Offensive Android Security

Posted by on Jul 2, 2014 in Technology | No Comments

Android Terminal Window

I’m sure many people have known that Android has great potential; unfortunately until recently mobile devices didn’t really have the horsepower to do anything fun. Running network scans took forever and drained the battery. The best value was to show what the future might hold. Well, the future is here and it’s really nice. Now that Android has the horsepower and the battery life to match, we must take a look at potential security concerns. All of the below is intended to show just how easy these tasks are, even for novice users. Let’s dive in and see just how easy this can be!

 

Got Root?

Let’s start with the basics. First if you want to play around with Android’s script kiddie tools you’ll need a root device. Root is the Android administrator account, which allows you to run admin level tasks.

terminal

 

Why Root? There are plenty of apps that ask for Root, some don’t actually need it and only ask because of lazy programming. It should be noted, that if you run something malicious as Root, it will have 100% unfettered access to the device so grant Root judiciously.  Depending on the sophistication of the attack, it could install a package that would remain even if you do a factory reset of the device. With that being said you can continue one of two ways. You can either choose to do things the ultra-secure way, or you can do it the easy way. The secure way involves building everything from source. The easy way involves downloading pre-compiled applications – obviously at your own risk.

Most Rooting methods involve exploiting some sort of vulnerable code in the Android OS. If you want to root from your phone without the use of a PC there are apps like Towel Root which can do this process automatically.

BusyBox

Once you have Root you will need to install BusyBox. This will offer a variety of stripped down Linux commands.  Many of which are essential for our script kiddie tools. The easiest way to install BusyBox is to use the installer found on the play store.  You will need Root to install BusyBox, but you will not need Root to run most of the commands.

 

On to the fun stuff!

To be honest I thought of this post before I had actually done any research, and of course while looking for Android hacking tools I found a very nice one stop shop. I was originally going to manually port a few of the tools I had been familiar with, but then I found one of the easiest script kiddie tools on the planet. If you’re just looking to have fun, this is the tool for you.

It should also be noted that there are many more options out there, but the easiest one I’ve found is dSploit. It makes hacking from an Android device child’s play. Warning: only do this on your home network or in a lab for which you have full(written) permission.   This can get you in a lot of trouble. As always USE AT YOUR OWN RISK.

 

dSploit is like a Swiss Army Knife for an Android hacker. It can accomplish quite a bit, and all from convenient menus. Everything is self-explanatory and can be easily run by selecting the menu.

I thought I would have to type more about it, but if there was ever an app to start with it’s this. Below is a quick example of just how well it works

First select Local Network, and then simply select Replace Images. I linked it to the logo on my website, and then navigated to imgur. Below is a screenshot of my phone and then a screenshot of my laptop. Keep in mind, the laptop is merely connected to the same network. I didn’t have to touch the laptop with my phone in any way. Just click and go. Yes it’s that easy.

 

It’s as simple as clicking “Replace Images”

dSploit in action

 

Every device on my network attempting to access the internet had all images replaced with the image I selected.

screenshot of imgur

 

At first this seems like harmless fun, and for the most part it is. But let’s say I’m a malicious person. Suppose I’m after a certain piece of information. A more advanced user could use the Redirect All Traffic function to send all traffic through a malicious proxy server on the internet. At this point, you think you’re hitting Google, but before you actually go to Google, you hit the hacker’s malicious server, which still isn’t necessarily a problem, but what if you were logging in to your Gmail, or your online banking? Since you’re going through their proxy, they could theoretically gain access to your passwords, I say theoretically because the connection is most likely going to be https, but if they can spoof the certificate and get in the middle, then you will only have an illusion of security.

This is why you should never go to any site with sensitive information when connected to a public hotspot. If you’re on a public hotspot you’re very vulnerable. Even if you think that you wouldn’t care of someone got access to your Neopets account, they might be able to use those same credentials to get into other sites that you do care about.


What can I do? This sounds pretty hopeless to me.

Don’t worry! There’s always a way to protect yourself, some are more complicated than others.

Let’s start with your home network. If you have the ability I strongly suggest you enable encryption. This will cut out 90% of the issues right there. If your router has the ability to have a guest network, I strongly suggest you take advantage of it. Let’s pick an obvious scenario, and assume less obvious ones could also arise.

Router Guest Network Screen

Suppose a jealous ex-lover decides they want to blackmail you, or just log into all your social networks and ruin your identity. If you had a guest network, you’ve just made this a lot more challenging for them as they would only be allowed to access the internet without having any access to your local network.

Parents should also take note, if a teenager is trying to gain access to something, they could also utilize some of the above techniques. Never underestimate teenagers. They have a lot of time on their hands.

Okay now for a more realistic scenario. Let’s say you’re out at a crowded coffee shop and there’s someone there looking to get information. They’re scanning the whole network, and to make matters worse, they are doing it from a cell phone that’s plugged into a wall charger in the back. They’re not even in the building. How would you protect against this? Good question!

 

Secure VPNs!

There are only two real options for a public hotspot. The best is to not connect in the first place. But the next best is to utilize a VPN. A VPN can be used to encrypt all of your traffic and send it out of a different location. For VPN’s there are many options. I am a fan of not spending money if I don’t have to. Most ISP’s are giving out static IP addresses. These are IP addresses that don’t change. For this I am going to assume you have a Static IP.

Most modern routers come with a built in VPN server. And while it’s better than nothing, it’s definitely not the most secure option out there as they use PPTP instead of IPsec or SSL. If you use your router’s built-in VPN I suggest you still assume your traffic is vulnerable. You’re just significantly less likely to be targeted by someone on a cell phone.

Router VPN Screen

If you have the technical ability you can do what I did and setup a Linux VM and run a VPN server from there. Then do what is called a NAT to that box. I am not going to go into detail on how to accomplish this at this time. The whole process can be accomplished in less than an hour if you know what you’re doing.

 Paid VPNs?

Another option is a paid for VPN service. I have not spec’d any of these, but I should caution that a VPN only encrypts traffic BETWEEN point A and point B. If you use a VPN service, point B could just as easily gain access to your private information and you would have no way of knowing. Given how counterproductive this could be, I advise against this option.

Android has come a long way since it was released in 2008. There are many great things Android can accomplish. While a lot of the better features exist to make our daily lives easier, it can also make an attacker’s life easier as well. It’s good to be aware of these things as most people don’t see a mobile device as a threat.

Leave a Reply