http://wiki.secmobi.com/tools:android_dynamic_analysis


http://forum.xda-developers.com/xposed/framework-xposed-rom-modding-modifying-t1574401


http://www.sectechno.com/2014/02/02/fino-android-security-assessment-tool/

Posted by bitfox
l

Android is one of the best and most famous operating system for mobile devices, mobile devices is now a important part of our life and we are using it every where in any condition. There are a lot people that are using Wifi on their mobile devices. Look at the past when we had a Firefox ad ons that can hijack Facebook, Twitter and other social networking websites sessions and the tool is called Firesheep, after this we got FaceNiff the purpose is same means session hijacking while Faceniff is for android OS.

Now there is another best tool for Android OS that can hijack session and it called Droidsheep.
What Is DroidSheep ?
DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.
DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only). This software uses libpcap and arpspoof. DroidSheep has been developed with support of the information security team of the University of Trier.

Requirement
You need an android-powered device, running at least version 2.1 of Android  You need Root-Access on your phone (link)  You need DroidSheep


[출처] thehackernews.com

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.
Posted by bitfox
l
삼성 갤2에 잠금 패스워드를 풀수 있는 보안 취약점이 발견되었습니다. 실험대상이 A&T의 삼성 갤럭시 2이라는데..파워버튼과 잠금버튼을 번갈어 가며 사용하면 해지가 된다는 군요 ^^;

내용은 아래와 같습니다.


BGR has uncovered a major security flaw on AT&T’s version of the Samsung Galaxy S II that renders Android’s security lock feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected. Hit the break for details on the flaw.

If you have a PIN or an unlock pattern set, all you have to do in order to bypass it is simply tap the lock button to wake the display and then let the screen time out and go black. Tap the lock button again and low and behold, the unlock screen is gone and the phone can be accessed with no PIN or pattern input whatsoever.



This security workaround exists as long as the phone has been successfully unlocked using the proper pattern or PIN at least one time, so the lock cannot be bypassed immediately after the device is powered on. Of course the first thing a user does after powering on a phone is unlock it, so lost and unattended devices are at risk unless they have been powered off since last being used. Of note, users with Microsoft Exchange security policies don’t seem to be affected.

A Samsung spokesperson responded to BGR’s inquiry, stating that the company is investigating the possible security threat but no further comment is available at this time. An AT&T spokesperson declined to comment.

Additional reporting by Todd Haselton. Updated to reflect that the flaw exists for PIN security as well.

UPDATE: Samsung issued the following statement in regards to the bug:

Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.

Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.


[출처] BGR.com

Posted by bitfox
l

HTC Android Vulnerability - Exposes Phone numbers, Gps, SMS, Emails etc



If you are running a HTC Android smartphone with the latest updates applied, chances are your personal data is freely accessible to any app you have given network access to in the form of full Internet permissions.This vulnerability isn’t a backdoor or some inherent flaw in Android, it is instead HTC failing to lock down its data sharing policies used in the Tell HTC software users have to allow or disallow on their phone. The problem being, not only is your data vulnerable when Tell HTC is turned on, it’s just as vulnerable when it is turned off.

[자세히 보기]




[출처] thehackernews.com

Posted by bitfox
l
권한 상승 취약점과 Samsung Nexus S 스마트 폰에서 나오는 Root 접근 취약점에 대해 동영상으로
친절히(?) 설명하고 있습니다. 빨리 패치되길 바랄뿐....-0-;;





[출처 및 자세히 보기] 유튜브 / 링크

[Notice: 본 글에 대하여 학습 및 보안 강화를 위해 참고하시고, 만약 악의적인 사용시 사용자 본인의 책임을 명시합니다.]
Posted by bitfox
l
안드로이드용 faceniff 프로그램이 나왔다. 세션에 대한 보안 강화를 해야하지 않을까 싶다.
점점 모바일에서 구동되는 해킹 프로그램이 늘어나는 것 같아 우려스럽다.

[주의] 본 자료는 안전성이 검증되지 않은 자료이며, 접근시 바이러스 및 악성코드에 감염될 수 있습니다. 또한 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.


Droidsheep : Android Application for Session Hijacking 


Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports
  • Amazon.de
  • facebook.com
  • flickr.com
  • twitter.com
  • linkdein.com
  • yahoo.com
  • live.com
  • google.de (only the non-encrypted services like "maps")
What do you need to run DroidSheep.?

  • You need an android-powered device, running at least version 2.1 of Android
  • You need Root-Access on your phone (link)
  • You need DroidShep (You can get it in the "GET IT" section)

Download Droidsheep


[출처] http://thehackernews.com/2011/09/droidsheep-android-application-for.html
Posted by bitfox
l

SpyEye Trojan stole $3.2 million from US victims,Android users will be next target !


A Russian cybergang headed by a mysterious ringleader called ‘Soldier’ were able to steal $3.2 million (£2 million) from US citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported and Trusteer reports that an Android variant of Spitmo (SpyEye for mobile) has been discovered. The methodology sounds familiar for those familiar with ZeuS Mitmo and SpyEye Spitmo: infected computers inject a message into targeted netbanks prompting their customers to install software on their phones. Once Spitmo is installed, the SpyEye attacker is able to monitor incoming SMS and to steal MTAN authentication messages.

"His botnet was able to compromise approximately 25,394 systems between April 19, 2011 and June 29, 2011. And while nearly all of the victims were located in the US, there were a handful of victims spread across another 90 countries," it said in a blog post.

Over a six month period from January 2011, Trend found that the Soldier gang had been able to compromise a cross-section of US business, including banks, airports, research institutions and even the US military and Government, as well as ordinary citizens.A total of 25,394 systems were infected between 19 April and 29 June alone, 57 percent of which were Windows XP systems with even Windows 7 registering 4,500 victim systems.

Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern.”Victims included:

  • US Government (Local, State Federal)
  • US Military
  • Educational & Research Institutions
  • Banks
  • Airports
  • Other Companies (Automobile, Media, Technology)
  • C&C Infrastructure
Banking Trojans such as SpyEye and the older Zeus (possibly now merged with SpyEye) have been one of the malware stories of the last year, and have featured in a number of high-profile online crime cases.

Zeus for Android purports to be a version of Trusteer Rapport security software. This social engineering trick is used in an attempt to convince the user that the application they are installing is legitimate.SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a slightly different but similar social engineering technique.

Spitmo was initially detected by F-Secure in April when a variant was used in an attack against a European bank - the Trojan added question fields to the bank's website, asking customers to enter their mobile phone number and the device's IMEI.Sean Sullivan, security advisor at F-Secure, said: “Spitmo.A contains the malicious executable (sms.exe) and another installer, which contains an executable named SmsControl.exe. SmsControl.exe will just display the message ‘Die Seriennummer des Zertifikats: Ü88689-1299F' to fool the user into thinking that the installer was indeed a certificate.“The name SmsControl.exe is quite a coincidence, as a variant of ZeusMitmo used the same name for the file containing the Trojan. Faking the Trojan to be a certificate is also a trick that ZeusMitmo has used. However, the code itself looks completely different than in ZeusMitmo.”


[출처] http://thehackernews.com/2011/09/sshtrix-fastest-multithreaded-sshv1-and.html

[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.
Posted by bitfox
l