Open Source Android Detection Tools

Dear Reader,

The summertime’s just started, the weather’s sunny and hot, and we can finally take a moment to relax. And what’s a better way to do that than to read the newest edition of Hakin9! What do we have this month? A little bit of everything. The main article Open Source Android Detection Tools will show you useful software for detecting vulnerabilities. You will learn more about Pi-Hole, that’s used for DNS setup. For Raspberry Pi fans, there is an article which is focused on automation as well. On top of that there’s Ethereum and smart contracts, malware analysis, IoT, DDoS - so many interesting topics to read about this month!

While you relax on your vacation or during your free time, don’t forget to check our newest edition. Every moment is good to learn something new. 

Let’s dive in! 

Hakin9 Magazine

Editorial Team

 

TABLE OF CONTENTS

---

Using a Pi-hole DNS setup for privacy and security

Marcello Gorlani

As network administrators, we know the DNS plays a central role in the operations and security of network infrastructure. As users, we need to know how to manage our access to this service and be aware of the problems that may arise. We’ll start dealing with some specific tools to abstract some general principles and considerations. We’ll concentrate on the server-side solutions so that any client on the network can benefit from them. We’ll use tools (Pi-hole, dnscrypt-proxy) to take advantage of some protocols (DNSSEC, DoH, DoT) that help us solve the different problems and attacks that are identified.

---

Securing Open Source Clouds Using Models

Elena A. Troubitsyna, Irum Rauf

Open source cloud frameworks allow their customers to build their own private Infrastructure as a Service (IaaS). IaaS provides Virtual Machines (VMs) under the pay-per-use business model. The source code of Open Source (OS) clouds is distributed publicly. Moreover, open software is developed in a collaborative manner that makes it a subject of frequent updates. These updates might introduce or remove a variety of features and hence, violate the security properties of the previous releases.

---

Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks

TonTon Hsien-De Huang

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write smart contract and decentralized applications (Dapps). This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attack methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded image. Finally, the encoded image is fed to a convolutional neural network (CNN) for automatic feature extraction and learning, detecting compiler bugs of Ethereum smart contract.

---

Machine Learning DDoS Detection for Consumer Internet of Things Devices

Nick Feamster, Noah Apthorpe, Rohan Doshi

An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this article, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.

---

Performance Evaluation of Cryptographic Ciphers on IoT Devices

Kedar Deshpande, Praneet Singh

With the advent of Internet of Things (IoT) and the increasing use of application-based processors, security infrastructure needs to be examined on some widely-used IoT hardware architectures. Applications in today’s world are moving towards IoT concepts as this makes them fast, efficient, modular and future-proof. However, this leads to a greater security risk as IoT devices thrive in an ecosystem of co-existence and interconnection. As a result of these security risks, it is of utmost importance to test the existing cryptographic ciphers on such devices and determine if they are viable in terms of swiftness of execution time and memory consumption efficiency. It is also important to determine if there is a requirement to develop new lightweight cryptographic ciphers for these devices. This article hopes to accomplish the above-mentioned objective by testing various encryption-decryption techniques on different IoT based devices and creating a comparison of execution speeds between these devices for a variety of different data sizes.

---

Open Source Android Vulnerability Detection Tools

Keyur Kulkarni, Ahmad Y Javaid

Since last decade, smartphones have become an integral part of everyone’s life. Having the ability to handle many useful and attractive applications, smartphones sport flawless functionality and small sizes leading to their exponential growth. Additionally, due to the huge user base and a wide range of functionalities, these mobile platforms have become a popular source of information to the public through several Apps provided by the DHS Citizen Application Directory. Such wide audience to this platform is also making it a huge target for cyber- attacks. While Android, the most popular open source mobile platform, has its base set of permissions to protect the device and resources, it does not provide a security framework to defend against any attack. This article surveys threat, vulnerability and security analysis tools, which are open source in nature, for the Android platform and systemizers the knowledge of Android security mechanisms. Additionally, a comparison of three popular tools is presented.

---

Stimulation and Detection of Android Repackaged Malware with Active Learning

Aleieldin Salem

In this article, I propose the usage of active learning to train classifiers able to cope with the ambiguous nature of repackaged malware. I implemented an architecture, Aion, that connects the processes of stimulating and detecting repackaged malware using a feedback loop depicting active learning. Our evaluation of a sample implementation of Aion using two malware datasets (Malgenome and Piggybacking) shows that active learning can outperform conventional detection techniques and, hence, has great potential to detect Android repackaged malware.

---

Industrial Automation using IoT with Raspberry Pi

Digambar D. Ahire, H. K. Merchant

The Internet of Things (IoT) is propagating and has become a blooming technology in recent years. IoT is the collection of the sensor’s data through an embedded system and this embedded system uploads the data on the internet. There are many challenges to IoT and Industrial Automation, for example, data and service security, trust, data integrity, information privacy, scalability and interoperability automation domain constraints. This article combines the concept of Raspberry Pi industrial workstation and Industrial Automation using IoT. The system uses the Raspberry Pi as controller and server, the programing is done in the Python language. The webpage is designed in HTML, jQuery, Ajax and Flask as framework for rendering the HTML template in Python. All sensor data are collected through the Raspberry Pi. All the useful data are accessed remotely through an Internet of Things platform. Here the blade ageing system of cutter tool is taken as an industrial example and is currently monitored through a the webpage using the Raspberry Pi as a server. This system demonstrates successful measurement of the current consumption of the cutting tool and indicates a need to change the blade if it’s damaged. It also senses the workstation temperature.

---

Data Leak Prevention (DLP) for Intermediate Level Users

Richard Azu

This article will examine data classifications in DLP, vectors of DLP and causes of data leak. The article finally discusses the types of solutions presented by DLP systems. Implementing an effective DLP policy has many variables. It may start with the classification of data and then the identification of the location where the sensitive data resides. Once the location for sensitive data is identified, appropriate policies and labels may be applied to protect it.

---

JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks

Michael Schwarz, Moritz Lipp, Daniel Gruss

Modern web browsers are ubiquitously used by billions of users, connecting them to the world wide web. From the other side, web browsers do not only provide a unified interface for businesses to reach customers, but they also provide a unified interface for malicious actors to reach users. The highly optimized scripting language JavaScript plays an important role in the modern web, as well as for browser-based attacks. These attacks include microarchitectural attacks, which exploit the design of the underlying hardware. In contrast to software bugs, there is often no easy fix for microarchitectural attacks.