Network Security Secrets amp Solutions Chapter 11 Mobile Hacking 1 Outline Hacking Android Android fundamentals Hacking your Android Hacking others Android Hacking iOS How secure is ID: 229485
Download Presentation The PPT/PDF document "Hacking Exposed 7" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Hacking Exposed 7Network Security Secrets & Solutions
Chapter 11 Mobile Hacking
1Slide2
OutlineHacking Android
Android fundamentalsHacking your AndroidHacking other’s AndroidHacking iOSHow
secure is
iOS
Hacking your iOSHacking other’s iOS
2Slide3
Hacking AndroidAndroid Fundamentals (1/2)
Android architectureARM cross-compiled Linux kernel
Native
libraries
Android runtime (including Dalvik virtual machine)
Application
framework
ApplicationsSoftware Development Kit (SDK)Android Emulator: prototype, develop, and test Android applications without using a physical deviceAndroid Debug Bridge (ADB): a command-line tool for communicating with an emulator or a physical deviceexecution of native appsDalvik Debug Monitor Server (DDMS): obtain log information through logcatsend simulated location data, SMS, and phone callsprovide memory management information
3Slide4
Hacking Your AndroidAndroid Fundamentals (2/2)
4Slide5
Hacking Your AndroidHacking Your Android
Rooting “your” Android to get administrative privilegesFull control of the device
The device may be “bricked”
Android Rooting
Tools: SuperOne
Click, Z4Root,
GingerBreak
Steps for rooting a Kindle FireEnable installation of applications from unknown sourcesInstall the Android SDKAdd commends in adb_usb.in and android_winusb.inf Connect Kindle Fire with PC through ADBDownload rooting files and execute them5Slide6
Hacking Your AndroidApps for Rooted Android Devices
Superuser: control which applications can execute with
root
privileges
ROM Manager: install a custom
ROM
Market
Enabler: spoof your location and carrier network to the Android marketConnectBot: execute shell commands remotelyScreenshot: obtain device screenshotsES File Manager: copy, paste, cut, create, delete, and rename system filesSetCPU: set the CPU clockJuice Defender: save power and extend battery life by managing hardware components6Slide7
Hacking Your AndroidNative Apps on Android
BusyBox: a set of UNIX tools that allows you to execute useful commandsTcpdump: capture
and display packets that are transmitted over a
network
Nmap: discover hardware and software on a network to
identify specific details of the host operating system, open ports, DNS names, and MAC addresses
,
Ncat: read and write data across networks from the command line for making various remote network connections7Slide8
Hacking Your AndroidTrojan Apps
A malicious program that disguises legitimate apps by using the same icon or name
Reengineer Android applications
Manifest.xml
: an encoded XML file that defines essential information about the application to the Android
Classes.dex
: the
Dalvik executable where the compiled code residesTools for Modify an appapktool: unzip and repack the Android application (apk) fileSignApk: verify the repacked fileStepsUse apktool to unzip an apk fileModify the application name in Mainifest.xml via any editor tool (e.g. notepad)Change icons in the unzipped folder/subfolderUser apktool to repack the apk file
Sign the verification via
SignApk
8Slide9
Hacking Other’s Android Vulnerabilities in Android (1/2)
Remote Shell via WebKit
Get
the latest version of Android
Install antivirus software Root an Android remotely: RageAgainstTheCage
Get
the latest version of Android
Install antivirus software Data Stealing through a PHP fileGet the latest version of AndroidInstall antivirus software Temporarily disable JavaScriptUse another third-party browserUnmount the “/sdcard” partition to protect the data stored thereRemote Shell with Zero PermissionsCheck the ratings and user reviews to try to identify suspicious applications9Slide10
Hacking Other’s Android Vulnerabilities in Android (2/2)
Exploiting Capability LeaksCheck
the ratings and user reviews to try to identify suspicious applications
URL-sourced Malware (Side-load Applications
)Unselect “Unknown Sources” in Settings->Applications
Skype Data
Exposure
Keep applications updatedCarrier IQUse Lookout’s Carrier IQ DetectorHTC LoggerGet the patch from HTCCracking the Google Wallet PINDon’t leave the phone unattended.Use the traditional Android screen lockDo not root the deviceInstall antivirus software10Slide11
Hacking iOS How Secure Is
iOS?Third-party apps are disallowed except under
a less privileged user
account
Apps have to be signed by Apple to executeCode signature verification is at both load time
and runtime
iOS
has made great gains in terms of its security model11Slide12
Hacking Your iOS Jailbreaking
Jailbreak: The process of taking full control of an iOS-based
device
Allow for using third-party apps
Expose yourself to a variety of attack vectors
Boot-based Jailbreak
Obtain the firmware image
(IPSW)Switch the device to Device Firmware Update (DFU) modeInstall the IPSW file image to the deviceRemote JailbreakLoad a specially crafted PDF into the web browser, Safari, to take the control of the browser, and then the operating system12Slide13
Hacking Other’s iOSVulnerabilities in
iOS Malware infection: JailbreakMe3.0
Keep
your operating system and software updated with the latest
patchesSSH attack:
iKee
Attacks!Don’t jailbreak your iPhoneChange the default credentials for a jailbroken deviceThe FOCUS 11 Man-in-the-Middle AttackUpdate your device and to keep it up to dateConfigure the iOS device to “Ask to Join Networks”App store malware: Handy Light, InstaStockApps should be installed only when absolutely necessary and only from trustworthy vendorsVulnerable apps: bundled
and
third-party (not on the app store)
Keep
your device updated with the latest version of
iOS
, and keep apps updated to their latest versions
Physical
Access
Ensure
that all sensitive data on the device has been encrypted
13Slide14
Summary
Adapt the behavior and configuration of the device to your purpose/data after evaluationEnable device
lock
Keep
physical control of the deviceE
nable
wipe functionality as appropriate using local or remote
featuresInstall security softwareLeave the device home when traveling 14Slide15
Homework Ch11
Due: in printed hardcopy(format: problem, solution with explanation, screen dumps)
(60 points) Android Debug Tool
Install Android SDK.
Connect an Android device or emulator to the host which runs DDMS in the SDK.
Dump and explain contents output by
logcat
in DDMS.(40 points) Select an Android device or emulator (e.g. the one in Android SDK, Bluestacks, and so on), root it. It is recommended to root on an Android emulator to avoid turning your phones "bricked".(20 points) Use document management app (e.g. Root Explorer) to add/remove apk files to/from the folder “/system/app/” in a rooted Android device or emulator, and observe what happens.(20 points) Install the app, AdBlock, in an rooted Android device or emulator and explain how it blocks Ads.(20 points) Install a root-dependent app (except AdBlock) to a rooted Android device or emulator and explain why it needs a root system.(20 points) Select one version of iOS, survey how to jailbreak it, and list the steps.
15