SlideShare una empresa de Scribd logo

DefCamp 2013 - Android hacking techniques

DefCamp
DefCamp
TecnologíaNoticias y política
1 de 14
Descargar para leer sin conexión
Android hacking techniques Marius Barat Alexandru Citea Bitdefender Anti-Malware Laboratories, Romˆnia a Nov 30th, 2013 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 1 / 14
Agenda 1 Motivation Global devices evolution Operating systems market share 2 Repackaging an APK What is a repackage? White hat Grey hat Black hat Android repackaging. The on-device way 3 Applovin/Vulna vulnerability 4 Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 2 / 14
1. Motivation Marius Barat Alexandru Citea 1.1. Global devices evolution Android hacking techniques Nov 30th, 2013 3 / 14
1. Motivation 1.2. Operating systems market share International Data Corporation (IDC) - Smartphones OS statistics Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 4 / 14
2. Repackaging an APK 2.1. What is a repackage? Decompile or Disassemble the APK Modify the smali/java code Add new functionalities and new resources Adjust permissions Repack and Resign the APK Tools: ApkTool, APK OneClick Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 5 / 14
2. Repackaging an APK 2.2. White hat Cheetah Theme for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 6 / 14
2. Repackaging an APK 2.2. White hat Green W Socialize for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 7 / 14
2. Repackaging an APK 2.3. Grey hat Add a new Advertising SDK Change the Advertiser ID from the original app Most used adware SDKs: Airpush Apperhand InMobi Leadbolt Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 8 / 14
2. Repackaging an APK 2.4. Black hat More than 1 percent of some 420,646 apps are stolen from other developers and re-engineered for illicit gains Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 9 / 14
2. Repackaging an APK 2.4. Black hat The original application developer loses a lot of money and client The repackaged app is often distributed as a free app: contains Advertising SDKs contains code for stealing sensitive data from the device Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 10 / 14
2. Repackaging an APK 2.4. Black hat Having enough permissions, even if the device is not rooted, sensitive data can be stolen: Mail accounts, passwords and mails are located in: Data/data/com.android.email/databases/EmailProvider.db Facebook messages, contacts, photos urls are located in: Data/data/com.facebook.katana/databases in databases: contacts db2, threads db2 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 11 / 14
2. Repackaging an APK 2.5. Android repackaging. The on-device way Modify on-the-system apks to inject a payload Repack and resign, replace the original apk Possibly clean your own app of the payload (repackage yourself after injection without the malicious code) The payload could represent anything. you can easily modify permissions to give yourself more access Do that without actually implementing the unpacker and root access exploit yourself Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 12 / 14
3. Applovin/Vulna vulnerability Applovin/Vulna vulnerability Advertising framework Vulnerable versions: 2.0.74 through 5.0.3 The update process has no authentication mechanism Update performed via HTTP protocol The APK that the app uses for update can be replaced with a custom one Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 13 / 14
4. Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 14 / 14

Recomendados

soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendsoFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendJune Park
 
The real incident of stealing a droid app+data
The real incident of stealing a droid app+dataThe real incident of stealing a droid app+data
The real incident of stealing a droid app+dataAkash Mahajan
 
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...CODE BLUE
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security TrendsCisco Russia
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE
 
Declaración anual México 2016
Declaración anual México 2016Declaración anual México 2016
Declaración anual México 2016Rankia
 
Mobile App Security Testing
Mobile App Security TestingMobile App Security Testing
Mobile App Security TestingSarwar Jahan M
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 

Recomendados

soFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendsoFrida Dynamic Analysis Tool for Mobile Apps with Cloud Backend
soFrida Dynamic Analysis Tool for Mobile Apps with Cloud BackendJune Park
 
The real incident of stealing a droid app+data
The real incident of stealing a droid app+dataThe real incident of stealing a droid app+data
The real incident of stealing a droid app+dataAkash Mahajan
 
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...CODE BLUE
 
BYOD and Security Trends
BYOD and Security TrendsBYOD and Security Trends
BYOD and Security TrendsCisco Russia
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE
 
Declaración anual México 2016
Declaración anual México 2016Declaración anual México 2016
Declaración anual México 2016Rankia
 
Mobile App Security Testing
Mobile App Security TestingMobile App Security Testing
Mobile App Security TestingSarwar Jahan M
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Satheesh Kumar V
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET Journal
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
 
Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Blueboxer2014
 
Securing android applications
Securing android applicationsSecuring android applications
Securing android applicationsJose Manuel Ortega Candel
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to androidbantyder
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
PentestflashkeybpardpaperAndrey Apuhtin
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNitesh Malviya
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentationSandeep Joshi
 
Mobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationMobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationSunil Paudel
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Android-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxAndroid-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxMonika Poriye
 
DIY, Wearables and Empowerment
DIY, Wearables and EmpowermentDIY, Wearables and Empowerment
DIY, Wearables and EmpowermentZoe Romano
 
Ambient Intelligence
Ambient IntelligenceAmbient Intelligence
Ambient IntelligenceRam Inamdar
 
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYury M
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 
Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 

Más contenido relacionado

Similar a DefCamp 2013 - Android hacking techniques

IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationRufatet Babakishiyev
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Satheesh Kumar V
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET Journal
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbolapidays
 
Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Blueboxer2014
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDario Incalza
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to androidbantyder
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
PentestflashkeybpardpaperAndrey Apuhtin
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNitesh Malviya
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentationSandeep Joshi
 
Mobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationMobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationSunil Paudel
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 AndroidTony Thomas
 
Android-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxAndroid-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxMonika Poriye
 
DIY, Wearables and Empowerment
DIY, Wearables and EmpowermentDIY, Wearables and Empowerment
DIY, Wearables and EmpowermentZoe Romano
 
Ambient Intelligence
Ambient IntelligenceAmbient Intelligence
Ambient IntelligenceRam Inamdar
 
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYury M
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingRomansh Yadav
 

Similar a DefCamp 2013 - Android hacking techniques (20)

IEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android ApplicationIEEE Day 2013 - Reverse Engineering an Android Application
IEEE Day 2013 - Reverse Engineering an Android Application
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security Assessment
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
 
Android Vulnerability: Fake ID
Android Vulnerability: Fake ID Android Vulnerability: Fake ID
Android Vulnerability: Fake ID
 
Securing android applications
Securing android applicationsSecuring android applications
Securing android applications
 
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and ToolsDroidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
Droidcon Greece '15 - Reverse Engineering in Android: Countermeasures and Tools
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
Pentestflashkeybpardpaper
 
Null mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-ExploitationNull mumbai-Android-Insecure-Data-Storage-Exploitation
Null mumbai-Android-Insecure-Data-Storage-Exploitation
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentation
 
Mobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and MitigationMobile binary code - Attack Tree and Mitigation
Mobile binary code - Attack Tree and Mitigation
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Android-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptxAndroid-Chapter01-Intro.pptx
Android-Chapter01-Intro.pptx
 
DIY, Wearables and Empowerment
DIY, Wearables and EmpowermentDIY, Wearables and Empowerment
DIY, Wearables and Empowerment
 
Ambient Intelligence
Ambient IntelligenceAmbient Intelligence
Ambient Intelligence
 
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slidesYuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
YuryMakedonov_TesTrek2013_AndroidTesting_12u_slides
 
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentestingNull Dubai Humla_Romansh_Yadav_Android_app_pentesting
Null Dubai Humla_Romansh_Yadav_Android_app_pentesting
 

Más de DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 

Más de DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Último (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

DefCamp 2013 - Android hacking techniques

  • 1. Android hacking techniques Marius Barat Alexandru Citea Bitdefender Anti-Malware Laboratories, Romˆnia a Nov 30th, 2013 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 1 / 14
  • 2. Agenda 1 Motivation Global devices evolution Operating systems market share 2 Repackaging an APK What is a repackage? White hat Grey hat Black hat Android repackaging. The on-device way 3 Applovin/Vulna vulnerability 4 Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 2 / 14
  • 3. 1. Motivation Marius Barat Alexandru Citea 1.1. Global devices evolution Android hacking techniques Nov 30th, 2013 3 / 14
  • 4. 1. Motivation 1.2. Operating systems market share International Data Corporation (IDC) - Smartphones OS statistics Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 4 / 14
  • 5. 2. Repackaging an APK 2.1. What is a repackage? Decompile or Disassemble the APK Modify the smali/java code Add new functionalities and new resources Adjust permissions Repack and Resign the APK Tools: ApkTool, APK OneClick Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 5 / 14
  • 6. 2. Repackaging an APK 2.2. White hat Cheetah Theme for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 6 / 14
  • 7. 2. Repackaging an APK 2.2. White hat Green W Socialize for Facebook Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 7 / 14
  • 8. 2. Repackaging an APK 2.3. Grey hat Add a new Advertising SDK Change the Advertiser ID from the original app Most used adware SDKs: Airpush Apperhand InMobi Leadbolt Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 8 / 14
  • 9. 2. Repackaging an APK 2.4. Black hat More than 1 percent of some 420,646 apps are stolen from other developers and re-engineered for illicit gains Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 9 / 14
  • 10. 2. Repackaging an APK 2.4. Black hat The original application developer loses a lot of money and client The repackaged app is often distributed as a free app: contains Advertising SDKs contains code for stealing sensitive data from the device Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 10 / 14
  • 11. 2. Repackaging an APK 2.4. Black hat Having enough permissions, even if the device is not rooted, sensitive data can be stolen: Mail accounts, passwords and mails are located in: Data/data/com.android.email/databases/EmailProvider.db Facebook messages, contacts, photos urls are located in: Data/data/com.facebook.katana/databases in databases: contacts db2, threads db2 Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 11 / 14
  • 12. 2. Repackaging an APK 2.5. Android repackaging. The on-device way Modify on-the-system apks to inject a payload Repack and resign, replace the original apk Possibly clean your own app of the payload (repackage yourself after injection without the malicious code) The payload could represent anything. you can easily modify permissions to give yourself more access Do that without actually implementing the unpacker and root access exploit yourself Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 12 / 14
  • 13. 3. Applovin/Vulna vulnerability Applovin/Vulna vulnerability Advertising framework Vulnerable versions: 2.0.74 through 5.0.3 The update process has no authentication mechanism Update performed via HTTP protocol The APK that the app uses for update can be replaced with a custom one Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 13 / 14
  • 14. 4. Questions & Answers Marius Barat Alexandru Citea Android hacking techniques Nov 30th, 2013 14 / 14