Mobile Device Exploitation Cookbook (eBook)

Over 40 recipes to master mobile device penetration testing with open source tools

About This Book

• Learn application exploitation for popular mobile platforms
• Improve the current security level for mobile platforms and applications
• Discover tricks of the trade with the help of code snippets and screenshots

Who This Book Is For

This book is intended for mobile security enthusiasts and penetration testers who wish to secure mobile devices to prevent attacks and discover vulnerabilities to protect devices.

What You Will Learn

• Install and configure Android SDK and ADB
• Analyze Android Permission Model using ADB and bypass Android Lock Screen Protection
• Set up the iOS Development Environment - Xcode and iOS Simulator
• Create a Simple Android app and iOS app and run it in Emulator and Simulator respectively
• Set up the Android and iOS Pentesting Environment
• Explore mobile malware, reverse engineering, and code your own malware
• Audit Android and iOS apps using static and dynamic analysis
• Examine iOS App Data storage and Keychain security vulnerabilities
• Set up the Wireless Pentesting Lab for Mobile Devices
• Configure traffic interception with Android and intercept Traffic using Burp Suite and Wireshark
• Attack mobile applications by playing around with traffic and SSL certificates
• Set up the Blackberry and Windows Phone Development Environment and Simulator
• Setting up the Blackberry and Windows Phone Pentesting Environment
• Steal data from Blackberry and Windows phones applications

In Detail

Mobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks.

Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats.

This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis.

Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation.

The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS.

Style and approach

This is a hands-on recipe guide that walks you through different aspects of mobile device exploitation and securing your mobile devices against vulnerabilities. Recipes are packed with useful code snippets and screenshots.

---

Over 40 recipes to master mobile device penetration testing with open source toolsAbout This BookLearn application exploitation for popular mobile platformsImprove the current security level for mobile platforms and applicationsDiscover tricks of the trade with the help of code snippets and screenshotsWho This Book Is ForThis book is intended for mobile security enthusiasts and penetration testers who wish to secure mobile devices to prevent attacks and discover vulnerabilities to protect devices.What You Will LearnInstall and configure Android SDK and ADBAnalyze Android Permission Model using ADB and bypass Android Lock Screen ProtectionSet up the iOS Development Environment - Xcode and iOS SimulatorCreate a Simple Android app and iOS app and run it in Emulator and Simulator respectivelySet up the Android and iOS Pentesting EnvironmentExplore mobile malware, reverse engineering, and code your own malwareAudit Android and iOS apps using static and dynamic analysisExamine iOS App Data storage and Keychain security vulnerabilitiesSet up the Wireless Pentesting Lab for Mobile DevicesConfigure traffic interception with Android and intercept Traffic using Burp Suite and WiresharkAttack mobile applications by playing around with traffic and SSL certificatesSet up the Blackberry and Windows Phone Development Environment and SimulatorSetting up the Blackberry and Windows Phone Pentesting EnvironmentSteal data from Blackberry and Windows phones applicationsIn DetailMobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks.Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats.This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis.Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation.The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS.Style and approachThis is a hands-on recipe guide that walks you through different aspects of mobile device exploitation and securing your mobile devices against vulnerabilities. Recipes are packed with useful code snippets and screenshots.