If you are having trouble viewing this email, click here to view this online

 

VOLUME 16

   ISSUE 16

22 November 2012

Article of the Month   Around the World

Overview of Android Debug Bridge (ADB)

A tool which can be used for Forensic Investigations, Hacking, Backing up and Debugging of Android devices

Most of us use smart phones in our day to day lives either to take a call, send an SMS, browse internet, view mails or play games. Therefore Smartphone contain our personal information such as photos, videos, contact details, emails and SMS. Some of us even store usernames and passwords of mail addresses or of favorite web sites in our smart phones for ease of access. This certainly makes our lives easier but what will happen if someone steal your phone or you lose it. The person who receives it will have the full access to all of your personal information.

If you are a security concerned person, you may have locked your phone to protect it. But this lock can be easily broken by a person who knows his way around. For example, if you are using an Android phone, there is a really nice tool called ADB or the Android Debug Bridge which allows you to open a shell to access the Android device by issuing two three commands. And if your phone is rooted, this shell can be easily created with super user permission thus allowing the full control of the device.

Even though there are many uses, the most interesting use of ADB is its ability to capture and retrieve databases in the Android Phone. Android Stores all of its information such as Contacts, SMS, Usernames and Passwords in SQLite databases. If the phone is rooted, ADB can be used to easily download these databases to your PC and to analyze them to capture the information stored in them. Following image show how acquiring Contacts Database is done and a snapshot of the content inside the database.

Figure 1
 
Figure 2

As the above table shows, it is possible to acquire all the contacts in the contact database. Furthermore deleted contacts which were deleted several days ago can also be found using SQLite Forensic tools such as epilog.

Not only Contact Details, but much other information such as SMS, Call Logs, Web History, emails, Geo Tags and even saved usernames and passwords can be easily acquired using ADB (Those acquired information are represented at the end of the post). The interesting part is that even the general lock that you put into your phone will not work in this scenario to secure your information since ADB directly access the Kernel module.

Getting information is not only the end of what a hacker can do using ADB. Once the databases are obtained it is possible to write cracks and malicious triggers to those databases and then upload them back again to the Smartphone making it more vulnerable and allowing hackers to obtain any information at any time they want.

Even though all of the above talk make ADB looks bad, ADB, however is not only a tool used by hackers to exploit Android, but it is a tool which helps developers to debug the Android Kernel. Furthermore it can be used widely for Forensic Investigations and for taking backups of the information.

ADB can be used to find and carve forensic information from the phone by investigators through the ADB Shell. Furthermore experienced users can use ADB to backup their SMS and contact databases to their PCs while Developers can run, test and debug their applications using ADB. Therefore ADB can be defined as a tool which can be used for both the good and bad.

As users, it is our own responsibility to make sure that malicious users cannot use ADB on our Android devices to gather our personal information. The way to do this is also simple, we only have to turn off USB Debugging mode (Settings > Applications > Development) of the Android Phone and to put a lock to the phone restricting others from turning this option back on. This is a very simple yet effective method, but most of the people leave this option on mainly because of their ignorance.

Even though smart phones are really useful for us in many ways, they can present certain security risks as mentioned above, possibly because of the ignorance of the users. Therefore it is a must for all of us to learn how to use smart phones securely protecting our personal information.

Following are some of the information gathered using ADB from a Smartphone

SMS extracted from the Message

Figure 3
 

Call Logs extracted from the Message

Figure 4

Extracted Browsing History and Bookmarks

Figure 5

Extracted Google Search Results

Figure 6

 

Extracted passwords and usernames in clear text

Figure 7
 
Extracted email credentials in clear text
Figure 8
 
Samples of extracted emails

Figure 9

 

Extracted Geo Information

K.P. Boominda Anushka

Boominda is an undergraduate of Sri Lanka Institute of Information Technology SLIIT) in his final year of B.Sc (Special Honors) Degree in Information Technology Specialized in Computer Systems and Networking. He currently works as a Information Security Engineering Intern at Sri Lanka CERT|CC .

 

 

 

 
 

 

NASA rushes to encrypt laptops after major security Breach

 
  By Jaikumar Vijayan | Computerworld US | Published: 11:26, 15 November 2012   
 

'....NASA is scrambling to implement full disk encryption on agency laptops after one containing unencrypted personal information on a "large" number of people was recently stolen.
Agency employees were told of the 31 October theft of the laptop and NASA documents from a locked car in an email message Tuesday from Richard Keegan Jr., associate deputy administrator at NASA.
Keegan told employees that the stolen laptop contained sensitive "Personally Identifiable Information" (PII) about a large number of NASA employees, contractors and others......'

 

Facebook shuts down Albania Pirate Group, after stolen passwords shared

  by Graham Cluley on November 12, 2012  
 

'....A reader of Naked Security, who works at a Yorkshire-based security company, contacted us last week to tell us about a particular Facebook page they had stumbled across belonging to the Albania Pirate Group.
On its Facebook page, 600+ fans and members of the Albania Pirate Group were sharing RDP (Windows Remote Desktop) logins, giving hackers unauthorised access to computer systems, and what appeared to be compromised banking details.
The potentially sensitive information was free for anyone to view, even if you hadn't "Liked" the page.
Sophos contacted Facebook, and within the hour the social network's security team had closed down the page......'

 

Skype users warned of serious security problem - accounts can be hijacked with ease

 
 

A serious security problem has been uncovered in Skype, which allows hackers to hijack accounts just by knowing users' email addresses.

The Next Web describes how it managed to reproduce the attack, accessing the Skype accounts of staff by just knowing their email address, and then changing the passwords of their "victims" to lock them out.

 
Security isn?t about technology. It?s about people  
  byPaul Ducklin | October 11, 2012  
 

....The only thing standing between your company's information systems and the people who are out to compromise them is employees.

Technical security vulnerabilities can be patched but humans are always vulnerable......'

 

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in October 2012

 

  Fake + Harassment
  Hacked
  Abuse
  Other

Genderwise

  Female
  Male

Statistics - Sri Lanka CERT|CC

 

Alerts

Georgia Tech releases cyber threats forecast for 2013

'....specific threats to follow over the coming year include, among
others:

- Cloud-based Botnets ? The ability to create vast, virtual computing resources will further convince cyber criminals to look for ways to co-opt cloud-based infrastructure for their own ends.
One possible example is for attackers to use stolen credit card information to purchase cloud computing resources and create dangerous clusters of temporary virtual attack systems.

- Search History Poisoning ? Cyber criminals will continue to manipulate search engine algorithms and other automated mechanisms that control what information is presented to Internet users. Moving beyond typical search-engine poisoning, researchers believe that manipulating users' search histories may be a next step in ways that attackers use legitimate resources for illegitimate gains.

- Mobile Browser and Mobile Wallet Vulnerabilities ? While only a very small number of U.S. mobile devices show signs of infection, the explosive proliferation of smartphones will continue to tempt attackers in exploiting user and technology-based vulnerabilities, particularly with the browser function and digital wallet apps.

- Malware Counteroffensive ? The developers of malicious software will employ various methods to hinder malware detection, such as hardening their software with techniques similar to those employed in Digital Rights Management (DRM), and exploiting the wealth of new interfaces and novel features on mobile devices.

"Every year, security researchers and experts see new evolutions in cyber threats to people, businesses and governments," said Wenke Lee, director of GTISC. "In 2013, we expect the continued movement of business and consumer data onto mobile devices and into the cloud will lure cyber criminals into attacking these relatively secure, but extremely tempting, technology platforms. Along with growing security vulnerabilities within our national supply chain and healthcare industry, the security community must remain proactive, and users must maintain vigilance, over the year ahead."

"Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise, know no boundaries, making cyber security a global issue," said Bo Rotoloni, director of GTRI's Cyber Technology and Information Security Laboratory (CTISL). "Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government.".....'

New variant of Mac Trojan discovered, targeting Tibet
'....The latest Mac malware seen by the experts at SophosLabs, is a new variant of the OSX/Imuler Trojan horse. In the past, earlier variants of the OSX/Imuler malware has been spread via topless photos of a Russian supermodel or embedded deep inside boobytrapped PDF files.

This time, it appears that the a version of the Imuler Trojan has been used in an targeted attack against sympathisers of the Dalai Lama and the Tibetan government, as the malware appears to have been packaged with images of Tibetan organisations......'

Adobe investigates alleged customer data breach
By Jeremy Kirk | 14 November 12
'....Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.

The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records......'

 
  Notice Board
  Training and Awareness Programmes - November 2012  
 
Date Event Venue
- 23,25 Annual ICT Planning workshop North western Provincial Training Center, Wariyapola
- 26 In house Development Training Programme ICT Laboratory, ICT Branch, Ministry of Education
- 21-23 Training on 2D Animation on Learning Management system Royal College, Colombo7
- 30 Information Security Quiz Hotel Renuka, Colombo
  Training and Awareness Programmes - December 2012  
 
Date Event Venue
- 10-18 Content Development for Learning Management System Education Leadership Development Center, Meepe  
- 10-12 Refreshment Programme for hardware and network solution team Sreepada National College of Education, Kotagala, Pathana
- 12-14 Refreshment Programme for hardware and network solution team Sreepada National College of Education, Kotagala, Pathana
- 6 5th Annual National Conference on cyber security, 5th December for a general audience Crystal Room Upper, Taj Samudra Hotel, Colombo
   
    

Brought to you by: