CEH-Module17 - Hacking Mobile Platforms
Website Visitors:Mobile Attack Anatomy
Here are a few common types of mobile attacks:
-
Malware/Virus Attacks - Malicious software is installed on a device without the user’s consent or knowledge. It can steal data, monitor activity, or gain control of the device. Viruses, trojans, ransomware are examples.
-
Phishing Attacks - Deceptive communications trick users into sharing sensitive info like passwords, bank details, etc. Phishing sites or texts/calls impersonate trusted brands to steal credentials.
-
Man-in-the-Middle Attacks - A hacker positions themselves between two communicating devices. They can intercept and modify communications between them without either knowing. Often used to steal login credentials.
-
Denial-of-Service Attacks - The attacker makes a device or network resource unavailable by overwhelming it with traffic from multiple sources. This can crash apps, servers or take whole systems offline.
-
Rooting/Jailbreaking Exploits - Allows gaining root/administrator access on Android/iOS devices without authorization. This elevates security risks by bypassing normal access controls.
-
Spyware/Stalkerware - Covertly installed apps that monitor a user’s activities and location without consent. Often used for cyberstalking or spying on a partner’s device.
-
Theft/Loss - Physical theft of devices leaves them open to hacking or data extraction if security features like encryption are not enabled. Loss can also lead to unauthorized access.
-
Weak Authentication - Guessing or cracking weak passwords, PINs or patterns allows unauthorized access to devices and sensitive user data.
The best defenses are keeping devices and apps updated, using strong unique passwords, enabling encryption, only installing from official app stores, and being wary of suspicious links/attachments.
Issues Arising from App Stores
App stores in mobile devices, such as the Apple App Store and Google Play Store, provide a convenient way for users to discover and download apps. However, there are several security issues that can arise from app stores:
-
Malicious Apps: Despite efforts to vet apps for security and privacy, malicious apps can still make their way onto app stores. These apps may contain malware, spyware, adware, or other harmful software that can compromise the security of the device and the user’s data.
-
Fake Apps: Attackers can create fake apps that mimic popular legitimate apps to deceive users into downloading them. These fake apps may steal sensitive information, display unwanted ads, or perform other malicious activities.
-
App Store Clones: Some attackers create fake versions of app stores that look similar to official stores. Users who download apps from these fake stores may unknowingly install malicious software on their devices.
-
Insecure Permissions: Some apps request excessive permissions that are not necessary for their functionality. Granting these permissions can expose sensitive data to the app developer or potential attackers.
-
Outdated Apps: Users may unknowingly download outdated apps that contain security vulnerabilities. Attackers can exploit these vulnerabilities to gain unauthorized access to the device or its data.
-
Phishing Attacks: Attackers may use fake app store websites or emails to trick users into downloading malicious apps or providing sensitive information such as login credentials or payment details.
-
App Store Review Process: While app stores have review processes in place to check for security and privacy issues, some malicious apps may still slip through the cracks. Users should be cautious and conduct their own research before downloading apps.
To mitigate these security issues, users should only download apps from official app stores, read app reviews and ratings, check app permissions before installation, keep apps updated, use security software on their devices, and be cautious of suspicious links or emails related to app downloads.
App Sandboxing Issues
App sandboxing is a security feature that isolates apps from critical system resources and other apps to prevent them from causing harm. However, there can be issues with app sandboxing that may impact the functionality or performance of the app. Some common issues include:
-
Limited access: Apps running in a sandbox may have restricted access to certain resources, which can affect their ability to perform certain functions.
-
Compatibility issues: Some apps may not work properly within a sandbox environment, especially if they require access to specific system resources that are restricted.
-
Performance impact: Running an app in a sandbox can sometimes lead to a decrease in performance due to the overhead of managing the sandbox environment.
-
Security vulnerabilities: While sandboxing is designed to enhance security, there can still be vulnerabilities that malicious actors could exploit to bypass the sandbox and access sensitive information.
It’s important for developers to carefully implement and test app sandboxing to ensure that it provides the intended security benefits without causing significant issues for users.
Mobile Spam
Mobile spam refers to unsolicited and unwanted messages or calls that are sent to mobile devices. This can include text messages, phone calls, and even spammy apps. Mobile spam can be a nuisance and may also pose security risks if the messages contain malicious links or attempt to trick users into providing personal information.
Here are some common types of mobile spam:
-
SMS spam: Unsolicited text messages promoting products, services, or scams.
-
Robocalls: Automated phone calls that deliver pre-recorded messages, often for telemarketing or scams.
-
Phishing messages: Messages that attempt to trick users into providing personal information, such as login credentials or financial details.
-
App spam: Unsolicited notifications or ads from apps that users have installed on their devices.
By staying vigilant and taking proactive measures, users can reduce the impact of mobile spam on their devices.
Smishing
Smishing is a type of phishing attack that occurs through SMS (Short Message Service) or text messages. In a smishing attack, scammers send text messages to trick individuals into providing sensitive information, clicking on malicious links, or downloading harmful attachments.
Here are some common characteristics of smishing attacks:
-
Urgency: Smishing messages often create a sense of urgency to prompt quick action from the recipient, such as claiming that their account is in danger or that they have won a prize that needs to be claimed immediately.
-
Spoofed sender information: Scammers may spoof the sender information to make it appear as if the message is coming from a legitimate source, such as a bank or a government agency.
-
Requests for personal information: Smishing messages typically ask recipients to provide personal information like account numbers, passwords, or other sensitive data.
-
Links to malicious websites: Smishing messages may contain links that direct recipients to fake websites designed to steal their information or infect their devices with malware.
By staying vigilant and following best practices for mobile security, you can reduce the risk of falling victim to smishing attacks.
Agent Smith Attack
The “Agent Smith” attack is a type of malware campaign that targets Android devices. Named after the character from “The Matrix” movie series, the Agent Smith malware infects devices by disguising itself as a legitimate app and then replacing legitimate apps on the device with malicious versions without the user’s knowledge.
Here are some key points about the Agent Smith attack:
-
Infection method: Agent Smith typically spreads through third-party app stores or malicious websites. Once installed on a device, it exploits known vulnerabilities to gain root access and replace legitimate apps with malicious versions.
-
Malicious behavior: The malware’s primary goal is to display fraudulent ads to users, generating revenue for the attackers through ad fraud. It can also potentially steal sensitive information from infected devices.
-
Impact: The Agent Smith attack can affect a large number of devices, as it has the ability to spread rapidly through app installations and updates.
By staying vigilant and following best practices for mobile security, you can help protect your device from malware attacks like Agent Smith.
Signaling System (SS7) Vulnerability
Signaling System 7 (SS7) is a set of protocols used in telecommunications networks to handle the signaling and control of calls and messages between different network elements. While SS7 is essential for the functioning of modern telecommunications systems, it has been found to have vulnerabilities that can be exploited by attackers for various malicious purposes.
Some common vulnerabilities associated with SS7 include:
-
Call interception: Attackers can exploit SS7 vulnerabilities to intercept phone calls and SMS messages, allowing them to eavesdrop on conversations or steal sensitive information.
-
Location tracking: SS7 vulnerabilities can be used to track the location of mobile devices, potentially compromising the privacy and security of individuals.
-
Fraudulent activities: Attackers can manipulate SS7 signaling to conduct fraudulent activities such as bypassing two-factor authentication mechanisms or conducting unauthorized transactions.
-
Denial of Service (DoS) attacks: SS7 vulnerabilities can be exploited to launch DoS attacks against telecommunications networks, disrupting services for users.
By addressing SS7 vulnerabilities and implementing robust security measures, telecommunications providers can help protect their networks and users from potential threats and attacks.
Simjacker: Sim Card Attack
The Simjacker attack is a type of SIM card attack that exploits a vulnerability in SIM cards to remotely take control of mobile devices. This attack involves sending a specially crafted SMS message to a target device’s SIM card, which then triggers the execution of malicious code on the device without the user’s knowledge.
Here are some key points about the Simjacker attack:
-
Exploitation of SIM Toolkit (STK): The attack leverages the SIM Toolkit (STK) technology, which is a set of applications that reside on the SIM card and can interact with the device’s operating system.
-
Remote control: Once the malicious SMS message is sent to the target device, the attacker can remotely instruct the SIM card to perform various actions, such as sending SMS messages, making phone calls, or tracking the device’s location.
-
Information theft: In addition to controlling the device, attackers can use the Simjacker attack to extract sensitive information from the device, such as IMEI numbers, location data, and other device identifiers.
-
Targeted attacks: The Simjacker attack can be used to target specific individuals or devices, making it a potential tool for surveillance or espionage activities.
By staying informed about potential threats like the Simjacker attack and taking proactive security measures, users and mobile operators can help mitigate the risks associated with SIM card vulnerabilities.
OTP Hijacking/Two-Factor Authentication Hijacking
OTP hijacking, also known as two-factor authentication (2FA) hijacking, is a type of attack where an attacker intercepts or steals a one-time password (OTP) or authentication code used for two-factor authentication. Two-factor authentication is a security measure that requires users to provide two forms of verification to access an account, typically something they know (like a password) and something they have (like an OTP sent to their phone).
Here’s how OTP hijacking or 2FA hijacking can occur:
-
Phishing: Attackers may trick users into providing their OTP or authentication code through phishing emails or fake websites that mimic legitimate services.
-
SIM swapping: Attackers can convince a mobile carrier to transfer a victim’s phone number to a new SIM card under their control, allowing them to receive OTPs sent via SMS.
-
Man-in-the-middle attacks: Attackers intercept communication between the user and the service sending the OTP, allowing them to capture the OTP in transit.
To protect against OTP hijacking and 2FA hijacking, consider the following security measures:
-
Use app-based authentication: Instead of relying on SMS-based OTPs, use authentication apps like Google Authenticator or Authy, which generate OTPs locally on your device.
-
Be cautious with OTPs: Do not share your OTP with anyone, and be wary of requests for OTPs from unknown sources.
-
Secure your accounts: Use strong, unique passwords for each account and enable additional security features like biometric authentication or hardware security keys where available.
-
Monitor account activity: Regularly review your account activity for any unauthorized access or changes.
By following best practices for account security and using secure authentication methods, you can reduce the risk of falling victim to OTP hijacking or 2FA hijacking attacks.
Camfecting
Camfecting is a type of cyber attack where an attacker takes control of a victim’s webcam or camera-enabled device without their knowledge or consent. The term “camfecting” is a portmanteau of “camera” and “infecting.” Once the attacker gains access to the victim’s webcam, they can potentially spy on the victim, record video or audio, or take pictures without the victim’s awareness.
Here are some common methods used in camfecting attacks:
-
Malware: Attackers may use malware such as remote access trojans (RATs) to infect a victim’s device and gain unauthorized access to the webcam.
-
Phishing: Attackers may trick victims into downloading malicious software or clicking on links that install malware capable of controlling the webcam.
-
Exploiting vulnerabilities: Attackers may exploit security vulnerabilities in software or operating systems to gain access to the webcam.
Cover or disconnect your device’s webcam when not in use. By staying vigilant and implementing these security measures, you can help protect yourself from camfecting attacks and safeguard your privacy while using camera-enabled devices.
Android Rooting
Rooting an Android device refers to the process of gaining privileged control over the operating system. This allows users to access and modify system files and settings that are normally restricted. Rooting can provide more customization options and control over the device, but it also comes with risks such as voiding warranties, security vulnerabilities, and potential for bricking the device if not done correctly. It’s important to research thoroughly and understand the implications before deciding to root an Android device.
Here are some pros and cons of rooting an Android device:
Pros of rooting an Android device:
- Customization: Rooting allows users to customize the device’s appearance, performance, and behavior beyond what is typically allowed on a non-rooted device.
- Access to root-only apps: Some apps require root access to unlock advanced features or functionality that are not available on non-rooted devices.
- Improved performance: Rooting can enable users to optimize the device’s performance by removing bloatware, overclocking the CPU, or tweaking system settings.
- Backup and restore options: Rooting can provide more advanced backup and restore options, allowing users to save and restore entire system images.
- Extended device lifespan: Rooting can help extend the lifespan of older devices by installing custom ROMs that provide updates and features not officially supported by the manufacturer.
Cons of rooting an Android device:
- Voided warranty: Rooting typically voids the device’s warranty, meaning that the manufacturer may refuse to provide support or repairs for rooted devices.
- Security risks: Rooting can expose the device to security vulnerabilities, as gaining root access also means potentially granting malicious apps or users greater control over the system.
- Bricking the device: If not done correctly, rooting can lead to “bricking” the device, rendering it unusable and potentially irreparable.
- No official updates: Rooted devices may not receive official software updates from the manufacturer, requiring users to rely on custom ROMs for updates.
- Stability issues: Rooting can sometimes cause stability issues, such as app crashes, system freezes, or other performance problems due to modifications made to the system.
Before deciding to root an Android device, it’s important to weigh the pros and cons carefully, research the process thoroughly, and understand the potential risks involved.
DroidSheep
Droidsheep is a tool that can be used to intercept web traffic and perform man-in-the-middle attacks against other WiFi users. Here are some key details about how it works:
-
Operating System: Droidsheep was designed for and runs on Android devices. It takes advantage of Android’s ability to put the WiFi card into monitor mode and sniff wireless traffic.
-
Packet Interception: When running, Droidsheep silently sniffs all wireless traffic on the local network. It analyzes packets to find HTTP cookies and session tokens being transmitted in cleartext.
-
Cookie Theft: If Droidsheep finds a cookie or session token for a popular website like Facebook, Gmail, Twitter etc. it can steal that cookie and use it to spoof the victim’s session.
-
Session Hijacking: With the stolen cookie, Droidsheep can then make its own requests to the website and masquerade as the victim. This allows hijacking active sessions and accessing the victim’s account as if they were logged in.
-
Covert Operation: The victim would have no indication their cookie was stolen or that their session is now under another person’s control. Droidsheep operates silently in the background.
-
Wireless Networks: Any user connected to the same wireless network as the Droidsheep device is vulnerable. It takes advantage of the lack of encryption on most home and small office WiFi networks.
So in summary, Droidsheep is a man-in-the-middle tool that can stealthily steal user credentials and hijack sessions on websites, allowing an attacker to covertly take over other users’ accounts on the local wireless network. It demonstrates the importance of using HTTPS and not transmitting sensitive unencrypted data over public WiFi.
Exploiting Android Device through ADB Using PhoneSploit
Android Debug Bridge (ADB) is a versatile command-line tool that allows developers to communicate with an Android device. It enables various actions such as installing and debugging apps, accessing the device’s shell, transferring files, and more. While ADB is a powerful tool for legitimate development purposes, it can also be misused for malicious activities if not used responsibly.
Phonesploit is a Python-based tool that allows users to remotely exploit Android devices using the Android Debug Bridge (ADB). It provides a simple command-line interface for interacting with Android devices connected via ADB. Phonesploit can be used for various purposes, including accessing files, capturing screenshots, recording the screen, and gaining remote shell access to the target device.
Run phonesploit.py in your parrot os. It provides various options on managing android devices.
Exploiting Android Device using Metasploit
The Metasploit Framework allows attackers to use custom or in-built exploits and payloads for exploiting the target Android device and obtain sensitive information. After establishing a meterpreter session using Metasploit, attackers use commands such as sysinfo, ipconfig, pwd, ps, and dump_sms to gather sensitive data from the target Android device.
Jailbreaking IOS
Jailbreaking an iOS device involves removing software restrictions imposed by Apple, allowing users to gain more control over their device and customize it beyond what is typically allowed. Here are some pros and cons of jailbreaking:
Pros:
- Customization: Jailbreaking allows users to customize their device’s appearance, install themes, and tweak various settings that are not possible on a non-jailbroken device.
- Access to Third-Party Apps: Users can access third-party apps and tweaks not available on the official App Store.
- Enhanced Functionality: Jailbreaking can enable additional features and functionalities that are not supported by Apple, such as improved multitasking, file management, and more.
- Unlocking: Jailbreaking can allow users to unlock their device from specific carriers, enabling the use of different SIM cards.
Cons:
- Security Risks: Jailbreaking can expose the device to security vulnerabilities and malware, as it bypasses Apple’s built-in security measures.
- Voided Warranty: Jailbreaking voids the device’s warranty, as it goes against Apple’s terms and conditions.
- Instability: Jailbreaking can make the device unstable, leading to crashes, freezes, and other performance issues.
- Update Issues: Jailbreaking can prevent users from installing official iOS updates, which may include important security patches and new features.
It’s essential to weigh the pros and cons carefully before deciding to jailbreak your iOS device. Make sure to understand the risks involved and proceed with caution.
IOS Malware
NoReboot: Exploits camera and microphone on victim’s device. Creates a fake reboot process and runs in background without any interruption to its operations.
Pegasus: Pegasus is a sophisticated surveillance tool that can be used to remotely infiltrate mobile devices, including smartphones, to monitor and extract data such as messages, emails, call logs, and even activate the device’s microphone and camera.
Pegasus has been at the center of controversy due to its alleged use by governments and other entities for unauthorized surveillance on individuals, including journalists, activists, and political opponents. The use of Pegasus raises serious privacy and human rights concerns.
XcodeSpy, XCSSET, KeyRaider, Prynt Stealer and clicker trojan malware are few examples of IOS malware.
Your inbox needs more DevOps articles.
Subscribe to get our latest content by email.