University project help

[Guest tabor56]

I'm currently doing a computer networking degree and for my final project I am thinking of doing it based on Smartphone security, I do not have much programming experience (if any) but I am currently looking into doing something involving hacking Android phones over Wi-fi. Is there anyone who uses this forum with experience in this area who would be able to explain the basics of mobile phone hacking?

As I said this is actually a project and im not looking to doing anything naughty, any help would be greatly appreciated.

thanks

[Guest Daz555]

I'm currently doing a computer networking degree and for my final project I am thinking of doing it based on Smartphone security, I do not have much programming experience (if any) but I am currently looking into doing something involving hacking Android phones over Wi-fi. Is there anyone who uses this forum with experience in this area who would be able to explain the basics of mobile phone hacking?

As I said this is actually a project and im not looking to doing anything naughty, any help would be greatly appreciated.

thanks

Well you would need to start by hacking WEP, WPA and WPA2 as a minimum as if you don't get though the wireless protocols first you are onto a non starter. Anyway, why not learn the basics on how to SECURE a modern smartphone?

Edited August 26, 2010 by Daz555

[Guest tabor56]

Thanks, yeah well the project will contain a report with security recommendations. At the moment i'm ljust testing the water to see what is feasible, I start back next month but will look into hacking wireless protocols :-)

[Guest Azurren]

Perhaps you should think smaller..

So far no one has been able to hack into android (Without the phone already being rooted and with the hackers app installed. Even then it is limited)

Anything android related would require extensive programming and Kernal knowledge :huh:

[Guest rjm2k]

Since android is based on the linux kernel, any exploits/flaws in the wifi/networking there may also exist in android, however android is used on portable, always on devices which move around more and therefore may be more prone to attack than say a laptop that stays at home. It would be far easier for someone to sit in a shopping centre picking up victims than driving around the streets trying to find devices so it changes the game a little.

[Guest Stevos]

I am not an expert on this, so treat these as ideas or a basis for further research, possibly ineffective or wrong. Also don't actually do this outside of a lab exercise environment, as it is potentially *very very very* illegal - but as an academic exercise or demonstration:

I would expect that by far the most successful and easiest forms of attack would be man-in-the-middle type.

People love to use free wifi. Set up a honeypot wifi point with a plausible name, and log all passing data. In some cases you might (theoretically - really don't do this!) sniff out usernames and passwords for web / cloud / email services where these have not been encrypted over SSL or similar. Especially anyone using POP3 or similar (Most webmail stuff will use SSL for logins I think). If you were feeling really adventurous you could attempt to block or jam an existing wifi point and run one with the same name, but that's just a bonus. As a further idea, perhaps your rogue wifi point could spoof web responses and DNS lookups for common sites to catch more login credentials. You'd get certificate errors or run without SSL, but how many people would carry on regardless or not notice?

Once you've gained access to an email system, you might then be able to access other related accounts for secured services (either by looking at previously sent mail containing login credentials, or by requesting password reminders be sent, then catching them as they come in on email.)

This is applicable to any device using wifi, not just to android.

Breaking and sniffing WEP / WPA would lead to similar results, but unless you need to access data from a specific target, it's probably unnecessary. Alternatively you could just sniff and log stuff on unsecured public coffeeshop-type wifi for (probably) the same sort of results.

Since much smartphone data is kept in the cloud, this seems like arguably a better line of attack than targeting the device directly, however another potentially fruitful avenue of attack is publishing apps with "undocumented" data logging and transmitting features. Some people will install any crap if it allows them to work at a virtual farm etc...

With an app based attack you would have to work within the security framework provided by the platform (app permissions displayed on installation etc) unless you could find a way of bypassing it. AFAIK nobody has managed to do this on Android, but also AFAIK the iPhone has no permissions based system to control app behaviour (it might not actually let apps access useful / private data at all anyway ? Not sure), It could be worth looking at how the different platforms deal with these security issues and comparing them as part of the project.

Edited August 26, 2010 by Stevos

[Guest tabor56]

Thanks alot for the replies guys, really helpful. I think the honeypot idea is a good one. I think we have to set up different scenarios and I was thinking about pubs that use open wi-fi, so i could set up a demonstration where I have a spoof wi-fi hotspot with the same ip as the pubs wi-fi.

[Guest rjm2k]

Thanks alot for the replies guys, really helpful. I think the honeypot idea is a good one. I think we have to set up different scenarios and I was thinking about pubs that use open wi-fi, so i could set up a demonstration where I have a spoof wi-fi hotspot with the same ip as the pubs wi-fi.

One thing you could look at is android phones making it much easier for pretty much anyone to sniff wifi networks without raising much suspicion, simply install something like Shark and away you go.

[Guest tabor56]

hmm weird shark for root resets my phone whenever i try to use it :huh: