CEH 17- Hacking Mobile Platforms

By

Everyone interested in hacking mobile. 

But it is illegal to hack a mobile without the permission of the owner. 

Here hacking mobiles, just to bring awareness on mobile hacking and protect yourself.

Before hacking mobiles, first we need to know some basics of mobiles and its working. So let's get started.

Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

What is Mobile Phone?

  • A mobile phone, cellular phone, cell phone, cellphone or hand phone, sometimes shortened to simply mobile, cell or just phone.
  • It is a portable telephone that can make and receive calls over a radio frequency link while the user is moving within a telephone service area.
  • Mobiles Phone uses operating system like Android OS, iPhone OS / iOS, Windows OS etc.

Mobile Operating System:

  • A mobile operating system is an OS that is specifically designed to run on mobile devices such as mobile phones, smartphones, PDAs, tablet computers and other handheld devices. 
  • Mobile operating systems combine features of a personal computer operating system with other features useful for mobile or handheld use. 


List of Mobile OS:

  1. Android OS
  2. iPhone OS / iOS
  3. BlackBerry OS
  4. Windows Mobile
  5. Palm OS
  6. Symbian OS

1. Android OS: 

  • Android is a mobile operating system developed by Google. 
  • Based on a modified version of the Linux kernel and other open source software and designed primarily for touchscreen mobile devices such as smartphones and tablets. 

Android Architecture: 

  • Android Architecture is implemented in the form of a software stack.
  • Architecture consisting of a Linux kernel, a run-time environment and corresponding libraries, an application framework and a set of applications.

2. iPhone OS (IOS): 

  • iOS is a mobile operating system created and developed by Apple Inc. 
  • It is distributed exclusively for Apple hardware. 
  • It is a proprietary operating system which runs on Apple mobile devices (iPhone, iPad, and iPod touch).

iOS Architecture: 

  • The architecture of iOS is a layered architecture. 
  • At the uppermost level iOS works as an intermediary between the underlying hardware and the applications running on the device. 
  • Apps communicate with the hardware through a collection of well-defined system interfaces instead of directly interacting with hardware. 
  • Interfaces make it simple to write apps that constantly work on devices having various hardware abilities. 

Hacking Mobile Platforms

Basic Terms in Mobile Hacking:

1. Stock ROM: 

  • It is the default ROM (operating system) of an Android Device. 

2. Rooting: 

  • Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. 

3. Lineage OS: 

  • Lineage OS is a free and open-source operating system for smartphones and tablet computers, based on the Android mobile platform. 
  • It is the successor to the custom ROM Cyanogen Mod. 

4. Bricking Mobile: 

  • A device that does not turn on and function normally. 

  • The bricked device cannot be fixed through normal procedures. 

  • Devices are bricked due to overwriting of the Firmware or low-level system software. 

5. Bring Your Own Device (BYOD): 

  • Bring your own device (BYOD) is a business policy that allows employees to bring their mobile devices to their workplace. 

Mobile Platform Vulnerabilities and Risks: 

  • Malicious Apps in Store. 

  • Mobile Malware. 

  • Jail-breaking or Rooting. 

  • Mobile Application Vulnerabilities. 

  • Weak Data Security and App Encryption. 

  • Excessive Permissions. 

  • Weak Communication Security

Hacking Android Device:

1. Hacking Android By using Malicious App Infection. 

  • Dendroid
  • Droid Jack
  • AndroRAT

2. Using Kernel Level Vulnerabilities to Exploit Mobile Devices. 

  • Stage Fright

Mitigations: 

  • Do not directly download Android Package Files from untrusted websites. 
  • Install applications from trusted application stores.
  • Update the operating system regularly.
  • Deploy only trusted third-party applications on iOS devices. 
  • Use iOS devices on a secured and protected WiFi network.
  • Configure ‘Find My iPhone’ and utilize it to wipe a lost or stolen device. 
  • Never root your Android device.
  • Do not load too many applications and avoid auto-upload of photos to social networks.
  • Securely wipe or delete the data disposing of the device.
  • Turn of Bluetooth if it is not necessary.
  • Do not share the information within GPS-enabled apps unless they are necessary.
  • In the case of IT companies, it is important to educate employees in the organization about the BYOD policy. 

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more