The EvilDroid
The story behind the scenes

Agenda

Getting the goodies from The Host and having
a Data feast. Get down and Dirty trying to
Conquer the World and Striking Back.

The Host

Android - an ordinary smartphone

Mobile Network
Digital Camera
A/GPS
Sensors
Expandable Storage

Android - a whole new vision

USB Host Capability
Native Linux Capable Device
Friendly Architecture

Host vs Ordinary PC

New communication paths and Interaction (NFC, BT, Wi-Fi, Mobile Network) | Smaller Size | Battery Life

Data

Your physical security can be at risk

Photos, Videos, Audio Records

A hidden extra layer of data is out there

A/GPS Data, Network data

The wonders of sharing

Peers Connected and Mapping, Collect (Dump)

Privacy Alert!

Get Down and Dirty

Security Tech + Spare Time

=

ARP Spoof

IT Geek + Right Resources

DHCP Poll Exaustion / IPv6 DHCP

Bored Guy + Spark of Intelligence

iOS Default Passwords Jailbreak | Android Remote ADB

CONQUER THE WORLD

Thornproxy

What is it ?

Tool, written in Python, acting like as a proxy.

Inspiration: isr-Evilgrade

Features

Proxy

Portable

Services

Expandable

How it works

Thornproxy File

Intercept - Interpret - Modify - Deliver

Potential

Modular
Analysis Framework
Easy Update/Upgrade

Constraints

Python-Friendly System
netfilter Module Required
Performance vs Procedure

Acquiring target

Target:

Android App (dSploit)

Action:

Trojanise APK

Deliver Method:

Send as a new update

Sit back and relax!

Demo

Striking back

Strategies:

Collect phone

Secure Wi-Fi Networks / Segmentation

Secure Data between transmissions

Resources:

Jammers

Secure Protocols

The key is configure... Disable if not in use !

Q&A

Renato Rodrigues starring as @simps0n

www.pathonproject.com

Leandro Braguês starring as @lbragues

The EvilDroid The story behind the scenes