SlideShare a Scribd company logo

Android phone identifiers and eavesdropping audio

Download as PPTX, PDF
Andy Lee, profile picture
Andy Lee

Android phones can be identified and tracked in several ways without the user's consent or knowledge. Malicious apps can extract identifiers like IMEI and IMSI and send this data to attackers. They can also secretly record audio through the microphone and transmit the recordings remotely. Demonstration malware showed how it could retrieve phone identifiers over a network and record then send audio to a command server. Users are advised to carefully review permission requests from apps and avoid installing untrusted programs.

Software
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Android Phone Identifiers and Eavesdropping Audio 李士暄 2014/7/41
Reference • A Study of Android Application Security. – Pennsylvania State University – William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. • Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. – Indiana University Bloomington – Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang 2
Introduction – Phone Identifiers 3 Identifiers Desciption SIM (Subscriber Identity Module) A SIM card is a smart card that identifies the subscriber, the service provider, and the mobile phone number. PIN (personal identification number) A numeric password for SIM card that can be used to authenticate the user to the system. (Default : 0000 or 1234) IMEI (International Mobile Equipment Identity) An unique number that identifies each mobile device. It is 15 digits numbers. When a phone is reported stolen or is not type approved, the number is marked invalid. (Enter : *#06#) IMSI (International Mobile Subscriber Identity) An IMSI is a unique number that identifies user. It is also 15 digits long. Key Identification(KI) is an unique password for each IMSI. ICCID (Integrated Circuit Card Identifier) An ICCID is a unique number that identifies SIM card. It is 20 digits long number.
Introduction • Phone identifiers are frequently leaked through plaintext requests. – Most sinks are HTTP GET or POST parameters • Phone Identifier are used as device fingerprint. – Not only phone identifers, but also other properties – OS version, device hardware , application name, platform • IMEI is tied to personally identifiable information(PII) – Include IMEI in account registration and login request. E.g. Line、Whatsapp 4William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. Pennsylvania State University. A Study of Android Application Security
Threats • WhatsApp Password : an inverse of your phones IMEI number with an MD5 cryptographic hash 1. Attacker develop an faked app and let user fill in their personal information in registration part. 2. Silently sends the victims IMEI number & phone number to his server in the background. 3. A hacker creates database/file with IMEI numbers with associated phone numbers. 4. A spammer buys this information from an app developer. 5
Sequence diagram of attacker scenario for WhatsApp application 6
Demo • App : Siminfo • <uses-permission android:name="android.permission.READ_PHONE_STATE" /> • Android.telephony.TelephonyManager • getDeviceId() // Get IMEI • getSimSerialNumber() // Get ICCID • getSubscriberId() //Get IMSI • Socket Programming 7
Demo : Siminfo 8 1. Server 開啟,等待Client連線 2. Client輸入完資料按【submit】,透過socket方式 傳送給 IP為: 192.168.1.1 的Server 3. 同時將該手機的IMEI、ICCID、IMSI 傳給Server
Eavesdropping Audio • A Trojan with access to the video camera or microphone can – tape a user’s phone conversations – send the recording to other parties , which enables remote surveillance – We refer to as sensory malware • Malware : Android/NickiSpy – record user telephone conversations – store them in the SD card memory 9
Android/NickiSpy • Once the malware is installed, it requests the following permissions from the user: 10 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Android/NickiSpy • After installing the application and rebooting, the device will start the following services in the background: 11 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Android/NickiSpy • AndroidManifest.xml 12 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Android/NickiSpy • The malware drops a configuration file onto the phone. – This file has all the information the app needs including the command server and port number through which it communicates. 13 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Android/NickiSpy • The malware recorded the conversation and stored it on the compromised phone’s SD card. 14 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Android/NickiSpy • The malware also retrieves the IMEI number of the compromised mobile device – And sends that information to the mobile number “15859268161″ 15 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
Demo • App: RecordAudio • <uses-permission android:name="android.permission.RECORD_AUDIO" /> • <uses-permission android:name="android.permission.INTERNET" /> • Socket Programming 16
Demo: RecordAudio 17 1. Server開啟,等待Clinet連線 2. Client開始App後,自動連上Server(IP:192.168.1.1) 3. Server端下指令 : start(client端開始錄音) 4. Server端下指令 : stop (Client端停止錄音) 5. Client將錄音檔傳送給Server,並放在桌面上
Comments • Android is highly dangerous!!! • Users should never install unknown or untrusted applications on their mobile devices. – Do not checked Setting > Security > unknown sources • Pay attention to those unrelated permissions that are requested when you install app. 18

More Related Content

PPTX
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
PPTX
Attacks on Mobiles\Cell Phones
Faizan Shaikh
 
PPTX
Chapter 4
NorazlinaAbdullah4
 
PDF
Les 10 risques liés aux applications mobiles
Bee_Ware
 
PPTX
Protection from hacking attacks
Sugirtha Jasmine M
 
PDF
Mobile Security
MarketingArrowECS_CZ
 
PDF
CNIT 128 5: Mobile malware
Sam Bowne
 
PPTX
Android Hacking + Pentesting
Sina Manavi
 
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
Attacks on Mobiles\Cell Phones
Faizan Shaikh
 
Chapter 4
NorazlinaAbdullah4
 
Les 10 risques liés aux applications mobiles
Bee_Ware
 
Protection from hacking attacks
Sugirtha Jasmine M
 
Mobile Security
MarketingArrowECS_CZ
 
CNIT 128 5: Mobile malware
Sam Bowne
 
Android Hacking + Pentesting
Sina Manavi
 

What's hot (20)

PPTX
Mobile security
Tapan Khilar
 
PPTX
Computer securety
rushil ahmed
 
PPTX
Ethical hacking
Devendra Yadav
 
PDF
1. Mobile Application (In)security
Sam Bowne
 
PPTX
Smartphone security
Manish Gupta
 
PDF
CNIT 128 Ch 3: iOS
Sam Bowne
 
PPT
Cell Phone Viruses & Security
guestc03f28
 
PPTX
Ethical Hacking
Namrata Raiyani
 
PDF
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
PDF
Class 11 ca chapter 17 computer ethics and cyber crime
Nithilan1
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
PPTX
Introduction ethical hacking
Vishal Kumar
 
PPT
Mobile phone Data Hacking
Md Abu Syeem Dipu
 
PPTX
It
Volkswagen Thane
 
PPTX
Cyper security & Ethical hacking
Cmano Kar
 
PDF
Maheen.Mehnaz 071618056
mashiur
 
PPT
Hacking
LutfulM
 
PPT
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti
 
PDF
CNIT 128 Ch 4: Android
Sam Bowne
 
PDF
10940 img sytr12_mobile_malware
SytelReplyUK
 
Mobile security
Tapan Khilar
 
Computer securety
rushil ahmed
 
Ethical hacking
Devendra Yadav
 
1. Mobile Application (In)security
Sam Bowne
 
Smartphone security
Manish Gupta
 
CNIT 128 Ch 3: iOS
Sam Bowne
 
Cell Phone Viruses & Security
guestc03f28
 
Ethical Hacking
Namrata Raiyani
 
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Class 11 ca chapter 17 computer ethics and cyber crime
Nithilan1
 
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
Introduction ethical hacking
Vishal Kumar
 
Mobile phone Data Hacking
Md Abu Syeem Dipu
 
It
Volkswagen Thane
 
Cyper security & Ethical hacking
Cmano Kar
 
Maheen.Mehnaz 071618056
mashiur
 
Hacking
LutfulM
 
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti
 
CNIT 128 Ch 4: Android
Sam Bowne
 
10940 img sytr12_mobile_malware
SytelReplyUK
 
Ad

Similar to Android phone identifiers and eavesdropping audio (20)

PPTX
I haz you and pwn your maal
Harsimran Walia
 
PDF
I haz you and pwn your maal
c0c0n - International Cyber Security and Policing Conference
 
PDF
V4I5201553
krishan8018
 
PDF
When developers api simplify user mode rootkits development – part ii
STO STRATEGY
 
PDF
I haz you and pwn your maal whitepaper
Harsimran Walia
 
PDF
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
 
PDF
Hacking your Android (slides)
Justin Hoang
 
PDF
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
PDF
Android malware overview, status and dilemmas
Tech and Law Center
 
PPTX
Cp3201 mobile security final
FinTech startup in stealth mode
 
PDF
Hacking your Droid (Aditya Gupta)
ClubHack
 
PDF
Android malware
eSAT Publishing House
 
PDF
Android malware
eSAT Journals
 
PDF
6.3. How to get out of an inprivacy jail
defconmoscow
 
PDF
Reading Group Presentation: Why Eve and Mallory Love Android
Michael Rushanan
 
PDF
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
PPT
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
PDF
Malicious android-applications-risks-exploitation 33578
skowshik
 
PDF
YURY_CHEMERKIN_HackMiami_2014_Conference.pdf
Yury Chemerkin
 
PDF
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis
 
I haz you and pwn your maal
Harsimran Walia
 
I haz you and pwn your maal
c0c0n - International Cyber Security and Policing Conference
 
V4I5201553
krishan8018
 
When developers api simplify user mode rootkits development – part ii
STO STRATEGY
 
I haz you and pwn your maal whitepaper
Harsimran Walia
 
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
 
Hacking your Android (slides)
Justin Hoang
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
Android malware overview, status and dilemmas
Tech and Law Center
 
Cp3201 mobile security final
FinTech startup in stealth mode
 
Hacking your Droid (Aditya Gupta)
ClubHack
 
Android malware
eSAT Publishing House
 
Android malware
eSAT Journals
 
6.3. How to get out of an inprivacy jail
defconmoscow
 
Reading Group Presentation: Why Eve and Mallory Love Android
Michael Rushanan
 
When developers api simplify user mode rootkits development – part ii
Yury Chemerkin
 
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
Malicious android-applications-risks-exploitation 33578
skowshik
 
YURY_CHEMERKIN_HackMiami_2014_Conference.pdf
Yury Chemerkin
 
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis
 
Ad

Recently uploaded (20)

PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PDF
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
PPTX
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PDF
Download FL Studio Crack Latest version 2025 ?
ghrom2211g
 
PDF
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
CapCut Video Editor 6.8.1 Crack for PC Latest Download (Fully Activated) 2025
itskinga12
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
assetexplorer- product-overview - presentation
nonameist3434
 
iTop VPN Crack Latest Version Full Key 2025
hashmianya37
 
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
Download FL Studio Crack Latest version 2025 ?
ghrom2211g
 
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Nekopoi APK 2025 free lastest update
umarali35kp
 

Android phone identifiers and eavesdropping audio

  • 1. Android Phone Identifiers and Eavesdropping Audio 李士暄 2014/7/41
  • 2. Reference • A Study of Android Application Security. – Pennsylvania State University – William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. • Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. – Indiana University Bloomington – Kehuan Zhang, Xiaoyong Zhou, Mehool Intwala, Apu Kapadia, XiaoFeng Wang 2
  • 3. Introduction – Phone Identifiers 3 Identifiers Desciption SIM (Subscriber Identity Module) A SIM card is a smart card that identifies the subscriber, the service provider, and the mobile phone number. PIN (personal identification number) A numeric password for SIM card that can be used to authenticate the user to the system. (Default : 0000 or 1234) IMEI (International Mobile Equipment Identity) An unique number that identifies each mobile device. It is 15 digits numbers. When a phone is reported stolen or is not type approved, the number is marked invalid. (Enter : *#06#) IMSI (International Mobile Subscriber Identity) An IMSI is a unique number that identifies user. It is also 15 digits long. Key Identification(KI) is an unique password for each IMSI. ICCID (Integrated Circuit Card Identifier) An ICCID is a unique number that identifies SIM card. It is 20 digits long number.
  • 4. Introduction • Phone identifiers are frequently leaked through plaintext requests. – Most sinks are HTTP GET or POST parameters • Phone Identifier are used as device fingerprint. – Not only phone identifers, but also other properties – OS version, device hardware , application name, platform • IMEI is tied to personally identifiable information(PII) – Include IMEI in account registration and login request. E.g. Line、Whatsapp 4William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. Pennsylvania State University. A Study of Android Application Security
  • 5. Threats • WhatsApp Password : an inverse of your phones IMEI number with an MD5 cryptographic hash 1. Attacker develop an faked app and let user fill in their personal information in registration part. 2. Silently sends the victims IMEI number & phone number to his server in the background. 3. A hacker creates database/file with IMEI numbers with associated phone numbers. 4. A spammer buys this information from an app developer. 5
  • 6. Sequence diagram of attacker scenario for WhatsApp application 6
  • 7. Demo • App : Siminfo • <uses-permission android:name="android.permission.READ_PHONE_STATE" /> • Android.telephony.TelephonyManager • getDeviceId() // Get IMEI • getSimSerialNumber() // Get ICCID • getSubscriberId() //Get IMSI • Socket Programming 7
  • 8. Demo : Siminfo 8 1. Server 開啟,等待Client連線 2. Client輸入完資料按【submit】,透過socket方式 傳送給 IP為: 192.168.1.1 的Server 3. 同時將該手機的IMEI、ICCID、IMSI 傳給Server
  • 9. Eavesdropping Audio • A Trojan with access to the video camera or microphone can – tape a user’s phone conversations – send the recording to other parties , which enables remote surveillance – We refer to as sensory malware • Malware : Android/NickiSpy – record user telephone conversations – store them in the SD card memory 9
  • 10. Android/NickiSpy • Once the malware is installed, it requests the following permissions from the user: 10 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 11. Android/NickiSpy • After installing the application and rebooting, the device will start the following services in the background: 11 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 12. Android/NickiSpy • AndroidManifest.xml 12 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 13. Android/NickiSpy • The malware drops a configuration file onto the phone. – This file has all the information the app needs including the command server and port number through which it communicates. 13 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 14. Android/NickiSpy • The malware recorded the conversation and stored it on the compromised phone’s SD card. 14 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 15. Android/NickiSpy • The malware also retrieves the IMEI number of the compromised mobile device – And sends that information to the mobile number “15859268161″ 15 Latest Android Malware Records Conversations By McAfee Labs on Aug 09, 2011 http://blogs.mcafee.com/mcafee-labs/latest-android-malware-records-conversations
  • 16. Demo • App: RecordAudio • <uses-permission android:name="android.permission.RECORD_AUDIO" /> • <uses-permission android:name="android.permission.INTERNET" /> • Socket Programming 16
  • 17. Demo: RecordAudio 17 1. Server開啟,等待Clinet連線 2. Client開始App後,自動連上Server(IP:192.168.1.1) 3. Server端下指令 : start(client端開始錄音) 4. Server端下指令 : stop (Client端停止錄音) 5. Client將錄音檔傳送給Server,並放在桌面上
  • 18. Comments • Android is highly dangerous!!! • Users should never install unknown or untrusted applications on their mobile devices. – Do not checked Setting > Security > unknown sources • Pay attention to those unrelated permissions that are requested when you install app. 18