A team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a clickjacking rootkit.
The research team is lead by North Carolina State University professor Xuxian Jiang, who succeeded in developing a proof-of-concept rootkit that attacks the Android framework as opposed to the underlying operating system kernel. The researchers contend that such a rootkit could potentially be downloaded with an infected app and be used to manipulate the smartphone.
In the video, the demonstrator was able to hide applications on the device, as well as get them to launch when icons for other applications are clicked. If downloaded with an infected application, the rootkit could for example hide the smartphone’s browser and replace it with a browser that looks exactly the same but actually steals all of the user’s information.
Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle) Attack.
Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via MITM through ARP spoofing / ARP poisoning.
Features:
– Uses very few resources
– Uses no resources if Wi-Fi is disabled
– Nearly zero battery consumption
– Requires very few permissions. Requests only absolutely necessary permissions
– No configuration required, works off the shelf for novices
– Experts can change many settings to adapt the app to their needs
– Undetectable by the bad guy
– 100% silent and passive inside the network. Generates no noise
– Highly customizable notifications
– Plays ringtone on attack (optional)
– Vibrates in a given pattern on attack (optional)
– Easy to use one-click-interface as well as detailed network view for experts
– “Immunity” protects you without disabling Wi-Fi (root required)
– Can also disable Wi-Fi if you don’t have root access to your phone
– Logging of all spoofing attempts with details about the network and the attacker
– Works in complex wireless LANs, like vWLAN and WDS (please see FAQ)
– Detects networks already under attack
– Automatic countermeasures
Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.
Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon-18 Presentation.
It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.
The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.
“In this demonstration Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it.” – Thomas Cannon said
DroidSheep – One-click session hijacking using your android smartphone or tablet computer.
DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click. That’s it.
What do you need to run DroidSheep?
– You need an android-powered device, running at least version 2.1 of Android
– You need Root-Access on your phone (link)
– You need DroidSheep
Which websites does DroidSheep support?
– amazon.de
– facebook.com
– flickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)
After HP announced it would discontinue production of its TouchPad tablet last week, it looked like early HP tablet adopters spent $500 on a dud. If you’re an enterprising software hacker, however, there could be an opportunity to make your money back — and then some.
A hardware-modification web site is offering a $1,500 cash bounty for the first person to successfully port a full version of the Android operating system over to HP’s TouchPad.
Hacknmod.com offers a tiered bounty system for would-be TouchPad hackers: Just getting Android to run on the TouchPad without taking full advantage of the tablet’s hardware will win you a cool $450. But the more you’re able to integrate the system software into the device, the more cash you’ll earn. Get the Wi-Fi, multitouch capability, audio and camera up and running, and you’ll add another $1,050 to the pot.
While the bounty is characteristic of the Android-modding crowd which basically wants to slap Android onto anything with a circuit board and touch screen, it’s also an admirable effort to breathe new life into a dying piece of hardware. After reports of dismal sales and third-party retailers sitting on hundreds of thousands of unsold TouchPads, HP decided to kill production after a mere 49 days on the market.
It was bad news for current TouchPad owners. No more HP hardware gives little incentive for webOS app developers to continue producing applications for the platform. In turn, TouchPad owners miss out on the latest popular applications to come to mobile devices. And of course, it gives potential customers no incentive to buy the remaining TouchPads retailers have in stock, costing HP and retail stores hundreds of millions of dollars. Everyone loses.
But if the porting plans work, it could mean bringing a slew of Android apps over to HP’s tablet. If the TouchPad can be made capable of running thousands of Android apps, the device may not be obsolete.
This isn’t the first time the Android-modification community tried to port the operating system over to non-Android devices. Android modders have run the operating system on Barnes And Noble’s Nook Color e-reader, certain Nokia smartphones and even an iPhone.
A team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a clickjacking rootkit.
Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle) Attack.
