Devices - Penetration Testing Like a Hacker. - SecNiche Security Labs

FOCUSTable 1. Android malware analysis toolsName of Tool Tool Functionality LinkDex2Jar Disassembler http://code.google.com/p/dex2jar/Dexdump Disassembler http://developer.android.com/sdk/index.htmlDedexer Disassembler http://dedexer.sourceforge.net/Smali/Baksmali Assembler/Disassembler http://code.google.com/p/smali/ApkTool Decompiler http://code.google.com/p/android-apktool/Java Decompiler Decompiler http://java.decompiler.free.fr/Market (which is a huge attack vector) so attackershave developed ways to extend the life of an attack.Tim Wyatt of Lookout writes Lookout has identified anew Android Trojan, GGTracker, which is automaticallydownloaded to a user’s phone after visiting a maliciouswebpage that imitates the Android Market. The Trojanis able to sign-up a victim to a number of premiumSMS subscription services without the user’s consent.This can lead to unapproved charges to a victim’sphone bill.Another advancement in malware is a new threat todevices running Google’s Android mobile operatingsystem is an advance on earlier Android Trojansexamined by CA Security that unleash payloads whichlog incoming and outgoing call details and durations ina text file, according to researcher Dinesh Venkatesan.These provide examples of how the malware is growingin sophistication and is only a sign of things to come assecurity becomes tighter. The information gained hereby thorough malware analysis is vital in understandingwhat threats are present today and allows penetrationtesters the ability to replay cutting edge attacks toensure the end customer is protected.How do you Analyze Android Malware?Analyzing a piece of Android malware can be lesscomplicated than analyzing other types of malware.This is because the analysis environment is rathersimple to set up and the Dalvik Executables (.dex)can be decompiled to a readable language. To beginpick the OS of your choosing (the following instructionwill successfully build an environment for Windows XPSP3 32-bit). Since Android applications are writtenin Java, download and install the JDK from: http://www.oracle.com/technetwork/java/javase/downloads/index.html. After the installation of the JDK, theAndroid Software Development Kit (SDK) can now bedownloaded and installed. (Note: the JDK, not just theJava Runtime Environment is necessary for properinstallation of the Android SDK) The Android SDKcan be found at: http://developer.android.com/sdk/index.html.Once the Android SDK has been successfullyinstalled, navigate to the Android SDK and AndroidVirtual Device (AVD) manager, select AvailablePackages and install the SDK for the version ofAndroid desired (see figure 4). Next, a virtual devicemust be created using the AVD manager. This can bedone by selecting a name (just for user reference) andselecting a target, which will be a version of Androidthat you installed the SDK for.Rather than using an actual phone to analyze themalware which will, in turn, likely infect the phone,an emulator provides the same functionality whilerunning safely in the virtual analysis environment. Theemulator inside the analysis environment mitigatesthe risk of analyzing the sample and can save timeover connecting to hardware. To start the emulator:open a command prompt, navigate to the androidsdk\platform-toolsdirectory and run the followingcommand:Emulator-arm.exe –avd Figure 5. Android emulatorIf successful, then the emulator window will appear(Figure 5). (Note: The emulator can be slow andmay take a while to appear.) At this point a simulated05/2011 (5) SeptemberPage 20http://pentestmag.com