5 things to know about Android Hacking and how to prevent
1. Installing unlocked bootloader
- A boot loader is the first program that runs when you boot your device. Boot loader takes care and initiates your hardware and Android kernel. Without this program, our device doesn't boot.
- To run custom images on your device, boot loader has to be unlocked first before we proceed with it. Even when you want to root a device with a locked boot loader, it requires unlocking it first.
fastboot oem unlock "OEM_CODE"
Installing recovery softwares like TWRP or CF.
https://dl.twrp.me/t03g/
2. Rooting the device
- Android is built on top of Linux Kernel.Linux, we see two types of user accounts – normal user accounts and root accounts.
- Normal user accounts usually have low privileges and they need permission from root to perform privileged operations such as installing tools, making changes to the Operating System, and so on.
- Whereas root accounts have all the privileges such as applying updates, installing software tools, ability to run any command, and so on. Essentially, this account has granular control over the whole system.
- Device can be rooted by installing unlocked bootloader. If the device is rooted, which means normal user account gets root privileges, any apps can have access to /data and steal all your valuable data.
- Installing the Super Su app to root the phone on unlocked bootloader https://download.chainfire.eu/396/supersu/
3. Threat from Android app or framework
- Many mobile applications store sensitive data on the device without any encryption. A malicious application may gain access to this data if the device is rooted/jailbroken.
- Mobile applications when developed with no security controls in mind can become vulnerable to various attacks. Examples of such mistakes include, exported content providers, exported activities, client side injection, and so on.
- It is possible that an app may unintentionally leak sensitive data to an attacker. This requires extra attention from the developer. The code he uses for logging during the development phase must be removed and he must make sure that no data is prone to leaks.
- With Android, native apps that are developed for the android platform can be easily reverse engineered and the Java source code can be easily viewed. It allows an attacker to view the source code as well as any sensitive data that is hard coded in the code. It is also possible to modify the code in the application and re-compile it and then distribute the apps in third party markets.
4. Threat from Server
- Web services are almost similar to web applications. It is possible that web services can be affected with all the common vulnerabilities that a normal web application can have.
- Authentication/Authorization:
- Session management: Session management in mobile platforms is typically done using an authentication token. When the user logs in for the first time, he will be given an authentication token, and this will be used for the rest of the session. If this authentication token is not properly secured till it's destroyed, it may lead to an attack. Killing the session at the client side but not at the server is another common problem that is seen in mobile apps.
- Weak cryptography: Cryptography is another area where developers commit mistakes during their development.
- Improper error handling: Errors are attractive to attackers.
- Attacks on the database: It is also important to notice that attackers may get unauthorized access to the database directly
5. Network level access to the apps
- Man in the Middle (MitM) attacks are one of the most common attacks on mobile devices, as users tend to connect to public Wi-Fi networks so often. Being able to perform MitM on a device not only provides data to the attacker when the user transmits it over an insecure network, but also provides a way to tamper with his communications and exploit vulnerabilities in certain scenarios.
- It is common that users install apps from the app store for their daily needs. When apps that provide network-level access to Android devices are installed on the phone, users must be cautious about who can access these devices and what data is accessible.
- It is quite common for end users to join publicly available networks at coffee shops and airports where an attacker may sit in and eavesdrop on the data using tools like burp proxy, MITM proxy, SSL MitM (short for Man in the Middle attack) proxy, and so on.
Some of the tip to prevent from phone getting hacked
Set up your lock screen
Never join an unsecure network
Set up phone storage encryption
Do not allow unknown sources for installation
Install an anti-malware app
Avoid using public Wi-Fi
Configure Bluetooth settings properly
Never root your device
0 comments:
Post a Comment