Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
Android OEM's applications (in)security and backdoors ... - QuarksLAB
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Android</strong> <strong>in</strong>troduction <strong>Android</strong> <strong>security</strong> model Methodology Toward a backdoor without permission Post-exploitation<br />
SMS/MMS send<strong>in</strong>g <strong>and</strong> files exfiltration<br />
Vuln1 - SecMms.apk<br />
The malwares <strong>and</strong> premium SMS<br />
Current <strong>Android</strong> malwares ask for the SEND SMS permission<br />
Easily detectable <strong>and</strong> suspect for an user<br />
What about a malware which can send premium SMS without ask<strong>in</strong>g<br />
for permission?<br />
There is an app for that<br />
SecMms.apk<br />
exported BroadcastReceiver -> ui.MmsBGSender<br />
An well formatted Intent allows to send arbitrary SMS/MMS<br />
PoC (attachments can also be added)<br />
shell@<strong>and</strong>roid:/ $ am broadcast -a com.<strong>and</strong>roid.mms.QUICKSND --es mms_to "*PHONENUMBER*"<br />
--es mms_subject "*SUBJECT*" --es mms_text "*MESSAGE*"