CEHv8 module 16 hacking mobile platforms

Học viện Công Nghệ Thông Tin Bach Khoa aetna Security News Mobile Matware Cases Nearly Tripie im First Half of 2012, Says NetQin ly 31, 27012 09:40 AM ET tạiware is rising fast,

Trang 2

Học viện Công Nghệ Thông Tin Bach Khoa

aetna

Security News

Mobile Matware Cases Nearly Tripie

im First Half of 2012, Says NetQin

ly 31, 27012 09:40 AM ET

tạiware is rising fast, infecting nearly 13 miahon phones in the

buring the year first half of 2012 from the same

year ago, accordimg to Beijing -based security vendor NetQin

In a report detailing the world’s mobÐwe security, the company detected &@ major soike m malware cases in June, wah about

his came as the

irity vendor found 5.582 malware programs designed for Androwd

me the month, another unprecedented number for the period

During this year’s first half, NetQm found that most of the detected

wrth much

of the remainder designed for handsets running Nokia's Symbian OS This is a reversal from the same oeriod a year ago, when 60% of the detected mobile malware was Gesimned for Symbian onones

Trang 3

Mobile Attack Vectors Gurdeltines tor Securing Windows OS

Mobile Platform Vulnerabidites and L/€VI(

Android OS Architecture Guidelines for Securing BlackBerry Android Vulnerabilities Devices

Android Trojans Mobile Device Management (MOM) Securing Ancrornd Devices General Guidelines for Mobile Platform

Guidelines tor Securme rUOS Devices Mobile Protecteon Tools

Windows Phone 8 Architecture Mobile Pen Testing

Trang 4

Trang 5

Android Symbien Pocket Pc

Atte: //www f-secere.com http //www hovorsecurity.com

Trang 6

Terrninology

lt :$ the (operating system) of an Android device

supplied by the manufacturer

tisa i without the restrictions imposed by

Gevice’s original ROM

Bricking the Mobile Device

Altering the device OS using Of j im 2 way that

= - causes the mobile device to become unusable or inoperable

`

_- -

Bring your own device (BYOD) isa that allows employees to Dring their personal mobile devices to their work place

Trang 7

Trang 8

Mobile Malware

App Sandboxing

Device and App Encryption

OS and App Updates

Jailbreaking and Rooting

Trang 9

security Issues Arising from App Stores

Attackers can also °

insufficient or ecads to rs

malicious and fake apps entering app - to download and run apps outside the

marketplace

'

>p stores ¿ On target ttacker s

App stores are Common target for attackers and data, and send your sensitive đata tO

ee attacxers

Orticia Ape More ssa a

Trang 10

Focus of attackers and malware writers has sftwited to mobile devices due

to the increased adoption of mobile devices for business and personal

purposes and comparatively lesser security controls Mobile malwere include viruses, SMS-sending malware, mobile botnets 7 spyware, destructive Trojans, etc

2004 2005 2006 2007 2ooa 2009 2010 2077 3012

Source: 2017, McAfee Threats Report, hd f(0.//wewwi?rwveogfce coet

Trang 11

= App Sandboxing Issues

Sand boxing helps by linmuting the resources the app can access in the mobile platform; however, malicious

applications may exploit vulnerabilities and bypass the sandbox

Trang 12

Mobile Platform Attack Vectors

Mobile Security Guidelines and toots

Trang 13

Dalvwik virtual machine optimized for mobile devices

integrated browser based on the open source WebKit engine

Media support for common audio, video, and still image formats (MPEG4, H.264.,

MP3, AAC, AMR, JPG, PNG, GIF)

Rich developmentenrveonment including 4 device emulstor, tools for debugging, memory and performance profiling, and a obugin for the Ecl@se IDE

ete ee te ee ge heed]

SQLite for structured data storage

Trang 14

Reyoeocd Or wer W1 xsx Aaa On bers Power Warage rmrnes Ì

Trang 15

Ba Android Device Administration API

The Devee Adrrunistration AFP! introduced m Android 2.2 orovides

at the system level

These APIs allow developers to create that are useful in enterprise

settings, in which IT professionals require rich control over employee devices

Policies supported by the Device Administration API

w* Password cnatica ° Minimum vopercase tet

- Mirnirrum password bength required in password

° Sipranurenc password * Password expiration timeout

required ” Password hes tory esticton

» Ccmecicx öoa1x+wcvd ứcqưircd

e hMaxitmuen failed oas

° VMirurrann letters foqguired in attempt

os sword

w h1aximwrn inactivity time tock

° VMirurrannm lowewcase beat vequred in password = Requee Storage ecryptic

- VMinirmaunn nmon-leiter cRharacters * Disable carrera required in password 9 Prompt user to set 4 new

° Mirndrvurre cumercal digits password reo in ‘ at

quired in passwon " Lock cdevice immevwiateily Minimum syrmbos requrce en

password

Trang 16

Android Rooting

Rooting allows Android users to “known as “root access”) within Android's subsystem

Rooting process involves exploiting security vulmerabilities in th the , and copying the su binary toa

location in the current process's PATH (e.g /system/xbin/su) and granting it executable permissions with the

such as device including

* Modifying or deleting system files, module % Voeds your phone's werranty ROMs (stock fermwarel, and kernels

Poor performane

° Removing carrer or manufacturer

mstaiied apolicators (bloatwae:el ©" Malware wmfecthon

_ ì -^OÍ (“C@%« ¬ *>< ect `: “hạt

e LOx-/vf!i A£cess tí he hardware iat are Brickir @ the devce

typically unavadabie to the Gevices in their

Getawtlt ( ws1lgurat¿ )f

*® itmoroved performence

7 instal apphcations on $D card

Trang 17

Rooting Android Phones using

Unplug and re-connect, but this time select

C ” to sure that vour phone sSD Card

is NOt mounted to your PC

Goto >A: >I

and enable to put your android

into USB DeDugging mode

Run (available in Tools OVD)

Click on the” "Dutton

Wait for some time until you see a“

' Message

Now check out the in your phone

Superuser icon means you now have

(reboot the phone if you donot see it)

Trang 18

Rooting Android Phones Using

superboot

| Downtload and extract the

BB Put your Androld phone in

bootiocader mode Turn off the phone '

and plugin the USB cable

When the batteryicon appears onscreen,

Now tap the i while holding down the Camera key

For Andros phones with a trackball: Turn

off the phone, then turn the phone backon

Your device has been

Depending on your computer's \

OS, do one of the following:

Double cick “wstall-superboot-

windows bat”

Open 2 terminal window to the directory comaining the fies, and type “chmod +x instal superboot-mac.sh” followed by ” /astall-

Trang 20

Session Hijacking Using

DrotdSheep ts a simple Android tool for web session hijacking

lị sent via a wireless (802.11) network

conmection and frorn these packets in order

to rewse therm

DrosdSheep can capture sessions using the libocap library and

supports WEP encrypted networks

Ae Spoofee Miacher modiftet <

Attacker et iercepts S265 0Re OD aed rey them cthent’s requests fora a to we? serwer

Trang 21

>

i sBK ACARD

- rss ^

Android-based Sniffer:

FaceNiff « an Andros’ app that allows you to sniff itis possidie to Negack sessions only when WiFi ts

and entercept web session profiles over the WiFi not using EAP, but it should work over any private

that your mobile ts commected to networks (Open/WEP/WPA-PSK/WPA2-PSK)

Trang 22

| —~

wi SsBK ACAD

7eamo tthe noronous mobile

commonem of the Zeus banking

Trojan that crrcumvents two ® ee Ỷ) factor authentication by

Trang 23

Please mete cure of the

folowing before rooting

« You have an SO cara insertec and moumed

USB debugging = eabied

which if run successfully

Allow tha appt aton to

Trang 24

Android Trojan: AcnetSteal and Cawitt

AcnetSteal ts a program that Cawttt._A operates silently mm the background,

from the device wihech ct later

forwards to &@ remote server

remote location using Triple OES Encryption Collected information includes

(DESede) international Mobdde Equimoment identity (

number ` _ and modules

; #§ @ 232 +« ZZ ty G) «me a»

Trang 25

Android Trojan: Frogonal and Gamex

Frogonal Á :s a

wehere extra functliortalit+es used for malicious intent have

been added into the new packare

tt harvests the following information from the compromised

device such as

ohone number, IMEI number, |! SIM seria!

nurnber, device model, root

to download more

applications and to forward the device IME! and IMSi numbers

i ttatso establishes a connection to an external tink which containsa , and proceeds to downloading

and installing the file

Copynght © by 6 -Cempcll ani Rights Reserved Reproduction is Strictly Prohib ted

Trang 26

KabStamper.Ais a malware distrmuted via Trojaned

apokcations that deliver

Mahcous code in the malware is highly destructive;

it

that stores images taken with the

Oevice s camera

the malware checks this folder

and modifies a found nage by overwriting 4 with a

predefined image

“4%

out messages wah the content “ter or “Quiz to the nurnber 84242

Any reply from this number is

to prevent user from becomene

Sus DelOus

Mania A is known for using the trojanization

technique, where @ ts repackaged with another

rigial apphcation ® order to

wh PD G2 «4 26 am wa ™ G2 + ts 46

Copynght © by -Cemmpoil_ Al Rights Reserved Reproduction Is Strictly Promibted

Trang 27

Android Trojan: PremiumSDMIS and

SưnsSpy

PremiumSMS.A is a Trojan that reaps profit from SmsSpy.F poses as an Androic Security Suite

ithasa 2 that contains data on into a secsuite.db

the content of the SMS messages and the This malware targets

reciprent numbers where it ts spammed via &@ Message indicating that

Example of the sent messages

ee 6c» protects the device is available for download

Trang 28

ĐẠI HỌC

wi SsBK ACAD

Android Trojan: DroidLive SIIS and UpdtKiller

DroidLlive masqueraces as 2 Google Library, UpdtKilier.A conmmects to 2 command and

attempts to utilize Device Administration API comtrot (C&C) server, where it forwards users’

dat c xi r r is fron

¬ } ttattempts to install itself as a Gevice ata to and receives further command m

administration app, and ¡is capablie of tapping J This malware is also capable of kiêng

INto personal data and performing a mixture of antivirus processes in order to avoic being

nefarious activities on android modile devices detected

oottec cei wer send

text Wie wsapes

A

itive fecriver

5 ' M Add rơi

Shultdowntece wer Scuve — '*# Dev(ce

Sem Meis ageKec ewer

Wy v Call Proce ore ee

Trang 29

Android Trojan: FakeToken CIEH

FakeToken steals both banking authentication factors (internet password and mTAN) directly from the mobile device

@ miccting web pages from infected

computers, simulating = fake secunty app

that presumably avoids the interception

of SMS messages by generating a unique

Ggital certificate based on the phone

ee

injecting a phishing web page that

redirects users to a wetsite pretending to

“Y1 ee es Le

“scBarking SG Guaryd” a4 crotectice

against “SMS message interception and

motile Phome SIM card cloning”

Your messages Your messages

Network communication Network communication

j

Your personal information Storage

Trang 30

Keep updated with the operating

< Never root your Android devwe

tystem as and when they arrive

Use free protector Androw app Wee

mail accounts, etc

j

»

Google Android antivirus software with the user's information eens

Trang 31

Google Apps Device Policy

Google Apps Device Policy app allows Googie This app allows IT administrator to (

Apps domain adminto and remotely wipe your

device

it is a device administration app for Googie Additionally, thes app allows you to ring, lock

Apps for Business, Education, and Government or locate your Android devices through the

accounts that makes your Miy Devices page

Mttps.// plaoy.qoogle.com

Trang 32

Remote Wipe Service: Remote Wipe

if users have Google Sync installed on a supported mobile device or an Android device

with the app, they can use the Google Apps control pane

to rernotely wipe the device

" Inthe , hover your cursor : " - a

over the user whose device you want to - =~ Reeas

” Wipe - - = ` s — -

eppeesrs

=" Asecond box appears asking you to , %w _ = : :

confirm that you want to remotely wioe == : _=

the device If you are sure your want to —— | = l6 Se ; :

wipe the device, click —~ : = +

Trang 33

E>

%SẴẲễẽề

DrowSsneeo Guard monitors

your phones ARP-Table and pop-up alerts m case it detects suspicious entries in

the phones ARP-Table

itcan enmediately disable

V¥iti Connection to protect

your accounts

DroidSnheep Guard works

with sll ARP-Based attacks,

xe DrociSheep and Facendf

Trang 34

Android Vulnerability scanner: X-Ray

~~ A-Ray scans your Android device to determine F-='!

, whether there are that

by your carrier —

it presents you witha

that it is able to identify and allows you to

check for the presence of each vulnerability

on your device

ability to scan for new vulnerabilities as they are discovered and disclosed

Trang 35

Android Penetration Testing Tool:

Android Network Toolkit - Anti

On each run, Anti wil

and will display the information accordingly

St y Green led signais an Active device, Yellow lec signals

Available ports, and Red ted signals Vulnerability found

Each device will have an icon representing

the t

When finished scanning, Anti will produce

an specifying which

vulnerabilities you have or bad practices

frtp Sewer foo bop cor

Trang 36

In Android Device Tracking Tools

prew m—

Pee

atin Cniarevefione sngohe d corn v\ifaá ver Pert aww 0 con *ra * ư.cyứ, 19v tt oa n

Pr tection

app

HHoued GadgetTrak Mobile Security Tatal Equipenent Protection App AnelrosdLost coew

Attn / www; Mouretscif wore com Wip /wwre oacyerife «nm- Affes //orotetiam sora con Atlip //www aendirestom cat

Trang 37

Mobile Platform

Attack Vectors

Mobile Security Guidelines and Tools

Trang 38

brah stapralico en gainer itt te bbe Dean Keupex showed how they were able to

: 2O% to win $30,000 in the mobile ~

Pwn20wn contest Wednesday at EUSecWest in Amsterdam, IT World reports ma

Because the hacked iPhone was running a developer version of iOS 6, it’s likely

Using the melicious code in a webste would enable a cybercrimninal to bypass the

" | " : - C4: (10 A2224 ee (67 Ca 0Ã 161 so sa : me

Trang 39

Apple i¡Q©S

iOS :‹s Apole'srn@Wjle Operating system Ihe user intertace t based on the

which Supports Api Gevices such as concept Of Girect Manipulation, using

Trang 40

ĐẠI HỌC

Jailbreaking is defined as the process of installing a modified set of kernel patches

that allows users to run third party 2ppicatonms not spned by the OS vengor

Jainlbreaking provides root access to the operating system and permits

downloading of third-party applications, themes, extensions on an 10S devices

ailbreaking removes sandbox restrictions, which enables malicious apps to access

restmcted mobile resources and information

Jailbreaking, like rooting, also comes with many security

and other risks to your device including:

Voids your phone's

Tiêu đề	CEHv8 Module 16 - Hacking Mobile Platforms
Trường học	Học viện Công Nghệ Thông Tin Bách Khoa
Chuyên ngành	Mobile Security
Thể loại	lecture notes
Năm xuất bản	2012
Thành phố	Hanoi

Định dạng
Số trang	91
Dung lượng	3,72 MB