Stealing sensitive data from android phones the hacker way
5 likes11,326 views
The presentation covered Android architecture, security model, and ways attackers can exploit Android devices. It discussed how Android is based on the Linux kernel and uses the Dalvik VM. The presentation demonstrated how to build an Android malware through reverse engineering apps and developing malicious apps from scratch. Various real-world Android malware were also described.
![[1] www.thenounproject.com
[2] http://mekeel.org
[3] http://www.gfi.com
[4] http://www.theverge.com
[5] http://www.google.com
Image Credits](https://image.slidesharecdn.com/stealingsensitivedatafromandroidphones-thehackerway-130826233908-phpapp02/85/Stealing-sensitive-data-from-android-phones-the-hacker-way-34-320.jpg)
More Related Content
![[Wroclaw #1] Android Security Workshop](https://cdn.slidesharecdn.com/ss_thumbnails/owaspplwroclaw1-160225150939-thumbnail.jpg?width=560&fit=bounds)
Similar to Stealing sensitive data from android phones the hacker way (20)
More from n|u - The Open Security Community (20)
Stealing sensitive data from android phones the hacker way
- 1. Stealing Sensitive Data from Android Phones - The Hacker Way -SRINIVAS [email protected]
- 2. Who Am I ??? • An Independent Security Researcher • Security Consultant at Tata Consultancy Services
- 3. • Introduction to Android • Android Architecture • Android Internals • Android Security Model • Reverse Engineering • Writing Android Malwares • Demos • Discussion Agenda
- 5. Android Market Share 2013 http://www.onbile.com/info/us-android-market-share/
- 7. Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Developed by Google and Open Handset Alliance What is Android?
- 8. Android was engineered from the beginning to be online. Ability for users to extend the functionality of the device. Ability for users to store their data on the devices. Core Features
- 9. Android Internals Android platform is based on Linux technology. Uses java Programming language No monopoly status - Allows anyone to develop own applications. Good news for Hackers
- 11. Dalvik Virtual Machine Register based Interpreter only virtual machine. The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized for minimal memory. The VM is register-based, and runs classes compiled by a Java language compiler that have been transformed into the .dex format by the included “dx” tool. java Byte code Dalvik Code Dalvik VM .java .class .dex javac dx
- 13. Android App will have an extension .apk It’s nothing but a zip file. Can be extracted using winrar, winzip etc. Android App Basics
- 14. META-INF res AndroidManifest.xml Classes.dex Resources.arsc App illustrated – User Perspective
- 15. Activity Intents Content Providers Service Broadcast Receivers App illustrated – Developer Perspective
- 16. DEMO
- 18. Mandatory application sandbox for all applications Application-defined and user-granted permissions Robust security at the OS level through the Linux kernel Secure inter process communication Application signing Android Platform Security
- 19. Dalvik Virtual Machine Every Android application runs in its own process. The UID will typically be something like app_XX Runs with its own instance of the Dalvik virtual machine. UID 1000 Dalvik VM App 1 UID 1001 Dalvik VM App 2 UID 1002 Dalvik VM App 3 UID 1003 Dalvik VM App 4
- 20. Declared in AndroidManifest.xml XML file contains all the components and permissions Binary XML formatted text. We cant read directly. An App can only use the declared permissions (Theory ) Android Permission Model
- 21. Attacking Android Devices -The known ways
- 22. Exploitation1
- 23. Find your target Device Check for exploits Exploit it
- 24. Malwares2
- 25. DroidDream. Geinimi - Android malware with botnet-like capabilities. Trojan-SMS for Android FakePlayer. iCalendar acbcad45094de7e877b656db1c28ada2. SMS_Replicator_Secret.apk. http://contagiodump.blogspot.in/ Some Popular Android Malwares
- 26. 1. Reverse Engineering 2. Build from Scratch Building Android Malwares
- 27. Legitimate developer 1 2 34 5 Hacker Android Market Third party market User 1. Reverse Engineering 6
- 28. java Byte code Dalvik Code .apk .java .class .dex javac dx Reverse Engineering Tools APK Tool – Smali files Dex2jar, jdGUI – java files
- 29. DEMO
- 30. Hacker Market place 2. Develop from Scratch
- 31. Can Spy on SMS, CallLogs, Contacts, IMEI, Current Location, Browser History etc. Implemented with Broadcast Receivers. Doesn’t make noise – because, it’s a service. Uploads everything to a remote server if internet is available on the device. Will store them as text file onto SDcard if Internet is not available. My Own Android Malware
- 32. DEMO
- 33. DISCUSSION
- 34. [1] www.thenounproject.com [2] http://mekeel.org [3] http://www.gfi.com [4] http://www.theverge.com [5] http://www.google.com Image Credits
- 35. Greetzz! Imran Mohammed Sai Satish Null HyderabadTeam Sri. Sagi ManiRaju