An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Adversaries may further leverage these capabilities to escalate privileges or bypass access control on legitimate applications. Although many mobile applications check if a mobile device is Rooted/Jailbroken prior to authorized use of the application, adversaries may be able to \'hook\' code in order to circumvent these checks. Successfully evading Root/Jailbreak detection allows an adversary to execute administrative commands, obtain confidential data, impersonate legitimate users of the application, and more.
Description
Attack Execution Flow
Step 1
Explore[Identify application with attack potential] The adversary searches for and identifies a mobile application that could be exploited for malicious purposes (e.g. banking, voting, or medical applications).
Search application stores for mobile applications worth exploiting
[Identifica applicazioni con potenziale di attacco] L'avversario cerca e identifica un'applicazione mobile che potrebbe essere sfruttata per scopi dannosi (ad esempio applicazioni bancarie, di voto o mediche).
Cerca negli store di applicazioni applicazioni mobili che valgano la pena di essere sfruttate
Attack Techniques
-
Search application stores for mobile applications worth exploiting
Step 2
Experiment[Develop code to be hooked into chosen target application] The adversary develops code or leverages existing code that will be hooked into the target application in order to evade Root/Jailbreak detection methods.
Develop code or leverage existing code to bypass Root/Jailbreak detection methods.
Test the code to see if it works.
Iteratively develop the code until Root/Jailbreak detection methods are evaded.
Sperimentazione
[Develop code to be hooked into chosen target application] L’avversario sviluppa codice o sfrutta codice esistente che verrà inserito nell’applicazione target al fine di eludere i metodi di rilevamento Root/Jailbreak.
Sviluppa codice o sfrutta codice esistente per bypassare i metodi di rilevamento Root/Jailbreak.
Testa il codice per verificare se funziona.
Sviluppa iterativamente il codice fino a eludere i metodi di rilevamento Root/Jailbreak.
Attack Techniques
-
Develop code or leverage existing code to bypass Root/Jailbreak detection methods.
-
Test the code to see if it works.IT: Sviluppa codice o utilizza codice esistente per aggirare i metodi di rilevamento Root/Jailbreak.
-
Iteratively develop the code until Root/Jailbreak detection methods are evaded.IT: Sviluppa codice o utilizza codice esistente per aggirare i metodi di rilevamento Root/Jailbreak.
Step 3
Exploit[Execute code hooking to evade Root/Jailbreak detection methods] Once hooking code has been developed or obtained, execute the code against the target application to evade Root/Jailbreak detection methods.
Hook code into the target application.
[Esecuzione di hooking del codice per eludere i metodi di rilevamento Root/Jailbreak] Una volta sviluppato o ottenuto il codice di hooking, eseguirlo contro l'applicazione target per eludere i metodi di rilevamento Root/Jailbreak.
Incorpora il codice di hooking nell'applicazione target.
Attack Techniques
-
Hook code into the target application.