Hoa Le, Senior QA Engineer at KMS Technology There are many...
Dear Hakin9 Readers,
Android is a Linux-based operating system designed for mobile devices such as smartphones and tablet computers. At the beginning, it was developed by Android Inc. and later in 2005 bought by Google.
Latest research has shown that Android users become more and more threatened by malware. A number of attacks rises every day and these are getting more dangerous for it’s users. We have been asked to do some study and we decided to provide you with an issue addressing this topic.
You can surely notice that we divided the issue into sections. In the first section you will find the articles dedicated to Android security. In the second section you will find the articles dedicated
to Android laboratory. In the third section you will find some extra articles
By Bhadreshsinh Gohil
Bhadreshsinh Gohil has a Master of Engineering in Computer Engineering – specialized in IT Systems and Network Security.
Android, as we are all aware, is a Linux-based operating system which was initially developed by Android Inc. and was later purchased by Google. It was designed for touch screen devices like smart phones, tablets, cameras, set-top boxes, etc. and it has reached the hands of millions of consumers. In this period, security firms are publishing detailed reports on analysis conducted on principal cyber threats detected in 2012, the results proposed present a landscape dominated by explosion of menaces, especially for mobile and social media users.
Android Hacking Made Easy – What You Can Do To Limit Your Exposure
By John Lear
John Lear is the Founder of Oomba Security LLC. He has over 18 years experience in system and security engineering.
Android devices are extremely popular. From phones to tablets, e-readers, netbooks, smart watches and car computer out there. Over a half billion Android device users are out there with 1.3 million new users added every day. Any technology that is in a lot of hands is a target for hackers. Why not? When “you can make $10,000 a month for a basic effort at writing malware – you can get more when you distribute this malware to the contact lists and [build botnets],” Worried yet? The statistics are alarming. In 2012 Android accounted for 79% of all mobile malware, 96% in the last quarter alone according to F-Secure.What’s more we bring our own devices to work, school, everywhere we go, exposing not only our networks but other networks we might connect to. McAfee reports malware broke new records in 2012 with the number of new malware to reach 100 million for the year.
Weak Wi-Fi Security, Evil Hotspots and Pentesting with Android
By Dan Dieterle
Daniel Dieterle has 20 years of IT experience and has provided various levels of IT support to numerous companies from small businesses to large corporations.
Wireless networks and mobile Wi-Fi devices have saturated both the home front and business arena. The threats against Wi-Fi networks have been known for years, and though some effort has been made to lock down wireless networks, many are still wide open. In this article we will look at a few common Wi-Fi security misconceptions. We will also see how a penetration tester (or unfortunately, hackers) could set up a fake Access Point (AP) using a simple wireless card and redirect network users, capture authentication credentials and possibly gain full remote access to the client. Finally we will look at the latest app for Android that allows you to turn your Wi-Fi smart phone or tablet into a pentesting tool. With it you can scan your network for open ports, check for vulnerabilities,
perform exploits, Man-in-the-Middle (MitM) attacks and even sniff network traffic on both your Wi-Fi network and wired LAN.
Build Secure Android Applications with ITTIA DB SQL
By Sasan Montaseri
Sasan Montaseri is the founder of ITTIA, a company focused on data management software solutions for embedded systems and intelligent devices.
With Android’s worldwide success, market dominance and the availability of inexpensive devices, it is easier than ever to deploy a distributed network of data-driven mobile software. With the rise of smart devices and similar mobile platforms for Android, anyone can own a general-purpose computing device that is capable of storing large amounts of data and running sophisticated applications on Android. Business applications often deal with confidential data, process transactions, and log information for auditing purposes. When developing a mobile, distributed application it is important to not only protect confidential information, but also to prevent tampering and destruction of important data.
Decompiling Android Workshop
By Godfrey Nolan
Godfrey Nolan is the President of RIIS LLC and author of Decompiling Java and Decompiling Android.
Due to the design of the Java Virtual Machine (JVM), it is relatively easy to reverse-engineer Java code from both Java JAR and class files. While this hasn’t been an issue in the past (since most Java files are hidden from view on the web server), it is an issue on Android phones where the client-side Android APK files are easily obtained and just as easy to reverse-engineer or decompile back into Java code. And if you have access to the code then you also have access to any of the API keys, usernames and passwords or any other information that the developer has stored in the original code. We’re going to look at how to recover that static information in this article as well as some of the techniques for looking at information that was stored at runtime.
ANDROID OS: Getting Started with Customizing Your Own ROM
By Kellen Razzano & Ed Sweetman
Kellen Razzano & Ed Sweetman are partners in EaglesBlood Development and Co-Founders of startup companies.
It’s no secret that today we rely on our smartphones more than ever before. This theory is only going to grow truer as time progresses. We are very close to having desktop capabilities in the palm of our hands and more and more site visits are logged from a mobile device than ever before. When it comes to the mobile arena we basically have three main platforms to choose from: iOS, Windows, and Android. Out of those three there is one that stands out to the more tech-savvy crowd – Android. The reason Android is appealing is because of its nature and characteristics.
How to Research an APK
By Nathan Collier
Nathan Collier is Threat Research Analyst for Webroot.
The amount of malware seen on mobile devices has sky rocketed in the last couple of years. The primary target for malware authors is Android devices which use Application Package (APK) files to run apps. Malware can send premium text messages in the background, steal personal information, root your device, or whatever else they can devise. Some malware authors create a new APK that is malicious, while others hide their code within a legitimate APK. By using a couple simple tools, you can research APK to find what malicious intent may be lurking.
AppUse – Android Pentest Platform Unified Standalone Environment
By Erez Metula
Erez Metula is a world renowned application security expert, spending most of his time finding software vulnerabilities and teaching developers how they should avoid them.
AppUse (“Android Pentest Platform Unified Standalone Environment”) is designed to be a weaponized environment for android application penetration testing. It is an OS for Android application pentesters – containing a custom Android ROM loaded with hooks which were placed at the right places inside the runtime for easy application controll, observation,
How to Provide Strong Authentication for Your Users
By Roman Yudkin
Roman Yudkin is the Chief Technology Officer at Confident Technologies. He is responsible for Research & Development, Engineering and general oversight of all corporate technical functions.
Alphanumeric passwords have long been the primary method of authentication and access control on the Web. In recent years, however, the use of passwords as the sole method of authenticating users has become an outdated, insecure and unsustainable approach.
More than 85% of websites ask visitors to create an account requiring a username and password. Many sites do this simply as a way to gather marketing information on the user; not because they are storing sensitive user information. The practice has become unsustainable, as people have become overwhelmed by the number of passwords they must remember for all their online accounts and mobile applications. To cope, people reuse the same passwords or they choose weak passwords, which are easier to remember but also easier to guess or hack. As a result, the average Internet user has more than 25 online accounts for which they use just 6 passwords, and the top 5,000 most common passwords on the Web are shared by 20% of the population!
Quantum IQ – How the Worlds Military’s Intend to Capitalize on The Future of Mobile and Neuroscience Technologies
By Jere Simpson
Jere Simpson is the founder, President, and sole owner of KiteWire, Inc. – a software development company founded in early 2007.
“Mobile” used to mean a laptop and while the laptop is technically still “mobile”, the term now means phone or tablet. The next generation of mobile is not seen or touched as an interface. It is simply comprehended. While communication is still a major component around the mobile of the future, it is not the backbone of application development. Quantum Intelligence drives the next wave of mobile technology.
Mobile Antivirus is a Myth
By Ken Westin
His technology exploits have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and he has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Web Visions, Entrepreneur and others.
So, why is mobile antivirus a myth you ask? A true antivirus for mobile devices is not possible given the SDKs (software development kits) provided by most mobile platforms. In the mobile security space there are more than a few companies selling what they like to call “antivirus” applications for smartphones. The problem is that the term is being used erroneously – sadly it’s no accident.
An interview with Omar Khan, the Co-CEO of NQ Mobile
He holds Bachelor’s and Master’s degrees in Electrical Engineering from Massachusetts Institute of Technology (MIT). He completed his graduate work in System Dynamics in conjunction with MIT’s Sloan School of Management.