Hacking Mobile Platforms - Hacking Android OS

What provides device administration features at the system level?

Device Administration API

What allows developers to create security-aware applications that are useful in enterprise settings, where IT professionals require strong control over employee devices?

Device Administration API

What policies are supported by the Device Administration API?

Password policies, require storage encryption, disable camera

What does the Device Administration API let you perform?

Prompt user to set a new password ▪ Lock device immediately ▪ Wipe the device’s data (i.e., restore the device to its factory defaults)

What is the goal of rooting Android?

Overcome the restrictions imposed by hardware manufacturers and carriers, thereby resulting in the ability to modify or replace system applications and settings, run apps that require admin privileges, remove and replace a device’s OS, remove applications pre-installed by its manufacturer or carrier, or perform other operations that are otherwise inaccessible to the typical Android user.

What allows Android users to attain privileged control (known as “root access”) within Android’s subsystem?

Rooting

What command in the rooting process exploits security vulnerabilities in the device’s firmware, copying the su binary to a location in the current process’s PATH (e.g., /system/xbin/su), and granting it executable permissions?

chmod

Which of the following tools allow you to root Android devices?

One Click Root

Which of the following tools allow you to root Android devices?

KingoRoot

What is a tool used to root Android devices? It can be used with or without a PC.

KingoRoot

What does KingoRoot help users root their Android devices to achieve?

Preserve battery life ▪ Access root-only apps ▪ Remove carrier “bloatware”

▪ Customize appearance ▪ Attain admin level permission

Which of the following is an Android rooting tool?

TunesGo

Which of the following is an Android rooting tool?

RootMaster

Which of the following is an Android rooting tool?

Magisk Manager

Which of the following is an Android rooting tool?

KingRoot

Which of the following is an Android rooting tool?

iRoot

What tool to is used to discover various vulnerabilities and attack surfaces on Android devices and apps?

drozer

Which of the following tools is used to launch attacks on Android devices?

zANTI

Which of the following tools is used to launch attacks on Android devices?

Network Spoofer

Which of the following tools is used to launch attacks on Android devices?

Low Orbit Ion Cannon (LOIC)

Which of the following tools is used to launch attacks on Android devices?

DroidSheep

Which of the following tools is used to launch attacks on Android devices?

Orbot Proxy

What is a security feature in Android devices designed to prevent unauthorized access to lost or stolen devices?

Factory Reset Protection (FRP)

What tool is used to bypass FRP (Factory Reset Protection)?

4ukey

What tool is used to bypass FRP (Factory Reset Protection)?

Octoplus FRP

What are the steps to bypass FRP on Android devices?

Step 1: Launch 4uKey and connect the locked Android device to the computer → Click on the "Remove Google Lock (FRP)" option

▪ Step 2: Select the correct operating system (OS) version of the Android device

▪ Step 3: Click on “Start“ button to initiate the process of removing the Google Account Lock (FRP)

▪ Step 4: Now follow the on-screen instructions to bypass FRP on Android device

▪ Step 5: Upon successful completion, you will receive a notification window displaying the message “Bypassed Google FRP Lock Successfully”

What is an Android application that allows you to perform attacks, such as spoof MAC address, creating a malicious Wi-Fi hotspot, and hijack session?

zANTI

What provides a comprehensive suite of tools that helps attackers to conduct various attacks such as Human Interface Device (HID) keyboard attacks, BadUSB attacks, etc? This tool also allows attackers to generate custom payloads using Metasploit to compromise the target network.

Kali NetHunter

What is a mobile application that allows attackers to perform DoS/DDoS attacks on the target IP address? This application can perform UPD, HTTP, or TCP flood attacks.

LOIC (Launch DoS Attack using Low Orbit Ion Cannon)

What is a proxy app that empowers other apps to use the Internet more privately? It uses Tor to encrypt your Internet traffic and then hides it by bouncing it through a series of computers around the world. Attackers can use this application to hide their identity while performing attacks or surfing through target web applications.

Orbot Proxy

What is a command-line tool that allows attackers to communicate with the target Android device?

Android Debug Bridge (ADB)

If the target Android device has TCP debugging enabled on port 5555, attackers can use what tool to perform various malicious activities on the target device, such as screen capture, dumping system info, viewing running applications, port forwarding, installing/uninstalling any application, and turning Wi-Fi On/Off?

PhoneSploit Pro

What attack occurs when applications do not incorporate proper security measures against usage of the device’s external storage?

man-in-the-disk (MITD) attacks

What vulnerability leads to the installation of potentially malicious apps on the user’s device, thereby blocking access to legitimate apps?

man-in-the-disk (MITD) attacks

What attack allows Android apps to record loudspeaker data without any privileges?

Spearphone attack

What allows attackers to eavesdrop on loudspeaker voice conversation between remote mobile users by exploiting hardware-based motion sensor, i.e. accelerometers?

Spearphone attack

What allows attackers to use custom or in-built exploits and payloads for exploiting the target Android device and obtain sensitive information?

The Metasploit Framework

After establishing a meterpreter session using Metasploit, attackers use what commands to gather sensitive data from the target Android device?

sysinfo, ipconfig, pwd, ps

What is a task an attacker can perform while analyzing a connected Android device?

Accessing the Android Device through Shell

What technique involves the attacker connecting to an Android device over Wi-Fi instead of using a USB cable. This approach requires both the attacker’s machine and the target Android device to be on the same Wi-Fi network?

Accessing the Android Device through Shell

What is a task an attacker can perform while analyzing a connected Android device?

Enumerate the List of Installed Applications

What commands can be used to perform an enumeration attack on an Android device?

adb commands

What is a task an attacker can perform while analyzing a connected Android device?

Disassemble the Targeted App Package

What command allows an attacker to disassemble the targeted app package on an Android device?

apktool command

What is a task an attacker can perform while analyzing a connected Android device?

Monitoring Logs

What can Attackers use to store the logs of a targeted Android device?

logcat command-line tool

What is a task an attacker can perform while analyzing a connected Android device?

List Out the Open Files

What command can an attacker use to list open files based on the running process ID?

# lsof -p <pid>

What is a task an attacker can perform while analyzing a connected Android device?

List Out the Open Connections

What command could an attacker use to obtain information about the network activity by specifying the process ID?

# netstat -p | grep <pid>

What is a task an attacker can perform while analyzing a connected Android device?

Signing and Installing Malicious APK

What tool can be used to sign an APK?

apksigner

What is a type of phishing scam that occurs due to security flaws in the latest Android-based smartphones mostly manufactured by Samsung, Huawei, LG, and Sony? The attacker can perform this attack using any low-priced USB modem and tricking the user into accepting the new settings, i.e., malicious settings, in the mobile device, which can redirect the user’s data to the attacker.

Advanced SMS phishing attack

What allows applications to perform operations only after validating trusted certificates and public keys?

Bypass SSL Pinning

What techniques can a threat actor use to bypass SSL pinning?

Reverse engineering and hooking

What tools can a threat actor use to bypass SSL pinning?

Apktool, Frida, keytool, and Jarsigner

What allows an attacker to tamper with the runtime behavior of an application?

Hooking

What tool allows an attacker to alter the runtime code?

Frida

What is a novel attack technique that exploits NFC-enabled Android devices? This attack targets NFC technology and RX electrodes used in the capacitive touchscreens of mobile devices.

Tap ’n Ghost

What uses the NFC feature that can trigger the Android device to visit a specific URL without the victim’s consent using the NFC tag emulator?

Tag-based Adaptive Ploy (TAP)

What works by forcing the victim to touch the cancel button, which does the work of the permit button? Thus, the attacker can trick the victim into granting remote access to the smartphone without the victim’s knowledge.

Ghost Touch Generator

What is an Android banking Trojan that masquerades as the Chrome browser application, aiming to deceive users into unwittingly downloading and installing the Trojan?

Mamont

Which of the following is Android malware?

SecuriDropper

Which of the following is Android malware?

Dwphon

Which of the following is Android malware?

DogeRAT

Which of the following is Android malware?

Tambir

Which of the following is Android malware?

SoumniBot

What provides a full persistent backdoor to the target device as the app starts automatically on device boot up?

AndroRAT

What is an Android post-exploitation tool that leverages the Android Debug Bridge (ADB) to gain remote access to Android devices?

Ghost framework

Which of the following is an Android hacking tool?

hxp_photo_eye

Which of the following is an Android hacking tool?

Gallery Eye

Which of the following is an Android hacking tool?

mSpy

Which of the following is an Android hacking tool?

Hackingtoolkit

Which of the following is an Android hacking tool?

Social-Engineer Toolkit (SET)

What is an open-source application that allows attackers to track, examine, and block connections made by other applications, simulating a VPN to capture network traffic without requiring root access. It also allows attackers to monitor and analyze network traffic on Android devices?

PCAPdroid

Which of the following is Android-based sniffers?

NetCapture

Which of the following is Android-based sniffers?

Intercepter-NG

Which of the following is Android-based sniffers?

Packet Capture

Which of the following is Android-based sniffers?

Sniffer Wicap 2 Demo

Which of the following is Android-based sniffers?

Reqable API Testing & Capture

Which of the following is an Android security tool?

Sophos Intercept X for Mobile

What helps you to easily locate your lost Android device and keeps your information safe in the meantime?

Google Find My Device

What is an anti-theft device recovery app for Android that helps you find your lost, stolen, or misplaced mobile phone or tablet?

Find My Phone

What is an Android device tracking tool that allows you to track your phone from anywhere, either with a text-messaged attention word or through the online control center known as Commander?

Where’s My Droid

What can be used by enterprises and mobile app developers to secure their mobile apps from piracy, revenue loss, intellectual property (IP) theft, loss of user data, hacking, and cracking?

Quixxi App Shield

Which of the following is a Android vulnerability scanner?

Android Exploits

Which of the following is a Android vulnerability scanner?

ImmuniWeb® MobileSuite

Which of the following is a Android vulnerability scanner?

Yaazhini

Which of the following is a Android vulnerability scanner?

Vulners Scanner

Security analysts perform what on malicious Android APKs (Android Package) to examine the code without executing the app?

Static Analysis

What is a multipurpose tool that automates malware analysis and security assessment using static and dynamic analysis abilities? Security analysts can use this tool to analyze different mobile app binaries such as APK, XAPK, APPX, and IPA files and extract information such as app permissions, browsable activities, and signer certificates to detect malicious app behavior.

MobSF

What allows you to scan APKs and perform security analysis to detect vulnerabilities in the applications?

Online Android Analyzers

What allows you to analyze various details about APK files? It can decompile binary XML files and resources.

Sixo Online APK Analyzer

Which of the following is online Android analyzers?

ShenmeApp

Which of the following is online Android analyzers?

KOODOUS

Which of the following is online Android analyzers?

Android Apk decompiler

Which of the following is online Android analyzers?

Hybrid Analysis

Which of the following is online Android analyzers?

DeGuard