Mobile Phone Hacking

Mobile phones and tablets have become an

increasingly common system in enterprise and
government networks, from small organizations to
Fortune 10 companies.
Often, mobile phone deployments grow organically,
adopted by end-users for convenient email access, on
up to the CEO for access to sensitive company
resources and systems.
In other cases, mobile phones and tablets have
become critical systems for a wide variety of
production applications from ERP to project
management.

Phone Hacking
Phone hacking, the practice of intercepting
telephone calls or voicemail messages or
sensitive data without the consent of the
phone's owner

 Whether Apple IPhone or IPad, Windows Phone,

Android or BlackBerry phones or tablets, the use
of mobile devices introduces new risks to an
organization including distributed data storage
and access mechanisms, lack of consistent patch
management and firmware updates, the high
probability of loss or device theft and more.
Mobile software applications are also introducing
new malware and data leakage problems that
expose sensitive data or personally identifiable
information assets.

Android
Android is an open source and Linux-based
Operating System for mobile devices such as
smart phones and tablet computers, TV, Set
Top Box etc.

Features of Android

Architecture
Android operating system is a stack of
software components which is roughly divided
into five sections and four main layers as
shown below in the architecture diagram.

Linux kernel
At the bottom of the layers is Linux - Linux 2.6
with approximately 115 patches. This provides
basic system functionality like process
management, memory management, device
management like camera, keypad, display etc.
Also, the kernel handles all the things that
Linux is really good at such as networking and
a vast array of device drivers, which take the
pain out of interfacing to peripheral hardware.

Libraries
On top of Linux kernel there is a set of libraries
including open-source Web browser engine
WebKit, well known library , SQLite database
which is a useful repository for storage and
sharing of application data, libraries to play
and record audio and video, SSL libraries
responsible for Internet security etc.

Android Runtime
This is the third section of the architecture and
available on the second layer from the bottom.
This section provides a key component called
Dalvik Virtual Machine which is a kind of Java
Virtual Machine specially designed and
optimized for Android.
The Dalvik VM makes use of Linux core features
like memory management and multi-threading,
which is intrinsic in the Java language.

 The Dalvik VM enables every Android

application to run in its own process, with its
own instance of the Dalvik virtual machine.
The Android runtime also provides a set of
core libraries which enable Android
application developers to write Android
applications using standard Java programming
language.

file system
A file system is used to control how data is stored and
retrieved. Without a file system, information placed in a
storage area would be one large body of data with no way
to tell where one piece of information stops and the next
begins. By separating the data into individual pieces, and
giving each piece a name, the information is easily
separated and identified.
The structure and logic rules used to manage the groups of
information and their names is called a "file system".
A file system can be thought of as an index or database
containing the physical location of every piece of data on a
hard drive.
A file system is setup on a drive during a format.

 The Microsoft Windows operating

systems have always supported, and still do
support, various versions of the File Allocation
Table (FAT) file system. In addition to FAT, all
Microsoft Windows operating systems since
Windows NT support a newer file system
called New Technology File System (NTFS).

Yaffs
Yaffs (Yet Another Flash File System) is an
open-source file system specifically designed
to be fast, robust and suitable for embedded
use with NAND and NOR Flash. It is widely
used with Linux, RTOSs, or no OS at all, in
consumer devices.

Android Process Dump

What is DDMS?
Android provides a debugging tool called the
Dalvik Debug Monitor Server (DDMS)
With the help of DDMS:
Process, Thread and heap information can be
monitored on the device.

Demo DDMS

Anti Mobile forensic tools

File Shredding
File shredding is a popular form of data
destruction, where the evidence is rendered
unrecoverable after the application of the
shredding program.
an application designed to permanently remove
files on mobile devices. The selected files are
destroyed by overwriting them with random
data.

 Encryption
Cryptography is the process of hiding
information for secure communication in the
presence of third parties. LUKS Manager
offers encryption to virtual folders on
Android devices.
The virtual folder can be dynamically
mounted, unmounted, created and deleted
as required.
After creating and mounting a virtual
volume, the forensic tools were used to test
the detection and encryption method. Both
applications were able to detect the volume
created and the
encrypted data.

 Steganography - is the process of hiding digital

information inside another carrier file such as
media files, document files or executable files.
Unlike plain encryption, which can be easily
detected, steganography protects both the
message and the communicating parties.
Media files, such as images, audio and video files,
are preferred for this type of encryption because
of their large size.

 In computing, inter-process
communication (IPC) is a set of methods for
the exchange of data among
multiple threads in one or more processes.
Processes may be running on one or more
computers connected by a network.

 IPC methods are divided into methods

for message passing, synchronization, shared
memory, and remote procedure calls (RPC).
The method of IPC used may vary based on
the bandwidth and latency of communication
between the threads, and the type of data
being communicated.

 There are several reasons for providing an

environment that allows process cooperation:
Information sharing
Computational speedup
Modularity
Convenience
Privilege separation

Smartphone packet capture

Firesheep is an extension for the Firefox web
browser that uses a packet sniffer to intercept
unencrypted cookies from websites such as
Facebook and Twitter.
As cookies are transmitted over networks, packet
sniffing is used to discover identities on
a sidebar displayed in the browser, and allows the
user to instantly take on the log-in credentials of
the user by double-clicking on the victim's name.