There are currently 2.3 billion smartphones in the world, and that is expected to grow to 6.1 billion by 2020, when there will be 7.3 billion people, almost one smartphone per person. This means that attacks on smartphones will be a prime target for hackers because they generate a huge amount of personal information about their users and will be a key entry point for companies and organizations in the future.
In this article, I’ll explore the various ways you can attack a smartphone, although the methods often vary by operating system (iOS, Android, Windows Phone, etc.). Since Android is the most widely used operating system (currently 82.8% of the market), Apple’s iOS has 13.9%, Microsoft’s Windows Phone has 2.6%, and BlackBerry’s OS is a pitiable 0.3% of the market. Its latest devices also run Android, so this article will focus on Android hacks.
I’m going to create a secure virtual environment where I can test various hacks. First, I’ll build some Android virtual appliances. Second, I will download and install the Pentest framework for my smartphone. The framework, funded by the US Department of Defense and built by Georgia Weidman herself, is the best tool to build and test for smartphone vulnerabilities.
Now, let me start building and deploying the Android virtual appliance.
Step 1: Open the terminal
Of course, to get started, you need to install Kali Linux and open your terminal.
Step 2: Install the required libraries
In order to run these Android virtual devices on a Debian 64-bit operating system (such as Kali), I need to install several keystores that are usually not included with the system by default. Luckily, you can just type kali>apt-get install lib32stdc ++ 6 lib32ncurses5 lib32zl
These libraries can be easily found on Kali without further installation.
With these three libraries, I can now install the Android Software Development Kit (SDK).
Step 3: Install the Android SDK
Using the Iceweasel browser that comes with Kali, I was able to go directly to the Android SDK website and download the Android SDK tools. One caveat: Make sure you download the Linux suite. You can download and install Windows or Mac suites and then test these virtual appliances in Kali, but that makes things more complicated. So for simplicity, I found a way to do it directly on Kali.
Once the download is complete, you can use Kali’s built-in GUI archive tool or the command line to extract it.
Step 4: Access the tool directory
Next, I need to type kali> CD /android-pentest-framework/ SDK /tools to go to the tools directory under the SDK directory.
Once I’m in the tools directory, JUST type kali>./android to run the Android application.
At this point, the SDK Manager opens the GUI as described above. For now, I’ll download Android 4.3 and Android 2.2 to practice. Don’t be afraid to make sure the two operating systems appear in the list. If they exist, select them and click the “Install XX Packages” button. The SDK will then automatically download both operating systems to your Kali.
Step 5: Android Virtual Device Manager
With all the packages downloaded, I now need to build my Android virtual appliance. From the SDK Manager above, choose Tools -> Manage AVD and the Android Virtual Device Manager interface will appear as shown below.
Click “Create” to open the following interface. Create two Android virtual devices, one for Android 4.3 and one for Android 2.2. For convenience, I’ll just call the devices Android 4.3 and Android 2.2.
As shown above, select the Nexus 4 device and the corresponding target (API 18 for Android 4.3 and API 8 for Android 2.2) under the Skin option, Please select Skin with Dynamic Hardware Controls. The rest of the options don’t need to be changed, the default Settings are fine. However, on the SD card option, set the value to 100MiB.
Step 6: Start the Android virtual device
After creating two Android virtual devices, the Android Virtual Device Manager should use two devices:
Select one of the virtual devices, and then “Start”.
At this point, the Android emulator will launch and build your Android virtual device. Please be patient, this may take some time. When you’re done, your virtual device will appear on Kali’s desktop.
Step 7: Install the Pentest framework
You can download it from https://github.com/georgiaw/Smartphone-Pentest-Framework.git Pentest framework:
Step 8: Start Apache and MySQL
Since you need a Web server and MySQL database, enter the following two commands to start these two services:
kali>service apache2 start
kali>service mysql start
Step 9: Edit the configuration file
Like almost all Linux-based applications, the smartphone Pentest framework is configured through a plain text profile. But the premise is that I need to input kali > CD/root/Smartphone – Pentest – Framework/frameworkconsole into the control platform with a Framework of directory.
Then open the configuration file that comes with your own text editor. For this step, I used the text editor Leafpad on Linux, and just input kali> Leafpad config.
I will need to edit the IPADDRESS variable and the SHELLIPADDRESS variable to show the actual IP address of your Kali system (you can find it by typing “ifconfig”).
Step 10: Start the framework
Now you can launch the Pentest framework for your smartphone. Just type kali>./framework.py.
This opens the frame menu as shown below.
So far, the Android penetration test environment has been built.
www.4hou.com/technology/…