Android OEM's applications (in)security and backdoors ... - QuarksLAB
13.04.2015 Views
Share Embed Flag

Android OEM's applications (in)security and backdoors ... - QuarksLAB

Android OEM's applications (in)security and backdoors ... - QuarksLAB

Android OEM's applications (in)security and backdoors ... - QuarksLAB

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
quarkslab.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Android</strong> <strong>in</strong>troduction <strong>Android</strong> <strong>security</strong> model Methodology Toward a backdoor without permission Post-exploitation<br />

SMS/MMS send<strong>in</strong>g <strong>and</strong> files exfiltration<br />

Vuln1 - SecMms.apk<br />

The malwares <strong>and</strong> premium SMS<br />

Current <strong>Android</strong> malwares ask for the SEND SMS permission<br />

Easily detectable <strong>and</strong> suspect for an user<br />

What about a malware which can send premium SMS without ask<strong>in</strong>g<br />

for permission?<br />

There is an app for that<br />

SecMms.apk<br />

exported BroadcastReceiver -> ui.MmsBGSender<br />

An well formatted Intent allows to send arbitrary SMS/MMS<br />

PoC (attachments can also be added)<br />

shell@<strong>and</strong>roid:/ $ am broadcast -a com.<strong>and</strong>roid.mms.QUICKSND --es mms_to "*PHONENUMBER*"<br />

--es mms_subject "*SUBJECT*" --es mms_text "*MESSAGE*"

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!