![]() ![]() Additionally if the device has been compromised a sufficiently advanced attacker could clone the device's ID (ESN/IMEI/SIM numbers) such that even when the target has switched off or doesn't have network access the cloned device receives the calls and text instead when the target device is on it's more of a coin-flip's chance on which'll get rung first. Unfortunately the very base of Android's networking has propiotery drivers so for now there will always be a bit of mystery as to what goes on and what vulnerabilities are available. I've tried to list these in the order of easy to harder and only link to information that is a bit harder to find when diving into Android's networking capabilities. Testing if it's sending packets while on Airplane Mode is also a good sign you've a rouge process Put both (target device and SDR antina) into a box that doesn't allow other cell phones to accidentally connect (Faraday Cage) and you'll avoid breaking laws while trying to capture packets of the target. It is even possible to use a second Android with a USB attached SDR and some chroot magic to act as a mobile BTS. And if you need to capture packets sent over non-WiFi networks (be first aware of legalities of frequency ranges in your area) then SDR a Software Defined Radio maybe what you need as SDR devices can act as a full base station (cell phone tower) and preform full man in the middle attacks on these frequency ranges. If you want full insight into what data is being sent over your target device's radio then RIL the Radio Interface Layer is what you'll want to become more fimilure with here's part one of an artical that'll get you up to speed on the technical. But is inadvisable if you think the device is already compromised because Xposed gives a lot of control of the system to the system. The Xposed framework also has other fun plugins for security on device that can be setup before you think you'll be a target. Also if you have access to the device it is possible to setup a reverse modum USB tether via the Android USB debugging Bridge ADB and have all traffic routed to your PC that the device is plugged into no root required but nearly the same amount of work to setup.įor Rooted mitigation of security risks on Android targets I like Xprivacy Installer because instead of blocking access to data it can feed junk to advertizing/spyware apps causes less errors than blocking access on legit apps too. ![]() These are good for root but there is also NoRoot Data Firewall which may help with logging dropped packets when nothing should be hitting the network. ![]() WireSkark helps with pcap files but if you just need IPs and packets with time stamp IntercepterNG is great on the go it'll even try to help strip https.įor on the target device sniffing you could try RRCpacketsniffer and Android IMSI Catcher or Logging Test App all of which have their own nice user interfaces and features to explore. Then fire up interceptor on the attacking Android device and sniff away. However for this to work on cell phones and force all traffic through the WiFi the target should first be put into 'Airplane Mode' and then have it's WiFi turned on. For general security the app Tustable by Bluebox is fairly easy to use for scanning for known exploits on a target device but this and other scanners can really only tell you about known exploits and Bluebox will not even tell you if you're currently being exploited.įor Rooted Android (attacking/sniffing) I like InterceterNG and DSploit for intercepting traffic between another device and it's WiFi access point. ![]() However this will not detect all forms of malware, some are better hidden with rootkits or reverse SSH sessions that only activate if the device is in a certain state nastier still are the ones that fork or take the ID of a legit process. The process IDs can be further investigated by listing their symbolic links with ls -hal /proc//exe. If you're command line savvy then install no-root BusyBox and run netstat -plant with auto sync off on the target device to list the ports and addresses and process IDs that it is listening and connected to. And what level of perinoa you're willing to advance to. An easy way? Pehaps, but it depends on your own experience with Android penetration testing or relatable systems Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |