CEHv8 module 16 hacking mobile platforms
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (6.99 MB, 157 trang )
H a c k i n g M o b i l e
P l a t f o r m s
M o d u le 16
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Hacking Mobile Platforms
M o d u le 16
Engineered by Hackers. Presented by Professionals.
Q
CEH
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s v 8
M o d u le 16 : H a c k ing M o b ile P la tf o rm s
E xam 3 1 2 -5 0
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2393
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
CEHSecurity News
Mobile Malware Cases Nearly Triple
in First Half of 2012, Says NetQin
July 31,201 2 0 9:40 AM ET
In J u n e , 3 .7 m ill i o n p h o n e s w o r l d w id e b e c a m e in f e c te d w ith
m a lw a re , B e ijin g re s e a r c h e r f in d s .
M o b ile m a lw a re is ris in g f a s t, in fe c tin g n e a rly 1 3 m illio n p h o n e s in th e
w o r l d d u rin g th e y e a r fi r s t h a lf o f 2 0 1 2 , u p 1 7 7 % f r o m t h e s a m e
p e rio d a y e a r ag o , a c c o r d in g to B e ijin g -b a s e d s e c u r ity v e n d o r N e tQ in .
I n a r e p o r t d e ta ilin g th e w o r ld 's m o b ile s e c u rity , th e c o m p a n y
d e te c te d a m a jo r sp ik e in m a lw a re c as e s in Ju n e , w it h a b o u t 3 .7
m illio n p h o n e s b e c o m in g in fe c t e d , a h is to r i c h ig h . T h is c a m e as th e
s e c u rity v e n d o r fo u n d 5 ,5 8 2 m a lw a r e p ro g ra m s d e s ig n e d fo r A n d r o id
d u rin g th e m o n th , a n o th e r u n p r e c e d en te d n u m b e r f o r t h e p e rio d .
D u rin g th is y e a r's fir s t h a lf, N e tQ in fo u n d th a t m o st o f t h e d e te cte d
m a lw a r e , a t 7 8 % , ta r g e te d s m a r tp h o n e s ru n n in g A n d r o id , w i t h m u c h
o f th e re m a in d e r d e s ig n e d fo r h a n d s e ts r u n n in g N o k ia 's S y m b ia n O S .
T h is is a re v e rs a l f r o m th e s a m e p e rio d a y e a r a g o , w h e n 6 0 % o f th e
d e te c te d m o b ile m a lw a re w a s d e s ig n e d fo r S ym b ia n p h o n e s.
http://w w w .com pute rworld.c om
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
S e c u r i t y N e w s
■at m m M o b i l e M a l w a r e C a s e s N e a r l y T r i p l e i n F ir s t H a l f o f
2 0 1 2 , S a y s N e t Q i n
Source: h ttp ://w w w .c orn pute rw o rld .c om
In June, 3.7 m illion phones w o rld w id e becam e infected w ith m alware, Beijing researcher finds.
M o bile m alw are is rising fast, infecting nearly 13 m illion phones in the w o rld du ring the year
first half of 2012, up 177% fro m th e same period a year ago, according to Beijing-based security
ve ndo r NetQin.
In a re po rt detailing th e w orld's m obile security, the com p an y dete cte d a m ajor spike in
m a lw are cases in June, w ith a bo ut 3.7 m illion phones becom ing infected, a historic high. This
came as th e secu rity ve ndor fo und 5,582 m alw are programs designed fo r A nd roid du ring th e
m onth , ano ther un pre cede nted nu m be r fo r th e period.
During this year's firs t half, N etQ in fou nd th at m ost o f the dete cte d m alw are , at 78%, targ ete d
sm artph on es run nin g A ndroid, w ith much of th e re m a inde r designed fo r handsets running
Nokia's S ymbian OS. This is a reversal fro m the sam e period a year ago, w h en 60% o f the
detected m obile m a lwa re was designed fo r Symbian phones.
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2394
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
In total, NetQin detected 17,676 mobile malware programs during 2012's first half, up 42%
from the previous six months in 2011.
About a quarter of the detected malware came from China, which led among the world's
countries, while 17% came from Russia, and 16.5% from the U.S.
In China, malware is mainly spread through forums, ROM updates, and third-party app stores,
according to NetQin. So-called "remote control" Trojan malware that sends spam ads infected
almost 4.7 million phones in China.
NetQin also detected almost 3.9 million phones in China being infected with money-stealing
malware that sends out text messages to trigger fee-based mobile services. The high number of
infections would likely translate into the malware's creators netting $616,533 each day.
The surge in mobile malware has occurred at the same time that China has become the world's
largest smartphone market by shipments. Android smartphone sales lead with a 68% market
share, according to research firm Canalys.
The country's Guangdong and Jiangsu provinces, along with Beijing, were ranked as the three
highest areas in China for mobile malware.
Copyright © 1994 - 2012 Com puterw orld Inc
By Michael Kan
h t tp : // w w w . c 0 m p u t e r w 0 r l d . c 0 m / s /a r ti c le / 9 2 2 9 8 Q 2 / M 0 b i l e m a l w a r e c a s e s n e a r ly t r i p le in f ir st
h al f o f 2 0 1 2 s ay s N e tQ i n
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2395
Exam 312-50 Certified Ethical H ackerEthical Hacking and C oun term easures
Hacking Mobile Platforms
CEHM odule Objectives
r
j
M o b ile A tta c k V ec to rs
—
J
G u id e lin e s fo r S e c urin g W in d o w s OS
j
M o b ile P la tfo rm V u ln e ra b ilit ie s a nd
D evic e s
Risks
J
B la c kb e rry A tta c k V e cto rs
j
A n d ro id OS A r c h it e c tu re
J
G u id e lin e s fo r S e c urin g Bla c kB e rry
j
A n d ro id V u ln e r a b ilitie s
D evic e s
A n d ro id T ro ja n s
M o b ile D evice M a n a g e m e n t ( M D M )
j
J
j S ec u ring A n d ro id D ev ice s
J G e ne ra l G u id e lin e s fo r M o b ile P la tfo rm
j
J ailb re a kin g iO S
S e c urity
j G u id e lin e s fo r S e cu rin g iOS D e v ic e s
J M o b ile P ro te c tio n To o ls
j
W in d o w s P h o ne 8 A r c h ite c t u re
U
J
M o b ile Pen T es tin g
[
Copyright © by E&Caincl. All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u l e O b j e c t i v e s
The main objective o f this m o dule is to edu cate yo u ab out the potential threats o f
m ob ile platfo rm s and h ow to use th e mobile devices securely. This module makes you
fam iliarize w ith:
9 W indows Phone 8 A rch itecture
9 Guidelines fo r Securing W indows OS
Devices
9 Blackberry A ttack V ectors
9 Guidelines fo r Securing BlackBerry Devices
9 M ob ile Device M ana ge m en t (M D M )
9 General Guidelines fo r M o bile Platform
Security
9 M obile P rotection Tools
9 M obile Pen Testing
9 M obile Attack Vectors
9 M obile Platform Vulnerabilities
and Risks
9 And roid OS Arch itectu re
9 And roid Vulnerabilitie s
9 And roid Trojans
9 Securing A ndroid Devices
9 Jailbreaking iOS
9 Guidelines for Securing iOS
Devices
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2396
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Copyright © by EC-Couid. All Rights Reserved Reproduction is Strictly Prohibited.
M o d u l e F l o w
M l
For be tter unde rstanding, this m od ule is divided in to various sections and each section
deals w ith a d iffe re nt to pic th a t is related to hacking m o bile p la tforms. The first section deals
w ith m o bile p latfo rm attack vectors.
M o bile P latform A tta ck V ectors ^ ' 1 ׳ Hacking BlackBerry
|| Hacking Android iOS
Mobile Device Management
Hacking iOS
Mobile Security Guidelines and Tools
Hacking Windows Phone OS
^ Mobile Pen Testing
This section introdu ces you to the variou s m ob ile attack ve ctors and th e associated
vulnerabilities and risks. This section also highlights th e security issues arising fro m app stores.
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2397
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Mobile Threat Report Q2 2012 CEH
M obile Threat
by Type Q2 2012
Trojan Monitoring R iskware A pplication Adware
Tool
http://w w w .hotforsecurity.comh ttp : //www.f-secure.com
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
M o b i l e T h r e a t R e p o r t Q 2 2 0 1 2
Source:
In the report, malware attacks on Android phones continue to dominate the other mobile
platforms. The most attacks were found in the third quarter of 2011. And in 2012, Q2 came in
at 40%.
• A n d ro id
• S ym bia n
• P ocke t PC
(5 ) J2ME
M obile Threat
Report Q2 2012
20122012
2011201120112011
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2398
Exam 312-50 Certified Ethical H ackerEthical Hacking and C oun term easures
Hacking Mobile Platforms
2011 2011 2011 2011 2012 2012
FIGURE 1 6 .1 : M o b ile T hre a t R ep ort Q 2 2 01 2
Note: The th reat statistics used in th e m ob ile thre a t re po rt Q2 2012 are m ade up of fam ilies
and variants instead o f unique files.
M o b i l e T h r e a t b y T y p e Q 2 2 0 1 2
Source: h ttp ://w w w .h o tfo rs ec uritv.co m
Attacks on m obile phones w e re m ostly due to the Trojans, w hich according to th e M obile
Threat by Type Q2 2012. is ab ou t 80%. From th e graph or re port it is clear th e m a jo r th re at
associated w ith m obile pla tfo rm s is T rojan w hen comp ared to o the r threa ts such as m o nito ring
tools, riskware, application vulnerabilities, and adware.
M o b ile T h re a t
b y T y p e Q 2 2012
T ro ja n M o n ito rin g R is k w a re A p p lic a tio n A d w are
T oo l
FIGURE 16 .2 : M o bile T h re at by T y pe Q 2 20 12
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2399
Exam 312-50 Certified Ethical H ackerEthical Hacking and C oun term easures
Hacking Mobile Platforms
CEH
Terminology
Stock ROM
It is t h e d e f a u lt R O M ( o p e r a tin g s y s t e m ) o f a n A n d r o id d e v ic e
s u p p lie d b y t h e m a n u f a c t u r e r
CyanogenMod
I t is a m o d if ie d d e v ic e R O M w i t h o u t t h e r e s t r i c t io n s im p o s e d b y
d e v ic e ’s o r ig i n a l R O M
Bricking the Mobile Device
A lt e r in g t h e d e v ic e O S u s in g r o o t i n g o r ja il b r e a k i n g in a w a y t h a t
c a u s e s t h e m o b ile d e v ic e to b e c o m e u n u s a b le o r in o p e r a b l e
Bring Your Own Device (BYOD)
B r in g y o u r o w n d e v ic e (B Y O D ) is a b u s in e s s p o l ic y t h a t a llo w s
e m p lo y e e s to b r i n g t h e i r p e r s o n a l m o b il e d e v ic e s t o t h e ir w o r k
p la c e
Copyright © by E&Caincl. All Rights Reserved. Reproduction is Strictly Prohibited.
T e r m i n o l o g y
The fo llow in g is the basic te rm in olo gy associated w ith m obile p latfo rm hacking:
© Stock ROM: It is the defau lt ROM (op erating system) of an a nd roid device supplied by
the m a nufa ctu rer
© CyanogenMod: It is a m odified device ROM w ith o u t the restrictions im pose d by device's
original ROM
© Bricking the Mobile Device: Altering the device OSes using rooting or jailbreaking in a
w ay th a t causes th e mobile device to becom e unusable or ino perab le
© Bring Your Own Device (BYOD): Bring yo ur ow n device (BYOD) is a business policy th at
allow s em ployees to bring th eir personal m obile devices to th eir w o rk place
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2400
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Mobile Attack Vectors
a n d e m a tt
s c ra p ’*״ ®
,data streak
a n d sc re e n
Extracted
0f backup
P r in t s c re e n
tand rootkit
U S B ^ e V a n d '° ss
o copvto
\
m°drficati0n
APPlication
o $ r/1
0s׳n° dificatic
° o
Wp«cati0nv-
U n a p P r0 '
Copyright © by E&Ctliacfl. All Rights Reserved. Reproduction is Strictly Prohibited.
M o b i l e A t t a c k V e c t o r s
Similar to trad itional com p uter system s, m ost m od ern m obile devices are also prone
to attacks. M o bile devices have many po tentia l attack vectors using wh ich the atta cker tries to
gain unauth orized access to th e m obile devices and the data stored in or tra ns ferre d by the
device. These m obile attack vectors allow attackers to e xploit th e vulne rabilities present in
o pe ratin g system s or ap plica tions used by th e m o bile device. The attacke r can also exp lo it th e
human factor. The various m obile attack vectors include:
M a lw are :
9 Virus and ro o tkit
9 Ap plication m od ification
6 OS m odifica tio n
Data E xfiltratio n:
9 Data leaves organization and email
9 Print screen and screen scraping
9 Copy to USB key and loss o f backup
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2401
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Data Tamp ering :
© M od ifica tion by a no the r application
© U nd ete cted ta m p er a tte m pts
© Jail-broken device
Data Loss:
© Application vulnerabilities
© U na pprov ed physical access
© Loss of device
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2402
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
M o b i l e P l a t f o r m V u l n e r a b i l i t i e s
a n d R i s k s
M o b ile A pp lic ation
V ulne rabilitie s
7
Privacy Issues (G eolocation )
8
Data Se curity
' 9
Excessive Pe rm ission s
1 0
C om m u nicatio n Security
V 1 '׳—זד
1 1
c ר
Ph ysical Attacks
-
■ :
J
1 2
1
A pp Stores
2
M o b ile M a lw a re
3
A pp San dboxing
4
D evice and A pp En cryption
5 ]
OS and A pp U pd ates
6 ]
Jailb rea kin ga nd Roo tin g
M o b i l e P l a t f o r m V u l n e r a b i l i t i e s a n d R i s k s
M obile pla tform vu ln era bilities and risks are th e challenges faced by m ob ile users due
to the fu nc tion ality and increasing use of m o bile devices at w o rk and in oth er daily activities.
The new fun ction alities a m plify th e a ttra ction of th e platfo rm s used in m obile devices, w hich
provide an easy path fo r a ttacke rs to launch attacks and e xploitation. Attackers use d iffere nt
technologies such as Androids and o th er m u ltiple instances to insert m aliciou s applica tio ns
w ith hidden fu nc tion ality tha t stealthily g ather a user's sensitive info rm a tion . The companies
th at are into developing m ob ile applications are m o re concerned abo ut security because
vu lnera ble applica tio ns can cause damage to both parties. Thus, levels of se curity and data
prote ction guarantees are m and ato ry. But th e assistances and services provided by m obile
devices fo r secure usage are sometim es neutralized by frau d and security threats.
The followin g are some of th e risks and vu ln erab ilities associated w ith m obile platforms:
0 App Stores
© M ob ile M alw are
Q App Sandboxing
© Device and App Encryption
© OS and A pp Updates
Module 16 Page 2403 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
e
Jailbreaking and Rooting
e
M obile A pp lica tio n V ulne rabilities
e
Privacy Issues (G eolocation)
Q
Data S ecurity
e
Excessive Perm issions
e
C om m u nication Security
e
Physical A ttacks
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2404
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
S e c u r i t y I s s u e s A r i s i n g f r o m
A p p S t o r e s
CEH
A tta c kers can a lso so c ial e ng in e e r use rs
to d ow n loa d and ru n a pp s ou ts id e th e
o ffic ia l app store s
M a lic io u s apps can da m a g e oth e r a pp lic a tio n
a n d d a ta , and sen d y o u r s e n sitive da ta to
a tta cke rs
A p p S to r e ■ 11 n 11
•
>d i m יי f <
:
’®JLp h i
: »*> • A
\ T hird P arty
■ A p p S to re
>
J In su ffic ie nt or n o v e ttin g o f a pps le ads to
m a licio u s an d fak e app s e nte rin g a p p
m ark e tp la c e
J A pp store s are c om m o n ta rg et fo r a tta cke rs
to d is trib ute m a lw a re a n d m alicio us app s
M o b ile App No V e ttin g
M alicious app sends sensitive data to atta cker
Call log s/pho to/vide o s/se n sitive docs
Copyright © by E&Caincl. All Rights Reserved. Reproduction is Strictly Prohibited.
S e c u r i t y I s s u e s A r i s i n g f r o m A p p S t o r e s
An auth enticate d d ev eloper of a co m pa ny creates m obile a pplica tio ns fo r m obile
users. In order to a llow the m ob ile users to con ve niently browse and install these m obile apps,
pla tform vendors have created centralize d m arketplaces, bu t security concerns have resulted.
Usually m obile applications th at are develop ed by developers are subm itted to these
m arketplaces (official app stores and th ird -p arty app stores) w ith o ut screening or vetting,
m aking th em available to thousands of m ob ile users. If you are dow n lo adin g the a pplication
fro m an official app store, the n you can trust th e application as the hosting store has v ette d it.
H owever, if you are d ow n lo adin g the app lication fro m a th ird -p arty app store, th en there is a
possibility o f dow nload ing m alw are along w ith th e application because th ird -p arty app stores
do not vet th e apps. The attacker down lo ad s a le gitim a te gam e and repackages it w ith m alw are
and uploads th e m ob ile apps to a th ird -p arty a pplication store fro m w here th e end users
dow nlo ad this malicious gam ing ap plication, believing it to be genuine. As a result, th e m alw are
gathers and sends user credentials such as call lo gs /p hoto /v id eo s /sen sitiv e docs to the
attacker w ith o u t the user's kno wledge. Using the inform a tion g athered, the attacker can
exploit th e device and launch many oth er attacks. Attackers can also socially engineer users to
dow nlo ad and run apps outside the official app stores. M alicious apps can dam age o th er
applications and data, and send you r sensitive data to attackers.
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2405
Exam 312-50 Certified Ethical H ackerEthical Hacking and C oun term easures
Hacking Mobile Platforms
Ca ll lo g s/p h o to /v id e o s /s e n sitiv e do cs
FIGURE 16 .3 : S ec urity Issues A risin g fro m A p p S to re s
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2406
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Threats of Mobile Malware CEH
T h r e a t s o f M o b i l e M a l w a r e
In recent years, m any system users are m oving away fro m using personnel com pute rs
to w a rd sm artp ho nes and tablets. This increased a do ptio n of m obile devices by users for
business and personal purposes and co m parative ly lesser security c ontro ls has shifted the
focus o f attackers and m alw are w rite rs fo r launching attacks on m ob ile devices. Attackers are
attacking m ob ile devices because m ore sensitive info rm a tion is stored on them . SMS spoofing,
toll frauds, etc. are attacks p erform ed by attackers on m ob ile devices. M o bile m alw are include
viruses, SM S-sending m alware , m obile botnets, spyw are, destructive Trojans, etc. The m alw are
is either applicatio n or fu nctio na lity hidden w ith in oth er applica tion. For infecting mobile
devices, th e m a lw are w rite r or atta cker develops a malicious a pplication and publishes this
application to a m ajor application store and w aits until users install these m alicious m obile
applications on th eir m obile devices. Once th e user installs the app lication hosted by the
attacker, as a result, th e a ttacker takes co ntrol over th e user's m obile device. Due to m obile
m alw are threa ts, th ere may be loss and th eft, data co m m un icatio n in terru ptio n, exploitation
and m isconduct, and dire ct attacks.
According to th e threa ts re po rt, th e security threats to m obile devices are increasing day by
day. In 2004, m a lwa re thre ats against m o bile devices w e re fe w er w he n com pared to recent
years. The fre quen cy of m a lw are th reats to m ob ile devices in the year 2012 dra stica lly
increased.
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2407
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
FIGURE 1 6.4: T hre ats o f M o b ile M a lw a re
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2408
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
App Sandboxing Issues C E H
S a nd b o xing helps p ro te ct s yste m s a n d users by lim itin g th e resource s
th e a p p ca n access in th e m o bile p la tfo rm ; h o w eve r, m alicio us
a p plica tio ns m ay e xp lo it v u ln era b ilitie s an d bypa ss th e sa nd b o x
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A p p S a n d b o x i n g I s s u e s
Sandboxing separates the running program with the help of a security mechanism. It
helps protect systems and users by limiting the resources the app can access in the mobile
platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox.
Sandboxing is clearly explained by comparing a computer and a smartphone. In normal
computers, a program can access any of the system resources such as entire RAM i.e. not
protected, hard drive information, and more can be read easily by anyone, unless and until it is
locked. So if any individual downloads malicious software believing it as genuine, then that
software can read the keystrokes that are typed in your system, scan the entire hard drive for
useful file types, and then send that data back through the network. The same occurs in mobile
devices; if an application is not given a working environment, it accesses all the user data and
all the system resources. If the user downloads a malicious application, then that application
can access all the data and resources and can gain complete control over the user's mobile
device.
Secure sandbo x e n viro n m e n t
In a secure sandbox environment, each individual application is given its own working
environments. As a result, the application is restricted to access the other user data and system
resources. This provides protection to mobile devices against malware threats.
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2409
Exam 312-50 Certified Ethical H ackerEthical Hacking and C oun term easures
Hacking Mobile Platforms
ו
U s e r D a t a
* •
App
Unrestricted
Access
S y s te m
R e s o u r c e s
rriwiiif
s
A
N
D
B
O
X
O t h e r
U s e r D a ta
N o A ccess
S y s te m
R e s o u r c e s
FIGURE 1 6 .5 : S ecu re s a nd bo x e n vir o n m e n t
V uln erable S andbox E n viro nm en t
In v ulnerab le sandbox en viro nm e nt, th e malicious a pp lication exploits loo pho les or weaknesses
fo r bypassing th e sandbox. As a result, th e a pplication can access o the r user data and system
resources th a t are restricted.
U s e r D a t a
s
1“ nr
A
M
U s e r D a ta
Unrestricted
App
Access
A c cess
S y s te m
R e s o u r c e s
B y p as s
the
S a n d b o x
S y s te m
R e s o u r c e s
FIGURE 1 6.6: V u ln e ra ble Sa n db o x E nv iro nm e n t
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2410
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
Modu
.le Flow
c
Uttiftod
EH
IUkjI lUchM
• •
•
1 1
.
e H
fl ^:־ ^
-
M obile Platform
Attack Vectors
Copyright © by E&Caind. All Rights Reserved. Reproduction is Strictly Prohibited.
M o d u l e F l o w
w So far, w e have discussed various pote ntial attack vectors of m obile p latform s. N ow
w e w ill discuss hacking th e A ndro id OS.
Mobile Platform Attack Vectors * '< Hacking BlackBerry
1 f >
flBSi Hacking A ndro id iOS
v /
Mobile Device Management
Hacking iOS
■^׳ Mobile Security Guidelines and Tools
Hacking Windows Phone OS
׳־^ Mobile Pen Testing
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2411
This section introduces you to th e A ndroid OS and its architectu re, various vulne rab ilities
associated w ith it, Andro id rootin g and An droid roo ting tools, various An dro id Trojans, A nd roid
security tools, A ndroid p enetra tion te stin g tools, and A nd roid device tra cking tools.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Hacking Mobile Platforms
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2412
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
CEH
Android OS
A n dro id is a s o ft w a re e n v ir o n m e n t d e v e lo p e d by G o o g l e f o r m o b i l e d ev ice s
t h a t in clu d e s a n o p e ra ti n g sy s te m , m id d le w a re , a n d k ey a pp lic a tio n s
Features
A p plic atio n fra m e w o rk en ab ling re u s e a nd re pla ce m e n t o f
c o m p on en ts
D alvik v irtu a l m a c h in e o ptim iz ed fo r m o b ile d e v ice s
In te g ra te d b ro w se r b a se d o n th e o p en s o u rc e W e b K it e n g in e
S Q Lite fo r s tru c tu re d d a ta s to ra ge
M e d ia su p p o rt fo r c o m m o n a u d io , v id eo , an d s till im ag e fo rm a t s (M P EG 4, H .264 ,
M P 3 , A A C , A M R , JPG, PNG , GIF)
Rich d ev e lo p m e nt en v iro nm e n t in clud ing a d ev ice e m u lator, too ls fo r d eb u gging ,
m e m ory a nd p e rform a n c e p ro filin g , a nd a plu gin fo r th e Eclipse IDE
Copyright © by E&Cauac!. All Rights Reserved. Reproduction is Strictly Prohibited.
A n d r o i d O S
A nd roid is a so ftw are stack d eveloped by Google specifically for m obile devices such
as sm artphones and ta ble t compute rs. It is com prised o f an op erating system , m id dlew are, and
key applications. A ndroid 's m obile ope rating system is based on th e Linux kernel. The And roid
application runs in a sandbox. The sandbox security m echanism is explained on a previous slide.
A ntivirus so ftw are such as Lookout M o bile Security, AVG Technologies, and M cA fee are
released by se curity firm s fo r A ndroid devices. How ever, the sandbox is also applicable to the
antivirus softw are. As a result, th ou gh this an tiviru s so ftw are has th e ability to scan th e
co m plete system , it is lim ite d to scanning up to a certain en viro nm e nt.
The feature s of a ndroid operating system include:
© Application fram e w o rk enabling reuse and repla ce m ent o f c om p onen ts
0 Dalvik virtu al m achine optim ize d fo r mobile devices
© Integrated browse r based on th e open source W e bK it engine
0 SQLite fo r structu red data storage
0 M edia su pp ort for com m on audio, video, and still image form a ts (MPEG4, H.264, MP3,
AAC, AM R, JPG, PNG, GIF)
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2413
Q Rich de velo pm e nt enviro nm e nt including a device em u la tor, tools fo r debugging,
m e m ory and pe rform a nce profiling, and a plugin fo r th e Eclipse IDE
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Hacking Mobile Platforms
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2414
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures
Hacking Mobile Platforms
CEH
(•rtifwd itki tjl
Android OS Architecture
APPLICATION
P h o n eC on t a c ts
APPLICATION FRAMEWORK
A c tiv ity M anager W in d o w Manager C o nten t Pro viders
Package M a n ager
N o tificatio n
M anager
Location M an a g er
Resource
M anager
Telephony
M anager
ANDROID RUNTIME
C ore Lib raries
\
D a lvik V irt u a l Machine
M edia F ram ew ork
Surface M anag er
LIBRARIES OpenGL | ES
SGI
LINUX KERNEL
Display D river
C am ara D river Flash M em o ry Drive r
B inder (IPC) D river
Keypad D river
W iF i D river
A u dio D riv e r
P o w e r M a n a g e m ent
Copyright © by E&Cauaci. All Rights Reserved. Reproduction is Strictly Prohibited.
A n d r o i d O S A r c h i t e c t u r e
A nd roid is a Linux-based operatin g system especially designed fo r p orta ble devices
such as sm artphones, tablets, etc. The pictorial repres enta tio n th at fo llo w s shows the differen t
layers such as application, application fra m e w ork, libraries, a ndroid ru ntim e, and Linux kernel,
w hich m ake up th e A ndro id o pe rating system .
Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 16 Page 2415
Exam 312-50 Certified Ethical HackerEthical Hacking and C oun term easures
Hacking M obile Platform s
H o m e C on tacts
Jf\PPLI CATION
P ho ne B ro w s e r
V iew System
Notification
Manager
Content Providers
Location M a na ger
APPLICATION FRAMEWORK
W in d ow M a n ag er
Resource
Manager
ANDROID RUNTIME
Core Libraries
Dalvik Virtual M ach ine
A ctivity Mana ger
Te le ph on y
Manager
Package M ana ger
S Q lite
W e bK it
libc
Surface M an ag er Me dia Fram ew ork
LIBRARIES OpenGL | ES FreeType
SSLSGL
LINUX KERNEL
Display Driver Camara Driver Flash M em ory Driv er Binder (IPC) D river
Keypad D riv er W iF i Driver Audio D river Pow er M a n ag em en t
FIGURE 16.7: Android OS Architecture
Applications:
The applications provided by Android include an email client, SMS, calendar, maps, Browser,
contacts, etc. These applications are written using the Java programming language.
Application Framework
Q As Android is an open development platform, developers have full access to the API
that is used in the core applications
© The View System can be used to develop lists, grids, text boxes, buttons, etc. in the
application
Q The Content Provider permits applications to access data from other applications in
order to share their own data
© The Resource Manager allocates the non-code resources like localized strings, graphics,
etc.
Q The Notification Manager helps applications to show custom messages in the status bar
Q The Activity Manager controls the lifecycle of applications
Libraries
Libraries comprise each and every code that provides the main features of an Android OS. For
example, database support is provided by the SQLite library so that an application can utilize it
for storing data and functionalities for the web browser provided by the Web Kit library. The
Ethical Hacking and C ou n term easures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 16 Page 2416
