SlideShare a Scribd company logo

Penetration Testing for Android Smartphones

IOSR Journals
IOSR Journals

This document discusses penetration testing of three versions of the Android operating system (2.3, 3.2, and 4.2) using an application program and Kali Linux tools. Port scanning and exploits were used to test the security of each version. The results showed that while all versions had improved security over time, version 4.2 was the most secure with the fewest vulnerabilities found during testing. The document concludes that users should take steps to secure their Android devices like using passwords, reviewing permissions, and using antivirus software.

EngineeringTechnology
1 of 6
Download to read offline
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 14, Issue 3 (Sep. - Oct. 2013), PP 104-109 www.iosrjournals.org www.iosrjournals.org 104 | Page Penetration Testing for Android Smartphones Okolie C.C1 , Oladeji F.A2 , Benjamin B.C3 , Alakiri H.A4 , Olisa O.5 1 (Computer Sciences, University of Lagos, Nigeria) 2 (Computer Sciences, University of Lagos, Nigeria) 3 (Computer Sciences, University of Jos, Nigeria) 4 (Computer Sciences, Yaba College of Technology, Nigeria) 5 (Computer Sciences, University of Lagos, Nigeria) Abstract: One major challenge faced by Android users today is the security of the operating system especially during setup. The use of smartphones for communication, social networking, mobile banking and payment systems have all tripled and many have depended on it for their daily transactions.AndroidOS on smartphones is so popular today that it has beaten the most popular mobile operating systems, like RIM, iOS, Windows Mobile and even Symbian, which ruled the mobile market for more than a decade.This paper performspenetration testing of Android-based Smartphones using an application program designed to simplify port-scanning techniques for information gathering and vulnerability attack. In this paper, an attempt was made to test and analyze the security architecture of the Android operating system using the latest penetration testing and vulnerability tool based on Kali Linux. Three different Versions of Android, Version 2.3, 3.2 and 4.2 were simulated on a virtual machine. The result shows that although there is an improvement in the security stack of the different AndroidVersions but Version 4.2 is more secured than the others. This work is important for users and researchers who use their Android smartphones in a critical environment with hostile network traffic. Keywords: Android, Linux, Penetration testing, Security, Smartphones I. Introduction Research has shown that smartphone usage within the last few years has increased rapidly and this is due to their rich and versatile functionality. Today, Smartphones are not just used as a communication tool; but for other functionality like Pager, PDA (Personal Digital Assistants), MID(Mobile Internet Devices), GPS, MP3 Player [1] etc., and provides a range of services like social networking, entertainment, electronic banking, reading e-books or online meetings. These services and functionality is possible due to the use of astrongstable operating system Androidthat is very fast and reliable [1] The major problem is the way these services are introduced and released by smartphone vendors. Security implications of these devices and the network on which smartphones are used should be of much concern. In most cases, hackers take advantage of the porous nature of these services and applications to exploit the smartphone and render it unusable by installing applications that will make it to freeze, run out of memory, or spoof communication with other devices. The rapid growth and increase in the use of Android Smartphones has exposed it to a lot of hacking activity by hackers trying to exploit and attack the smartphone especially as its operating system is based on an open platform. Penetration testing is a very good method for detecting the vulnerabilities of a system; this is because it helps in finding security holes in the system. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The methodology for how to perform penetration tests is given by the National Institute of Standards and Technology [2,3]. Most studies regarding security of smart phones have mainly focused on the application layer, such as viruses, worms, MMS exploitation and Cross-Service Attacks [4]. A similar penetration test on Android smartphone is one carried out in 2011 [5] where an earlier Version of Android was tested and analyzed for vulnerability. In this paper, an application program was developed for scanning and exploitation on the smartphones. This application program is used to simplify the discovery and information gathering stage. From the information gathered, a vulnerability test was conducted using a penetration-testing tool called Kali Linux. This tool was used to perform a white hat penetration test and exploit any vulnerable ports on the smartphones. This paper is organized as follows: Section one introduces the issue concerned, section two describes the overview of Android operating system architecture, section three describes the penetration test simulationtopology while section four discusses the summary of result and findings. The conclusion was drawn in section five.
Penetration Testing for Android Smartphones www.iosrjournals.org 105 | Page II. Related Works G1-Android is the first commercially available phone that features Google’s Android Platform SDK. This is a partnership project with Taiwan Based HTC Corp and supported by the United States Service provider T-Mobile. Thus the phone is available in the market as T-Mobile HTC Android. Android is the first truly open source platform for mobile devices with a fully integrated software stack that consists of an operating system, middleware, user-friendly interface and applications, and also allows the users to develop additional software and change or replace functionality without limitations. In order to achieve the unlimited functionalities, Android uses Linux operating system as its core OS and ensures that users experience same Internet activities equal to what they can experience on a desktop PC [6, 7, 8, 9, 10]. Several smartphone features and functions help to increase usage of data and services but it is also open to the risk of introducing new vulnerabilities. Android consists of a kernel based on Linux kernelVersion 2.6 with middleware, libraries and APIs written in C, and application software running on an application framework which includes Java-compatible libraries based on Apache Harmony [11]. Since Android operating system release in 2008, there are so many versions and each new release comes with new features and bug fixes 2.1Android Architecture The Android operating system is referred to as a software stack of different layers, where each layer is a group of several program components. Together it includes operating system, middleware and important applications. Each layer in the architecture provides different services to the layer just above it [12]. Fig. 1: diagram of Android architecture [13] The following layers are of importance to this paper: 2.1.1 Linux Kernel The whole Android OS is built on top of the Linux 2.6 Kernel with some further architectural changes made by Google. It is this Linux that interacts with the hardware and contains all the essential hardware drivers. Android uses the Linux for all its core functionality such as Memory management, process management, networking, security settings etc. As the Android is built on a most popular and proven foundation, it made the porting of Android to variety of hardware, a relatively painless task [13] 2.1.2Libraries The libraries layer is the layer that enables the device to handle different types of data. These libraries are written in C or C++ language and are specific for a particular hardware. 2.1.3 Android Run Time This layer consists of Dalvik Virtual machine and Core Java libraries, Dalvik VM is a type of JVM used in Android devices to run apps and is optimized for low processing power and low memory environments. It allows multiple instance of Virtual machine to be created simultaneously providing security, isolation, memory management and threading support 2.1.4 Core Java libraries These libraries provide most of the functionalities defined in the Java SE libraries.
Penetration Testing for Android Smartphones www.iosrjournals.org 106 | Page 2.1.5 Application Framework These are the blocks that our application directly interacts with. These programs manage the basic functions of phone like resource management, voice call management etc. 2.1.6Application This is the top layer in the Android architecture and this is where applications run. Several standard applications come pre-installed with every device, such as SMS client app, Dialer, Web browser, Contact manageretc. Most studies regarding security of smart phones have mainly focused on the application layer, such as viruses, worms, MMS exploitation and Cross-Service Attacks.Recent work has shown that there different ways of carrying out penetration test on smartphones. The most recent is one done by Naresh and Muhammed on Android based smartphones [14]. In their test, the authors looked at threeearlier Versions of Android releases. The only problem with the work is that AndroidVersions have tripled with a lot of bug fixes and modification in the security architecture of the recent Versions. So the test can only be true for earlier Version of the Android- based smartphones. This paper is an improvement in the earlier work using more simplified and sophisticated method for information gatheringand port scanning. The test was performed on recent release of the Android operating systems (Version 2.3, 3.2 and 4.2). This paperfocused on the Android operating system deployed on a Virtual machine with respect to its core architecture and TCP/IP network stack security issues. The security analysis was performed using a white box penetration testing. Information on the target system were gathered and identified and then penetration tests performed, starting from well-known vulnerabilities to more specific deep penetration attacks. 
 The test was performed on a simulated virtual machine with Android images using open source penetration tools. The simulation were carried on three different Versions of the Android operating system, Version 2.2 (Froyo), Version 3.2 (Honeycomb) and Versions 4.2.x (Jelly Bean) released in 2010, 2011 and 2012 respectively III. Simulation Architecture The architecture of the system used in this work for the penetration test on the Android smartphones is a simulation on a virtual machine. The test included port scanning, and running exploit tools in order to test the different layers of the TCP/IP network stack of the different AndroidVersions selected for the test. To simplify the test, an application program written in Objective C was used to manage the port scanning and exploit stage while the vulnerability found was exploited using an opensource penetration tool based on Kali Linux. Fig. 2 below shows the system architecture of the different AndroidVersions and the penetration-testing tool. Fig. 2:architecture of the penetration test system This report followed the methodology used in [14] with the simulation activities shown in Fig. 3 below: Fig. 3: penetration-testing methodology by NIST [14] The planning phase is the setting up of the systems, installation and configuration of the simulation Planning AttacksDiscovery Reports
Penetration Testing for Android Smartphones www.iosrjournals.org 107 | Page environment. In this phase, the different AndroidVersions was loaded and activated. The discovery phase is the information gathering phase in which the target system was scanned and open ports identified as well as active and inactive systems. The attack phase is the actual vulnerability test carried out on the target system. All the ports discovered as vulnerable are used to exploit the target system. Information gathered from the simulation was reported which is the final phase of the penetration test. The functionalities of the system simulation is shown in Fig. 4 Fig. 4: use-case diagram of the proposed system In Fig. 4 above, the pen tester launches the software application and selects the Version of Android to perform the exploit on. Once the system is scanned and open ports detected, an attack is launched and an analysis on the attacked ports is performed and reported. IV. Discussion On Findings The first stage in the implementation is the launching of the application software as shown in Fig. 5 Fig. 5: interface of the penetration testing software. From the Fig 5 above, the user selects the AndroidVersion to load and clicks on the GO button. The Android image loads up in two views as shown in Fig. 6 below. The first window displays the graphic user interface while the second window shows the CLI interface, which displays the network address assigned to the Android image Fig. 6:gui and cli interface of the Android image
Penetration Testing for Android Smartphones www.iosrjournals.org 108 | Page The next phase is entering the IP address of the target host, which is the Android image selected and the type of scan to perform will be selected. Then the Run Scan button will be activated as shown in Fig. 7. This will then query the target host and gather information from it. Fig. 7:interface showing 5.1 Result based onPort Scan When a Ping Sweep was launched on the target host, information about the host were displayed. Several other port scanning techniques was also launched to gather more information from the target host. FromFig. 7 above, it was observed that the application software program used which executed Linux commands like Nmap at the background was able to gather information that includes AndroidVersion, open, close and filtered ports, status of the AndroidVersion machine if active or down. 5.1 Result based onFlooding From the test performed in Version 2.3 during flooding attack using the hping3 command as shown in Fig. 8 below. It was observed that before the flooding attack on the target host, ping request from host 10.211.55.2 was responding at 0.122ms and 0.410ms. When the attack was launched, the ping time increased to 500ms and 1044ms and even more as the flooding remained active. This made the target host to drag and responded slowly to the ping request during the flooding attack for the latency was too high. Fig. 8: hping3 flooding attack on Android 2.3 image during a ping request. Although, from the analyses and tests carried out, Android operating system faces some challenges. One security flaw in the operating system is that there is no special kind of protection against the handling of flooding attacks, which were quite successful in the simulation as shown in Fig. 8, as the systems were unable to give a response to network during these attacks. From the test performed,Version 2.3 responded to the ping request during the flooding attack but the latency was too high. When the vulnerability test was launched on the open ports, it was observed that due to the privileges granted to the application during installation, the hacker could easily sniff data from the smartphones using any available sniffing tool. In general opinion of this article, there is an improvement in the security of the Android 4.2 designed for both smartphones and tablet PCs V. Conclusion This project work has researched on penetration testing with Android smartphones. It is very interesting to note that Android use on smartphones has increased significantly over the last few years because of the open source platform it adopted with so many features available. These openness and access to the source
Penetration Testing for Android Smartphones www.iosrjournals.org 109 | Page code has also made hackers to take advantage of these open ports if not properly closed and filtered to attack the smartphones and render them unusable. In this research work, vulnerability test was performed on three different Versions of Android smartphones. Different tools were used to gather information about a live smartphone system, to know if they are active or inactive, open, closed or filtered. This paper work reveals that all software has security vulnerabilities. But there are some simple things one can do that will drastically reduce ones exposure and help secure Android smartphones or tablet, as well as protect data. This paper advises that users should protect and secure their smartphones using different ways and not limited to  Use of password and lock screens to keep smartphones secured.  Always be in the habit to review apps before installing and check permissions required by the apps Once ports are opened, phones are vulnerable to attack  Never download apps from unknown sources  Use an anti-virus or malware app and ensure its is constantly updated.  Android smartphones is not about apps and trick but about best practices References [1] N. Kumar, and M.E UI Haq, Penetration testing for Android Smartphones, masters thesis, Chalmers University of Technology, Goteborg, SW, 2011. [2] F. Alisherov, and F. Sattarova, Methodology for Penetration Testing, International Journal of Grid and Distributed Computing, 2(2), 2009, 44-49. [3] A. Johnson, K. Dempsey, R. Ross, S. Gupta and D. Bailey, Guide for Security-Focused configurationManagement of Information System, (SP800-42), Accessed on May, 2013. [4] H. Sheikh, J. Cyril, and O. Tomas,An Analysis of the Robustness and Stability of the Network Stack in Symbian Based Smartphones Vol. No. 10 2009. [5] N. Kumar, and M.E UI Haq, Penetration testing for Android Smartphones, masters thesis, Chalmers University of Technology, Goteborg, SW, 2011. [6] Android operating system, (2013). Available from: <http://en.wikipedia.org/wiki/Android_(operating_system) >. [10 March, 2013] [7] K. Arto, Security Comparison of Mobile OSes, and Available from: < 
 http://www.tml.tkk.fi/Opinnot/Tik- 110.501/2000/papers/kettula.pdf >. [11 March 2013]. [8] AndroidVersion history, (2013). Available from: <http://en.wikipedia.org/wiki/Android_Version_history>. [15 March 2013] [9] AndroidVersion, 2013, (2013), Available from: <http://developer.Android.com/guide/basics/what-is-Android.html>. [15 March 2013] [10] AndroidVersion, 2013, (2013), Available from: <http://developer.Android.com/guide/basics/what-is-Android.html>. [15 March 2013] [11] Android operating system, (2013). Available from: <http://en.wikipedia.org/wiki/Android_(operating_system) >. [10 March, 2013] [12] Available from: <http://www.edparsons.com/2007/11/Android-and-lbs-in-the-stack-at-last/> [24 May 2011] [13] Android-App-Market Available from: <http://www.Android-app-market.com/Android-architecture.html>[30 May, 2013] [14] F. Alisherov, and F. Sattarova, Methodology for Penetration Testing, International Journal of Grid and Distributed Computing, 2(2), 2009, 44-49

Recommended

Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET Journal
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesCSCJournals
 

Recommended

Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET Journal
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesCSCJournals
 
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9IJET - International Journal of Engineering and Techniques
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417IJRAT
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Mobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A SurveyMobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A SurveyEswar Publications
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksAmina WADDIZ
 
Biometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile DeviceBiometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile Deviceijbbjournal
 
20120140504023
2012014050402320120140504023
20120140504023IAEME Publication
 
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...vivatechijri
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceEvidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceIJCSIS Research Publications
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application DevelopmentGokhan Arik
 
Android
AndroidAndroid
AndroidDr. Ramkumar Lakshminarayanan
 
776 s0005
776 s0005776 s0005
776 s0005oscarh1986
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating systemAlexander Decker
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Mobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osamaMobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osamaOsama Ghandour Geris
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
Performance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control ProtocolsPerformance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control ProtocolsIOSR Journals
 
A Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy ScenarioA Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy ScenarioIOSR Journals
 

More Related Content

What's hot

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417IJRAT
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Mobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A SurveyMobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A SurveyEswar Publications
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksAmina WADDIZ
 
Biometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile DeviceBiometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile Deviceijbbjournal
 
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...vivatechijri
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - armchiportal
 
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceEvidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceIJCSIS Research Publications
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application DevelopmentGokhan Arik
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating systemAlexander Decker
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Mobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osamaMobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osamaOsama Ghandour Geris
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 

What's hot (20)

TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldTrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” World
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
 
Mobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A SurveyMobile Operating Systems and Application Development Platforms: A Survey
Mobile Operating Systems and Application Development Platforms: A Survey
 
Detection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacksDetection of Android Third Party Libraries based attacks
Detection of Android Third Party Libraries based attacks
 
Biometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile DeviceBiometric System Penetration in Resource Constrained Mobile Device
Biometric System Penetration in Resource Constrained Mobile Device
 
20120140504023
2012014050402320120140504023
20120140504023
 
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
 
Track f evolving trusted platforms - arm
Track f evolving trusted platforms - armTrack f evolving trusted platforms - arm
Track f evolving trusted platforms - arm
 
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android DeviceEvidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android Device
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application Development
 
Android
AndroidAndroid
Android
 
776 s0005
776 s0005776 s0005
776 s0005
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating system
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
Mobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osamaMobile appliaction w android week 1 by osama
Mobile appliaction w android week 1 by osama
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
 

Viewers also liked

Performance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control ProtocolsPerformance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control ProtocolsIOSR Journals
 
A Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy ScenarioA Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy ScenarioIOSR Journals
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
A Novel Approach for Tracking with Implicit Video Shot Detection
A Novel Approach for Tracking with Implicit Video Shot DetectionA Novel Approach for Tracking with Implicit Video Shot Detection
A Novel Approach for Tracking with Implicit Video Shot DetectionIOSR Journals
 
An Overview of Harmonic Sources in Power System
An Overview of Harmonic Sources in Power SystemAn Overview of Harmonic Sources in Power System
An Overview of Harmonic Sources in Power SystemIOSR Journals
 
Social Network Based Learning Management System
Social Network Based Learning Management SystemSocial Network Based Learning Management System
Social Network Based Learning Management SystemIOSR Journals
 
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...Odyssey Recruitment
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
Incidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIncidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIOSR Journals
 
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)IOSR Journals
 
Reduce the False Positive and False Negative from Real Traffic with Intrusion...
Reduce the False Positive and False Negative from Real Traffic with Intrusion...Reduce the False Positive and False Negative from Real Traffic with Intrusion...
Reduce the False Positive and False Negative from Real Traffic with Intrusion...IOSR Journals
 
Layout Based Information Retrieval from Document Images
Layout Based Information Retrieval from Document ImagesLayout Based Information Retrieval from Document Images
Layout Based Information Retrieval from Document ImagesIOSR Journals
 
Navigation Cost Modeling Based On Ontology
Navigation Cost Modeling Based On OntologyNavigation Cost Modeling Based On Ontology
Navigation Cost Modeling Based On OntologyIOSR Journals
 
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...IOSR Journals
 
CLUBNIK угадай-ка
CLUBNIK угадай-каCLUBNIK угадай-ка
CLUBNIK угадай-каMihail Nadymov
 
Workshop notes new 2009
Workshop notes new 2009Workshop notes new 2009
Workshop notes new 2009melissataggart
 

Viewers also liked (20)

Performance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control ProtocolsPerformance Evaluation of High Speed Congestion Control Protocols
Performance Evaluation of High Speed Congestion Control Protocols
 
A Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy ScenarioA Critical Review of the Nigerian Energy Scenario
A Critical Review of the Nigerian Energy Scenario
 
A0350107
A0350107A0350107
A0350107
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
A Novel Approach for Tracking with Implicit Video Shot Detection
A Novel Approach for Tracking with Implicit Video Shot DetectionA Novel Approach for Tracking with Implicit Video Shot Detection
A Novel Approach for Tracking with Implicit Video Shot Detection
 
H1 n1.q&a
H1 n1.q&aH1 n1.q&a
H1 n1.q&a
 
H0434651
H0434651H0434651
H0434651
 
An Overview of Harmonic Sources in Power System
An Overview of Harmonic Sources in Power SystemAn Overview of Harmonic Sources in Power System
An Overview of Harmonic Sources in Power System
 
Social Network Based Learning Management System
Social Network Based Learning Management SystemSocial Network Based Learning Management System
Social Network Based Learning Management System
 
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...
The Commonwealth Fund 2015 International Health Care Policy Survey of Primary...
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
Incidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIncidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse Population
 
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)
Luminescence of Cesium Thiocyanate (CsSCN) doped with Eu2+ (CsSCN:Eu2+)
 
Reduce the False Positive and False Negative from Real Traffic with Intrusion...
Reduce the False Positive and False Negative from Real Traffic with Intrusion...Reduce the False Positive and False Negative from Real Traffic with Intrusion...
Reduce the False Positive and False Negative from Real Traffic with Intrusion...
 
Layout Based Information Retrieval from Document Images
Layout Based Information Retrieval from Document ImagesLayout Based Information Retrieval from Document Images
Layout Based Information Retrieval from Document Images
 
Presentation4
Presentation4Presentation4
Presentation4
 
Navigation Cost Modeling Based On Ontology
Navigation Cost Modeling Based On OntologyNavigation Cost Modeling Based On Ontology
Navigation Cost Modeling Based On Ontology
 
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
 
CLUBNIK угадай-ка
CLUBNIK угадай-каCLUBNIK угадай-ка
CLUBNIK угадай-ка
 
Workshop notes new 2009
Workshop notes new 2009Workshop notes new 2009
Workshop notes new 2009
 

Similar to Penetration Testing for Android Smartphones

Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systemsDivya Raval
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsijmnct
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with AndroidIJAAS Team
 
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSSPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSijwmn
 
Forensic Tool for Android Mobile Device
Forensic Tool for Android Mobile DeviceForensic Tool for Android Mobile Device
Forensic Tool for Android Mobile DeviceIRJET Journal
 
Review On Google Android a Mobile Platform
Review On Google Android a Mobile PlatformReview On Google Android a Mobile Platform
Review On Google Android a Mobile PlatformIOSR Journals
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment ilorindajamieson
 
A survey on android security: development and deployment hindrance and best p...
A survey on android security: development and deployment hindrance and best p...A survey on android security: development and deployment hindrance and best p...
A survey on android security: development and deployment hindrance and best p...TELKOMNIKA JOURNAL
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applicationsSoba Arjun
 
Mobile Android and Network
Mobile Android and NetworkMobile Android and Network
Mobile Android and NetworkPadma Sankar
 
android app development training report
android app development training reportandroid app development training report
android app development training reportRishita Jaggi
 
A Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareA Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareIRJET Journal
 
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORM
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORMPERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORM
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORMIJNSA Journal
 

Similar to Penetration Testing for Android Smartphones (20)

Android security
Android securityAndroid security
Android security
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systems
 
A017360104
A017360104A017360104
A017360104
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android apps
 
Mobile Application Development with Android
Mobile Application Development with AndroidMobile Application Development with Android
Mobile Application Development with Android
 
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMSSPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
SPECIFICATION BASED TESTING OF ON ANDROID SYSTEMS
 
Cc4201519521
Cc4201519521Cc4201519521
Cc4201519521
 
Forensic Tool for Android Mobile Device
Forensic Tool for Android Mobile DeviceForensic Tool for Android Mobile Device
Forensic Tool for Android Mobile Device
 
Review On Google Android a Mobile Platform
Review On Google Android a Mobile PlatformReview On Google Android a Mobile Platform
Review On Google Android a Mobile Platform
 
Write a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment iWrite a scholarly review on the following topic. This assignment i
Write a scholarly review on the following topic. This assignment i
 
A survey on android security: development and deployment hindrance and best p...
A survey on android security: development and deployment hindrance and best p...A survey on android security: development and deployment hindrance and best p...
A survey on android security: development and deployment hindrance and best p...
 
Android and its applications
Android and its applicationsAndroid and its applications
Android and its applications
 
Mobile Android and Network
Mobile Android and NetworkMobile Android and Network
Mobile Android and Network
 
android app development training report
android app development training reportandroid app development training report
android app development training report
 
A Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile MalwareA Study on Modern Methods for Detecting Mobile Malware
A Study on Modern Methods for Detecting Mobile Malware
 
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORM
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORMPERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORM
PERSONAL SAFETY TRIGGERING SYSTEM ON ANDROID MOBILE PLATFORM
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...soginsider
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf203318pmpc
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 

Recently uploaded (20)

Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 

Penetration Testing for Android Smartphones

  • 1. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 14, Issue 3 (Sep. - Oct. 2013), PP 104-109 www.iosrjournals.org www.iosrjournals.org 104 | Page Penetration Testing for Android Smartphones Okolie C.C1 , Oladeji F.A2 , Benjamin B.C3 , Alakiri H.A4 , Olisa O.5 1 (Computer Sciences, University of Lagos, Nigeria) 2 (Computer Sciences, University of Lagos, Nigeria) 3 (Computer Sciences, University of Jos, Nigeria) 4 (Computer Sciences, Yaba College of Technology, Nigeria) 5 (Computer Sciences, University of Lagos, Nigeria) Abstract: One major challenge faced by Android users today is the security of the operating system especially during setup. The use of smartphones for communication, social networking, mobile banking and payment systems have all tripled and many have depended on it for their daily transactions.AndroidOS on smartphones is so popular today that it has beaten the most popular mobile operating systems, like RIM, iOS, Windows Mobile and even Symbian, which ruled the mobile market for more than a decade.This paper performspenetration testing of Android-based Smartphones using an application program designed to simplify port-scanning techniques for information gathering and vulnerability attack. In this paper, an attempt was made to test and analyze the security architecture of the Android operating system using the latest penetration testing and vulnerability tool based on Kali Linux. Three different Versions of Android, Version 2.3, 3.2 and 4.2 were simulated on a virtual machine. The result shows that although there is an improvement in the security stack of the different AndroidVersions but Version 4.2 is more secured than the others. This work is important for users and researchers who use their Android smartphones in a critical environment with hostile network traffic. Keywords: Android, Linux, Penetration testing, Security, Smartphones I. Introduction Research has shown that smartphone usage within the last few years has increased rapidly and this is due to their rich and versatile functionality. Today, Smartphones are not just used as a communication tool; but for other functionality like Pager, PDA (Personal Digital Assistants), MID(Mobile Internet Devices), GPS, MP3 Player [1] etc., and provides a range of services like social networking, entertainment, electronic banking, reading e-books or online meetings. These services and functionality is possible due to the use of astrongstable operating system Androidthat is very fast and reliable [1] The major problem is the way these services are introduced and released by smartphone vendors. Security implications of these devices and the network on which smartphones are used should be of much concern. In most cases, hackers take advantage of the porous nature of these services and applications to exploit the smartphone and render it unusable by installing applications that will make it to freeze, run out of memory, or spoof communication with other devices. The rapid growth and increase in the use of Android Smartphones has exposed it to a lot of hacking activity by hackers trying to exploit and attack the smartphone especially as its operating system is based on an open platform. Penetration testing is a very good method for detecting the vulnerabilities of a system; this is because it helps in finding security holes in the system. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The methodology for how to perform penetration tests is given by the National Institute of Standards and Technology [2,3]. Most studies regarding security of smart phones have mainly focused on the application layer, such as viruses, worms, MMS exploitation and Cross-Service Attacks [4]. A similar penetration test on Android smartphone is one carried out in 2011 [5] where an earlier Version of Android was tested and analyzed for vulnerability. In this paper, an application program was developed for scanning and exploitation on the smartphones. This application program is used to simplify the discovery and information gathering stage. From the information gathered, a vulnerability test was conducted using a penetration-testing tool called Kali Linux. This tool was used to perform a white hat penetration test and exploit any vulnerable ports on the smartphones. This paper is organized as follows: Section one introduces the issue concerned, section two describes the overview of Android operating system architecture, section three describes the penetration test simulationtopology while section four discusses the summary of result and findings. The conclusion was drawn in section five.
  • 2. Penetration Testing for Android Smartphones www.iosrjournals.org 105 | Page II. Related Works G1-Android is the first commercially available phone that features Google’s Android Platform SDK. This is a partnership project with Taiwan Based HTC Corp and supported by the United States Service provider T-Mobile. Thus the phone is available in the market as T-Mobile HTC Android. Android is the first truly open source platform for mobile devices with a fully integrated software stack that consists of an operating system, middleware, user-friendly interface and applications, and also allows the users to develop additional software and change or replace functionality without limitations. In order to achieve the unlimited functionalities, Android uses Linux operating system as its core OS and ensures that users experience same Internet activities equal to what they can experience on a desktop PC [6, 7, 8, 9, 10]. Several smartphone features and functions help to increase usage of data and services but it is also open to the risk of introducing new vulnerabilities. Android consists of a kernel based on Linux kernelVersion 2.6 with middleware, libraries and APIs written in C, and application software running on an application framework which includes Java-compatible libraries based on Apache Harmony [11]. Since Android operating system release in 2008, there are so many versions and each new release comes with new features and bug fixes 2.1Android Architecture The Android operating system is referred to as a software stack of different layers, where each layer is a group of several program components. Together it includes operating system, middleware and important applications. Each layer in the architecture provides different services to the layer just above it [12]. Fig. 1: diagram of Android architecture [13] The following layers are of importance to this paper: 2.1.1 Linux Kernel The whole Android OS is built on top of the Linux 2.6 Kernel with some further architectural changes made by Google. It is this Linux that interacts with the hardware and contains all the essential hardware drivers. Android uses the Linux for all its core functionality such as Memory management, process management, networking, security settings etc. As the Android is built on a most popular and proven foundation, it made the porting of Android to variety of hardware, a relatively painless task [13] 2.1.2Libraries The libraries layer is the layer that enables the device to handle different types of data. These libraries are written in C or C++ language and are specific for a particular hardware. 2.1.3 Android Run Time This layer consists of Dalvik Virtual machine and Core Java libraries, Dalvik VM is a type of JVM used in Android devices to run apps and is optimized for low processing power and low memory environments. It allows multiple instance of Virtual machine to be created simultaneously providing security, isolation, memory management and threading support 2.1.4 Core Java libraries These libraries provide most of the functionalities defined in the Java SE libraries.
  • 3. Penetration Testing for Android Smartphones www.iosrjournals.org 106 | Page 2.1.5 Application Framework These are the blocks that our application directly interacts with. These programs manage the basic functions of phone like resource management, voice call management etc. 2.1.6Application This is the top layer in the Android architecture and this is where applications run. Several standard applications come pre-installed with every device, such as SMS client app, Dialer, Web browser, Contact manageretc. Most studies regarding security of smart phones have mainly focused on the application layer, such as viruses, worms, MMS exploitation and Cross-Service Attacks.Recent work has shown that there different ways of carrying out penetration test on smartphones. The most recent is one done by Naresh and Muhammed on Android based smartphones [14]. In their test, the authors looked at threeearlier Versions of Android releases. The only problem with the work is that AndroidVersions have tripled with a lot of bug fixes and modification in the security architecture of the recent Versions. So the test can only be true for earlier Version of the Android- based smartphones. This paper is an improvement in the earlier work using more simplified and sophisticated method for information gatheringand port scanning. The test was performed on recent release of the Android operating systems (Version 2.3, 3.2 and 4.2). This paperfocused on the Android operating system deployed on a Virtual machine with respect to its core architecture and TCP/IP network stack security issues. The security analysis was performed using a white box penetration testing. Information on the target system were gathered and identified and then penetration tests performed, starting from well-known vulnerabilities to more specific deep penetration attacks. 
 The test was performed on a simulated virtual machine with Android images using open source penetration tools. The simulation were carried on three different Versions of the Android operating system, Version 2.2 (Froyo), Version 3.2 (Honeycomb) and Versions 4.2.x (Jelly Bean) released in 2010, 2011 and 2012 respectively III. Simulation Architecture The architecture of the system used in this work for the penetration test on the Android smartphones is a simulation on a virtual machine. The test included port scanning, and running exploit tools in order to test the different layers of the TCP/IP network stack of the different AndroidVersions selected for the test. To simplify the test, an application program written in Objective C was used to manage the port scanning and exploit stage while the vulnerability found was exploited using an opensource penetration tool based on Kali Linux. Fig. 2 below shows the system architecture of the different AndroidVersions and the penetration-testing tool. Fig. 2:architecture of the penetration test system This report followed the methodology used in [14] with the simulation activities shown in Fig. 3 below: Fig. 3: penetration-testing methodology by NIST [14] The planning phase is the setting up of the systems, installation and configuration of the simulation Planning AttacksDiscovery Reports
  • 4. Penetration Testing for Android Smartphones www.iosrjournals.org 107 | Page environment. In this phase, the different AndroidVersions was loaded and activated. The discovery phase is the information gathering phase in which the target system was scanned and open ports identified as well as active and inactive systems. The attack phase is the actual vulnerability test carried out on the target system. All the ports discovered as vulnerable are used to exploit the target system. Information gathered from the simulation was reported which is the final phase of the penetration test. The functionalities of the system simulation is shown in Fig. 4 Fig. 4: use-case diagram of the proposed system In Fig. 4 above, the pen tester launches the software application and selects the Version of Android to perform the exploit on. Once the system is scanned and open ports detected, an attack is launched and an analysis on the attacked ports is performed and reported. IV. Discussion On Findings The first stage in the implementation is the launching of the application software as shown in Fig. 5 Fig. 5: interface of the penetration testing software. From the Fig 5 above, the user selects the AndroidVersion to load and clicks on the GO button. The Android image loads up in two views as shown in Fig. 6 below. The first window displays the graphic user interface while the second window shows the CLI interface, which displays the network address assigned to the Android image Fig. 6:gui and cli interface of the Android image
  • 5. Penetration Testing for Android Smartphones www.iosrjournals.org 108 | Page The next phase is entering the IP address of the target host, which is the Android image selected and the type of scan to perform will be selected. Then the Run Scan button will be activated as shown in Fig. 7. This will then query the target host and gather information from it. Fig. 7:interface showing 5.1 Result based onPort Scan When a Ping Sweep was launched on the target host, information about the host were displayed. Several other port scanning techniques was also launched to gather more information from the target host. FromFig. 7 above, it was observed that the application software program used which executed Linux commands like Nmap at the background was able to gather information that includes AndroidVersion, open, close and filtered ports, status of the AndroidVersion machine if active or down. 5.1 Result based onFlooding From the test performed in Version 2.3 during flooding attack using the hping3 command as shown in Fig. 8 below. It was observed that before the flooding attack on the target host, ping request from host 10.211.55.2 was responding at 0.122ms and 0.410ms. When the attack was launched, the ping time increased to 500ms and 1044ms and even more as the flooding remained active. This made the target host to drag and responded slowly to the ping request during the flooding attack for the latency was too high. Fig. 8: hping3 flooding attack on Android 2.3 image during a ping request. Although, from the analyses and tests carried out, Android operating system faces some challenges. One security flaw in the operating system is that there is no special kind of protection against the handling of flooding attacks, which were quite successful in the simulation as shown in Fig. 8, as the systems were unable to give a response to network during these attacks. From the test performed,Version 2.3 responded to the ping request during the flooding attack but the latency was too high. When the vulnerability test was launched on the open ports, it was observed that due to the privileges granted to the application during installation, the hacker could easily sniff data from the smartphones using any available sniffing tool. In general opinion of this article, there is an improvement in the security of the Android 4.2 designed for both smartphones and tablet PCs V. Conclusion This project work has researched on penetration testing with Android smartphones. It is very interesting to note that Android use on smartphones has increased significantly over the last few years because of the open source platform it adopted with so many features available. These openness and access to the source
  • 6. Penetration Testing for Android Smartphones www.iosrjournals.org 109 | Page code has also made hackers to take advantage of these open ports if not properly closed and filtered to attack the smartphones and render them unusable. In this research work, vulnerability test was performed on three different Versions of Android smartphones. Different tools were used to gather information about a live smartphone system, to know if they are active or inactive, open, closed or filtered. This paper work reveals that all software has security vulnerabilities. But there are some simple things one can do that will drastically reduce ones exposure and help secure Android smartphones or tablet, as well as protect data. This paper advises that users should protect and secure their smartphones using different ways and not limited to  Use of password and lock screens to keep smartphones secured.  Always be in the habit to review apps before installing and check permissions required by the apps Once ports are opened, phones are vulnerable to attack  Never download apps from unknown sources  Use an anti-virus or malware app and ensure its is constantly updated.  Android smartphones is not about apps and trick but about best practices References [1] N. Kumar, and M.E UI Haq, Penetration testing for Android Smartphones, masters thesis, Chalmers University of Technology, Goteborg, SW, 2011. [2] F. Alisherov, and F. Sattarova, Methodology for Penetration Testing, International Journal of Grid and Distributed Computing, 2(2), 2009, 44-49. [3] A. Johnson, K. Dempsey, R. Ross, S. Gupta and D. Bailey, Guide for Security-Focused configurationManagement of Information System, (SP800-42), Accessed on May, 2013. [4] H. Sheikh, J. Cyril, and O. Tomas,An Analysis of the Robustness and Stability of the Network Stack in Symbian Based Smartphones Vol. No. 10 2009. [5] N. Kumar, and M.E UI Haq, Penetration testing for Android Smartphones, masters thesis, Chalmers University of Technology, Goteborg, SW, 2011. [6] Android operating system, (2013). Available from: <http://en.wikipedia.org/wiki/Android_(operating_system) >. [10 March, 2013] [7] K. Arto, Security Comparison of Mobile OSes, and Available from: < 
 http://www.tml.tkk.fi/Opinnot/Tik- 110.501/2000/papers/kettula.pdf >. [11 March 2013]. [8] AndroidVersion history, (2013). Available from: <http://en.wikipedia.org/wiki/Android_Version_history>. [15 March 2013] [9] AndroidVersion, 2013, (2013), Available from: <http://developer.Android.com/guide/basics/what-is-Android.html>. [15 March 2013] [10] AndroidVersion, 2013, (2013), Available from: <http://developer.Android.com/guide/basics/what-is-Android.html>. [15 March 2013] [11] Android operating system, (2013). Available from: <http://en.wikipedia.org/wiki/Android_(operating_system) >. [10 March, 2013] [12] Available from: <http://www.edparsons.com/2007/11/Android-and-lbs-in-the-stack-at-last/> [24 May 2011] [13] Android-App-Market Available from: <http://www.Android-app-market.com/Android-architecture.html>[30 May, 2013] [14] F. Alisherov, and F. Sattarova, Methodology for Penetration Testing, International Journal of Grid and Distributed Computing, 2(2), 2009, 44-49