Posts tagged: Android Hacking Video

Jul 05 2012

Android Clickjacking Rootkit Demonstrated

ClickJackingA team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a clickjacking rootkit.

The research team is lead by North Carolina State University professor Xuxian Jiang, who succeeded in developing a proof-of-concept rootkit that attacks the Android framework as opposed to the underlying operating system kernel. The researchers contend that such a rootkit could potentially be downloaded with an infected app and be used to manipulate the smartphone.

In the video, the demonstrator was able to hide applications on the device, as well as get them to launch when icons for other applications are clicked. If downloaded with an infected application, the rootkit could for example hide the smartphone’s browser and replace it with a browser that looks exactly the same but actually steals all of the user’s information.

Dec 22 2011

Backdoor in Android for No-Permissions Reverse Shell

Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.

Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon-18 Presentation.

It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.

The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.

“In this demonstration Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it.”Thomas Cannon said