8. Intents – inter process communication
Activities - screen
Content Providers – sqlite3 database
Services – background processes
Broadcasts – send and receive info to other
apps
8
13. Watch Traffic flow through a MITM
Things to look for:
Information being passed in the clear
SSL usage and whether it’s done correctly
Results of modifying requests and responses
Authentication process
13
14. Wireless Router Emulator PPTP server
DDWRT/TOMATOE Android SDK PPTPD
Usually need a clunky device Sometimes doesn’t act the Dedicated server
way you want it
14
15. #!/bin/bash
# firewall script to intercept all traffic from ppp0 and redirect to local port
# all credit to the great algorythm
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 80 -m tcp --to-ports
8080
iptables -t nat -A PREROUTING -j REDIRECT -i ppp0 -p tcp --dport 443 -m tcp --to-
ports 8080
15
16. Wireshark
Initial traffic fingerprinting
Burpsuite
Great for HTTP/S traffic
Mallory
Great for nonspecific protocols
16
18. Audit how data is stored
Things to look for:
Incorrect permissions
Storage location (data, sdcard, asec)
Tools
Adb shell
Standard linux commands
[Root exploit and busybox]
18
21. See how the app works through pseudocode
Things to look for:
Overall understanding of the app
Cryptographic functions
Debug/Testing functions
Client side authentication
21
27. Skype: 4/11
Permissions error allowed a malicious app to
access contacts and personal information
Google: 6/11
Session information passed in the clear made it
susceptible to hijacking
Dropbox: 8/11
An attempt to share data granted any app to the
ability to make file public
27
28. HTC: 10/11
Spyware Logging app found to be accessible to
any app with the network connection permission
▪ GPS coordinates
▪ MEID, MDN
▪ phone logs
▪ MUCH more
*#*#HTCLOG#*#*
28
30. File System Permissions Set to 777
Access saved sessions
Modify included binaries
Why: Lazy permissions
How discovered: file system permission
review
30
34. 1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authorization and Authentication
6. Improper Session Handling
7. Security Decisions Via Untrusted Inputs
8. Side Channel Data Leakage
9. Broken Cryptography
10. Sensitive Information Disclosure
34
35. Deploy mobile device management solution
Zenprise, MobileIron, (Google?)
Train your users – don’t give in
Audit your devices
Are users following best practices?
What apps are installed?
Require mobile security solution
Lookout, WaveSecure, NetQin
35
36. Audit your apps!
Check permissions
Check source code
Analyze your traffic
Think before you Root
Security Software
Remote wipe
Malware detection
36