Basic Android OS security mechanism,
Basic malware definition
Attacking Android platform with
Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.
Attacking the Android:
Installing Kali Linux on android to perform attacks
Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)
1. Android Hacking + Pentest
EC Council Malaysia
Instructure: Sina Manavi
27 March 2014
2. About Me
My name is Sina Manavi ,
Master of Computer Security and
Digital Forensics
C|EH & C|HFI Certificate holder
Contact : Manavi.Sina@Gmail.com
Homepage:
sinamanavi.wordpress.com
3. Agenda:
• Android OS
• Android Security Architectures
• Malwares
• Attacking Android Platform
• Hacking with Android
4. What is Android ?
• Everywhere(TV, Phones, tablets)
• Runs on Linux Kernel
• Easy to Exploit + open source
• Uses SQLite database
• Huge Community base
• Official market containing over
4,000,000 apps (Google Market)
7. Android Security
• Linux based
• Open source
• Wide available for everyone
• Everyone can develop apps and
malwares
8. How to have a safe Device
• Install apps from authorized market
(Google Play)
• Read the review before
downloading
• Read Permission warning before
installing the apps.
• Phishing/SMS?
• Lock Screen to avoid unauthorized
access
9. How to have a safe Device cont.
• Using Antivirus
• Encrypt your device and data
• While using public hotspots such as
Starbucks, use VPN to encrypt your
network connection
• Enable Remote Wipe feature
15. Malware
• Anything that breaks the security
model (without the users consent)
• Deceptive/hide true intent
• bad for user / good for attacker e.g.
surveillance, collecting passwords, etc.
• Applications that are detrimental to
the user running the device.
16. Malware
Harms a user
• Financial
• Privacy
• Personal information – location
(surveillance) ,
• Stealing resources – cracking,
botnets – processing power
Breaks Network policy
17. Malware Example
• GEO Location ?
• IP Address / 3G/4G or on WiFi
network?
• Scan for available blue-tooth devices
• Egress filtering? ports open, etc.
• SMS Receiving, Sending, Fobricating.
19. Popular Malware
• Zeus
• DroidDream
• Geinmi- Android malware with
botnet-like capabilities
• Trojan-SMS for Android FakePlayer
• iCalendar
acbcad45094de7e877b65db1c28ada
2
• SMS_Replicator_Secret.apk
20. Demo
Hacking Android Phone:
– Information stealing
– Remote Access
– Social Engineering
– Malware attack
Hacking with Andorid :
– Installing Dsploit for running attack with android
(MITM, XSS, traffic sniffing….etc)
– Installing kali linux on android to perform attack
Editor's Notes
Use Strong password (Swipe is very weak password is top most difficult)