1. Mobile Hacking - Fundamentals
Presenter: Christopher Clayden | 1

2. Mobile Hacking – Fundamentals
AGENDA
Brief overview on the mobile threat landscape
Discussion on possible attack vectors
Examples of exploitation
Learn how to protect ourselves
Demonstration
Questions 2

3. Mobile Hacking - The Mobile threat landscape
Who are the top contenders in the global mobile OS market?
Android – 84.1%
IOS – 14.8%
Microsoft – 0.7%
RIM – 0.2% 3

4. Mobile Hacking - The Mobile threat landscape
Over 1.4 billion people across the world are using Android devices, according to Google. Unlike Apple’s iOS, Android is not tied to a specific manufacturer, making it's OS the top dog of the global OS market (Statistica). However, since Android dominates the smartphone market, it presents an ideal opportunity for hackers to tap into a large base of user information. It’s essential for Android users, as well as iOS users, to learn how to protect themselves. 4

5. Mobile Hacking - Attack Vectors
Possible vectors for exploitation include:
Manual Installation
Direct Access to the device
Use of client-server programs – ex: ADB
Social Engineering
Text Messages – ex: stagefright
RCE vulnerabilities – ex: ADB
exploit/android/adb/adb_server_exec
Etc. 5

6. Mobile Hacking - Hacking Android – Example 1
Manual Installation
Raw payload saved in apk format generated with msfvenom
Standard reverse meterpreter 6

7. Mobile Hacking - Hacking Android – Example 17

8. Mobile Hacking - Hacking Android – Example 18

9. Mobile Hacking - Hacking Android – Example 19

10. Mobile Hacking - Hacking Android – Example 110

11. Mobile Hacking - Hacking Android – Example 111

12. Mobile Hacking - Hacking Android – Example 112

13. Mobile Hacking - Hacking Android – Example 113

14. Mobile Hacking - Hacking Android – Example 114

15. Mobile Hacking - Hacking Android – Example 2
Android Debug Bridge - ADB
Android Debug Bridge (ADB) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device. It is a client-server program.
In order to use ADB; developer options must be unlocked and USB debugging enabled.
On Android 4.2 and higher, the Developer options screen is hidden by default.
When running Android or higher, there is a security mechanism (refereed to as secure USB debugging) where the android system shows a dialog asking the user to accept an RSA key that allows debugging through the computer. 15

16. Mobile Hacking - Hacking Android – Example 2
Vulnerabilities have been found in Android that allow attackers to bypass Android’s secure USB debugging which allows them to:
Install Applications
Bypass Android's lock screen - Pattern/PIN locks
Obtain Shells
Etc.. 16

17. Mobile Hacking - Hacking Android – Example 217

18. Mobile Hacking - Hacking Android – Example 3
Embed a payload into any android application
The Injection process high level:
Disassemble the apk files – apktool
Both payload and our original application
Copy our payload in smali format to the original application
Modify the Android Manifest file – AndroidManifest.xml from the original application to include any additional permission required for the payload in addition to services.
Modify the smali code in original application to inject new smali code to invoke our payload when the original application is launched.
Assemble the new apk file – apktool
Generate new keys & sign the apk file
Deploy 18

19. Mobile Hacking - Hacking Android – Example 3
Embed payload Preamble:
Apktool -
A tool for reverse engineering Android apk files
Manifest
Every application must have an AndroidManifest.xml file (with precisely that name) in its root directory. The manifest file provides essential information about your app to the Android system, which the system must have before it can run any of the app's code.
Smali
Smali/Baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The names "Smali" and "Baksmali" are the Icelandic equivalents of "assembler" and "disassembler" respectively. 19

20. Mobile Hacking - Hacking Android – Example 320

21. Mobile Hacking - Hacking Android – Example 321

22. Mobile Hacking - Hacking Android – Example 322

23. Mobile Hacking - Hacking Android – Example 323

24. Mobile Hacking - Hacking Android – Example 324

25. Mobile Hacking - Hacking Android – Example 325

26. Mobile Hacking - Hacking Android – Example 326

27. Mobile Hacking - Hacking Android – Example 327

28. Mobile Hacking - Hacking Android – Example 328

29. Mobile Hacking - Hacking Android – Example 329

30. Mobile Hacking - Hacking Android – Example 330

31. Mobile Hacking - Hacking Android – Example 331

32. Mobile Hacking - Hacking Android – Example 332

33. Mobile Hacking - Hacking Android – Example 333

34. Mobile Hacking - Hacking Android – Example 334

35. Mobile Hacking - HELP What can we do to protect ourselves?
Start with the basics...
Keep your OS up to date
Keep your applications up to date
Never install anything untrusted
Don't leave your phone laying around
Don't root your phone
Turn off external communication when not in use/needed; ex: Bluetooth
Be mindful of the wireless network that you are connecting to
Use Anti-virus software 35

36. Mobile Hacking - DEMO
DEMO 36

37. Mobile Hacking – Questions?37