and Security Testing Shawn Valle gmail. com May 2013

Similar documents
Android Forensics. Investigation, Analysis, Google Android. and Mobile Security for. Andrew Hoog. John McCash, Technical Editor SYNGRESS

Why Android? Why Android? Android Overview. Why Mobile App Development? 20-Nov-18

Android App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore

Android Forensics: Investigation, Analysis And Mobile Security For Google Android PDF

Android Forensics. Presented By: Mohamed Khaled. Thanks to: Ibrahim Mosaad Mohamed Shawky

Introduction To Android

Android Forensics: Simplifying Cell Phone Examinations

IJRDTM Kailash ISBN No Vol.17 Issue

Mobile Forensics: Android Platforms and WhatsApp Extraction Tools

User Guide For Android Ice Cream. Sandwich Tablet >>>CLICK HERE<<<

Android OS. Operating System based on Linux [ ] [Jonas Teuscher, Alex Cuordileone, Cédric Glaus]

Android Overview. Francesco Mercaldo, PhD

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Android Gingerbread Manually Update To Jelly Bean Features

A Comparative Study of Mobile Operating Systems

MOBILedit Forensic Express

Android Gingerbread Manually Update To Jelly Bean Features

Android In Industrial Applications. A Field Report

Ahmed Ali Big fan of Android

Enterprise Ready. Sean Yarger. Sr. Manager, Mobility and Identity. Making Android Enterprise Ready 1

Mobile Devices and Smartphones

Paraben s DS 7.5 Release Notes

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

Android. Lesson 1. Introduction. Android Developer Fundamentals. Android Developer Fundamentals. to Android 1

Manual For Android Jelly Bean Features Vs Ice

Chapter 2: Android Device Basics

Conception of a Master Course for IT and Media Forensics Part II: Android Forensics

Intro. This program can retrieve messages, call logs, pictures, contacts, apps, calendar events, s, passwords, deleted data, and much more.

Installing and configuring an Android device emulator. EntwicklerCamp 2012

Copyright

Manual For Android Jelly Bean Features Samsung Galaxy S3 Release Date

Instruction How To Use Wifi In Mobile Samsung Galaxy Y Duos S6102

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

1. SUPPORT PLATFORMS 2. INSTALLATION GUIDE Install Android SDK

1) What is the difference between Mobile device testing and mobile application testing?

Android Forensics: Automated Data Collection And Reporting From A Mobile Device

Manual Android Jelly Bean Features Samsung Galaxy S3 Release Date

Securing Today s Mobile Workforce

TREND REPORT: Q State of Mobile Device Repair & Security

SD Module- Android Programming

Copyright

AccessData offers a broad array of training options.

AT&T Developer Program

Mobile Security using IBM Endpoint Manager Mobile Device Management

Mobile Security Trends. Gregg Martin, Director, Mobile Security

What is Android? Android is an open-source operating system (OS) used in smart devices

Mobile Devices Villanova University Department of Computing Sciences D. Justin Price Spring 2014

Manual Upgrade Android 4.3 Samsung Galaxy S3 Release Date Uk

Mobile Millennium Using Smartphones as Traffic Sensors

An overview of. Mobile Testing. By André Jacobs. A Jacobs

Extending Enterprise Applications to Mobile - Key Considerations. Zensar Technologies Sep 2011

Forensic Analysis of Smartphones: The Android Data Extractor Lite (ADEL)

one_mobile User Guide

Android - open source mobile platform

Topics. Ensuring Security on Mobile Devices

Manual Flash Install Android Adobe Tablet >>>CLICK HERE<<<

Manual Android Tablet Samsung Galaxy g

Manual Update Motorola Droid 2 Global Ics >>>CLICK HERE<<<

Android Development Tools = Eclipse + ADT + SDK

Root User Guide Android Jelly Bean Operating System

Android. Michael Greifeneder. Image source: Android homepage

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:

SSDD and SSDF Handset seizure Paraben * Seizure test SE K850, SE Xperia

Manual For Android Jelly Bean S3 Release

Lecture 1 - Introduction to Android

Sprint Samsung Galaxy S2 Manual Update Problem Kies

Manual Update Android 4.3 Samsung Galaxy S3

Manual Android Galaxy S2 Update Update What's News

Manual Android Htc Hd2 2.2 Froyo Roms Builds

Manual For Android Tablet 4.0 3g Sim Slot In

Gps User Manual Pdf Samsung Galaxy S4 Mini Gt-i9190

A STUDY OF ANDROID OPERATING SYSTEM WITH RESPECT WITH USERS SATISFACTION

Developer s overview of the Android platform

Android System Development Training 4-day session

MONTHLY DATA REPORT: GOOGLE IO May 2016

Verizon Manual Apn Settings For Straight Talk Iphone Mms

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Manual Android 2.3 Update For Tablet Pc Applications

2. Install The AirWatch App Once connected to the internet, download and install the AirWatch MDM Agent app from the Apple App Store.

Proactive Forensic Support to Android Device

Samsung Mobile Via Usb

FORENSIC ANALYSIS OF WECHAT

Training Management System

Ace S5830i With Ics Android 4.0

Manually Adobe Flash Player For Android Phone 4.0 4

Manually Install 2.2 Update Android To 4.0 In

Mobile OS Landscape. Agenda. October Competitive Landscape Operating Systems. iphone BlackBerry Windows Mobile Android Symbian

International Journal of Mathematics & Computing. Research Article. Received April 07, 2015; Accepted April 16, 2015; Published June 25, 2015;

Logical acquisition of iphone without Jail Breaking

MOBILE OPERATING SYSTEM

Brief Intro on Mobile Platforms and Dev. Tools

ELET4133: Embedded Systems. Topic 3 Eclipse Tour & Building a First App

gaiatest Documentation

Flash Player Manually For Android Apk Descargar

UNIT:2 Introduction to Android

Now SMS/MMS Android Modem Quick Start Guide

Mastering Mobile Web with 8 Key Rules. Mastering Mobile Web with 8 Key Rules

Flash Player Manually For Android Tablet 2.2 Gratis

Android Jelly Bean Manual Install Application On Sd Card

Flash Player Manually For Android Htc Wildfire S

Transcription:

and Security Testing Shawn Valle shawnvalle @ gmail. com May 2013

Introductions 16 years in IT and security (CISSP, MCP, LCP) Co-established FFRDC s Mobile Security Practice in 2010, leading engineering and coordination in several mobile computing projects Course developer / trainer at IBM s Catapult Software Training & independently JavaScript, HTML, web app development, content management, identity management, Lotus Domino Began working with mobile computing in 2006 (PalmOS app/rom development) http://bit.ly/androidtempe 2

Agenda Two day course overview Quick review of Android ecosystem Android forensics introduction Where to find most forensic data How to analyze it 3

Course Breakdown 1. Extract and analyze data from an Android device 2. Manipulate Android file systems and directory structures 3. Understand techniques to bypass passcodes 4. Utilize logical and physical data extraction techniques 5. Reverse engineer Android applications 6. Analyze acquired data 2 days ~7 hour days ~4 hours of hands-on exercises image source: via.com 4

4 Majors Areas Covered Digital / Mobile Tech and legal Linux Basics Android OS and App Security Tools Commercial and Open 5

Who? 6

Prerequisites Introduction to Android Development and / or Introduction to Linux 7

What is Mobile Android & Why Should I Care? The acquisition and analysis of data from devices. Internal corporate investigations, test & evaluation, civil litigation, criminal investigations, intelligence gathering, and matters involving national security. Arguably the fastest growing and evolving digital forensic discipline, offers significant opportunities as well as many challenges. http://bit.ly/androidtempe 8

Overview & History Operating System 3Q12 Market Share (%) 3Q11 Market Share (%) Android 72.4 52.5 25.3 ios 13.9 15 16.6 BlackBerry 5.3 11 15.4 Symbian?? 16.9 26.3 Windows?????? 3Q10 Market Share (%) Android Worldwide Smartphone Sales to End Users http://mobileworldcongress.blogspot.com/2013/01/mobile-giants-want-slice-of-google-and.html 9

Legalities Possibility of Android devices being involved in crimes Easily cross geographical boundaries; multi-jurisdictional issues Forensic investigator should be well aware of regional laws Data may be altered during collection, causing legal challenges Fully document justification for data modification Never do anything you learn in this class on your companies / customers devices or apps, without written consent You've been warned! http://www.forensicfocus.com/downloads/windows-mobile-forensic-process-model.pdf 10

in five minutes http://bit.ly/androidtempe 11

Overview & History Date July 1, 2005 November 12, 2007 September 23, 2008 February 13, 2009 May 20, 2010 December 6, 2010 February 2, 2011 November 14, 2011 July 9, 2012 November 13, 2012 Event Google acquires Android, Inc. Android launched Android 1.0 platform released Android Market: USA takes paid apps Android 2.2 (Froyo) released Android 2.3 (Gingerbread) released Android 3.0 (Honeycomb) released Android 4.0 (Ice Cream Sandwich), 3.0 source released Android 4.1 (Jelly Bean) released Android 4.2 (Jelly Bean with SEAndroid) released http://bit.ly/androidtempe 12

Devices 1.5 million Android devices activated daily 650,000 increase per day over just one year ago Same time in 2011, 500,000 increase per day over 2010 http://bit.ly/androidtempe 13

Fragmentation 6 different Android OS versions in circulation Fragmentation Testing challenge http://en.wikipedia.org/wiki/file:android-dist-by-dessert.png 14

Apps 750,000 apps in Google Play 25 billion (with a b) downloads Apple maintains tight control over their App Store Google requires very little review to publish an app in Google Play 15

Open Source Project The Android Open Source Project (AOSP) is led by Google, and is tasked with the maintenance and development of Android. It is good experience to download and install AOSP from source. Not critical for all forensics analysts to get this deep into Android. May be helpful for deep analysis. We won t be doing that in this course see Android Internals course Android http://en.wikipedia.org/wiki/android_(operating_system)#android_open_source_project 16

http://viaforensics.com/services/mobile-forensics/android-forensics/ 17

Android & Relatively new, emerged in ~2009 Best known expert in the field is Andrew Hoog Other leaders in the Android security field include Jon Oberheide and Zach Lanier Community is rapidly growing Applied areas: In-house investigations on pilot / prototype apps Penetration tests Vulnerability assessments Security research http://bit.ly/androidtempe 18

Got Android? http://developer.android.com/guide/basics/what-is-android.html 19

http://www.geeky-gadgets.com/wp-content/uploads/2010/08/android3.jpg 20

Hardware - core CPU Radio Memory (RAM & NAND Flash) GPS WiFi Bluetooth SD Card Screen Camera(s) Keyboard Battery USB Accelerometer / Gyroscope Speaker Microphone SIM http://bit.ly/androidtempe 21

Samsung Vibrant Galaxy S Android Android 2.2 (Froyo) /dbdata /data Wear leveling Source: Mark Guido, MITRE

Android Tools Needed Android SDK (Software Development Kit) Though we are not going to use any of the development tools for device forensics AVD (Android Virtual Device) ADB (Android Debug Bridge) http://bit.ly/androidtempe 23

http://www.geeky-gadgets.com/wp-content/uploads/2010/08/android3.jpg 24

Android Debug Bridge One of the most important pieces of Android forensics. Best time to pay attention is now. Android Debug Bridge (ADB) Developers use this, forensic analysts and security analysts rely on this. http://bit.ly/androidtempe 25

USB Debugging Enable USB debugging on device Applications > Development > USB Debugging This will run adb daemon (adbd) on device. adbd runs as a user account, not an admin account. No root access. Unless your device is rooted, then adbd will run as root. If the device is locked with a pass code, enabling USB debugging is difficult. http://bit.ly/androidtempe 26

USB Debugging http://theheatweb.com 27

ADB Components Three components adbd on device adbd on workstation adb on workstation adb is free, open-source, and our primary tool for Android forensics http://bit.ly/androidtempe 28

ADB Devices To identify devices connected, use command adb devices http://bit.ly/androidtempe 29

ADB Shell To open an adb shell on an Android device, use command adb shell Gives full shell access directly on device. Once we learn more about file system and directories, adb shell will get you much of the data needed for forensic analysis http://bit.ly/androidtempe 30

ADB Shell example Full list of adb commands at http://developer.android.com/guide/developing/tools/adb.html http://bit.ly/androidtempe 31

http://www.geeky-gadgets.com/wp-content/uploads/2010/08/android3.jpg 32

Data Gathered and Android Analyzed SMS History Deleted SMS Contacts (stored in phone memory and on SIM card) Call History Received Calls Dialed Numbers Missed Calls Call Dates & Durations Datebook Scheduler Calendar To-Do List File System (physical memory) System Files Multimedia Files Java Files / Executables Deleted Data Notepad More... GPS Waypoints, Tracks, Routes, etc. RAM/ROM Databases E-mail Page 33 http://bit.ly/androidtempe

What Data? Apps shipped with Android (with the OS) eg. Browser Apps installed by manufacturer eg. Moto Blur Apps installed by wireless carrier eg. CarrierIQ Additional Google/Android apps eg. Google Play, Gmail Apps installed by the user, from Google Play or elsewhere http://bit.ly/androidtempe 34

Important Directories /data/data - Apps data generally installed in a subdirectory Example: Android browser is named com.android.browser, data files are stored at /data/data/com.android.browser http://bit.ly/androidtempe 35

Common Subdirectories /data/data/<app package name>/ shared_prefs lib files cache databases XML of shared preferences Custom library files required by app Developer saved files Files cached by the app SQLite databases and journal files http://bit.ly/androidtempe 36

Data Storage Methods We will be exploring these methods Shared preferences Internal storage External storage SQLite Source: Android, Hoog http://bit.ly/androidtempe 37

Shared preferences Key-value XML data use cat command to view files http://bit.ly/androidtempe 38

Can be source of data http://bit.ly/androidtempe 39

Shared preferences example Android device security application Exploring shared_prefs, and SDPrefs_V2.xml, my user name and password are stored in the clear 40

Shared preferences example MDM product Stores entire connection string, including user name, domain, and password in clear text 41

Internal storage Common file systems used: ext3, ext4, yaffs2. By default, files stored in /data/data are encrypted, accessed only by the application. Commonly root access is needed to access these files. http://bit.ly/androidtempe 42

Internal storage Notice user app_84 is the owner. That user was created when Google Maps was installed There s a lot of potential rich forensic maps data in these directories http://bit.ly/androidtempe 43

External storage External storage (SD Card) have less permission restrictions. FAT32 does not have fine-grain permissions of other file systems. http://bit.ly/androidtempe 44

SQLite Lightweight open-source relational database Entire database contained in a single file Generally stored on internal storage at /data/data/<packagename>/databases Browser subdirectories contain valuable data http://bit.ly/androidtempe 45

SQLite commands sqlite3 <database name>.tables select * from <table name> CTRL+Z Runs SQLite Lists available tables Displays table contents Exits SQLite http://bit.ly/androidtempe 46

SQLite example These directories all contain one of more databases of interesting data for analysis. Contents include (app_geolocation) GPS positions for tracking where the device has traveled, (databases, app_databases and app_cache) stored data from visited web sites/apps. http://bit.ly/androidtempe 47

Forensically Thinking Now that we have some idea of how to locate data Time to start thinking about identifying potential interesting data, forensically thinking What you might look for: Time stamps when was something modified, when did an event occur User Information locate user names and/or passwords in insecure prefs/logs. Locate user authentication times in log files. Image files identify.jpeg or other picture files, for later assessment of the picture. SD Card Files look for files saved to SD Card Call logs Who has the user been calling / receiving calls from http://bit.ly/androidtempe 48

Learning Objectives By the end of this course, you will be able to: Extract and analyze data from an Android device Manipulate Android file systems and directory structures Understand techniques to bypass passcodes Utilize logical and physical data extraction techniques Reverse engineer Android applications Analyze acquired data http://bit.ly/androidtempe 49

Wrapping Up Many more areas to uncover and tools to explore Registration http://bit.ly/androidtempe Contact Info Shawn Valle shawnvalle at gmail dot com 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback