Category: Android

New Android Exploit Could Force Factory Reset remotely

 

Clicking one wrong link can cause malicious code to execute, which could do anything from infecting your computer with malware to, apparently, wiping your phone data completely. At the Ekoparty security conference, researcher Ravi Borganokar demonstrated at the Ekoparty security conference in Argentina last week, that how a single line of HTML code could be used to run a factory reset or even clear the SIM card on certain Samsung phones.
Malicious hackers can hide a code in a web page that will trigger a full factory reset of Samsung’s best-selling Galaxy S3 smartphone, deleting contacts, photographs, music, apps and other valuable data. Read More

WiFiKill v1.7 – Eject any WiFi device from network

 

If you want to disable any ip address which use same router to connect internet. Now you can used your android application,WifiKill use as can disable internet connection for a device on the same network. This is alternate version of NETCUT for Android. Simply allows you to scan your wifi network for devices, see their vendor and cut network connection for specified devices. This way you can get rid of network hoggers. It gives option to redirect HTTP traffic to specific IP, this feature can be used even to do phishing smartly.

Changelog:
– fixed the counter bug (I hope for the last time)
– added an option to redirect HTTP traffic to specific IP (caution! this may lead to significant CPU load)
– now successful kills are tagged by green icon on the left of IP (this is not 100% correct)
Read More

Mercury v1.1 – The Android Vulnerability Assessment framework

Mercury is a free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. It allows you to use dynamic analysis on Android applications and devices for quicker security assessments and share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices.
The new version is compatible with new Android releases including Ice Cream Sandwich and Jelly Bean, meaning you can now run Mercury on the latest and greatest hardware. This enables you to be the first to find and report previously undisclosed bugs on that newly released phone!
Mercury allows you to:
  1. Interact with the 4 IPC endpoints – activities, broadcast receivers, content providers and services
  2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  3. Find information on installed packages with optional search filters to allow for better control
  4. Built-in commands that can check application attack vectors on installed applications
  5. Tools to upload and download files between the Android device and computer without using ADB (this means it can be done over the internet as well!)
  6. Create new modules to exploit your latest finding on Android, and playing with those that others have found.
For those of you interested in vulnerabilities in vendor products, the new version is the start of a collection of these in a framework. The first privilege escalation was included, allowing the escalation to root from Mercury’s unprivileged context. A module was created to check for vulnerabilities in content providers discovered on Samsung devices. Read More

Hideman – Free VPN service with mutliple server locations

Virtual Private Network services are handy when you want to surf internet privately. VPN helps us to protect our surfing habits cached by website. Your internet service provider also not able to know what you are doing on internet. VPN helps you to surf anonymously.
Connections to VPNs are encrypted which means that your data is safe from snooping users in the same network. This means you do not have to fear that someone in a hotel, Internet cafe or airport can steal personal information and data from you.
Hideman provides its customers with VPN and Wi-Fi protection services. VPN is short for “Virtual Private Network,” which basically allows for an encrypted pathway between servers and hardware. As a result, all computers and web presences using a VPN are completely anonymous, ensuring unsurpassed privacy. Hideman offers this service through their special software which can be downloaded for free. In order to utilize the service, the user runs the software and manually establishes a unique IP address and country of origin. Read More

Android, Hacking Tools, penetration testing, Vulnerability Assessment

 

The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices.

Pentest Framework will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization.

Pentest Framework will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app.

SPF Console: The console is a text based Perl program that allows Smartphone Pentest Framework users to perform all the server functionality of SPF. Read More

ASEF : Android Security Evaluation Framework

A researcher at Qualys has released a new tool designed to allow users even non-technical ones to evaluate the security and behaviors of the apps installed on their Android devices, Known as the Android Security Evaluation Framework.

 

Android Security Evaluation Framework – A S E F is designed and developed to simulate the entire lifecycle of an Android application in an automated virtual environment to collect behavioral data and perform security evaluations automatically over ‘n’ number of apps.
Android Security Evaluation Framework (ASEF) performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. Read More

Zeus malware targeting BlackBerry and Android devices

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices.

Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it’s been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.

ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.

Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.

Burp Suite v1.4.12 Released : Cracks Android SSL

The new version of Burp Proxy is released and improve the analysis of encrypted SSL connections on Android phones. This release resolves a problem with proxying SSL connections from Android clients. When Android proxies SSL, it resolves the destination hostname locally, and issues a CONNECT request containing the host’s IP address.
Burp now behaves differently. If a CONNECT request is received containing an IP address, Burp connects to the destination server to obtain its SSL certificate. Burp then generates an SSL certificate with the same subject name (and alternative subject names, if defined) as the server’s actual certificate. Assuming the server is returning a valid certificate for the hostname that Android is requesting, this should remove the SSL errors relating to the mismatched hostname.
Bugs Fix:
  • Some further causes of deadlock in the new UI.
  • A bug in the Scanner, where the “skip all tests” configuration was not properly applied to REST parameters.
  • An error saving and restoring state in headless mode, which was introduced in recent versions.
  • A bug in the macro item editor UI which prevented the list of items from scrolling properly. Read More

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

Android’s DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug.
Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim’s cookies of a domain of the attacker’s choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains.

Andrubis – Analyze Unknown Android Applications

 

Andrubis is designed to analyze unknown apps for the Android platform (APKs). It has been brought to us by the guys at Iseclabs, who already have an awesome Windows executable scanner Anubis. Infact, it can be considered as an extension for Anubis.

Andrubis gives us an insight into various behavioral aspects and properties of a submitted app by employing both static and dynamic analysis approaches. During the dynamic analysis part an app is installed and run in an emulator – the Dalvik VM. In addition to the normal tracking of open, read and write events, network traffic operations and detection of dynamically registered broadcast receivers , taint analysis is also carried out to report on leakage of important data such as the IMEI. Not only that, cellphone specific events, such as phone calls and short messages sent are also captured by the Andrubis service.

Information is also obtained statically, without actually executing the Android application. Information related to the intent-filters declared by these components is also included. Read More