Embed Size (px)
DESCRIPTION
...
Citation preview
Mobile Phone Hacking
• Mobile phones and tablets have become an increasingly common system in enterprise and government networks, from small organizations to Fortune 10 companies.
• Often, mobile phone deployments grow organically, adopted by end-users for convenient email access, on up to the CEO for access to sensitive company resources and systems.
• In other cases, mobile phones and tablets have become critical systems for a wide variety of production applications from ERP to project management.
Phone Hacking
• Phone hacking, the practice of intercepting telephone calls or voicemail messages or sensitive data without the consent of the phone's owner
• Whether Apple IPhone or IPad, Windows Phone, Android or BlackBerry phones or tablets, the use of mobile devices introduces new risks to an organization including distributed data storage and access mechanisms, lack of consistent patch management and firmware updates, the high probability of loss or device theft and more.
• Mobile software applications are also introducing new malware and data leakage problems that expose sensitive data or personally identifiable information assets.
Android
• Android is an open source and Linux-based Operating System for mobile devices such as smart phones and tablet computers, TV, Set Top Box etc.
Features of Android
Architecture
• Android operating system is a stack of software components which is roughly divided into five sections and four main layers as shown below in the architecture diagram.
Linux kernel
• At the bottom of the layers is Linux - Linux 2.6 with approximately 115 patches. This provides basic system functionality like process management, memory management, device management like camera, keypad, display etc. Also, the kernel handles all the things that Linux is really good at such as networking and a vast array of device drivers, which take the pain out of interfacing to peripheral hardware.
Libraries
• On top of Linux kernel there is a set of libraries including open-source Web browser engine WebKit, well known library , SQLite database which is a useful repository for storage and sharing of application data, libraries to play and record audio and video, SSL libraries responsible for Internet security etc.
Android Runtime
• This is the third section of the architecture and available on the second layer from the bottom. This section provides a key component called Dalvik Virtual Machine which is a kind of Java Virtual Machine specially designed and optimized for Android.
• The Dalvik VM makes use of Linux core features like memory management and multi-threading, which is intrinsic in the Java language.
• The Dalvik VM enables every Android application to run in its own process, with its own instance of the Dalvik virtual machine. The Android runtime also provides a set of core libraries which enable Android application developers to write Android applications using standard Java programming language.
file system• A file system is used to control how data is stored and retrieved.
Without a file system, information placed in a storage area would be one large body of data with no way to tell where one piece of information stops and the next begins. By separating the data into individual pieces, and giving each piece a name, the information is easily separated and identified.
• The structure and logic rules used to manage the groups of information and their names is called a "file system".
• A file system can be thought of as an index or database containing the physical location of every piece of data on a hard drive.
• A file system is setup on a drive during a format.
• The Microsoft Windows operating systems have always supported, and still do support, various versions of the File Allocation Table (FAT) file system. In addition to FAT, all Microsoft Windows operating systems since Windows NT support a newer file system called New Technology File System (NTFS).
Yaffs
• Yaffs (Yet Another Flash File System) is an open-source file system specifically designed to be fast, robust and suitable for embedded use with NAND and NOR Flash. It is widely used with Linux, RTOSs, or no OS at all, in consumer devices.
Android Process Dump
• What is DDMS?Android provides a debugging tool called the Dalvik Debug Monitor Server (DDMS)
• With the help of DDMS: Process, Thread and heap information can be monitored on the device.
Demo DDMS
Anti Mobile forensic tools
• File Shredding • File shredding is a popular form of data
destruction, where the evidence is rendered • unrecoverable after the application of the
shredding program. • an application designed to permanently remove
files on mobile devices. The selected files are • destroyed by overwriting them with random
data.
• Encryption• Cryptography is the process of hiding information
for secure communication in the presence of third parties. LUKS Manager offers encryption to virtual folders on Android devices.
• The virtual folder can be dynamically mounted, unmounted, created and deleted as required.
• After creating and mounting a virtual volume, the forensic tools were used to test the detection and encryption method. Both applications were able to detect the volume created and the
• encrypted data.
• Steganography - is the process of hiding digital information inside another carrier file such as media files, document files or executable files. Unlike plain encryption, which can be easily detected, steganography protects both the message and the communicating parties.
• Media files, such as images, audio and video files, are preferred for this type of encryption because of their large size.
• In computing, inter-process communication (IPC) is a set of methods for the exchange of data among multiple threads in one or more processes.
• Processes may be running on one or more computers connected by a network.
• IPC methods are divided into methods for message passing, synchronization, shared memory, and remote procedure calls (RPC). The method of IPC used may vary based on the bandwidth and latency of communication between the threads, and the type of data being communicated.
• There are several reasons for providing an environment that allows process cooperation:
• Information sharing• Computational speedup• Modularity• Convenience• Privilege separation
Smartphone packet capture
• Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted cookies from websites such as Facebook and Twitter.
• As cookies are transmitted over networks, packet sniffing is used to discover identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name.
