The EvilDroid
 The story behind the scenes




Agenda




 Getting the goodies from The Host and having
a Data  feast.   Get down and Dirty trying to
Conquer the World and  Striking Back.

The Host


Android - an ordinary smartphone

  •                      Mobile Network
  •                       Digital Camera
  •                                A/GPS
  •                               Sensors
  •                 Expandable Storage

Android - a whole new vision

  •         USB Host Capability
  •   Native Linux Capable Device
  •             Friendly Architecture
 

Host vs Ordinary PC
New communication paths and Interaction (NFC, BT, Wi-Fi, Mobile Network)  |  Smaller Size  | Battery Life  

Data

Your physical security can be at risk

   Photos, Videos, Audio Records

A hidden extra layer of data is out there

   A/GPS Data, Network data

The wonders of sharing

   Peers Connected and Mapping, Collect (Dump)

Privacy Alert!

Get Down and Dirty

Security Tech + Spare Time 

= 
ARP Spoof

IT Geek + Right Resources 

= 
DHCP Poll Exaustion / IPv6 DHCP

Bored Guy + Spark of Intelligence 

=  
iOS Default Passwords Jailbreak |  Android Remote ADB  

CONQUER THE WORLD



Thornproxy

What is it ?

   Tool, written in Python, acting like as a proxy.

    Inspiration:    isr-Evilgrade


Features

Proxy
Portable

Services
Expandable

How it works

Thornproxy File

Intercept - Interpret  - Modify - Deliver  

Potential

  •                                        Modular
  •                          Analysis Framework
  •                       Easy Update/Upgrade

Constraints

  •           Python-Friendly System
  •             netfilter Module Required
  •              Performance vs Procedure

Acquiring target 

Target:
    Android App (dSploit)

Action:
    Trojanise APK

Deliver Method:
    Send as a new update

Sit back and relax!

Demo

 


Striking back

Strategies:

    Collect phone
    Secure Wi-Fi Networks / Segmentation
    Secure Data between transmissions

Resources:

    Jammers

    Secure Protocols

    The key is configure...    Disable if not in use !


Q&A


Renato Rodrigues starring  as @simps0n  
www.pathonproject.com


Leandro Braguês starring  as @lbragues
www.sizeonedev.wordpress.com

The Evildroid

By Renato Rodrigues

The Evildroid

Smartphones are an increasingly important part of everyday life, delivering personalized services and generating information. This enormous potential is inevitably qualified by a wide variety of challenges.This talk will look specifically at the potential of using an Android within an infrastructure such as a company or a campus.

  • 8,218

More from Renato Rodrigues