Devices - Penetration Testing Like a Hacker. - SecNiche Security Labs

More documents

Recommendations

Info

FOCUSTable 1. Android malware analysis toolsName of Tool Tool Functionality LinkDex2Jar Disassembler http://code.google.com/p/dex2jar/Dexdump Disassembler http://developer.android.com/sdk/index.htmlDedexer Disassembler http://dedexer.sourceforge.net/Smali/Baksmali Assembler/Disassembler http://code.google.com/p/smali/ApkTool Decompiler http://code.google.com/p/android-apktool/Java Decompiler Decompiler http://java.decompiler.free.fr/Market (which is a huge attack vector) so attackershave developed ways to extend the life of an attack.Tim Wyatt of Lookout writes Lookout has identified anew Android Trojan, GGTracker, which is automaticallydownloaded to a user’s phone after visiting a maliciouswebpage that imitates the Android Market. The Trojanis able to sign-up a victim to a number of premiumSMS subscription services without the user’s consent.This can lead to unapproved charges to a victim’sphone bill.Another advancement in malware is a new threat todevices running Google’s Android mobile operatingsystem is an advance on earlier Android Trojansexamined by CA <strong>Security</strong> that unleash payloads whichlog incoming and outgoing call details and durations ina text file, according to researcher Dinesh Venkatesan.These provide examples of how the malware is growingin sophistication and is only a sign of things to come assecurity becomes tighter. The information gained hereby thorough malware analysis is vital in understandingwhat threats are present today and allows penetrationtesters the ability to replay cutting edge attacks toensure the end customer is protected.How do you Analyze Android Malware?Analyzing a piece of Android malware can be lesscomplicated than analyzing other types of malware.This is because the analysis environment is rathersimple to set up and the Dalvik Executables (.dex)can be decompiled to a readable language. To beginpick the OS of your choosing (the following instructionwill successfully build an environment for Windows XPSP3 32-bit). Since Android applications are writtenin Java, download and install the JDK from: http://www.oracle.com/technetwork/java/javase/downloads/index.html. After the installation of the JDK, theAndroid Software Development Kit (SDK) can now bedownloaded and installed. (Note: the JDK, not just theJava Runtime Environment is necessary for properinstallation of the Android SDK) The Android SDKcan be found at: http://developer.android.com/sdk/index.html.Once the Android SDK has been successfullyinstalled, navigate to the Android SDK and AndroidVirtual Device (AVD) manager, select AvailablePackages and install the SDK for the version ofAndroid desired (see figure 4). Next, a virtual devicemust be created using the AVD manager. This can bedone by selecting a name (just for user reference) andselecting a target, which will be a version of Androidthat you installed the SDK for.Rather than using an actual phone to analyze themalware which will, in turn, likely infect the phone,an emulator provides the same functionality whilerunning safely in the virtual analysis environment. Theemulator inside the analysis environment mitigatesthe risk of analyzing the sample and can save timeover connecting to hardware. To start the emulator:open a command prompt, navigate to the androidsdk\platform-toolsdirectory and run the followingcommand:Emulator-arm.exe –avd Figure 5. Android emulatorIf successful, then the emulator window will appear(Figure 5). (Note: The emulator can be slow andmay take a while to appear.) At this point a simulated05/2011 (5) SeptemberPage 20http://pentestmag.com
Smartphone running the version of Android youselect is active within the analysis environment;now the malicious application can be loaded. Thisis accomplished using Adb and issuing the followingcommand:adb.exe install (Note: Replace sample with the title of the malwaresample you are analyzing.)The following table (Table 1) is a list (not comprehensive)of free tools available to Android malwareanalysis to aid during the examination of a malwaresample.Many in the security field view malware analysis asthe reactive response to an attack, but the oppositeapproach can be taken to help mitigate damages priorto this. <strong>Penetration</strong> testers can analyze or use malwareanalysis results to understand what an attacker is after,persistence mechanisms, propagation techniques, andadvanced methods being utilized. This intelligenceallows penetration testers the ability to replay realworld attacks and ensure the highest quality results areprovided to the customer.CORY ADAMSCory Adams has been in the informationsecurity eld for over 7 years. He iscurrently a Reverse Engineer with a Fortune100 company. He specializes in malwareanalysis as well as vulnerability analysis.Follow Cory on twitter @SeedyAdams.COMMENTWe are open for suggestions and discussion. Don’thesitate to comment on the articles which you’veread in this issue. Share your opinion on the subjectmatter brought up, back up or confront the pointof view of the author. The best comments will bepublished on our site and in our next issue.05/2011 (5) Septemberhttp://pentestmag.com
Page 2 and 3: EDITOR’S NOTE05/2011 (05)Editor:
Page 4 and 5: POINT OF VIEWIsn’t Social Enginee
Page 6 and 7: POINT OF VIEWTrust Pentesting Team.
Page 8 and 9: FOCUSBreaking Downthe i* {Devices}P
Page 10: FOCUSListing 1. IPhone applications
Page 19: AndroidManifest.xml. An important p
Page 23 and 24: Simplied User ExperienceThe user in
Page 26 and 27: FOCUSAttacking the MobileInfrastruc
Page 28 and 29: FOCUSAt any rate, I think these ent
Page 30 and 31: FOCUSToneLoc and LoadUseful For a P
Page 32 and 33: FOCUSoperate in a degraded state; f
Page 34 and 35: FOCUSInside AndroidApplicationsBy t
Page 36 and 37: (NEW) STANDARDSNew PenetrationTesti
Page 38 and 39: (NEW) STANDARDSof Hatforce. Before
Page 40: (NEW) STANDARDSReferences• [1] So
Page 43 and 44: name, IP address and server locatio
Page 45 and 46: Figure 8. User Agent Switcher Menur
Page 47: Say Hello toRed TeamTesng!Security

Devices - Penetration Testing Like a Hacker. - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?