobile devices running the Android
operating system. It drops and executes another Trojan detected as Exploit: AndroidOS/CVE2011-1823, which, if run successfully, gains administrator privileges on the device.
Module 16 Page 2436
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
46. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
GingerBreak
|PS GingerBreak
GingerBreak v1.1
APK: Chainfire
Exploit: The Android Exploid Crei
Options________________
Do you w ant to install this
application?
Allow this application to:
A System tools
read system log files
FIGURE 16.15: GingerBreak Screenshot
Module 16 Page 2437
Ethical Hacking and Countermeasures Copyright © by EC-C0UnGil
All Rights Reserved. Reproduction is Strictly Prohibited.
47. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: AcnetSteal and
Cawitt
A c n e tS te a l
J
C a w it t
AcnetSteal is a program that harvests data and
J
Cawitt.A operates silently in the background,
gathering device inform ation which it later
inform ation from the device
J
CEH
forw ards to a remote server
Trojan sends the contact inform ation to a
remote location using Triple DES Encryption
J
Collected information includes d evice ID,
International Mobile Equipment Identity (IM E I)
(DESede)
number, phone num ber, Bot ID, and modules
8:06 AM
a
n
a
8:06 AM
Quote!!! Slim
Be social! plugin
32.C0KB
A
v R ),
ookb
Your messages
rctcrvc SMS
E xam ple w a llp a p e rs
A
Network communication
A
Storage
(til Iniffnrt K e n t
•
S am ple Soft K eyboard
10K
60R
rroaity/ddtteSOcard content?
A
Services that cost you
money
send SMS rnesuges
A
Phone calls
read phone sute a ״identity
td
Copyrigh t © b y E f r C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid T rojan: A cnetSteal a n d C aw itt
A cnetSteal
AcnetSteal is a program that harvests data and information from the device. The Trojan
sends the contact information to a remote location using Triple DES Encryption (DESede).
FIGURE 16.16: AcnetSteal Screenshot
Module 16 Page 2438
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
48. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
IM
Exam 312-50 Certified Ethical Hacker
C aw itt
Cawitt operates silently in the background, gathering device information which it later
forwards to a remote server. Collected information includes device ID, International Mobile
Equipment Identity (IMEI) number, phone number, Bot ID, and modules. This Trojan doesn't
place any launcher icon in the application menu in order to avoid being detected by the device
user.
t r iR & G
8:06 A M
Manage applications
Application Info
com.android.gesture.builder
32.00KB
Perm issions
H
wT)
Be social! plugin
32.00KB
This application can access the following on your
phone:
A
20.00KB
Your messages
receive SMS
Example Wallpapers
A
Network communication
full Internet access
Sample Soft Keyboard
3600KB
A
Storage
m
odify/delete SOcard contents
A
Services that cost you
money
send SMS m
essages
A
Phone calls
read phone state and identity
FIGURE 16.17: Cawitt Screenshot
Module 16 Page 2439
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
49. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: Frogonal and
G am ex
c EH
to M Itc Jl IlM
ftN fM h
M
Frogonal
J
Frogonal.A is a repackaged version of an original application
where extra functionalities used for malicious intent have
been added into the new package
J
It harvests the following information from the compromised
device such as identification of the Trojaned application,
phone number, IMEI number, IMSI number, SIM serial
number, device model, operating system version, root
availability
G am ex
-I Gamex.A hides its malicious components inside the package
file
_J Once it is granted a root access by the user, it connects to a
command and control (C&C) server to download more
applications and to forward the device IMEI and IMSI numbers
J
It also establishes a connection to an external link which
contains a repackaged APK file, and proceeds to downloading
and installingthe file
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited
A ndroid T rojan: F ro g o n al a n d G am ex
F ro g o n a l
Frogonal is a repackaged version of an original application where extra functionalities
used for malicious intent have been added into the new package. It harvests the following
information from the compromised mobile devices:
9
Identification of the Trojanized application:
•
Package name
•
Version code
9
Phone number
9
IMEI number
9
IMSI number
9
SIM serial number
9
Device model
9
Operating system version
9
Root availability
Module 16 Page 2440
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
50. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
m
@My Games
Do you want to install this
application?
Allow this application to:
✓
Your m essages
receive SMS
✓
m
ft
N e t w o r k c o m m u n ic a t io n
Jull Internet access
✓ Storage
modify/delete SO card contents
✓
H a r d w a r e c o n t r o ls
take pictures and videos
✓
P h o n e c a lls
read ohone state and identity
*s
«יא
»מ
FIGURE 16.18: Frogonal and Gamex Frogonal Screenshot
G am ex
Gamex is an Android Trojan that downloads and installs the files on a compromised
mobile device. It hides the malicious content inside the file that is to be installed; once it is
granted a root access by the device owner, it connects to a command and control (C&C) server
to download more applications and to forward the device's IMEI and IMSI numbers. It also
establishes a connection to an external link that contains a repackaged APK file, and proceeds
to download and install the file.
*m e 1: 1P
2 M
2
Manage a p i a i n
plctos
Q Bi< 1:2 P
8 3 22 M
A p ication i f
pl
no
c o m . a n d r o id .g e s t u r e . b u ild e r
32.00KB
E x a m p le W a l l p a p e r s
20.00KB
S a m p le S o f t K e y b o a r d
* 7
36.00KB
This application can access the following on your
phone:
A Storage
modify/delete SD card contents
A Network communication
ful Internet access
A Phone calls
read phone state and identity
FIGURE 16.19: Gamex Screenshot
Module 16 Page 2441
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
51. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: KabStamper and
M ania
K a b S ta m p e r
J
KabStamper.A is a m alw are distributed via Trojaned
CEH
M an ia
J
M ania.A is an SMS-sending m alw are that sends
applications that deliver new s and videos on the
AKB48 group
J
out messages with the content "te l" or "quiz" to
the number 84242
Malicious code in the m alware is highly destructive;
J
it destroys im agesfound in th esd card /D C IM
Any reply from this number is redirected to
an oth er device to prevent user from becoming
/cam era fo ld e rth a t stores images taken with the
suspicious
device's camera
J
J
Eve ry five m inutes, the m alw are checks this folder
and modifies a found image by overwriting it with a
Mania.A is known for using the trojanization
technique, w h ere it is repackaged with another
original application in order to dupe victim s
predefined image
U f f i ]<Li 6:M AM I
£ |
ce«
^
t 1M *e w a 11pjpen
0
rtflDa*26AM
y ! S B
6:2* AM
h
})• H t*n
wujpn
ap c
H
c m n ro .g s re u e
o .a d ld e tu .b lld r
W m
3*.00KB
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid T rojan: K ab S tam p er a n d M a n ia
K a b S ta m p e r
KabStamper is an Android Trojan that modifies images found in the target mobile
device by overwriting them with a predefined image. It is distributed via Trojanized
applications that deliver news and videos about the AKB48 group. It is very destructive and
destroys images found in the sdcard/DCIM/camera folder that stores images taken with the
device's camera.
Module 16 Page 2442
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
52. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
6 S4 AM
6:54 A M
r r- ־
704 1 *ז 2 יKB
•
•
c o m .a n d ro id .g e stu re.b u lld er
3.0a
20
■ R j 7 E x a m p le W a llp a p e r s
S t / 20.00KB
S a m p le So ft K e yb o a rd
36.00KB
FIGURE 16.20: KabStamper and Mania Kabstamper Screenshot
M a n ia
Mania is an Android Trojan that pretends to perform license checking to cover up its
SMS-sending activities in the background. It is SMS-sending malware that sends out messages
with the content "tel" or "quiz" to the number 84242. Any reply from this number is redirected
to another device to prevent the device owner from becoming suspicious. While running,
Mania appears to be performing license checking, but this process always fails and never seems
to be completed. The license checking is a coverup for the SMS sending activities that are taking
place in the background.
a
n
e
6:26 A M
y b S G
6:28 A M
FIGURE 16.21: Mania Screenshot
Module 16 Page 2443
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
53. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: PremiumSMS and
SmsSpy
Sm sSpy
P re m iu m S M S
Prem iu m SM S.A is a Trojan that reaps profit from
J
into a secsuite.db
It has a configuration file that contains data on
recipient numbers
Example of the sent messages:
SmsSpy.F poses as an Android Security Suite
application that records received SM S messages
its S M S sending activities
th e content of the S M S messages and the
CEH
J
Thism alw aretargetsbankingconsum ers in Spain
w here it is spammed via a message indicatingthat
an extra Security Protection program that
protects the device is availablefor download
1. Number: 1151
f t 8 1 ® 7:14AM
Content: 692046 169 BG QCb5T3w
2. Number: 1161
s .
* 7
Content: 692046 169 BG QCb5T3w
3. Number: 3381
1
•
<1
*
f t
*
q
(«•<
/ §ז
&*r.y
f t
Snlun
f e
W.K
Pho
ne
&
S g Sp rehits
ettin *
o
Content: 692046 169 BG QCb5T3w
m
Copyrigh t © b y E & C a i n c l . A ll Rights R eserve d. R eproduction is Strictly Prohibited.
A ndroid T rojan: Prem ium SM S a n d Sm sSpy
P r e m iu m S M S
PremiumSMS is an Android Trojan that reaps profit from its SMS-sending activities. It
has a configuration file that contains data on the content of the SMS messages and the
recipient numbers.
Example of send messages:
1. Number: 1151
Content: 692046 169 BG QCb5T3w
2. Number: 1161
Content: 692046 169 BG QCb5T3w
3. Number: 3381
Content: 692046 169 BG QCb5T3w
4. Number: 1005
Content: kutkut clsamg 6758150
5. Number: 5373
Module 16 Page 2444
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
54. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Content: kutkut clsamg 6758150
6.
Number: 7250
Content: kutkut clsamg 6758150
Sm sSpy
SmsSpy is an Android Trojan that poses as an Android Security Suite application that
actually does nothing in ensuring the device's security. However, it records received SMS
messages into secsuite.db instead. It targets banking consumers in Spain, posing as an Android
Security Suite application.
FIGURE 16.22: SmsSpy Screenshot
Module 16 Page 2445
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
55. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: DroidLive SMS
and UpdtKiller
CEH
U p d tK ille r
D roidLive S M S
DroidLive masquerades as a Google Library,
J
UpdtKiller.A connects to a command and
control (C&C) server, w h ere it forw ards users'
attempts to utilize Device A dm inistration A PI
data to and receives further commands from
It attempts to install itself as a device
administration app, and is capable of tapping
J
This m alware is also capable of killing
into personal data and performing a mixture of
antivirus processes in order to avoid being
nefarious activities on android mobile devices
detected
Text M essa g es
i 1 • 4P S
A
U׳n(»M
S h u td o w n R e c e iv e r
; DroidLive Main
A
Controller
Add
»
D e vice
A d m in
י
llrowv*
O O tO CiHfnnm
M iM r
י
ty Ia*l
m
Cn
o tact* D loolt
«v
8 &זfe
SmsMessageReceiver
Call P h o n e
W a k e L o c k R e c e iv e r
N u m b ers
DeviceAdmin
(P
fll
W
Copyrigh t © b y E f r C o in c l. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Android Trojan: DroidLive SMS and UpdtKiller
I
| D r o id L iv e S M S
DroidLive SMS is an Android Trojan masquerading as a Google Library; it attempts to
utilize a device administration API. It attempts to install itself as a device administration app,
and is capable of tapping into personal data and performing a mixture of nefarious activities on
Android mobile devices. It attempts to disguise itself as a Google library, and receives
commands from a Command and Control (C&C) server, allowing it to perform functions
including sending text messages to premium numbers, initiating phone calls, and collecting
personal data.
Module 16 Page 2446
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
56. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Send
Text Messages
BootReceiver
A
LiveReceiver
DroidLive Main
Controller
ShutdownReceiver
Add
Device
Admin
SmsMessageReceiver
V
Call Phone
Numbers
WakeLockReceiver
DeviceAdmin
FIGURE 16.23: DroidLive SMS and UpdtKiller DroidLive SMS
A n d r o i d T r o j a n : U p d t K ille r
UpdtKiller is an Android Trojan that terminates processes belonging to antivirus products in
order to avoid detection. It connects to a command and control (C&C) server, where it forwards
harvested user data to and receives further command from.
7:51 AM
•־
Alarm Clock
#
&
Browser Calculator
CameraContacts
Dev Tools
$!7 5
Gallery
5
Calendar
Email
P
&
Gestures Messaging
Music
Builder
B
PhoneSettings
# ־E
Sparc Parts
FIGURE 16.24: UpdtKiller Screenshot
Module 16 Page 2447
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
57. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Trojan: FakeToken
CEH
C«rt1fW4
itfciul ■U
ckw
FakeToken steals both bankingauthentication factors (Internet
password and mTAN) directly from the mobiledevice
P erm issio n s
Distribution T ech n iq u e s
• T h ro u g h p h is h in g e m a ils p re te n d in g t o b e
P erm issio n s
This application can access th e following on
yo u r phone:
This application can access the following on
your phone:
✓ Your messages
receive SM S
s e n t b y th e ta r g e te d ban k
•
receive SMS
✓ Network communication
In je c t in g w e b p a g e s fro m in fe c te d
full In te rn e t access
co m p u te rs , s im u la tin g a fa k e s e c u r ity a p p
t h a t p re s u m a b ly a v o id s t h e in te rc e p tio n
✓י
o f S M S m e s s a g e s b y g e n e r a tin g a u n iq u e
✓ Your messages
Your personal information
read contact data
✓ Network communication
full In te rn et access
✓ Storage
m odify/delete SD card contents
d ig ita l c e r t ific a te b a s e d o n th e p h on e
■ Storage
S
n u m b e r o f th e d e v ic e
✓ Phone calls
m odify/delete SD card contents
•
In je c t in g a p h is h in g w e b p a g e th a t
r e d ire cts u s e rs t o a w e b s it e p re te n d in g to
read phone state and Identity
b e a s e c u r ity v e n d o r t h a t o ffe rs th e
" e B a n k in g S M S G u a rd " a s p ro te ctio n
a g a in s t " S M S m e s s a g e in te rc e p tio n a n d
m o b ile P h o n e S IM c a rd c lo n in g "
✓ Phone calls
A
✓ Services that cost you
money
send SM S messages
read phone state and Identity
✓ Services that cost you
money
send SM S messages
NEW VERSION
Copyrigh t © b y E & C a in c f l. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
^
Android Trojan: FakeToken
FakeToken steals both authentication factors (Internet password and mTAN) directly
from the mobile device.
Distribution Techniques:
© Through phishing emails pretending to be sent by the targeted bank
© Injecting web pages from infected computers, simulating a fake security app that
presumably avoids the interception of SMS messages by generating a unique digital
certificate based on the phone number of the device
© Injecting a phishing web page that redirects users to a website pretending to be a
security vendor that offers the "eBanking SMS Guard" as protection against "SMS
message interception and mobile Phone SIM card cloning"
Module 16 Page 2448
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
58. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Permissions
Permissions
This application can access the following on
your phone:
This application can access the following on
your phone:
✓ Your messages
receive SMS
receive SMS
✓ Network communication
full Internet access
✓ Network communication
full Internet access
✓ Your personal information
read contact data
✓ Storage
modify/delete SD card contents
✓ Storage
✓ Phone calls
modify/delete SD card contents
✓ Phone calls
read phone state and Identity
✓ Services that cost you
money
send SMS messages
V Your messages
read phone state and Identity
✓ Services that cost you
money
send SMS messages
NEW VERSION
FIGURE 16.25: FakeToken Screenshot
Module 16 Page 2449
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
59. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
1
■
C o pyrigh t © b y
EC-Coind. A ll Rights R e s e r v e d Rep rodu ction is S tric tly Prohibited.
|J Securing Android Devices
--- Security of Android devices is a major concern as most people at present using these
devices as substitutes for computers. Similar to a traditional computer, security is mandatory
for Android devices to avoid being infected by a malicious application or data loss. The
following are a few key points that help you in securing your Android device:
© Enable screen locks for your Android phone for it to be more secure
© Never root your Android device
© Download apps only from official Android market
© Keep your device updated with Google Android antivirus software
© Do not directly download Android package files (APK)
© Keep updated with the operating system as and when updates arrive
© Use free protectors Android apps such as Android Protector. Where you can assign
passwords to text messages, mail accounts, etc.
© Customize your locked home screen with the user's information
Module 16 Page 2450
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
60. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Google Apps Device Policy
Google Apps Device Policy app allows Google
J
CEH
This app allows IT ad m inistrato rto enforce
Apps dom ain admin to set security policies for
security policies and rem otely w ipe your
yo ur Android d evice
device
It is a device adm inistration app for Google
J
Additionally, this app allows you to ring, lock,
Apps for Business, Education, and G overnm ent
or locate yo ur Android devices through the
acco un tsthat makes your Android d evice more
M y Devices page:
secure for enterprise use
h t t p s : / / w w w . g o o g le . c o m / a p p s / m y d e v ic e s
Device .irtnnist'ffd urdef google
Domair odrwwstfatof s can sel
po1
c*« nrxl reirnlriy wif*• Ihe
qooqe ccnVapca/mytfcvces
cl 1 changrpauvora
c
irk tin M Cn*««t not b• gr•*•' than /
MM
Accourt register<d
JrreQistef !his account 80 I גוno
Of0#f rnuMOPfl hy your domain
xin niitn itw i
https://ploy.google.com
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Google Apps Device Policy
Source: https://play.google.com
The Google Apps Device Policy app allows a Google Apps domain admin to set security policies
for your Android device. It is a device administration app for Google Apps for Business,
Education, and Government accounts that makes your Android device more secure for
enterprise use. This app allows an IT administrator to enforce security policies and remotely
wipe your device. Additionally, this app allows you to ring, lock, or locate your Android devices
through the My Devices page: https://www.google.com/apps/mydevices■
Module 16 Page 2451
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
61. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
©
Device administered under rpogle
I com
Dama r administrators can set
policies and remotely wipe the
device.
91
ocate your device at m & J l m x i .
google com/apps/mydevices
google.com/apps/mydevices
Successfully synced w ׳th server at
Succe!
O 22ו
:. ו
Unregister this account so it is no
Icngcr managed by your domain
administrators.
uoorgtoxMnpIc.cOTi
A
Some device details are shared with
domain administrators
✓
Successfully synced with
server
Click 10view •haied < W ♦־Mailt
t* K
Successfully synced with
server
Dcvicc password must contort
numbers.
Calary Ncnic
Hsidworc ID
Successfully sy n ce J with
server.
✓
Phone Num
b?'
Ocvicc OS;
Android 4 0.4
Successfully synced with
server.
Bu»ld Num
ber
IM /bH
M
Successfully synced with
server.
Iasi Sync:
kUCAdd’ess
Click to change password
Lock timeout must not be greaier than
15 minutes.
Click to change timeout
IVvict• Model
0«vtce IO
Click to choogc password
Device password must have at least 8
characters
Domain administrators can v
details about your device
✓
T Mobk
3 08-fl0J4feC9
Kernel version
Basftv.no Version IS?SOXXI A?
2012rtWQ316:IS
a:
Account registered.
Domain administrators w il be able to
remotely wipe the device
Jnregister
FIGURE 16.26: Google Apps Device Policy
Module 16 Page 2452
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
62. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
נ
R em ote W ipe Service: R em ote W ipe
CEH
(•rtifwd
J
itkitjl
If users h ave G o o g le Syn c installed on a su p p orted m o b ile d ev ice o r an A n d ro id d evice
w ith th e G o o g le A p p s D evice P o licy ap p , th e y can use th e G o o g le A p p s control p anel
to re m o te ly w ip e th e device
To remote wipe
a lost or stolen device:
Mobile settings
O nSM »»
ActMton
Sign in to your Google Apps control
panel.
Click Settings >־־M o b ile.
In the Devices tab, hover your cursor
over the user w hose device you w ant to
wipe.
Click Rem ote W ip e in the box that
appears.
A second box appears asking you to
confirm that you w ant to remotely wipe
the device. Ify o u a r e s u r e y o u r w a n tt o
w ipe the device, click W ip e D evice.
http://support.google.com
Copyrigh t © b y E & C a u a c i. A ll Rights R eserve d. R eproduction is Strictly Prohibited.
Remote Wipe Service: Remote Wipe
'
Source: http://support.google.com
Remote Wipe Service is a feature service that allows you to reset or erase the information in
the lost or stolen device. To use this service the device should install Google Sync or Device
Policy. This can also delete all the information in the device such as mail, calendar, and
contacts, etc. and cannot delete data stored on the device's SD card. When this service
completes its task, it prompts the user with a message as acknowledgement to the delete
function.
To remote wipe a lost or stolen device:
1. Sign in to your Google Apps control panel.
2. Click Settings >־Mobile.
3. On the Devices tab, hover your cursor over the user whose device you want to wipe.
4. Click Remote Wipe in the box that appears.
5. A second box appears asking you to confirm that you want to remotely wipe the device.
If you are sure you want to wipe the device, click Wipe Device.
Module 16 Page 2453
Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil
All Rights Reserved. Reproduction is Strictly Prohibited.
63. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Mobile settings
P fB » « « |n a »
D e v ic e .
Se arch
□
A a tV rtO T
A ! vxr.r,
B 'o c k
R e m o t)
E a p crtA i
׳
[ D e v ic e ID
OS
vrrm—
)u tr e iir tm ft n n ^ a a liM c o t n
□
M t f .X U P m
□
A p p L JS S M Q
E rro u ?
m Zn
• o w u n # u * *•os to* tc o «1
□
A d o !..0 K 3 3 N R
Bustos Dormxa
t» sU » <
■ Prun e 3 G »
10
a w c q < a a o * ttM c o fl
1
* n a o s lt M c o m
6 « ט טו ג. -׳ פ פ
kLWSSi
□
3 6 c S 8 7 8 *c 0
□
A 00LB9KA4I
La m n e M 0 H !
ם
A b 07. . ׳B W M P
H « T L B a c f» l1 «
ם
A dcK 7 T T A 4 T
D o c to r B r o d e
ם
App! 0 U 0 A 4 T
H i ifa a rt O u M n
□
Am U E X M I
l- . k l r o R . f o d I
c
A do! JC S A 4 T
Ju c q u K R e tm i
ם
A « IP * 1 A 4 *
V ic l a
ם
Acd
ם
App! S G X A 4 T
EYD 3N S
N *m o
G o o g le S y n e
C o o g le S y n c
11/4/11
A p p ro ve d
iO S S
G o o g le S y n c
11/4/11
A p p ro ve d
G o o g le S y n c
11/4/11
A p proved
Phone 7
■OS 4 2
G o o g le S y n c
11/2/11
Ap oro vod
M ann S
A n droid 2 3 6
Android
1 0F2*11
A p o ro ve d
G o o g le S y n c
10/26/11
A p erovo d
IS
G o o g le S y n c
10/28/11
A p proved
IS
G o o g le S y n c
10/20/11
A p proved
IS
G o o g le S y n c
10/20/11
A p p ro ve d
IS
G o o g le S y n c
10/20/11
A p proved
IS
G o o g le S y n c
10/15/11
A p provod
ר
1 A. IS
G o o g le S y n c
10/18/11
A p provod
S u w * iM 1 r« l1
■ i n — ■ a n a l— n a ta r
0 0 v < « ID
30c6d5d
H d t « n lO
86743096675309
F T»t S y n c
4/1(111 9 2 6 P M
Last Syn c
[
1 (^ 2 *1 1 2 08 P M
B lo c k
Ap v d
p ro e
S 5
O S 4 0
N exus S
a
M
ר
IS
1 1 1
■
S ta tu s
* ז ־r
רam
■ Prun e 3 G
* w e m lra K l» * a e o a V * l< o m
3
Laat S y n c .
—חזזדר
7
a v e tto m * e a o tlr a lc o a i
S n a ro ?
iO
,P r o n e 4
On m ouseover hovercards
ם
■Phone 3 G »
Typ e
־5 ־ 5 ס ד ־
V ia • D e la t e
R e m o te W ip e
M cw i
1
Tom C a stro
to a K a t U o - - a a o » t r e lc o n
■ Plu n e 3 G e
■OS 4 3
G o o g le S y n c
10/14/11
A p p ro ve d
G e r v a s lo M o n to n o p ro
e e c v m to m o n • 4 K « t1 M c o m
1
Pro n e 4
i O S 4 .3
G o o g le S y n c
10/13/11
A p p ro ve d
C
3cSO
Ie 7 a0 §
E r ik L O f U lM
e t k l o m o t > a la a t f * t c o m
O q t«d M T
A ndn»d235
Android
1013/11
ם
Ad o
W Q 8A4T
B < w tr f V it n r b o
b e a tn n a w b o • a a n tra tc o m
■ Prun e 4
!o s 4 נ
G o o g le S y n c
10/8/11
Bocaod
P lo f r o M o n o i d
p te r ie m e m r d ia lo t t ia lc o e i
UqwdM T
A n droid 2 3 5
Android
1<y7/11
A p proved
S ila s H a s la m
s to s lm h m ia a o a t ia t c o n i
iP a d 2
■OS 4 3
G o o g le S y n c
1a6/11׳
□
3336
604a6d
A 0 P 1 ..Z P D F H W
1
׳
ן
FIGURE 16.27: Remote Wipe Service
Module 16 Page 2454
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
64. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Security Tool:
DroidSheep Guard
DroidSheep Guard monitors
CE
H
. ^ 1 < ! • ג י ״ יי י
* ® * 27.12.2011 20005
your phones ARP-Table and
pop-up alerts in case it
detects suspicious entries in
m
-
וז מ ח ה
the phones ARP-Table
It can immediately disable
WiFi connection to protect
Checks per M
inute: 6
0
your accounts
DroidSheep Guard works
with all ARP-Based attacks,
like DroidSheep and Faceniff
V ' Auloslart/ stop depending WiFi
S O M E O N E S E E M S TO B E HIJACKING USING
A R P S P O O F IN G ON THIS NETWORK'
V / Disable W iFi on alert
Open DroidSheep Guard
Notify m system
. /
mnrfe (MIGHT cause false alerts)
ruutious mode 1 lun
״
W iF i w as
H k•!Y ud
iiK o
1-יMC
, A
h ttp ://d ־׳o ׳d s h e e p '
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A n d r o i d S e c u r i t y T o o l: D r o i d S h e e p G u a r d
Source: http://droidsheep.de
DroidSheep Guard monitors your phone's ARP-Table and it warns you by pop-up alerts in case
it detects malicious entries. It can instantly disable a Wi-Fi connection to protect your accounts.
This can guard against all ARP-based attacks, such as DroidSheep and Faceniff, man-in-middle
attacks, handmade attacks, etc. You can use Facebook, eBay, Twitter, and Linkedin accounts on
public Wi-Fis securely.
Module 16 Page 2455
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
65. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
*SS
T
< 2: 0
30
0
Status: Running
<last check 27 12 2011 20:00 51>
4^^ L ^KTrr
־
111 mil
Checks per Minute: 60
V '' Autostart/ stop depending WiFi
SOMEONE SEEM S TO BE HIJACKING USING
ARPSPOOFING ON THIS NETWORK!
/ Disable WiFi on alert
f
Notify in system
V / Cautious mode (MIGHT cause false alerts)
Start
protection
Stop
protection
S a / e and
hide
If* 10 167.21S718 MAC Q?s0f3a>0000
IIP 19 1 # 11 MAC t04t7l to(M1l
2 6
FIGURE 16.28: DroidSheep Guard Screenshot
Module 16 Page 2456
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
66. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Vulnerability
Scanner: X-Ray
CE
H
X-Ray scans yo ur Android device to determ ine
I
w h eth er there are vulnerabilities that rem ain
^
|
r
_
♦1 י
unpatched by yo urcarrier
X I ׳ ״
•<»׳
Wunderbar
It presents you with a list of vulnerabilities
1
that it is able to identify and allows you to
check for the presence of each vulnerability
Mcmpodroid
Y u (kWtell nXmMlr 1
o!
C
A
jO
ASHMEM
Uilfr.*, ! ״Jjl, ?.'.>. :02
1
on yo ur device
ZcrgRuch
U1l«.KWrl Jjl, 71^ JtW
Gingerbr^nk
t M rrvV J m W
l y/M V
X-Ray is autom atically updated w ith the
ability to scan for new vulnerabilitiesas
they are discovered and disclosed
V׳
l?
7im *1li4:h
|M
©
♦
כד־
L
V׳
O
י ם
____________________
http://w w w .xray.io
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A ndroid V u ln erab ility S canner: X-Ray
Source: http://www.xray.io
X-Ray scans your Android device to determine if there are vulnerabilities that remain
unpatched by your carrier. It presents you with a list of vulnerabilities that it is able to identify
and allows you to check for the occurrence of vulnerabilities on your device. This is
automatically updated with the ability to scan for new vulnerabilities as they are discovered
and disclosed. X-Ray has detailed information about a class of vulnerabilities known as
"privilege escalation" vulnerabilities. Such vulnerabilities can be exploited by a malicious
application to gain root privileges on a device and perform actions that would normally be
restricted by the Android operating system.
FIGURE 16.29: X-Ray Screenshot
Module 16 Page 2457
Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil
All Rights Reserved. Reproduction is Strictly Prohibited.
67. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android Penetration Testing Tool:
Android Network Toolkit - Anti
CEH
On each run, Anti will map yo ur netw o rk, scan for active devices
A « ״i
and vu lnerabilities, and will display the inform ation accordingly:
Green led signals an A ctive device, Yellow led signals
Available ports, and Red led signals Vulnerability found
J
Each device will have an icon representing
the type of the device
J
W h en finished scanning, Anti will produce
an autom atic report specifying which
vulnerabilities you have or bad practices
used, and how to fix each one of them
http://www.zantiapp.com
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A n d r o i d P e n e t r a t i o n T e s t i n g T o o l: A n d r o i d N e t w o r k
T o o lk it ־A n ti
Source: http://www.zantiapp.com
Android Network Toolkit ־Anti is an Android penetration testing tool. It is a network scanner
that allows you to scan for active devices and vulnerabilities and shows the evidence
accordingly: Green signals an "Active device," yellow signals "available ports," and red signals
"Vulnerability found.. Each device has an icon representing the type of device. When finished
scanning, it produces an automatic report specifying which vulnerabilities you have or bad
practices are used, and how to fix each one of them.
Module 16 Page 2458
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
68. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
ייt 9 t *
IDHQ.3
v 1 4 • IN
▼ 4 ■»« « | f M
X
L ca Tifjrti
o l
1 0 JV 4
00 2
ft■
Sa
cr
׳W
•M
M
■ •iMI U M
M
« « M l•
R
I
M M 1■^
J.T
1 ; 10001
w ; ip
10 J
0.0
100
0 2
•
•
•
CnM
en i
9 91 ־
100
0 6
«» : mW
V 1«
!׳
A 0
•
•
•
•
•
•
10 s
0 .0
A k
ltx
^
•
•
•
FIGURE 16.30: Android Network Toolkit ־Anti
Module 16 Page 2459
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
69. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
Android D evice Tracking Tools
CEH
(•rtifwd
ithiul •UtkM
^f|ID 1
75 w
Security Settings
p r e y
Find My Phone
Prey Anti-Theft
Android Anti Theft Security
Wheres My Droid
http://findmyphone. mangobird. com
http://preyproject.com
http://www.5nuko.com
http://wheresmydroid. com
Total Equipment
Pr tection
app
□ Btctup my ptauw fromQniMvKi
o
iHound
GadgetTrak Mobile Security
Total Equipment Protection App
AndroidLost.com
https://www.ihoundsoftware. com
http://www. gadgettrak. com
https://protection.sprint, com
http ://www. androidlost, com
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A n d ro id D e v ic e T r a c k i n g T o o ls
Android device tracking tools help you to track and find the locations of an Android
device in case it is lost, stolen, or misplaced cases. A few Android device tracking tools are
listed as follows:
F in d M y P h o n e
Source: http://findmyphone.mangobird.com
Find My Phone is an Android phone app that helps you find your lost, stolen, or misplaced
phone. When you lose your phone, just send it a text msg (SMS) and the phone will reply with
its current location. You can also make your phone ring loudly if you lose it somewhere close,
like inside your home.
Module 16 Page 2460
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
70. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
FIGURE 16.31: Find My Phone Screenshot
P r e y A n ti- T h e f t
Source: http://preyproject.com
Prey lets you keep track of your laptop, phone, or tablet if it is stolen or missing. It supports
geolocation. It's lightweight, open source software that gives you full and remote control, 24/7.
FIGURE 16.32: Prey Anti-Theft Screenshot
A n d r o id A n ti- T h e f t S e c u r it y
—
Source: http://www.snuko.com
The Android anti-theft security tool Snuko is anti-theft software that allows you to use it on
multiple platforms protecting thousands of PCs, mobile phones, laptops, etc. It offers a
complete online back-up solution; as part of the anti-theft package Snuko subscribers' files can
be stored safely and securely in the cloud. This can generate important tracking information
and security for your data by using its Mobile Dashboard. If the mobile device is lost, then the
device is locked to prevent any unauthorized access. If the device's SIM card is replaced without
Module 16 Page 2461
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
71. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
your knowledge, the new SIM card number, phone number, and the IMEI/IMSI numbers will be
recorded. The phone cannot be used until the correct PIN code is entered.
•0 ■ a
1•
M.
on
b|fSf»*r>
ANDROID ANTI-THEFT
OtvK• location
y
.
m
I
y
•
-_• ־
'*
V
* #
•*-־
Accu• ytoiM € r«c««no
c
hn 0
f
to o Ckt1ruf»«orrMrwTVtnjp ,
cjd n
FIGURE 16.33: Android Anti-Theft Security Screenshot
W h e r e s M y D r o id
Source: http://wheresmydroid.com
Where's My Droid is an Android device tracking tool that allows you to track your phone from
anywhere, either with a text messaged attention word or with an online Commander. The app
can also get the GPS coordinates with a link to Google Maps; if you're not near enough to your
phone to hear the ringer, it can turn the ringer volume up and make your phone ring. One of
the features is Activity Log, which enables you to see what the app does, when it does it, and
who is using it.
%!■)< י•> ™•
FIGURE 16.34: Wheres My Droid Screenshot
iH o u n d
-----
Source: https://www.ihoundsoftware.com
Module 16 Page 2462
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
72. Ethical Hacking and Countermeasures
Hacking Mobile Platforms
Exam 312-50 Certified Ethical Hacker
iHound is an Android device tracking tool that allows you to track your mobile using its GPS and
WiFi, 3G, or Edge signals built into your devices to determine its location. Using its tracking
website, you can track the location of your device, remotely lock your phone, and remotely
erase important personal information such as: SMS messages, contacts, phone call logs, photos,
videos, and/or SD storage data. You can also set Geofencing location alerts by its intuitive
mobile website optimized for iPhone, iPod Touch, and Android phones. You can track multiple
devices on multiple platforms and set up Geofences.
FIGURE 16.35: iHound Screenshot
G a d g e t T r a k M o b ile S e c u r it y
Source: http://www.gadgettrak.com
GadgetTrak Mobile Security tool helps you to moderate the risk of mobile device loss or theft.
It allows you to track its location, back up data, and even wipes the data in the device remotely.
With the combination of GPS, Wi-Fi positioning, and cell tower triangulation, you can easily
track the location of your device. If your device is lost or stolen, you can remotely enable a
piercing alarm, even if it's in silent mode. Once tracking is activated, the software settings
cannot be modified unless deactivated.
' B f f f l U l 224 PM
I wane to be ab e to wipe my pictures
if this Susan s Nexjs One gets stolen
I
I Backup n y pictures from ths device
o
F IG U R E 16.36: GadgetTrak M o b ile Secu rity
Module 16 Page 2463
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.