KEMBAR78
Android Hacking + Pentesting | PPTX
Sina Manavi, profile picture
Uploaded bySina Manavi
PPTX, PDF7,798 views

Android Hacking + Pentesting

The document outlines a presentation by Sina Manavi on Android hacking and penetration testing, covering topics like Android security architectures, malware, and ways to secure Android devices. It emphasizes the vulnerabilities of Android OS, the importance of safe app installation, and provides examples of popular malware. Additionally, it discusses hacking techniques, including installing tools like dSploit and Kali Linux for various attacks.

Education
In this document
Powered by AI

Overview of Android hacking presented by Sina Manavi, a credentialed expert in computer security.

Discussion on Android OS features, its vast community, and the app marketplace, emphasizing its exploitable aspects.

Insights into Android's security layers, safe practices for users, and the importance of using authorized apps.

Overview of app installation, permissions required, and discussions regarding potential vulnerabilities and user awareness.

Definition and impacts of malware on users, examples of popular malware, and a demonstration of hacking techniques using Android.

Downloaded 450 times
Android Hacking + Pentest EC Council Malaysia Instructure: Sina Manavi 27 March 2014
About Me My name is Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
Agenda: • Android OS • Android Security Architectures • Malwares • Attacking Android Platform • Hacking with Android
What is Android ? • Everywhere(TV, Phones, tablets) • Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over 4,000,000 apps (Google Market)
Android History Version
Android OS
Android Security • Linux based • Open source • Wide available for everyone • Everyone can develop apps and malwares 
How to have a safe Device • Install apps from authorized market (Google Play) • Read the review before downloading • Read Permission warning before installing the apps. • Phishing/SMS? • Lock Screen to avoid unauthorized access
How to have a safe Device cont. • Using Antivirus • Encrypt your device and data • While using public hotspots such as Starbucks, use VPN to encrypt your network connection • Enable Remote Wipe feature
Security layers of Android OS
Android App Installation
Android Permission • ACESS_COARSE_LOCATION • ACESS_FINE_LOCATION • BRICK • CALL_PHONE • INTERNET • GET ACCOUNTS • PROCESS_OUTGOING_CALLS
Android Permission • READ_OWNER_DATA • READ_SMS • RECEIVE_SMS • SEND_SMS • USER_CREDNTIALS • WRITE_OWNER_DATA • REORD_AUDIO
Android Vulnerability or User?
Malware • Anything that breaks the security model (without the users consent) • Deceptive/hide true intent • bad for user / good for attacker e.g. surveillance, collecting passwords, etc. • Applications that are detrimental to the user running the device.
Malware Harms a user • Financial • Privacy • Personal information – location (surveillance) , • Stealing resources – cracking, botnets – processing power Breaks Network policy
Malware Example • GEO Location ? • IP Address / 3G/4G or on WiFi network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc. • SMS Receiving, Sending, Fobricating.
Malware Sample Code (Java)
Popular Malware • Zeus • DroidDream • Geinmi- Android malware with botnet-like capabilities • Trojan-SMS for Android FakePlayer • iCalendar acbcad45094de7e877b65db1c28ada 2 • SMS_Replicator_Secret.apk
Demo Hacking Android Phone: – Information stealing – Remote Access – Social Engineering – Malware attack Hacking with Andorid : – Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing….etc) – Installing kali linux on android to perform attack

More Related Content

PPTX
Cybersecurity Awareness Training
byDave Monahan
 
PPTX
Threat hunting in cyber world
byAkash Sarode
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PPTX
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
PPTX
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
Threat Hunting
bySplunk
 
PPTX
Web application security
byKapil Sharma
 
Cybersecurity Awareness Training
byDave Monahan
 
Threat hunting in cyber world
byAkash Sarode
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Threat Hunting
bySplunk
 
Web application security
byKapil Sharma
 

What's hot

PDF
Red Team Framework
by👀 Joe Gray
 
PPTX
Pentesting Android Applications
byCláudio André
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PPTX
MITRE ATT&CK framework
byBhushan Gurav
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PPTX
Recon with Nmap
byOWASP Delhi
 
PPTX
Password Cracking
bySina Manavi
 
PDF
Secure Code Review 101
byNarudom Roongsiriwong, CISSP
 
PPTX
Introduction to SOC
byBoni Yeamin
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PPTX
Understanding NMAP
byPhannarith Ou, G-CISO
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PPTX
Cross Site Scripting ( XSS)
byAmit Tyagi
 
PPTX
Ssrf
byIlan Mindel
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PDF
Penetration Testing Report
byAman Srivastava
 
PPTX
Social Engineering new.pptx
bySanthosh Prabhu
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
Red Team Framework
by👀 Joe Gray
 
Pentesting Android Applications
byCláudio André
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Introduction to penetration testing
byNezar Alazzabi
 
MITRE ATT&CK framework
byBhushan Gurav
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
Recon with Nmap
byOWASP Delhi
 
Password Cracking
bySina Manavi
 
Secure Code Review 101
byNarudom Roongsiriwong, CISSP
 
Introduction to SOC
byBoni Yeamin
 
Footprinting and reconnaissance
byNishaYadav177
 
Understanding NMAP
byPhannarith Ou, G-CISO
 
Web Application Penetration Testing
byPriyanka Aash
 
Cross Site Scripting ( XSS)
byAmit Tyagi
 
Ssrf
byIlan Mindel
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
Threat hunting for Beginners
bySKMohamedKasim
 
Penetration Testing Report
byAman Srivastava
 
Social Engineering new.pptx
bySanthosh Prabhu
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 

Similar to Android Hacking + Pentesting

PDF
Hacking your Android (slides)
byJustin Hoang
 
PPTX
Hacker Halted 2014 - Reverse Engineering the Android OS
byEC-Council
 
PPT
Securely Deploying Android Device - ISSA (Ireland)
byAngelill0
 
PPTX
Mobile security
bypriyanka pandey
 
PPT
ethical hacking-mobile hacking methods.ppt
byJayaprasanna4
 
PPTX
Android Security
byArqum Ahmad
 
PDF
Unit 1 Kali Nethunter Android: OS, Debub Bridge
byChatanBawankar
 
PDF
ToorCon 14 : Malandroid : The Crux of Android Infections
byAditya K Sood
 
PDF
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
byFelipe Prado
 
PDF
Deep Dive Into Android Security
byMarakana Inc.
 
PDF
Hacking your Droid (Aditya Gupta)
byClubHack
 
PDF
Stealing sensitive data from android phones the hacker way
byn|u - The Open Security Community
 
PPTX
[Wroclaw #1] Android Security Workshop
byOWASP
 
PPTX
Android security
byMidhun P Gopi
 
PPT
Analysis and research of system security based on android
byRavishankar Kumar
 
PPTX
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
PDF
Securing Android
byMarakana Inc.
 
PPTX
Mobile application security
byShubhneet Goel
 
PPTX
Mobile Application Security
byIshan Girdhar
 
PDF
Building Custom Android Malware BruCON 2013
byStephan Chenette
 
Hacking your Android (slides)
byJustin Hoang
 
Hacker Halted 2014 - Reverse Engineering the Android OS
byEC-Council
 
Securely Deploying Android Device - ISSA (Ireland)
byAngelill0
 
Mobile security
bypriyanka pandey
 
ethical hacking-mobile hacking methods.ppt
byJayaprasanna4
 
Android Security
byArqum Ahmad
 
Unit 1 Kali Nethunter Android: OS, Debub Bridge
byChatanBawankar
 
ToorCon 14 : Malandroid : The Crux of Android Infections
byAditya K Sood
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
byFelipe Prado
 
Deep Dive Into Android Security
byMarakana Inc.
 
Hacking your Droid (Aditya Gupta)
byClubHack
 
Stealing sensitive data from android phones the hacker way
byn|u - The Open Security Community
 
[Wroclaw #1] Android Security Workshop
byOWASP
 
Android security
byMidhun P Gopi
 
Analysis and research of system security based on android
byRavishankar Kumar
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
Securing Android
byMarakana Inc.
 
Mobile application security
byShubhneet Goel
 
Mobile Application Security
byIshan Girdhar
 
Building Custom Android Malware BruCON 2013
byStephan Chenette
 

More from Sina Manavi

PPTX
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
PPTX
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
PPTX
Password Attack
bySina Manavi
 
PPTX
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
Aes (advance encryption standard)
bySina Manavi
 
PPTX
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
PPT
Honeypot honeynet
bySina Manavi
 
PPTX
Mendeley resentation , Sina Manavi
bySina Manavi
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
Password Attack
bySina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Aes (advance encryption standard)
bySina Manavi
 
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
Honeypot honeynet
bySina Manavi
 
Mendeley resentation , Sina Manavi
bySina Manavi
 

Recently uploaded

PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
PPTX
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
PPTX
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
PPTX
Project Dashboard in Odoo 18 Project
byCeline George
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
PDF
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PPTX
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PPTX
English Home Language & First Additional Language P2 Preparation.pptx
byMasingita Maswanganye
 
PDF
Umlando kaMufi. IsiZulu Ulimi Lwebele...
byNokwandaNzuza2
 
PDF
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 
PDF
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
PDF
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
PPTX
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
PPTX
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
PPTX
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
Project Dashboard in Odoo 18 Project
byCeline George
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
English Home Language & First Additional Language P2 Preparation.pptx
byMasingita Maswanganye
 
Umlando kaMufi. IsiZulu Ulimi Lwebele...
byNokwandaNzuza2
 
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 

Android Hacking + Pentesting

  • 1.
    Android Hacking +Pentest EC Council Malaysia Instructure: Sina Manavi 27 March 2014
  • 2.
    About Me My nameis Sina Manavi , Master of Computer Security and Digital Forensics C|EH & C|HFI Certificate holder Contact : Manavi.Sina@Gmail.com Homepage: sinamanavi.wordpress.com
  • 3.
    Agenda: • Android OS •Android Security Architectures • Malwares • Attacking Android Platform • Hacking with Android
  • 4.
    What is Android? • Everywhere(TV, Phones, tablets) • Runs on Linux Kernel • Easy to Exploit + open source • Uses SQLite database • Huge Community base • Official market containing over 4,000,000 apps (Google Market)
  • 5.
  • 6.
  • 7.
    Android Security • Linuxbased • Open source • Wide available for everyone • Everyone can develop apps and malwares 
  • 8.
    How to havea safe Device • Install apps from authorized market (Google Play) • Read the review before downloading • Read Permission warning before installing the apps. • Phishing/SMS? • Lock Screen to avoid unauthorized access
  • 9.
    How to havea safe Device cont. • Using Antivirus • Encrypt your device and data • While using public hotspots such as Starbucks, use VPN to encrypt your network connection • Enable Remote Wipe feature
  • 10.
  • 11.
  • 12.
    Android Permission • ACESS_COARSE_LOCATION •ACESS_FINE_LOCATION • BRICK • CALL_PHONE • INTERNET • GET ACCOUNTS • PROCESS_OUTGOING_CALLS
  • 13.
    Android Permission • READ_OWNER_DATA •READ_SMS • RECEIVE_SMS • SEND_SMS • USER_CREDNTIALS • WRITE_OWNER_DATA • REORD_AUDIO
  • 14.
  • 15.
    Malware • Anything thatbreaks the security model (without the users consent) • Deceptive/hide true intent • bad for user / good for attacker e.g. surveillance, collecting passwords, etc. • Applications that are detrimental to the user running the device.
  • 16.
    Malware Harms a user •Financial • Privacy • Personal information – location (surveillance) , • Stealing resources – cracking, botnets – processing power Breaks Network policy
  • 17.
    Malware Example • GEOLocation ? • IP Address / 3G/4G or on WiFi network? • Scan for available blue-tooth devices • Egress filtering? ports open, etc. • SMS Receiving, Sending, Fobricating.
  • 18.
  • 19.
    Popular Malware • Zeus •DroidDream • Geinmi- Android malware with botnet-like capabilities • Trojan-SMS for Android FakePlayer • iCalendar acbcad45094de7e877b65db1c28ada 2 • SMS_Replicator_Secret.apk
  • 20.
    Demo Hacking Android Phone: –Information stealing – Remote Access – Social Engineering – Malware attack Hacking with Andorid : – Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing….etc) – Installing kali linux on android to perform attack

Editor's Notes

  • #9 Use Strong password (Swipe is very weak password is top most difficult)
  • #15 So what do you think now ?
  • #17 Process power for DDOS attack and having Zombies