An implementation of a Virus Focuses on Mobile Devices with Android. An Ethical Hacking Event.
Abstract
Mobile devices have become part of daily social life. However, the vulnerabilities of this equipment are widespread, affecting information or damaging the system internally. Within this problem, this research proposes the implementation of a virus that allows affecting the Android victim device focusing on finding the vulnerabilities through penetration tests. The virus was designed through the principle of thread programming to a generation of scripts. Furthermore, the attack on Android devices’ vulnerable systems is conducted, applying social engineering techniques. Thus, through imperative programming techniques and functional, the access and use have been achieved, given that the virus had classes that allow connection and communication with the device. Each class was developed together so that in this way, there is a precise relationship between them. In this study, Kali Linux, with different Metasploit commands, was used. The proofs of concept were conducted using controlled virtual network environments. For this, a server and a platform were used to use the IP and the Ngrok host, which allows us to generate a link with the application that will violate Android’s services and security over secure tunnels. The results show that the operating system tends to be prone to internal damage. At the same time, users can be affected when their security and privacy are compromised. The proposal contributes significantly to a new version of Android’s security patches, implementing a malware model that will integrate techniques to mitigate this problem in the future.
Downloads
References
W. Fuertes, F. Meneses, L. Hidalgo, and J. Torres, “RSA over-encryption implementation for networking. A proof of concept using mobile devices”, Revista Investigación Operacional, vol. 41, no. 5, Article ID 586598, 2020. Available: https://rev-invope.univ-paris1.fr/fileadmin/rev-inv-ope/files/41420/41420-10.pdf. [Online; Accessed on October 23, 2020].
R. Simpson, “Android overtakes Windowsfor first time”, Statcounter GlobalStats, vol. 3, Abril 2017. Available: https://gs.statcounter.Com8/press/android-overtakes-windowsfor-first-time. [Online; Accessed onSeptember 28, 2020]
M. Costas, “Desarrollo de malware para dispositivos móviles con S.O Android con fines docentes”, 2019. Available: https://bit.ly/3IV2R7y .[Online; Accessed on September 30,2020]
M. J. Gutiérrez Fernández, “Inyección de malware en aplicación Android legítima”, Universidad de Sevilla, 2019.
H. Alawneh, “Android malware detectionusing data mining techniques on processcontrol block information”, Auburn University, Departament of Computer Science and Software Engineering, 2020. Available: http://hdl.handle.net/10415/7390. [Online; Accessed onSeptember 30, 2020]
A. Pérez, M. Montero y V. Pérez, “Androidmalware detection using machine learning”, en XIII Seminario Iberoamericanode Seguridad en las Tecnologías de la Información, Havana, 2018.
J. Cho, G. Cho, S. Hyun y H. Kim, “Open Sesame! Design and Implementation of Backdoor to Secretly Unlock Android Devices”, J. Internet Serv. Inf. Secur., vol. 7,pp. 35-44, 2017
C. A. Venegas Sánchez, “Using ReverseEngineering to Face Malware”, Revista IngenieriaSolidaria, vol. 15, no. 28, 2019
A. Zadjali, B. Mohammed, “Penetration testing of vulnerability in Android Linux kernel layer via an open network (Wi-Fi)”, International Journal of Computer Applications, vol. 975, no. 8887, 2016.
S. Raj and N. K. Walia, “A Study on MetasploitFramework: A Pen-Testing Tool”, International Conference on ComputationalPerformance Evaluation (ComPE), Shillong,India, 2020, pp. 296-302
D. Rathi and R. Jindal, “DroidMa: A Tool for Android Malware Detection using Taint Analysis and Bayesian Network”, International Journal on Recent and Innovation Trends in Computing and Communication, vol 6., no 5., pp. 71-76, 2018. Available: https://arxiv.org/ftp/arxiv/papers/1805/1805.06620.pdf [Online; Accessed on October 24, 2020]
W. Fuertes, J. E. López de Vergara, F. Meneses and F. Galán, “A generic model for the management of virtual network environments”, IEEE Network Operations and Management Symposium (NOMS)”, 2010, pp. 813-816, doi: 10.1109/NOMS.2010.5488367, 2010. https://www.overleaf.com/project/5f720fce6ae2940001a2b161 [Online; Accessed on September 28,2020]
P. Li, “Selecting and using virtualization solutions, our experiences with VMware and Virtualbox”, Journal of Computing Sciences in Colleges, vol. 25, no. 3, pp. 11-17,2009
Oracle, VirtualBox, Available: https://www.virtualbox.org/manual/ch04.html, [Online; Accessed on September 28, 2020]
Oracle, VirtualBox Home Page, Available at: http://www.virtualbox.org. [On-line; Accessed on September 28, 2020].
Kali, “What is Kali Linux?, Ofensive Security”, 2020. Available: https://www.kali.org/docs/introduction/what-is-kalilinux/. [On-line; Accessed on September 28, 2020].”
Rastreator, ”Android overtakes Windows for first time”, 2020. Available: https://www.rastreator.com/telefonia/articulosdestacados/el-sistema-operativoandroid.aspx, [Online; Accessed on September 28, 2020]
Kali Tools, “Metasploit Pro User Guide”, 2020. Available: https://tools.kali.org/ exploitation-tools/metasploit-framework, [Online; Accessed on September 28, 2020]
Offensive Security, “About the Metasploitmeterprete”, 2020. Available: https://www.offensive-security.com/metasploit-unleashed/aboutmeterpreter/, [Online; Accessed on September 28,2020].
Rapid 7, “Using Exploits”, 2020. Available: https://docs.rapid7.com/metasploit/using-exploits/, [Online; Accessed on September 28, 2020]
Z. Mohammed, MSFVenom,21 Abril 2020. Available: https://medium.com/@mzainkh/msfvenom-b57267a5bd9d, [Online; Accessed on September 28, 2020]
ApacheCon, “The number one HTTP Server on the Internet, Apache HTTP Server Project”, 2020. Available: https://http.apache.org/the-number-one-httpserver-on-the-internet, [Online; Accessed on September 28, 2020]
Ubuntu Server, “HTTPD-Apache2 Web Server”, Canonical, 2020. Available: https://ubuntu.com/server/docs/web-serversapache, [On- line; Accessed on September 28, 2020]
Welivesecurity, “¿Sabes qué es un backdoory en qué se diferencia de un troyano?”, ESET, Abril 2015. Available: https://www.welivesecurity.com/la-es/2015/04/17/quees-un-backdoor/ [Online; Accessed on September 28, 2020]
M. Sweeney, “Decompile and modify APKson the go with APKTool for Android [XDASpotlight]”, xda-developers, Marzo 2017.Available: https://www.xda-developers.com/decompile-and-modify-apks-on-thego-with-apktool-for-android/ [Online; Accessed on September 28, 2020]
E. Benavides, W. Fuertes, S. Sanchez-Gordon, and M. Sanchez, “Classification of Phishing Attack Solutions by Employing Deep Learning Techniques: A Systematic Literature Review”, in Rocha A. and Pereira R. (eds) Developments and Advances in Defense and Security. Smart Innovation, Systems and Technologies, vol. 152. Springer, Singapore, 2020. DOI https://doi.org/10.1007/978-981-13-9155-2 5 [Online; Accessed on October 23, 2020]
This article is published by LAJC under a Creative Commons Attribution-Non-Commercial-Share-Alike 4.0 International License. This means that non-exclusive copyright is transferred to the National Polytechnic School. The Author (s) give their consent to the Editorial Committee to publish the article in the issue that best suits the interests of this Journal. Find out more in our Copyright Notice.
Disclaimer
LAJC in no event shall be liable for any direct, indirect, incidental, punitive, or consequential copyright infringement claims related to articles that have been submitted for evaluation, or published in any issue of this journal. Find out more in our Disclaimer Notice.
