CEH Module 17: Hacking Mobile Platform

Reverse Engineering Tools

-Apktool -Frida -JEB -APK Studio -objection -Bytecode Viewer

iOS Hacking Tools

-Elcomsoft Phone Breaker -Fing -Network Analyzer Master Lite -Spyic -iWepPRO -Frida

Android Rooting Tools

-TunesGo Android Tool -One Click Root -Root Genius -SuperSU Root -RootMaster -Towelroot -Z4root

Mobile Device Security Guidelines for Administrator

01) Publish an enterprise policy that specifies the acceptable usage of consumer grade devices and bring-your-own devices in the enterprise 02) Publish an enterprise policy for the cloud 03) Enable security measures such as antivirus to protect data in the datacenter 04) Implement policy that specifies what levels of application and data access are allowable on consumer-grade devices and which are prohibited 05) Specify a session timeout through Access Gateway 06) Specify whether the domain password can be cached on the device or whether users must enter it every time they request access 07) Determine the allowed Access Gateway authentication methods from the following: -No authentication -Domain only -SMS authentication -RSA SecurID only -Domain + RSA SecurID

BYOD Risks

01) Sharing confidential data on unsecured networks 02) Data leakage and endpoint security issues 03) Improperly disposing of devices 04) Support for many different devices 05) Mixing personal and private data 06) Lost or stolen devices 07) Lack of awareness 08) Ability to bypass organization's network policies 09) Infrastructure issues 10) Disgruntled employees

Securing iOS Devices

01) Use passcode lock feature for locking iPhone 02) Only use iOS devices on secured and protected Wi-Fi networks 03) Do not access web services on a compromised network 04) Deploy only trusted third-party applications on iOS devices 05) Disable Javascript and add-ons from web browser 06) Do not store sensitive data on client-side database 07) Do not open links or attachments from unknown sources 08) Change default password of iPhone's root password from alpine 09) Do not jailbreak or root your device if used within enterprise environments 10) Configure Find My iPhone and utilize it to wipe a lost or stolen device 11) Enable Jailbreak detection and also protect access to iTunes AppleID and Google accounts, which are tied to sensitive data 12) Regularly update your device OS with security patches released by Apple

BYOD Benefits

1) Increased productivity 2) Employee satisfaction 3) Work Flexibility 4) Lower costs

Jailbreaking, like rooting, also comes with many security and other risks to your device, which include the following:

1. Voiding your phone's warranty 2. Poor performance 3. Malware infection 4. "Bricking" the device

Bootroom Exploit

Allows both user-level access and iBoot-level access

iBoot

Allows both user-level access and iBoot-level access

z3A Advanced App Analysis

Allows security professionals to identify security and privacy risks across various iOS and Android applications

zANTI

An Android application that allows you to perform attacks, such as spoof MAC address, creating a malicious Wi-Fi hotspot, and hijack session

Kaspersky Mobile Antivirus

An Android security software aimed at anti-theft and virus protection for Mobile and tablet devices

Network Spoofer

Lets you change websites on other people's computers from an Android phone. It allows attackers to redirect websites to other pages

OWASP Top 10 Mobile Risks 2016

M1 Improper Platform Usage M2 Insecure Data Storage M3 Insecure Communication M4 Insecure Authentication M5 Insufficient Cryptography M6 Insecure Authorization M7 Client Code Quality M8 Code Tampering M9 Reverse Engineering M10 Extraneous Functionality

Semi-untethered Jailbreaking

Similar to a semi-tethered jailbreak. In this type of jailbreak, when the device reboots, the kernel is not patched, but the kernel can still be patched without using a computer. This is done using an app installed on the device.

SMS Phishing Attack (SMiShing) (Targeted Attack Scan)

The act of trying to acquire personal and financial information by sending SMSs (Instant or IMs) containing deceptive links

iOS Malware

-Clicker Trojan malware -Trident -Exodus -Checkrain -AceDeceiver Trojan -XcodeGhost -KeyRaider

Jailbreaking iOS

-Defined as the process of installing a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor -Jailbreaking provides root access to the operating system and permits downloading of third-party applications, themes, extensions on iOS devices -Jailbreaking removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and info

Apricot

-A web based mirror operating system for all the latest iPhones -Users can run this mirror iOS version with default iOS 13.2 simultaneously. Apricot features bring a realistic experience to your iOS 13.2 phone

Elcomsoft Phone Breaker

-Allows attackers to perform logical and over-the-air acquisition of iOS devices, break into encrypted backups, and obtain and analyze backups, synchronized data, and passwords from Apple iCloud

Agent Smith Attack

-An Agent Smith attack is carried out by persuading the victim to install a malicious app designed and published by an attacker -The malicious app replaces legitimate apps, such as WhatsApp, SHAREit, and MX Player -The attacker produces a huge volume of advertisements on the victim's device through the infected app for financial gains

FaceNiff

-An Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to -It is possible to hijack sessions only when Wi-Fi is not using EAP and over any private network (Open/WEP/WPA-PSK/WPA2-PSK)

Jailbreaking Tools

-Apricot -Yuxigon -Sileo -Trimgo -Bregxi -Yalu

Other Techniques for Hacking Android Devices-Bypass SSL Pinning

-Attackers can exploit SSL pinning using techniques such as reverse engineering and hooking -Attackers modify the source code of the application to bypass SSL pinning and further perform man-in-the-middle attacks

iOS Device Security Tools

-Avira Mobile Security -Norton Security for iOS -LastPass Password Manager -Lookout Personal for iOS -McAfee Mobile Security -Trend Micro Mobile Security

General Guidelines for Mobile Platform Security

-Do not load too many applications and avoid auto-upload of photos to social networks -Perform a Security Assessment of the Application Architecture -Maintain configuration control and management -Install applications from trusted application stores -Securely wipe or delete the data when disposing of the device -Do not share information within GPS-enabled apps unless necessary -Disable wireless access, such as Wi-Fi and Bluetooth, if not in use -Never connect two separate networks, such as Wi-Fi and Bluetooth, simultaneously -Use passcode -Update OS and Apps -Enable remote management and use remote wipe services -Do not allow Rooting or Jailbreaking -Encrypt storage -Perform periodic backup and synchronization -Filter e-mail-forwarding barriers -Configure Application certification rules -Harden browser permission rules -Design and implement mobile device policies

Android-based Sniffers

-FaceNiff -Packet Capture -tPacketCapture -Android PCAP -Sniffer Wicap 2 Demo -Testeldroid

iOS Device Tracking Tools

-Find My iPhone -Phonty -SpyBubble -Prey Find my Phone Tracker GPS -iHound -FollowMee GPS Location Tracker

Android Device Tracking Tools

-Google Find My Device -Find My Phone -Where's My Droid -Prey Anti Theft: Find My Android & Mobile Security -iHound -Mobile Tracker for Android -Lost Android -Phone Tracker By Number

Android Trojans

-Gostuff Banking Trojan -xHelper -Cerberus -Boogr.gsh -Asacub -Gplayed -HeroRat

Mobile Device Management Solutions

-IBM MaaS360 -Citrix Endpoint Management -VMware AirWatch -Sicap Device Management Centre -SOTI MobiControl -Scalefusion MDM -ManageEngine Mobile Device Manager Plus

Why is reverse engineering effective?

-Initiates black-box testing on mobile apps -Improves static analysis in black-box testing -Performs resilience assessment

Android Security Tools

-Kaspersky Mobile Antivirus -Avast Antivirus -McAfee Mobile Security -Lookout Security & Antivirus -Sophos Mobile Security

Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections

-Mobile device pairing on open connections (public Wi-Fi/unencrypted Wi-Fi routers) allows attackers to eavesdrop and intercept data transmission using techniques such as: --Bluesnarfing (stealing information via Bluetooth) --Bluebugging (gaining control over the device via Bluetooth) -Sharing data from malicious devices can infect/breach data on the recipient device

Why is SMS Phishing Effective?

-Most consumers access the Internet through a mobile -Easy to set up a mobile phishing campaign -Difficult to detect and stop before harm already caused -Mobile users are not conditioned to receiving spam text messages on their mobiles -No mainstream mechanism for weeding out spam SMSs -Few mobile anti-viruses check SMSs

Hacking Network using Network Analyzer Pro

-Network Analyzer Pro discovers all LAN devices' addresses and names -Network Analyzer Pro allows attackers to gather information such as devices connected to the network, their IP addresses, NetBIOS, mDNS (Bonjour), LLMNR, DNS name, etc.

Online Android Analyzers

-Online APK Analyzer -DeGuard -SandDroid -Apktool -UnDroid -Apprisk Scanner

Bring Your Own Device (BYOD)

-Policy allows an employee to bring their personal devices, such as laptops, smartphones, and tablets, to their workplace and use them to access the organization's resources by following the access privileges -Allows employees to use the devices that they are comfortable with and best fits their preferences and work purposes

Citrix Endpoint Management

-Provides a modern approach to manage various devices, including desktops, laptops, smartphones, tablets, and IoT, through a single platform

Reverse engineering is used to:

-Read and understand the source code -Detect underlying vulnerabilities -Scan for sensitive information embedded in the source code -Conduct malware analysis -Regenerate the application after some modifications

App Repackaging Detector

-Repackaging is the process of extracting details of an app from legitimate app stores, such as Google Play Store and Apple Store, and modifying them to inject malicious code -Promon Shield

Reverse Engineering Mobile Applications

-Reverse engineering is the process of analyzing and extracting the source code of a software or application, and if needed, regenerating it with required modifications -Reverse engineering is used to disassemble a mobile application to analyze its design flaws and fix any bugs that are residing in it

App Sandboxing Issues

-Sandboxing helps protect systems and users by limiting the resources the app can access to the mobile platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox

Vulnerable Areas in Mobile Business Environment

-Smartphones offer broad internet and network connectivity via different channels, such as 3G/4G/5G, Bluetooth, Wi-Fi, and wired computer connections -Security threats may arise in different places along these channels during data transmission

Hacking using Spryte

-Spyzie allows attackers to hack SMS, call logs, app chats, GPS, etc -This tool is compatible with all types of iOS devices, including iPhone, iPad, and iPod -Attackers hack the target device remotely in an invisible mode without even jailbreaking the device

Android Device Administration API

-The Device Administration API provides device administration features at the system level -This API allows developers to create security-aware applications that are useful in enterprise settings, where IT professionals require sting control over employee devices

Tap 'n Ghost Attack

-This attack targets NFC technology and RX electrodes used in capacitive touchscreens of mobile devices -Based on two attack techniques: Tag-based Adaptive Ploy (TAP) and Ghost Touch Generator

Mobile Spam

-Unsolicited text/email messages sent to mobile devices from known/unknown phone number and email IDs -Spam messages contain advertisements or malicious links that can trick users into revealing confidential information -Significant amount of bandwidth is wasted by spam messages -Spam attacks are performed for financial gain

Jailbreaking Techniques

-Untethered Jailbreaking -Semi-tethered Jailbreaking -Tethered Jailbreaking -Semi-untethered Jailbreaking

Types of Jailbreaking

-Userland Exploit -iBoot Exploit -Bootrom Exploit

Android Vulnerability Scanners

-X-Ray -QUIXXI -Vulners Scanner -Shellshock Vulnerability Scan -Yaazhini -Quick Android Review Kit (QARK)

Android Hacking Tools

-cSploit -Fing - Network Tools -Androrat -Arpspoof -Network Discovery -NEXSPY -IntentFuzzer

Source Code Analysis Tools

-z3A Advanced App Analysis -Kiuwan -Appium -Selendroid -Bitbar -Infer

OWASP Top 10 Mobile Controls

01) Identify and protect sensitive data on the mobile devices 02) Handle password credentials securely on the device 03) Ensure sensitive data are protected in transit 04) Implement user authentication, authorization, and session management correctly 05) Keep the backend APIs (services) and platform (server) secure 06) Secure data integration with third-party services and applications 07) Pay specific attention to the collection and storage of consent for the collection and use of the user's data 08) Implement controls to prevent unauthorized access to paid-for resources 09) Ensure secure distribution/provisioning of mobile applications 10) Carefully check any runtime interpretation of code for errors

SMS Phishing Countermeasures

01) Never reply to a suspicious SMS without verifying the source 02) Do not click on any links included in an SMS 03) Never reply to an SMS that requests personal and financial information from you 04) Review your bank's policy on sending SMSs 05) Enable the "block texts from the internet" feature from your provider 06) Never reply to an SMS which urging you to act or respond 07) Never call a number left in an SMS

Userland Exploit

Allows user-level access but it does not allow iBook-level access

Online APK Analyzer

Allows you to analyze various details about Android APK files. It can decompile binary xml files and resources

One Click Root

An Android rooting tool that offers features like gaining access to more apps, installing apps on an SD card, preserving battery life, and Wi-Fi and Bluetooth tethering

Android OS

Android is a software environment developed by Google for Mobile devices. It includes an operating system, middleware, and key applications Features -Application framework enabling the reuse and replacement of components -Provides a variety of pre-built UI components -Integrated browser based on the open source Blink and WebKit engine -Media support for common audio, video, and still image formats (MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, GIF) -Rich development environment including a device emulator, tools for debugging, memory and performance profiling, and plugin for the Eclipse IDE

Other Techniques for Hacking Android Devices-Advanced SMS Phishing

Attackers use any low-priced USB modem and trick the victim into accepting the malicious settings in the mobile, which results in redirecting all the victim's data to the attacker

TunesGo Root Android Tool

Has an advanced Android root module that recognizes and analyzes your Android device and automatically chooses the appropriate Android-root-plan for the device

Semi-tethered Jailbreaking

Has the property that if the user turns the device off and back on, the device will completely start up and will no longer have a patched kernel, but it will still be usable for normal functions. To use jailbroken add one, the user need to start the device with the help of a jailbreaking tool

Untethered Jailbreaking

Has the property that if the user turns the device off and back on, the device will completely start up, and the kernel will be patched without the help of a computer; in other words, it will be jailbroken after each reboot

Tethered Jailbreaking

If the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state; for it to completely start up with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on

Avira Mobile Security

This tool provides features like web protection and identity safeguarding, identifies Phishing websites that target you personally, securing emails, tracking your device, identifying activities, organizing device memory, backing up all your contacts

Apktool

Used for reverse engineering third-party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications