Friday, July 31, 2015

We Live Security (blog) – Simple for Android memory analysis techniques

In past issues we discussed how we can analyze the volatile computer memory with Lime Forensics and Volatility for system structures and applications in memory and, consequently, the information they store. However, there are other easier and faster to capture the data in the device memory ways.



Data collection in memory

An option to easy data collection is the use of the Android Debug Bridge ( adb ) to list information concerning the processes, network connections, log files, and so on. Through the adb shell & lt command; ps | netstat | logcat | backup | dumpsys & gt; , the analyst can access the shell team to dump data from the system files.

image-1

 image-2

You can also view the different memory allocations affecting a particular application, returning information Dalvik both memory as ART.

 image-3

An alternative for collecting this type of data is to use the Dalvik Debugging Monitor Server ( DDMS ) using the Android Device Monitor . This tool can be initialized by running the & lt file; ruta_sdk & gt;. / Tools / monitor

With it we can see updates in the stack memory, cause the execution of the GC, or perform track memory allocations between different active objects. Also we can access the messages generated by the application and the system through LogCat to usage statistics and network file system present on the device.

 image-4

A simple method to dump the contents of the memory of a running process using DDMS is to create a HPROF . To do this, we just need to select the process and click on the “DUMP HPROF file” option. If necessary, the creation of this file can be programmed from the application using the method dumpHprofData () .

 image-5

To analyze the resulting file is necessary to first convert it to format J2SE HPROF using the & lt tool; ruta_sdk & gt; / platform-tools / hprof-conv . This, only if we have not used the Android Device Monitor embedded in Eclipse.

Finally, we can analyze the memory dump with the Eclipse Memory Analyzer Tool ( Math ) or any other analyzer memory of our choice. Among other things, we can analyze strings locked in objects of type String that are active in memory; for this, we can enter the query “ select * from java.lang.String ” in the Object Query Language studio Eclipse MAT.

In the image presented below can be seen some of the messages sent by a bot to the C & C via HTTP, as can be found fragments of SMS messages and email that were still in memory terminal.

image-6

The great handicap memory analysis with DDMS is that to access some statistics the application needs to be refined; ie their manifest need to file the android: debuggable with a boolean true to instruct the system to open a debug port. To overcome this limitation, it is always possible to alter the APK

NOTE:. To read more about debugging memory, go to the Android developer documentation

As we saw …

Get real-time computer memory can be a very simple process using the analysis tools included in the kit platform development . The use of these utilities originally designed to evaluate application performance becomes essential in the analysis of ever-changing malicious code.

The ability to recover files from memory, data in plain text, history web browsing, SMS messages, emails, contacts, and DEX APK files installed on the system, it is essential not only to generate a complete forensic profile of the team, but also to analyze how they change samples malware capable of dynamically mutate.

Author Denise Giusto Bilić, We Live Security

LikeTweet

Wednesday, July 29, 2015

New vulnerability of Android, this time more serious – Hypertext

A new Android vulnerability could cause the system to crash and all processes audio disabled.

We are experiencing some turbulent days negatively as far as security and privacy of Android concerned. After discovering the most serious security failure has been seen on the platform, by which basically puts at risk the security of our terminals through a short video with malware inside, which makes its extremely simple spread. Today, similar to that presented by Zimperium way, Trend Micro reports a vulnerability that affects Android all devices in between version 4.3 and Android 5.1.1 Jelly Bean Lollipop , the last available.

More than 50% of Android users are vulnerable to exploit mediaserver

Google is aware of the vulnerability of Android, since was reported in May . Despite this, Mountain View company has not yet submitted a patch to the Android Open Source Project , so that all terminals to be launched today to keep coming without solving the problem. The operation of the exploit is relatively simple, and can be activated in two ways. With applications installed on the terminal or through a web page created with the intention of compromising the stability of the terminal . Because stability is the issue. The application contains a malicious MKV media file that runs at startup and causing erratic behavior in the system. With a MKV read by Chrome, the effect is similar .

They are produced from service mediaserver , responsible for indexing the media terminal . Unable to process the malicious MKV, each time you run mediaserver , a problem may occur within the system that causes the operation of the terminal is very unstable. This causes the volume of the device is disabled, which will not receive any audible notification, such as messages or calls. Even listening to a call. In addition, If the phone is locked, we can not turn it on and use it normally , and if he were already being used, you can suffer many slowdowns. Shown here:

It is unlikely that this can be used in practice, but as they say in Trend Micro, could be used to threats that target paying users attackers who are behind the service.

Recommended

LikeTweet

LG retro sets and launches a smartphone “flip” Android – La Voz del Interior

From time to time, you may hear some nostalgic recall the times when the design “flip cover” dominated the market for mobile phones. Of course by then it was not smartphones, and instead of large screens, which are valued was the miniaturization of devices.

In that time located not far away in time (no more than ten years the trend was that cell is opened and closed with a characteristic sound), LG has taken the inspiration to launch the Gentle, flip cover a smartphone running Android 5.1 Lollipop.

In addition to the pocket size that replicates that of the days when brands do not compete to offer the best camera and higher resolution display, recover physical keyboard, something that could be very useful for the elderly, and combines it with the touch display of the lid, very modest 3.2-inch (and 480 x 320).

It has capacity 4G LTE and quad-core processor running at 1.1 GHz, along with 1GB of RAM, 4GB of expandable internal storage and a 3-megapixel camera. Of course, compared to today, this gadget has features out of time.

But it has other advantages: running Android applications today, and 1,700 mAh battery can last for several days, as it has to feed an amount exaggerated display pixels in their small animations or support 3D games. In addition, the price at which goes on sale in Korea is the equivalent of $ 171. Although there is a good chance that is sold outside of Asia, it is always possible that if successful will lead to other markets.

LikeTweet

Discover one of the worst vulnerabilities Android … – BBC

Android
A malicious code can access data and applications stored on the phone.

Researchers discovered a vulnerability in the Android operating system that allows a cell to be infected only by sending a message.

Attackers could use this error code, which can affect millions of terminals, sending a message with a photo or video to someone smartphone, without requiring the recipient to open it to act.

This vulnerability affects a part of Android called Stagefright, which allows phones and tablets show internet content.

For example, a malicious video can be used to send a program that will start to be processed over the phone.

Once inflitrado in Stagefright, malicious code could access the data and applications stored on the phone.

Google announced that produced a patch for the problem, but millions of terminals have to update their software to benefit from that arrangement.

See also : How to avoid being robbed in the flood of virus that has reached the mobile

Researchers at security company information US Zimpherium, they said the ruling is “extremely dangerous”.

The ruling is “extremely dangerous” according to experts.

Experts believe that this is one of the worst Android vulnerabilities discovered so far and estimated that affects 950 million handsets.

Read : A Practical Guide to move from one Android phone to an iPhone (and vice versa) without losing your data

“These vulnerabilities are very dangerous because they require the victim to do anything to be exploited” they wrote.

The team will reveal more details in a security conference to be held in Las Vegas next week.

James Lyne, director of global security research The company Sophos, said the decision affects a “huge fan” of phones from Android version 2.2 onwards.

However, many devices do not incorporate the patch because manufacturers of hardware and telephone operators have to distribute these updates to customers and they can manually reject updates.

Google said in a statement that “this vulnerability was identified in a laboratory setting in older devices with Android and, for all we know, he has not hurt anybody. “

LikeTweet

Tuesday, July 28, 2015

Failure in 95 percent of Android devices makes … – La Voz del Interior

Virtually all mobile devices with Android operating system are vulnerable to attack by hackers with malicious code from a multimedia text message could also send malicious Web sites warned Monday signature research in computer security.

The vulnerability affects no less than 950 million devices (smartphones and tablets) with Android, and according to Joshua Drake, vice president of security research company Zimperium, the Stagefright fault lies, a feature that automatically downloads video files attached to texts to prevent recipients have to wait to see. That is, a function of preview.

The worst is the use of a modified multimedia message (MMS). All that the attacker would need is the phone number with vulnerable Android. From there, the message would trigger the malicious code in the device without the user having to do anything, and without showing any sign that something is wrong. That is, the code does not even need the victim “OK” to gatillarse and could even do it while the owner of the device is sleeping.



“A fully successful attack You could even delete the message before the user sees it. Just look notification. These vulnerabilities are extremely dangerous because they do not require the victim to take any action to be taken advantage of. Unlike phishing, where the victim has to open a PDF file or a link sent by the attacker, this vulnerability can be activated during sleep. Before he wakes up, the attacker would eliminate any sign that the device is in danger and the user would have without knowing it a phone with a Trojan on your system operating “says Zimperium on its website.

The flaw can also be exploited using other techniques, including links to malicious sites. Drake outline six or more other techniques that hackers could use in August at the annual meeting Black Hat security, held in Las Vegas, where he will speak justly entitled “Stagefright: code fear in the heart of Android”.

According to him, all versions of Android 2.2 later and included the potentially vulnerable and dependent on each manufacturer to fix the bug. So far, very few have been solved, and is estimated to be 95 percent of Android devices are now susceptible to attack. The most vulnerable of all are those that run versions prior to Android 4.3 (Jelly Bean).

Zimperium revealed that reported privately to Google (responsible for Android) on this subject, and the company welcomed the report in addition to sending the patch to their associated manufacturers. But according to estimates of the security firm could be years before the patches are distributed to certain models, and many of those do not even receive.

LikeTweet

The best games for Android July – ENTER.CO

[Unable to retrieve full-text content]


ENTER.CO

The best games for Android July
ENTER.CO
Each time the end of the month approaches, arrives with the greatest games of Android . This time we have franchises other mobile platforms that reach a realistic war game and a couple of ‘puzzles’ with style. Before starting, from

LikeTweet

A simple message can infect your Android – FORTUNE

NEW YORK – Android phones can be infected just receive a picture via a text message, according to a study published Monday.

This is perhaps the most serious failure of smartphone discovered until today, affecting an estimated 950 million phones worldwide, about 95% of Android In use.

The problem stems from the way that Android phones analyze incoming text messages. Even before opening a message, the phone automatically processes multimedia attachments, including images, audio or video.

That means a loaded with malware file may begin to infect the phone as soon as they have received, warns Zimperium, cyber security company that specializes in mobile devices .

This vulnerability Android keeps similarity with the recent hacking who suffered Apple phones via a text message.

But in that case, a text message froze iPhone or turn it off. Instead, this failure Android is worse, because a hacking could gain full control of your phone: delete the device, access applications or secretly turn on the camera.

In a statement to CNNMoney, Google acknowledged the flaw and said that Android has ways to limit access of a hacking independent applications and phone features. However, the hackers have been able to overcome these barriers in the past.

The flaw affects any phone made in the last five years, according Zimperium Android software. This includes devices running the Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop versions (Google baptizes their Android versions with names of desserts in alphabetical order).

Zimperium said Google warned about the failure on April 9 and even delivered a solution. The company claims that Google responded the next day and said he would soon put a patch available to customers.

Generally, in these situations, companies have a grace period of 90 days to issue a patch or solution. It is a rule that Google abides even when defects are found in other software.

But it’s been 109 days and the patch is not widely available. So Zimperium made the news public.

The question now is how quickly Google will fix this for all concerned. While Apple may introduce changes in all iPhones, Google can not.

Google is known to have a broken distribution system. There are several intermediaries between Google and its users, and these typically put off the launch of new software . There are phone companies – like AT & T and Verizon – and physical device manufacturers – such as Samsung – and they all need to work together to issue updates of software .

Google told CNNMoney that the patch has already been sent to their “partners”. However, it is unclear if any of them and passed it to the users.

For the same reason, Google put its own Nexus phones in the first row to receive updates.

This might be a case that shows why it is so important to receive updates quickly.

Chris Wysopal is an experienced hacker who now works in the cyber security firm Veracode. He says that this failure is ‘Heartbleed’ version of Android, a devastating vulnerability that put millions of computer networks at serious risk last year.

“I want to see if Google comes up with a way to update devices remotely. Unless they can do that, we have a big mess on our hands,” he said.

LikeTweet

Android flaw allows a smartphone to be a pirated … – LaTercera (Record)

A failure of the Android operating system from Google , with operating most brands of smart phones, can allow hackers to take control of the devices with a text message, he warned on Monday Zimperium security company.

“The attackers need only your phone number, and using it can run remote programs via a specially crafted file for it and delivered by MMS”, a text message with multimedia content such as video, Zimperium explains in his blog.

The firm said the message used for the attack also can be destroyed before the owner of the smartphone to read , according to findings of one of its leaders of research teams, Joshua Drake.

The flaw is in a feature called “Stagefright” , video files automatically download attachments to texts to prevent recipients have to wait to see .

However, hackers can hide malicious programs in these video files, and would be activated even if the recipient does not read the message, details Zimperium.

“These faults are extremely dangerous because they do not require action by the victim to be detonated,” warns the company.

According Zimperium, 95% of smart phones operate with Android, which means that about 950 million sets are at risk. However, it seems that hackers have not been exploited the flaw yet.

The company Zimperium said he had informed Google of the problem and provided security patches to correct the mistake, “but unfortunately this is just the beginning of what will be a very long process of renovation” , he said.

Android updates on devices that use the software are controlled by handset makers and sometimes by telephone operators.

More details of the investigation of Joshua Drake must be disclosed in the computer security conference Black Hat in Las Vegas in early August.

LikeTweet

This is the security breach more serious Android to date – Hypertext

The mobile security company has discovered Zimperium which probably is the security flaw in most serious in its history Android, affecting everyone equally and devices whose fix is unlikely to reach even half of them.

Every now comes news that a new vulnerability in Android , whose most dangerous aspect is the vulnerability itself, but the time it takes to be corrected, because the usual debacle in updates to the operating system Google . And this time, the vulnerability discovered is no exception, as we have seen through NPR, National Public Radio USA, with an absurdly simple execution but could potentially be very dangerous for us.

Discovered the vulnerability by Joshua Drake, a security researcher at Zimperium (a reputed mobile security), between last April and May, this would be through a short video (such as those sent daily through WhatsApp or Telegram) with malware inside, which would take advantage of the exploit in Android when reaching the smartphone victim. “It would be even before the sound of the received message. That’s what makes it so dangerous,” says Drake.

google hangouts

With the app Hangouts of Google, including default in many smartphones, is where you find the increased risk.

Drake also claims that although the risk is higher in Hangouts in the default messaging app, because Hangouts processes the video to users do not have to and putting at risk , at no time you have to open the file to suffer the exploit : whether to receive the smartphone is in danger. In addition, the really worrying thing is that, even though Google already received and accepted the fix sent by Drake himself, the problem is always the same: how to get this fix to more than billion existing Android devices.

That only 50% of Android devices will receive the fix maximum is enough to see that this issue of updates must be corrected .

“Being optimistic, between 20% and 50% of Android devices will receive the fix” said Drake, and this data is devastating, highlighting once again the existing uncontrolled for updated versions reach all Android alike, whose main culprit is not Google, but the OEM responsible for carrying their customized versions as well as operators that slow the process even further. As for whether we are at risk or not, Drake believes that hackers are not making use of the vulnerability , at least for now. Hopefully the producers and Google agree to reach an agreement as soon as possible, because this puts us all at risk.

Recommended

LikeTweet

Monday, July 27, 2015

A simple message can infect your Android – Technology … – FORTUNE

NEW YORK – Android phones can be infected just receive a picture via a text message, according to a study published Monday.

This is perhaps the most serious failure of smartphone discovered until today, affecting an estimated 950 million phones worldwide, about 95% of Android In use.

The problem stems from the way that Android phones analyze incoming text messages. Even before opening a message, the phone automatically processes multimedia attachments, including images, audio or video.

That means a loaded with malware file may begin to infect the phone as soon as they have received, warns Zimperium, cyber security company that specializes in mobile devices .

This vulnerability Android keeps similarity with the recent hacking who suffered Apple phones via a text message.

But in that case, a text message froze iPhone or turn it off. Instead, this failure Android is worse, because a hacking could gain full control of your phone: delete the device, access applications or secretly turn on the camera.

In a statement to CNNMoney, Google acknowledged the flaw and said that Android has ways to limit access of a hacking independent applications and phone features. However, the hackers have been able to overcome these barriers in the past.

The flaw affects any phone made in the last five years, according Zimperium Android software. This includes devices running the Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop versions (Google baptizes their Android versions with names of desserts in alphabetical order).

Zimperium said Google warned about the failure on April 9 and even delivered a solution. The company claims that Google responded the next day and said he would soon put a patch available to customers.

Generally, in these situations, companies have a grace period of 90 days to issue a patch or solution. It is a rule that Google abides even when defects are found in other software.

But it’s been 109 days and the patch is not widely available. So Zimperium made the news public.

The question now is how quickly Google will fix this for all concerned. While Apple may introduce changes in all iPhones, Google can not.

Google is known to have a broken distribution system. There are several intermediaries between Google and its users, and these typically put off the launch of new software . There are phone companies – like AT & T and Verizon – and physical device manufacturers – such as Samsung – and they all need to work together to issue updates of software .

Google told CNNMoney that the patch has already been sent to their “partners”. However, it is unclear if any of them and passed it to the users.

For the same reason, Google put its own Nexus phones in the first row to receive updates.

This might be a case that shows why it is so important to receive updates quickly.

Chris Wysopal is an experienced hacker who now works in the cyber security firm Veracode. He says that this failure is ‘Heartbleed’ version of Android, a devastating vulnerability that put millions of computer networks at serious risk last year.

“I want to see if Google comes up with a way to update devices remotely. Unless they can do that, we have a big mess on our hands,” he said.

LikeTweet

Microsoft creates a launcher to open your apps faster … in … – Gizmodo in Spanish

Microsoft creates a & # xA0; launcher to open m & # XE1; s r & # XE1; I ask your apps ... Android

There are many Android launchers. The newest of these applications to modify the home screen and easily access the applications you use most comes from Microsoft, called Arrow Launcher, and is now available in beta.

Where others opt for simplicity, Arrow Launcher offers plenty of options. Integrates a screen that can put the applications they use or access the full repository of our Android apps.

On either side of the screen there are other launcher two allow us to easily access our contacts or our notes and reminders. In short, Arrow launcher creates a series of rapid desks on the desks of Android so you do not have to waste time clicking through normal desks that are now under desks launcher …

Microsoft creates a & # xA0; launcher to open m & # XE1; s r & # XE1; I ask your apps ... Android

Jokes aside, the application can be very useful to users who like to have a screen with multiple options in Android. Arrow Launcher is available currently only in beta. To prove just you have to register on your page. The application also comes, of course, with lots of nice wallpaper Bing. [Arrow Launcher via Slashgear]

***

Psst can also follow us on Twitter, Facebook or Google+:)

<- core! -decorated ->

LikeTweet

The security flaw in Android most serious to date – Hypertext

The mobile security company has discovered Zimperium which probably is the security flaw in most serious in its history Android, affecting everyone equally and devices whose fix is unlikely to reach even half of them.

Every now comes news that a new vulnerability in Android , whose most dangerous aspect is the vulnerability itself, but the time it takes to be corrected, because the usual debacle in updates to the operating system Google . And this time, the vulnerability discovered is no exception, as we have seen through NPR, National Public Radio USA, with an absurdly simple execution but could potentially be very dangerous for us.

Discovered the vulnerability by Joshua Drake, a security researcher at Zimperium (a reputed mobile security), between last April and May, this would be through a short video (such as those sent daily through WhatsApp or Telegram) with malware inside, which would take advantage of the exploit in Android when reaching the smartphone victim. “It would be even before the sound of the received message. That’s what makes it so dangerous,” says Drake.

google hangouts

With the app Hangouts of Google, including default in many smartphones, is where you find the increased risk.

Drake also claims that although the risk is higher in Hangouts in the default messaging app, because Hangouts processes the video to users do not have to and putting at risk , at no time you have to open the file to suffer the exploit : whether to receive the smartphone is in danger. In addition, the really worrying thing is that, even though Google already received and accepted the fix sent by Drake himself, the problem is always the same: how to get this fix to more than billion existing Android devices.

That only 50% of Android devices will receive the fix maximum is enough to see that this issue of updates must be corrected .

“Being optimistic, between 20% and 50% of Android devices will receive the fix” said Drake, and this data is devastating, highlighting once again the existing uncontrolled for updated versions reach all Android alike, whose main culprit is not Google, but the OEM responsible for carrying their customized versions as well as operators that slow the process even further. As for whether we are at risk or not, Drake believes that hackers are not making use of the vulnerability , at least for now. Hopefully the producers and Google agree to reach an agreement as soon as possible, because this puts us all at risk.

Recommended

LikeTweet