Mobile Hacking - Fundamentals Presenter: Christopher Clayden | christopher.clayden@gmail.com 1

Mobile Hacking – Fundamentals AGENDA Brief overview on the mobile threat landscape Discussion on possible attack vectors Examples of exploitation Learn how to protect ourselves Demonstration Questions 2

Mobile Hacking - The Mobile threat landscape Who are the top contenders in the global mobile OS market? Android – 84.1% IOS – 14.8% Microsoft – 0.7% RIM – 0.2% http://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/ 3

Mobile Hacking - The Mobile threat landscape Over 1.4 billion people across the world are using Android devices, according to Google. Unlike Apple’s iOS, Android is not tied to a specific manufacturer, making it's OS the top dog of the global OS market (Statistica). However, since Android dominates the smartphone market, it presents an ideal opportunity for hackers to tap into a large base of user information. It’s essential for Android users, as well as iOS users, to learn how to protect themselves. https://www.blackhat.com/latestintel/05122016-mobile-hacking.html 4

Mobile Hacking - Attack Vectors Possible vectors for exploitation include: Manual Installation Direct Access to the device Use of client-server programs – ex: ADB Social Engineering Text Messages – ex: stagefright RCE vulnerabilities – ex: ADB exploit/android/adb/adb_server_exec Etc. 5

Mobile Hacking - Hacking Android – Example 1 Manual Installation Raw payload saved in apk format generated with msfvenom Standard reverse meterpreter 6

Mobile Hacking - Hacking Android – Example 1 7

Mobile Hacking - Hacking Android – Example 1 8

Mobile Hacking - Hacking Android – Example 1 9

Mobile Hacking - Hacking Android – Example 1 10

Mobile Hacking - Hacking Android – Example 1 11

Mobile Hacking - Hacking Android – Example 1 12

Mobile Hacking - Hacking Android – Example 1 13

Mobile Hacking - Hacking Android – Example 1 14

Mobile Hacking - Hacking Android – Example 2 Android Debug Bridge - ADB Android Debug Bridge (ADB) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device. It is a client-server program. In order to use ADB; developer options must be unlocked and USB debugging enabled. On Android 4.2 and higher, the Developer options screen is hidden by default. When running Android 4.2.2 or higher, there is a security mechanism (refereed to as secure USB debugging) where the android system shows a dialog asking the user to accept an RSA key that allows debugging through the computer. 15

Mobile Hacking - Hacking Android – Example 2 Vulnerabilities have been found in Android that allow attackers to bypass Android’s secure USB debugging which allows them to: Install Applications Bypass Android's lock screen - Pattern/PIN locks Obtain Shells Etc.. https://developer.android.com/studio/command-line/adb.html 16

Mobile Hacking - Hacking Android – Example 2 17

Mobile Hacking - Hacking Android – Example 3 Embed a payload into any android application The Injection process high level: Disassemble the apk files – apktool Both payload and our original application Copy our payload in smali format to the original application Modify the Android Manifest file – AndroidManifest.xml from the original application to include any additional permission required for the payload in addition to services. Modify the smali code in original application to inject new smali code to invoke our payload when the original application is launched. Assemble the new apk file – apktool Generate new keys & sign the apk file Deploy 18

Mobile Hacking - Hacking Android – Example 3 Embed payload Preamble: Apktool - https://ibotpeaches.github.io/Apktool/ A tool for reverse engineering Android apk files Manifest Every application must have an AndroidManifest.xml file (with precisely that name) in its root directory. The manifest file provides essential information about your app to the Android system, which the system must have before it can run any of the app's code. https://developer.android.com/guide/topics/manifest/manifest-intro.html Smali Smali/Baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The names "Smali" and "Baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. https://www.youtube.com/watch?v=h98KtUgUOsg 19

Mobile Hacking - Hacking Android – Example 3 20

Mobile Hacking - Hacking Android – Example 3 21

Mobile Hacking - Hacking Android – Example 3 22

Mobile Hacking - Hacking Android – Example 3 23

Mobile Hacking - Hacking Android – Example 3 24

Mobile Hacking - Hacking Android – Example 3 25

Mobile Hacking - Hacking Android – Example 3 26

Mobile Hacking - Hacking Android – Example 3 27

Mobile Hacking - Hacking Android – Example 3 28

Mobile Hacking - Hacking Android – Example 3 29

Mobile Hacking - Hacking Android – Example 3 30

Mobile Hacking - Hacking Android – Example 3 31

Mobile Hacking - Hacking Android – Example 3 32

Mobile Hacking - Hacking Android – Example 3 33

Mobile Hacking - Hacking Android – Example 3 34

Mobile Hacking - HELP What can we do to protect ourselves? Start with the basics... Keep your OS up to date Keep your applications up to date Never install anything untrusted Don't leave your phone laying around Don't root your phone Turn off external communication when not in use/needed; ex: Bluetooth Be mindful of the wireless network that you are connecting to Use Anti-virus software 35

Mobile Hacking - DEMO DEMO 36

Mobile Hacking – Questions? 37