CEH Module 17: Hacking Mobile Platform
Reverse Engineering Tools
-Apktool -Frida -JEB -APK Studio -objection -Bytecode Viewer
iOS Hacking Tools
-Elcomsoft Phone Breaker -Fing -Network Analyzer Master Lite -Spyic -iWepPRO -Frida
Android Rooting Tools
-TunesGo Android Tool -One Click Root -Root Genius -SuperSU Root -RootMaster -Towelroot -Z4root
Mobile Device Security Guidelines for Administrator
01) Publish an enterprise policy that specifies the acceptable usage of consumer grade devices and bring-your-own devices in the enterprise 02) Publish an enterprise policy for the cloud 03) Enable security measures such as antivirus to protect data in the datacenter 04) Implement policy that specifies what levels of application and data access are allowable on consumer-grade devices and which are prohibited 05) Specify a session timeout through Access Gateway 06) Specify whether the domain password can be cached on the device or whether users must enter it every time they request access 07) Determine the allowed Access Gateway authentication methods from the following: -No authentication -Domain only -SMS authentication -RSA SecurID only -Domain + RSA SecurID
BYOD Risks
01) Sharing confidential data on unsecured networks 02) Data leakage and endpoint security issues 03) Improperly disposing of devices 04) Support for many different devices 05) Mixing personal and private data 06) Lost or stolen devices 07) Lack of awareness 08) Ability to bypass organization's network policies 09) Infrastructure issues 10) Disgruntled employees
Securing iOS Devices
01) Use passcode lock feature for locking iPhone 02) Only use iOS devices on secured and protected Wi-Fi networks 03) Do not access web services on a compromised network 04) Deploy only trusted third-party applications on iOS devices 05) Disable Javascript and add-ons from web browser 06) Do not store sensitive data on client-side database 07) Do not open links or attachments from unknown sources 08) Change default password of iPhone's root password from alpine 09) Do not jailbreak or root your device if used within enterprise environments 10) Configure Find My iPhone and utilize it to wipe a lost or stolen device 11) Enable Jailbreak detection and also protect access to iTunes AppleID and Google accounts, which are tied to sensitive data 12) Regularly update your device OS with security patches released by Apple
BYOD Benefits
1) Increased productivity 2) Employee satisfaction 3) Work Flexibility 4) Lower costs
Jailbreaking, like rooting, also comes with many security and other risks to your device, which include the following:
1. Voiding your phone's warranty 2. Poor performance 3. Malware infection 4. "Bricking" the device
Bootroom Exploit
Allows both user-level access and iBoot-level access
iBoot
Allows both user-level access and iBoot-level access
z3A Advanced App Analysis
Allows security professionals to identify security and privacy risks across various iOS and Android applications
zANTI
An Android application that allows you to perform attacks, such as spoof MAC address, creating a malicious Wi-Fi hotspot, and hijack session
Kaspersky Mobile Antivirus
An Android security software aimed at anti-theft and virus protection for Mobile and tablet devices
Network Spoofer
Lets you change websites on other people's computers from an Android phone. It allows attackers to redirect websites to other pages
OWASP Top 10 Mobile Risks 2016
M1 Improper Platform Usage M2 Insecure Data Storage M3 Insecure Communication M4 Insecure Authentication M5 Insufficient Cryptography M6 Insecure Authorization M7 Client Code Quality M8 Code Tampering M9 Reverse Engineering M10 Extraneous Functionality
Semi-untethered Jailbreaking
Similar to a semi-tethered jailbreak. In this type of jailbreak, when the device reboots, the kernel is not patched, but the kernel can still be patched without using a computer. This is done using an app installed on the device.
SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
The act of trying to acquire personal and financial information by sending SMSs (Instant or IMs) containing deceptive links
iOS Malware
-Clicker Trojan malware -Trident -Exodus -Checkrain -AceDeceiver Trojan -XcodeGhost -KeyRaider
Jailbreaking iOS
-Defined as the process of installing a modified set of kernel patches that allows users to run third-party applications not signed by the OS vendor -Jailbreaking provides root access to the operating system and permits downloading of third-party applications, themes, extensions on iOS devices -Jailbreaking removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and info
Apricot
-A web based mirror operating system for all the latest iPhones -Users can run this mirror iOS version with default iOS 13.2 simultaneously. Apricot features bring a realistic experience to your iOS 13.2 phone
Elcomsoft Phone Breaker
-Allows attackers to perform logical and over-the-air acquisition of iOS devices, break into encrypted backups, and obtain and analyze backups, synchronized data, and passwords from Apple iCloud
Agent Smith Attack
-An Agent Smith attack is carried out by persuading the victim to install a malicious app designed and published by an attacker -The malicious app replaces legitimate apps, such as WhatsApp, SHAREit, and MX Player -The attacker produces a huge volume of advertisements on the victim's device through the infected app for financial gains
FaceNiff
-An Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to -It is possible to hijack sessions only when Wi-Fi is not using EAP and over any private network (Open/WEP/WPA-PSK/WPA2-PSK)
Jailbreaking Tools
-Apricot -Yuxigon -Sileo -Trimgo -Bregxi -Yalu
Other Techniques for Hacking Android Devices-Bypass SSL Pinning
-Attackers can exploit SSL pinning using techniques such as reverse engineering and hooking -Attackers modify the source code of the application to bypass SSL pinning and further perform man-in-the-middle attacks
iOS Device Security Tools
-Avira Mobile Security -Norton Security for iOS -LastPass Password Manager -Lookout Personal for iOS -McAfee Mobile Security -Trend Micro Mobile Security
General Guidelines for Mobile Platform Security
-Do not load too many applications and avoid auto-upload of photos to social networks -Perform a Security Assessment of the Application Architecture -Maintain configuration control and management -Install applications from trusted application stores -Securely wipe or delete the data when disposing of the device -Do not share information within GPS-enabled apps unless necessary -Disable wireless access, such as Wi-Fi and Bluetooth, if not in use -Never connect two separate networks, such as Wi-Fi and Bluetooth, simultaneously -Use passcode -Update OS and Apps -Enable remote management and use remote wipe services -Do not allow Rooting or Jailbreaking -Encrypt storage -Perform periodic backup and synchronization -Filter e-mail-forwarding barriers -Configure Application certification rules -Harden browser permission rules -Design and implement mobile device policies
Android-based Sniffers
-FaceNiff -Packet Capture -tPacketCapture -Android PCAP -Sniffer Wicap 2 Demo -Testeldroid
iOS Device Tracking Tools
-Find My iPhone -Phonty -SpyBubble -Prey Find my Phone Tracker GPS -iHound -FollowMee GPS Location Tracker
Android Device Tracking Tools
-Google Find My Device -Find My Phone -Where's My Droid -Prey Anti Theft: Find My Android & Mobile Security -iHound -Mobile Tracker for Android -Lost Android -Phone Tracker By Number
Android Trojans
-Gostuff Banking Trojan -xHelper -Cerberus -Boogr.gsh -Asacub -Gplayed -HeroRat
Mobile Device Management Solutions
-IBM MaaS360 -Citrix Endpoint Management -VMware AirWatch -Sicap Device Management Centre -SOTI MobiControl -Scalefusion MDM -ManageEngine Mobile Device Manager Plus
Why is reverse engineering effective?
-Initiates black-box testing on mobile apps -Improves static analysis in black-box testing -Performs resilience assessment
Android Security Tools
-Kaspersky Mobile Antivirus -Avast Antivirus -McAfee Mobile Security -Lookout Security & Antivirus -Sophos Mobile Security
Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
-Mobile device pairing on open connections (public Wi-Fi/unencrypted Wi-Fi routers) allows attackers to eavesdrop and intercept data transmission using techniques such as: --Bluesnarfing (stealing information via Bluetooth) --Bluebugging (gaining control over the device via Bluetooth) -Sharing data from malicious devices can infect/breach data on the recipient device
Why is SMS Phishing Effective?
-Most consumers access the Internet through a mobile -Easy to set up a mobile phishing campaign -Difficult to detect and stop before harm already caused -Mobile users are not conditioned to receiving spam text messages on their mobiles -No mainstream mechanism for weeding out spam SMSs -Few mobile anti-viruses check SMSs
Hacking Network using Network Analyzer Pro
-Network Analyzer Pro discovers all LAN devices' addresses and names -Network Analyzer Pro allows attackers to gather information such as devices connected to the network, their IP addresses, NetBIOS, mDNS (Bonjour), LLMNR, DNS name, etc.
Online Android Analyzers
-Online APK Analyzer -DeGuard -SandDroid -Apktool -UnDroid -Apprisk Scanner
Bring Your Own Device (BYOD)
-Policy allows an employee to bring their personal devices, such as laptops, smartphones, and tablets, to their workplace and use them to access the organization's resources by following the access privileges -Allows employees to use the devices that they are comfortable with and best fits their preferences and work purposes
Citrix Endpoint Management
-Provides a modern approach to manage various devices, including desktops, laptops, smartphones, tablets, and IoT, through a single platform
Reverse engineering is used to:
-Read and understand the source code -Detect underlying vulnerabilities -Scan for sensitive information embedded in the source code -Conduct malware analysis -Regenerate the application after some modifications
App Repackaging Detector
-Repackaging is the process of extracting details of an app from legitimate app stores, such as Google Play Store and Apple Store, and modifying them to inject malicious code -Promon Shield
Reverse Engineering Mobile Applications
-Reverse engineering is the process of analyzing and extracting the source code of a software or application, and if needed, regenerating it with required modifications -Reverse engineering is used to disassemble a mobile application to analyze its design flaws and fix any bugs that are residing in it
App Sandboxing Issues
-Sandboxing helps protect systems and users by limiting the resources the app can access to the mobile platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox
Vulnerable Areas in Mobile Business Environment
-Smartphones offer broad internet and network connectivity via different channels, such as 3G/4G/5G, Bluetooth, Wi-Fi, and wired computer connections -Security threats may arise in different places along these channels during data transmission
Hacking using Spryte
-Spyzie allows attackers to hack SMS, call logs, app chats, GPS, etc -This tool is compatible with all types of iOS devices, including iPhone, iPad, and iPod -Attackers hack the target device remotely in an invisible mode without even jailbreaking the device
Android Device Administration API
-The Device Administration API provides device administration features at the system level -This API allows developers to create security-aware applications that are useful in enterprise settings, where IT professionals require sting control over employee devices
Tap 'n Ghost Attack
-This attack targets NFC technology and RX electrodes used in capacitive touchscreens of mobile devices -Based on two attack techniques: Tag-based Adaptive Ploy (TAP) and Ghost Touch Generator
Mobile Spam
-Unsolicited text/email messages sent to mobile devices from known/unknown phone number and email IDs -Spam messages contain advertisements or malicious links that can trick users into revealing confidential information -Significant amount of bandwidth is wasted by spam messages -Spam attacks are performed for financial gain
Jailbreaking Techniques
-Untethered Jailbreaking -Semi-tethered Jailbreaking -Tethered Jailbreaking -Semi-untethered Jailbreaking
Types of Jailbreaking
-Userland Exploit -iBoot Exploit -Bootrom Exploit
Android Vulnerability Scanners
-X-Ray -QUIXXI -Vulners Scanner -Shellshock Vulnerability Scan -Yaazhini -Quick Android Review Kit (QARK)
Android Hacking Tools
-cSploit -Fing - Network Tools -Androrat -Arpspoof -Network Discovery -NEXSPY -IntentFuzzer
Source Code Analysis Tools
-z3A Advanced App Analysis -Kiuwan -Appium -Selendroid -Bitbar -Infer
OWASP Top 10 Mobile Controls
01) Identify and protect sensitive data on the mobile devices 02) Handle password credentials securely on the device 03) Ensure sensitive data are protected in transit 04) Implement user authentication, authorization, and session management correctly 05) Keep the backend APIs (services) and platform (server) secure 06) Secure data integration with third-party services and applications 07) Pay specific attention to the collection and storage of consent for the collection and use of the user's data 08) Implement controls to prevent unauthorized access to paid-for resources 09) Ensure secure distribution/provisioning of mobile applications 10) Carefully check any runtime interpretation of code for errors
SMS Phishing Countermeasures
01) Never reply to a suspicious SMS without verifying the source 02) Do not click on any links included in an SMS 03) Never reply to an SMS that requests personal and financial information from you 04) Review your bank's policy on sending SMSs 05) Enable the "block texts from the internet" feature from your provider 06) Never reply to an SMS which urging you to act or respond 07) Never call a number left in an SMS
Userland Exploit
Allows user-level access but it does not allow iBook-level access
Online APK Analyzer
Allows you to analyze various details about Android APK files. It can decompile binary xml files and resources
One Click Root
An Android rooting tool that offers features like gaining access to more apps, installing apps on an SD card, preserving battery life, and Wi-Fi and Bluetooth tethering
Android OS
Android is a software environment developed by Google for Mobile devices. It includes an operating system, middleware, and key applications Features -Application framework enabling the reuse and replacement of components -Provides a variety of pre-built UI components -Integrated browser based on the open source Blink and WebKit engine -Media support for common audio, video, and still image formats (MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, GIF) -Rich development environment including a device emulator, tools for debugging, memory and performance profiling, and plugin for the Eclipse IDE
Other Techniques for Hacking Android Devices-Advanced SMS Phishing
Attackers use any low-priced USB modem and trick the victim into accepting the malicious settings in the mobile, which results in redirecting all the victim's data to the attacker
TunesGo Root Android Tool
Has an advanced Android root module that recognizes and analyzes your Android device and automatically chooses the appropriate Android-root-plan for the device
Semi-tethered Jailbreaking
Has the property that if the user turns the device off and back on, the device will completely start up and will no longer have a patched kernel, but it will still be usable for normal functions. To use jailbroken add one, the user need to start the device with the help of a jailbreaking tool
Untethered Jailbreaking
Has the property that if the user turns the device off and back on, the device will completely start up, and the kernel will be patched without the help of a computer; in other words, it will be jailbroken after each reboot
Tethered Jailbreaking
If the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state; for it to completely start up with a patched kernel, it must be "re-jailbroken" with a computer (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on
Avira Mobile Security
This tool provides features like web protection and identity safeguarding, identifies Phishing websites that target you personally, securing emails, tracking your device, identifying activities, organizing device memory, backing up all your contacts
Apktool
Used for reverse engineering third-party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications