Penetration Testing of Android-Based Smartphones Master of Science Thesis in the Programme Networks and Distributed Systems
Total Page:16
File Type:pdf, Size:1020Kb
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Göteborgs universitets publikationer - e-publicering och e-arkiv Penetration Testing of Android-based Smartphones Master of Science Thesis in the Programme Networks and Distributed Systems Naresh Kumar Muhammad Ehtsham Ul Haq Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering Göteborg, Sweden, June 2011. The Author grants to Chalmers University of Technology and University of Gothenburg, the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Penetration Testing of Android-based Smartphones Naresh.Kumar Muhammad.Ehtsham Ul Haq © Naresh.Kumar, June 2011. © Muhammad Ehtsham Ul Haq, June 2011. Examiner: Tomas. Olovsson Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden June 2011 TO MY PARENTS AND FRIENDS -Naresh Kumar ACKNOWLEDGEMENT This thesis work is carried out at Chalmers University of Technology Gothenburg, Sweden. We want to thank our examiner & supervisor Tomas Olovsson, an Associate Professor at Chalmers University of Technology, for all his kind support in the form of guidance, and suggestions to us. We also want to thank Chalmers staff for providing us Smartphones to carry out this Technical work and our parents for their moral support during this work ABSTRACT The purpose of this work has been to perform a security analysis of Android-based Smartphones. Smartphone usage and adaptation are increasing day by day with a variety of applications. These applications can be very critical in nature such as mobile banking, and mobile payment systems and users are often unknowing about the security risks involved in such applications. Android, an open source operating system, is rapidly increasing in the Smartphone industry. It has already beaten the most popular mobile operating systems, like RIM, iOS, Windows Mobile and even Symbian, which ruled the mobile market for more than a decade. In this thesis, we have analysed the architecture of the Android operating system and tested its security through penetration testing. We have picked the most popular and recommended tools to test the security in the TCP/IP suite and different attacks have been performed on three different Android versions. The thesis also contains a discussion about our findings, how secure the Android system is and how much trust can be placed on it while using it. Keywords: Android, Penetration testing, Smartphones. TABLE OF CONTENTS Chapter 1 ...................................................................................................................................... 1 Introduction .................................................................................................................................. 1 1.1. History ..................................................................................................................................... 2 1.2. Problem Statement ................................................................................................................. 2 1.3. Objective .................................................................................................................................. 3 1.4. Scope ....................................................................................................................................... 3 1.5. Penetration Testing Methodology ........................................................................................... 3 1.6. Thesis outline ........................................................................................................................... 4 Chapter 2 ...................................................................................................................................... 5 Android Overview ......................................................................................................................... 5 2.1. Android Version History .......................................................................................................... 5 2.2. Android Architecture ............................................................................................................... 5 2.2.1. Application layer ............................................................................................................. 6 2.2.2. Application framework ................................................................................................... 6 2.2.3. Libraries .......................................................................................................................... 7 2.2.4. Android runtime ............................................................................................................. 8 2.2.5. The Linux Kernel ............................................................................................................. 8 2.3. Security Mechanisms of Android ............................................................................................. 8 Port Scanning .............................................................................................................................. 10 3.1. Three way handshake ............................................................................................................ 10 3.2. TCP Connection Termination ................................................................................................. 11 3.3. Test Scenario ......................................................................................................................... 11 3.4. Port Scanning Techniques ..................................................................................................... 12 3.4.2. Operating System fingerprinting .................................................................................. 13 3.4.3. The TCP connect scan ................................................................................................... 14 3.4.4. SYN Scan ....................................................................................................................... 15 3.4.5. FIN Scan ........................................................................................................................ 15 3.4.6. XMAS Scan .................................................................................................................... 16 3.4.7. NULL Scan ..................................................................................................................... 17 3.4.8. ACK Scan ....................................................................................................................... 18 3.4.9. UDP Scan ...................................................................................................................... 18 3.5. Tools Used ............................................................................................................................. 19 3.6. Summary ................................................................................................................................ 19 Chapter 4 .................................................................................................................................... 20 Attacks on the Android Network Stack ...................................................................................... 20 4.1. SYN Flooding .......................................................................................................................... 21 4.2. ACK Flooding .......................................................................................................................... 21 4.3. TCP Null Flooding ................................................................................................................... 22 4.4. RST Attack .............................................................................................................................. 22 4.5. UDP Flooding ......................................................................................................................... 22 4.6. ICMP Flood............................................................................................................................. 23 4.6 Ping of Death ............................................................................................................................... 23 4.7. LAND Attack ........................................................................................................................... 24 4.8. Teardrop Attack ..................................................................................................................... 24 4.9. Gratuitous ARP Request .......................................................................................................