Hacking

9 pages
21 views

Please download to get full document.

View again

of 9
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Share
Description
Description:
Tags
Transcript
   Android Device Hacking Tricks and Countermeasures  Khulood Al Zaabi College of Technological Innovation Zayed University Abu Dhabi, UAE k.alzaabi12@hotmail.com  Abstract --  Cybercrimes have increased against Android devices due to the increased usage of Instant Messaging, Global Positioning Systems (GPS) and Webcam Applications which are built into the Android device, resulting in invasion of the victim’s privacy. The existing studies demonstrate how to utilize the vulnerabilities of the Android device; however, none have proposed a comprehensive study highlighting the hacking tricks and their countermeasures. This study demonstrates how to discover and fully control the Android device using existing tools. Furthermore, it proposes a novel GPS Tracking Application. The purpose of this research is twofold: 1. To demonstrate how to disclose the victim’s sensitive inform ation after performing diverse hacking tricks; and 2. To implement countermeasures for each Android hacking trick. The author believe that such a scenario is needed for implementing awareness among Android device users. Also, it shows Android and Instant Messaging Application developers to mitigate existing vulnerabilities, thereby enhancing security levels.  Keywords----Android Hacking; GPS Hacking; WhatsApp  Hacking; Android Hacking Tricks; Android Hacking Tools; Countermeasures I.   INTRODUCTION In the Post-PC era, the use of small, portable tablets and Smartphones has skyrocketed. They have  become the preferred choice for communication,  performing online banking transactions, taking and uploading photos and videos, sending messages via Instant Messaging Applications (i.e. WhatsApp),  pinpointing locations using the Global Positioning System (GPS), and more. The number of Smartphone users has reached around 7 billion worldwide. Currently, the Android Operating System has gained significant popularity over the Apple device since  being released into the mobile industry in 2008 [1, 2, 3]. The Smartphone is popular due to significant improvements in its functionality, and because it has the capacity to store a considerable amount of the user’s sensitive data [ 2, 4]. However, the Smartphone has also become more susceptible to cybercrimes that violate the victim’s confidentiality, integrity, and availability [1, 5, 6]. As stated by the Norton Report in 2013 [5], 38 percent of Smartphone users are being targeted by criminal activities. The scope of this  paper is to concentrate on the Android hacking tricks and countermeasures. In other words, the research paper focuses on how criminals utilize the Android’s built -in vulnerabilities, and showcases how they overtake the victim’s phone  by using diverse hacking strategies in order to violate their victim’s personal information. The remainder of this paper is organized as follows: Section II presents the “ Background and Related Work  ” where I review the previous literature regarding hacking tricks for Android devices .  In section III, I talk about the “ Problem and Motivation ”. Section IV illustrates the “ Proposed Approach ” and the tools and techniques used. This is then followed by an overview of my “ Experimental Results ” in section V, and the results are discussed in the section titled “ Experimental Discussion ”. In section VII, I conclude my research and propose “ Future Work  ”. II.   BACKGROUND AND RELATED WORK The domain of Android hacking is an ever-evolving area at both the individual and business level due to the unique characteristics, features, and flexibilty of this device. In the following sections, the research paper will introduce: 1. The Android device  platform; 2. An overview of the WhatsApp Instant Messaging Application, and 3. The Global Positioning System.   A.    Android Device Platform The Open Handset Alliance (OHA) developed an open-market Operating System which strives to “accelerate innovations in mobiles an d offers consumers a richer, less expensive, and better mobile experience” [ 7]. Gartner Inc. stated that the Android device embraced 25.5% of the world’s Smartphone sales. According to the IDC Q2 2014 report [8], the Android device occupied 85% of the market as seen in Fig. 1. However, sophisticated criminal offenders have become familiar with the Android device’s   built-in vulnerabilities and loopholes [1, 9]. Cybercriminals have made millions of dollars by deceiving Android users by requesting them to download malicious third-party Applications [5]. The unverified Applications subsequently grant the attacker full access to the victim’s sensitive data [ 5, 8].  Fig. 1. Distribution of mobile operating system in Q2 2014, according to IDC. Source (media.kaspersky, 2014)  B.   Overview of WhatsApp Instant Messaging  Application In September 2015, the popularity of the WhatsApp messaging application reached 900 million users worldwide as shown in Fig. 2 [10, 11, 12, 13]. WhatsApp is a free proprietary cross- platform messaging application which is installed on a client's Smartphone and is not operable without the Internet. The user can then subscribe to the WhatsApp service to send text messages, share images, videos, locations and more with other WhatsApp users [10, 13, 14, 15]. In late January 2015, Koum [10] announced on his Facebook page that: “Our web client is simply an extension of your  phone: the web browser mirrors conversations and messages from your mobile device  —  this means all of  your messages still liv e on your phone”   Koum's announcement was about the release the WhatsApp PC desktop v ersion called “WhatsApp Web” [10 , 12, 13]. This version supports all desktop  browsers except for the Microsoft Internet Explorer and was activated to work with Google Android, Windows Phones, Nokia, iPhones, and BlackBerry devices [10, 12, 14]. Due to the increase in the numbers of WhatsApp Web users, now reaching 200 million, cyber-attacks are also on the rise, thus compromising the personal data stored on the these devices [11, 12]. Fig. 2. Number of monthly active WhatsApp users worldwide (in millions). Source (statista, 2015)   C.   Global Positioning System (GPS) The Global Positioning System was developed by the U.S Department of Defense (DoD) in 1995, using 24 satellites. This system is capable of operating with civil, commercial, and military users around the globe [16]. The Android GPS is part of the Google Play Services, which tracks and pinpoints the exact location of the users [17]. GPS users can utilize both the built-in GPS and Network Location Provider (NLP). The GPS is more accurate than the NLP; however, it is only capable of being operated outdoors. Moreover, the GPS takes a long time to forward the requested location. On the other hand, the NLP consumes less battery power than the GPS and can be operated indoors and outdoors. However, identifying the user's location is complicated because the longitude and latitude becomes different every time the user moves to a new place. This section presents a comprehensive review of the plethora of related research studies that cover Android device hacking techniques. More specifically, it focuses on the hacking of Android Applications, Android Messaging Application such as WhatsApp, Global Positioning Systems on Android devices, describing the various types of attacks and the countermeasures. Whether or not the Application is running, Wu and Li [18] succeeded in hacking the Android Application by proposing two methods: static and dynamic methods. In the static method, they modified the A  pplication’s dex and APK files, while in the dynamic method, they modified the execute byte code. Moreover, they concluded their research by discussing how to detect and protect the Android Application against these types of attacks [18]. Abura’ed et al.  [19] discussed three exploitable vulnerabilities: 1. Overriding the default behaviors of  buttons; 2. Access permissions, and 3. The lack of identity indicators used to perform phishing attacks using a Trojan. They succeeded in imposing a significant threat without the victim’s knowledge , and without degrading the victim’s machine  performance. In addition, they recommended enhancing the Android’s security against these types of attacks by monitoring the machine’s running  process, implementing the SSL certificate for each trusted Application, and keeping the identity indicator such as the watermark [19]. Erich and Cliff [20] conducted a novel denial-of-convenience attack against Android and iPhone devices for non-technical users. The researchers exploited the S martphone’s connectivity management protocol by configuring a fake Wi-Fi access point, and forcing their victims to connect via the non-valid access point. This was done with the purpose of disabling the Internet connection availability of their victims. At the end of their research, they proposed a novel Internet access validation protocol as a defense against this type of attack. The proposed solution used cellular networks in order to send a secret key phrase to the Internet’s validation server [20]. Furthermore, Yubo et al. [21] presented their research on how to deploy a malware against a Smartphone device such as the Android system. This was accomplished by manipulating the Short Message System (SMS) protocol and using the Short Message Type (RS MT) as an attack vector. Next, they attempted to forward this message to the victim’s device by using a Software Defined Radio (SDR). The authors achieved their goal after proving that the device’s antivirus software was not able to detect the injected attack [21]. Additionally, Nguyen et al. [22] achieved their goal in stealthily discovering  the target’s location without the victim’s consent , by developing an unauthorized Location Inference (UnLocIn) approach. This approach was possible with the insensitive Wi-Fi permission, as it bypassed the malware detection technique. The researchers examined 51 free Apps on Google Play, and succeeded in inferring the target’s location with a 50-meter accuracy range. This paper also discussed how to counter the proposed UnLocIn attack [22]. While [23] described the most common social engineering attack techniques on knowledgeable workers, Krombholz et al. presented comprehensive terminology that assisted them in classifying the social engineering attacks in terms of four  parameters. These parameters include the attack channel, the attack operator, various kinds of social engineering and realistic attack scenarios. Moreover, this research included the most advanced attack vectors within the common communication channels and computer-supported collaboration, such as Mobile Messaging Applications (i.e. WhatsApp). In addition, the researchers supported their research by describing countermeasures against this type of attack [23]. In this paper, Krombholz et. al. demonstrated the Cross-site scripting attack (XSS)techniques used against the Android's WebView, whereas, Bhavani [24] utilized the Web Application vulnerabilities to exploit the victim’s WebView, by launching a malicious code through the HttpClient APIs. The researcher concluded that this type of attack can result in disclosing the victim ’s sensitive information (i.e. phone contacts), session hijacking, and stealing the cashed cookies in order to impersonate the victim [24]. This paper complements the existing research by conducting various types of hacking tricks against Android devices. However, the previous work did not demonstrate a comprehensive hacking phase such as the one conducted in this research. The author of this  paper performed social engineering tricks to discover the victim’s current geolocation (GPS hacking). Moreover, the researcher intended to gain full control of the victim’s Android device, such as overtaking the Android’s  Webcam, decrypting the WhatsApp Instant Messaging, and more. Furthermore, the author was able to discover all of the active devices which were connected to the same attacker’s network using the zANIT. Lastly, the researcher presented countermeasures for each trick in order for the victims to become savvy in safeguarding themselves and also, protecting their private information from  being exposed to attackers. III.   PROBLEM AND MOTIVATION As reported by the Google Investor website [9], over 350,000 devices are being activated daily as of February 2011. This is because of the Android’s Smartphone features which enable communication  between individuals and businesses with a high level of information management. However, the developer of the Android device offers it in the open-market model with limited controls. As a result, the Android Operating System and its Applications have become susceptible to critical security threats by sophisticated criminals who spy on users and violate their privacy via the Internet [ 1]. Kaspersky Lab’s security [ 8] illustrates various types of attack statistics against Android users in May 2012 (Fig. 3). Their study stated that the number of Android attacks and the targeted users grew dramatically during the period  between August 2013 and July 2014 [8].   Fig. 3. Detections by Ka spersky Lab’s security of cyber  -attacks on Android. Source (media.kaspersky, 2014) The recently released WhatsApp Desktop version not only attracts users, but also attracts cybercriminals. It allows them to launch a series of attacks such as spreading malicious messages for the  purpose of infecting the user's phone device and invading their privacy for monetary benefits [25]. This is one of the reasons why the authors employed hacking techniques against WhatsApp and the Android device’s GPS . According to Ralf-Philipp Weimann, a researcher at the University of Luxembourg [26], the GPS is a critical Android device vulnerability. The issue begins when the Android device asks the victim to pinpoint their approximate location on the cellular network. These messages are then sent to an unsecured Internet link, which encourages the attacker to trick the Android device into exchanging the location message with them, instead of the cellular network. As a result, the attacker is able to track the victim’s locatio n, and also, to send a malicious code directly onto the victim’s device processor  . This is done with the  purpose of rem otely controlling the victim’s Smartphone [26]. The goal of the present research was to identify these vulnerabilities, exploit them, and implement countermeasures. IV.   PROPOSED APPROACH To conduct the experimental scenarios, the author configured a Laptop with the required mobile hacking tools, as well as two Samsung Galaxy S3 devices. The Rooted Android device acted as an attacker to e xploit the victim’s device , while the other one was used as the victim's device featuring various types of vulnerabilities for exploitation purposes. The devices were used for the purpose of performing diverse types of Android hacking tricks by using different tools and hacking techniques. By using the Android Studio, NetBeans IDE, and PHP respectively, the author proposed various types of Android hacking tricks against the victim’s device. GPS Tracking was the first trick used to identify the current victi m’s geolocation. Moreover, all of the discovered live devices were connected to the same network as the attacker using the zANTI Application, as well as the victim’s built -in Webcam, decrypting WhatsApp and the Kali Linux NetHuntertool (i.e.  Metasploitable Framework). The author  ’ s intention in this research was to alert WhatsApp users, as the App  plays a significant role in tracking their geolocation and disclosing their privacy, especially after the author  ’ s success in exploring WhatsApp vulnerabilities when overtaking the Android device. The main thrust of this research was threefold: 1. To discover the victim’s active device and its associated features using the zANTI discovery tool; 2. To track the victim’s geolocation, device ID, and Timestamp using the GPS Tracking Application; and 3. To take control of the victim’s Android device using Kali Linux and its associated Applications (i.e. Metasploit).   In the following sections, the paper  presents the requirements and the installation instructions for all of the hacking tricks conducted.  A.    Network Map Discovery The attacker browsed their Android device using Starbucks' Wi-Fi public network for the purpose of hunting their victim. The zANTI penetration testing tool assisted them in achieving their goal. Therefore, in order to install the zANTI, the attacker rooted her Android device by installing the “KingRoot” software, Kingroot.apk file from Play Store. The rooted device was verified  by installing the “Root Checker Basic” as illustrated in Fig. 4. Fig. 4. Root Checker Basic Software  Then the attacker downloaded the zANTI.APK file from Zimperium Mobile Security, and installed it on their Android device, allowing her to discover all of the connected devices such as Laptops and mobile devices. Fig. 5 illustrates the zANTIL software interface, including all of the active devices that were connected to the same network as the attacker. In this scenario, the attacker started probing this Android device with an IP address of “ 192.168.x.x ” and connected via “port   0”. All  logs and Nmap scan outputs were displayed for the targeted Android devices. The attacker could then perform advanced scans against her target, by specifying the scan types from the “Operative Actions” option , then connecting to the remote ports to exploit the open ports and discovering vulnerabilities. This was conducted using diverse types of attacks such as the Man-in-the-Middle attack. In addition, it could also check and crack weak passwords , as well as verify the target’s   “ShellShock” and “SSL Poodle” vulnerabili ties. Moreover, the attacker could perfor  m “Smart Scanning” which enabled  her to automatically check for vulnerabilities. In this scenario, the attacker intended to perform an “Intense Scan”, which is also known as an “Intrusive Scan” against the targeted device. This type of attack permits the attacker to detect versions and scripts of the Operating System. Fig. 5. zANTI Software Interface  B.   GPS Tracking In this section, the attacker intended to track her victim’s current geolocation with their permissi on, by designing two different Applications. These are the Android App “app - release.apk” (Android Application Package File), using the Android Studio, and the Desktop App “GPS_Tracker.jar , which i s designed using the NetBeans IDE. The Android App has three classes: the GPS.java, the Launcher.java, and the PostTask.java. The GPS.java is a type of Android service and it implements the LocationListener which is triggered when the GPS location is changed. In addition, the “toString()” method is used to obtain  the location, based on the last updated time. Lastly, the .java represents the launcher activity in the Android  java, and has a layout called “ activity_launcher.xml ” , which consists of a label and a button. Therefore, whenever the user clicks on the “Get GPS Position”  button, the launcher activity retrieves the current geolocation from the GPS.java and displays it on that label. Furthermore, the third class PostTask.java is used to get the geolocation from the launcher.java, and posts it onto the attacker’s Webserver. Fig. 6 illustrates the  AndroidManifest.xml   file. Fig. 6. AndroidManifest.xml file The second App, which is a desktop has one class “Launcher.java” , which is linked with two functions: the clearTable() and the refreshTable(). The “ClearTable” function is used to connect to the server and clears the database files which have old logs. The “RefeshTable” function is used to connect to the Webserver to search for and retrieve old records. Moreover, this App has a JTable which encompasses four columns: the Serial Number, the Device ’s  ID, the GPS ’ location (latitude and l ongitude), and the Timestamp (in GMT). Normally, for the purpose of Tracking Applications, the attacker creates two scripts and one text file to be available on her Webserver which are “gps.php”, “clear.php”, and “gps.txt” respectively . The gps.php script is used to receive data from the Android App and these records are saved onto the “GPS.txt” file , while, the “clear.php” script is used to delete all entries from the gps.txt file located on the attacker’s Webserver  . The malicious user performed social engineering
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks