Android Device & Data Security | Toshendra Sharma | Skillshare

Android Device & Data Security

Toshendra Sharma, CEO @RecordsKeeper

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
3 Lessons (24m)
    • 1. Protecting your android device

      6:43
    • 2. Bypassing Android locks

      7:46
    • 3. Android data extraction

      9:19

About This Class

In this course you will be learning about Android Device & Its Data Security. We will explore the device security model & how to understand it.

Transcripts

1. Protecting your android device: Hello and welcome to averages. How to hack under adapts and advance penetration testing course. In this model, we will look at mechanisms to protect you and your device and how some off those mechanisms can be buy bust. In this video, we will look at how to secure your android device in order and security under device that our previous basically using android In build security. You can lock your naps or by not saving all of your passwords to the online services on the Web sites. First, let's see the android in Bill Security. Now Android phones allow you to have a screen lock and able to secure your device. There are many types of screen looks available for you to choose from. They are passwords, pins and pattern passwords are basically alphanumeric, and pence are just numeric. When setting pins or patent locks, try not to make it easy for hackers to guess your password or pattern. So on right basically provides you an A screen lock feature, I assure you. So this is my militar, which I have started. So if is he currently, there's no lock aside as a slide, but you can configure lock for your screen by going to settings on then from settings to security, and then you go to this screen lock. As you can see, there are many options. Have label slide. It is currently configured. Then you have the pattern. The pin. The password pattern is basically you just connect the four darts to generate a pattern. Four more dots, you can say so. If you press continue, I'll draw the pattern again on I'll confirm it. So from next time, whenever you access your device, you lock and access your devices after draw the same pattern, and then it will give you the access to your device. If the pattern is wrong, then it fell. Not give you the access like this. This is wrong, partner, so I have to said the correct better. Apart from that, there are others as well as we have discussed. There's so after gun from this year. Okay, so you can set Pen has been so pain is basically just numbers. So when I were done, you can just click continue, and so and so forth on the other one is the password. So in order to password is nothing but alphanumeric you can enter alphanumeric. So this is how it is done. So this was the inbuilt features that android provides you toe protect you under device. Now, the next mechanism is, as I discussed, that is lock your naps so it is necessary to locker APS basically especially the ones which hold private information that you wish Nobody but apart from you can see, this is the second layer of security to prevent anyone from using your loss device, particularly if they have managed to bypass. You're locked and right. So if you even if you have kept a password or pin or ah pattern look. But still if they try to bypass it. But ah, and try to access the app. And if a lock application is locked, then no one can access the application. So you're safe from that point point off you. So this is the second layer of security can say so for this. For locking APS, you can use a free app like a block. It is available on the Google store, so that is the android market Google play. So the idea is not to look every single opinion device, but just really data leading date. Aladdin ones like your email lapse or file managers or your Facebook application or Lincoln Application. You can look so this is what the block looks like on the left of your screen. You just said the password for a block, and then you select the applications, which you want to look so you can look any of those applications which you have in store. And after that, when you try to access the application, it will give you Ah, this. Ah, the lock screen. I mean, like, you have to authenticate yourself by giving the password that your set while using this app lock. So once you have entered incorrect password, you can access that application. So this is how a nap lock works. Next important thing is that you do not save all off your passports. Many was a stand to save their passports to on line services and sites on their device, and they never once think that what it would mean to a person who got their hands on their phone. So it's a good practice to avoid having all important passwords saved into your device, particularly when it comes to banking or payment taps now in some applications. For instance, as you can see on the screen there, Twitter log in when you try to. Ah, when you try to log in with the correct password and everything you press log in, then it will give you a pop of like this that do you want to do on the browser to remember this passport. So if you click, remember, so next time you don't need to enter the password again next time I knew, um, again, try to access twitter dot com. The browser will automatically fill the password for you. So this is a bit after it, because if you lose your mobile phone, then anyone can open the browser on go to twitter dot com, and the browser will automatically fill in the password. So this is a threat, right? So do not save all off your passports for, ah, for the Web services started for the online services or any websites that you use. So this is where the ways by which you can secure your android device. Andi, if you're not careful about securing your device than losing your smartphone, may mean more than just a loss in contacts and phone numbers for you. We're talking about their social media accounts, your sink, FIEs, important documents, your emails, photos and messages. In the next video, we will look at how to bypass on dreadlocks. That is the inbuilt android locks. So that's it for this video. Thanks for watching. 2. Bypassing Android locks: hello and welcome to AFP vigils. How to hack and or adapts an advance penetration testing cause In the previous video, we looked into radius ways by which you can secure your android device screen Look was one off them. In this video, we shall see how can one bypassed the scream lock mechanisms Now there are currently three main types off passport supported by the android device. One is the pattern lock. 2nd 1 is depend That is a numeric code and a password Alpha numerical Now in this, As I said in this video, we will look at mechanisms to bypass the screen locks. So the first ah mechanism or the attack is this much attack. Now this is not specific to any android device, but used generally by forensic analysts. But they can deduce the password off touchscreen mobile. The attack depends on the fact that smudges are left behind by the users fingers due to repeated swiping across the same locations. Now the pattern lock or any passport is something that the user will have toe Swiper enter every time he wants to use this mobile. Hence we can infer that the smudges would be heaviest across the same locations and hands on the proper lightning and high resolution pictures. We can use the court. So, as you can see on the screen, we have an example where we can clearly sleep. A cedar smudges. So that is the pattern Lakoff off user because he has repeatedly swipe across the same location to unlock his device. So this was a smudge attack. This is very common, but normally of this is carried out during foreign sick analysis. Second was this 2nd 1 is deleting the gesture dot key file. Now, this file that is just your door key is ready. Pattern is stored in your under device. So whatever pattern you have this just say stored in this district are key. Now, if the under devices using this pattern lock on it is a router device with USB debugging enable, then we can easy delete this gesture Dorky file on bypass the screen lock. Now, the process to do this is like you have to connect your device to the PC. Open up the command prompt type in the 80 bichel command that is, you get the shell of the device and then to remove the gesture Dorky. You have to enter the command, Adam space slash data slash system slash gesture darkie then to start your phone. Ah, you will see that after restarting your phone. Ah, the device is asking for a pattern. But don't worry, You can randomly, entire new pattern and unlock the device. So let's see the demo. No. Okay, so I haven't emulated over here Devices running, so I'll go and set us pattern now. But a look. So I will keep this pattern as V. We'll continue work. Once done. Let's check if this has taken effect. Okay, so yes, so I can enter this. What if I enter wrong pattern? Would it like me to end up? Let's see this. Okay, this is giving me wrong, partner. So this is working. Fine. So now let's goto command prompt on Get the 80 bichel off the device. We shall aan den type in the command. Remove slash data slash system on, then sure dot Key. Okay, so once this is done No, Let's go here toe a militar. And now let's check by putting any round wrong baton if it's giving me entry, Okay, So as you can see it has bypassed the pattern lock mechanism easily by deleting the just just start key file. So this is how it is done. So that was easy to delete. Digestion dorky file and you're pattern was unlocked. Now the third method is by updating the escalate fights. Now, if your phone is rooted and in USB debugging more than by updating the S screen light fights that are present in your android device, you can bypass the screen. Look. Now again, this step is first step the same that you have tow. Connect your device to the PC. Then you have to open the command prompt and get the shell of the device by the 80 Bichel common. After that, you need to change your directory to slash data slash data slash com dot and not provider start settings slash databases and then go to the Esca Light file. That is a school like three setting start to be. After that, you need to fire to equities that is update system set value close to zero where name is a cost to lock. Underscore Patton underscore to lock and then second queries Update System set value close to zero where name it caused to lock screen door locked out permanently. And then you quit. The escalate shows command prompt. After that, you need to restart the device. And when you restart, it will ask you a pie. Patton again you can and their need and important on DA you can bypass the screen. Look, so let's see the demo for this as well. Okay, so let's set apart in again. So whatever. Lose, like, second patent. Continue. Okay, Come from lock and I tried toe along. This can see it's giving me. Okay, so this is working. Fine. Now let's go to the common problems. Now again. Get a shell on, then base this quick change of directory. So we have changed the directory. Now, after that connected, the escalate database settings start PB. Okay, so now we have into the school light common prop. So let's type the update. Equity of date system update the table system. Set value goes to Tzeitel, where name equals two. Look under school. Patton under school water lock for that update System fed value equals 20 There. Name equals two. Lock screen dot looked out permanently. Okay, so now let's go. Here on, Try toe, insert a any random pattern. And as you can see, we have bypassed e mechanism again. So this was some of the methods by which you can bypass your screen lock. So I hope you have enjoyed this video. In the next video, we shall see how an attacker can extract data from the android device. Sir Tilden, thanks a lot for watching. See you in the next video. 3. Android data extraction: hello and welcome toe Aboriginals. How to hack Under adapts and advance penetration testing course after having seen different ways to bypass the android lock screen in the previous video. Now let's have a look at how to hack extract the data from an android, for you can extract the data off all files on the system, or only those 11 fights that you are interested in. But for any form off extraction, it's important that the device is rooted that is unlocked or USB debugging is previously enabled on the device, so there are basically two types off extractions. 1st 1 is the extracting through a DB. As explained earlier, A TV is a protocol that helps you to connect to Android device and perform some commands. Boot loader extraction is the 2nd 1 This can be done when the device is in Bootle order more the stakes at one days of the fact that boot loader more during the boat order more. The Android os will not be running now before extracting the data. It is important to know how the did I stored in and or device Soto understand where to look onboard data to pull from so on right stores the data mainly in below four locations. 1st 1 is the shared preference now as discussing earlier videos. Also, the data is stored in key value pairs over here, and shared preference files are stored in applications Data directory in the shared underscore pref fold up. 2nd 1 is the internal storage Android stores data that this private in devices internal memory 3rd 1 is the external storage on droid stores data that is public in devices, external memory that might not contain security mechanisms. So this data is publicly available because ah ah, the SD card ah is used over here for storage on this. The data is available under a slash SD card folder. 4th 1 is SQL Light. This is a database that holes structural data. So a score light is the database that android applications use. Basically, this is it. Guys have label under data slash data slash pakis name slash database. Now let's check an example off data extraction from an application which is installed on the device. Now let's go to the emulator. Now I have started this emulator. Now many install applications are installing this. If you can see So I have the calculator, the calendar. I have the email application also, so let's check out to extract data from this application. So extract data from the device regarding this application. The email application. So what we have to do is like we have to start the common problem now. Now, after starting the common problem, let's get this shell off the device so I'll use every Bichel. No, After this, let's go toe do does last data. That's the internal memory aan den. Let's check out the applications that I install, so I'm interested in the email application. So for email application, the back his name is so com dot on dry dot email. So I will change the directory toe com dot on droit dot email. So change directory toe com dot on droid thought image. So we are into the applications directory, So email applications directory. So I do. Ls Okay, so now we have got this database over here, So let's try and pull out the database off the evil. Why? Because because in this database that's possibility that the person who is using this device ah, all those you means the details would be stored in this database. So this is just for demo purpose? Basically. So? So now we have to pull this database files. OK, so let's change the directory. First database on TNT database. Okay. Okay. So did of this is the Okay, so it's data basis. Sorry I misspelled the data basis. Okay, so now we are into data basis. We are in this application. Email applications geared up is re accessing. Let's do a listing. Okay, so there is Ah, many data misfiled. So here, email provider dot db. This is one database filed. Then we have the backup also on the body. So what? I would do it like, I'll pull this email provider dot db file from here. Okay, so for that, and after that, the common So I will exit this shell now will type A d b full command, which is to pull files from the device on department. That is slash data. The studio are slash com dot on droid. Got email slash databases. Flash email provider for a wider dot db. Okay, so before that ah, one second. Let me change it to texture because I want toe have this on my dick. stop. So that's right. Now I'll run the 80 people come out again a d b pull slash data slash data slash com dot on droid dot email slash state Always and then slash email provider. Oh, I don't dot db If I click enter if you can't see the email provider filers been pulled to my deck Stop from the device. Now, as we know that this is a dot db file, so we need esque will light browser for this. So we need to run this escalate, Broza. So I just started. Okay, so this is running now. Now let's go on open the database that we have just downloaded. Okay, so this is this is the file email Lord So I opened this. As you can see now, the database, it's reading the data misfiled. So now, as you can see it as, ah opened the database, find for us the Escalade browser. So, as you can see, it clearly shows us the database structure. So which will help us to browse the data that is stored in them. So we have the account have the i. D. So currently there's no data because we haven't used the email up on the emulator. But if the user had used the email application, then all the data would be have been present over here. But still, you get the table names and everything that they have a structure you get basically. So this is how you extract data from the device? This was just an example of database. Similarly, you can pulled many surgeons, interesting files, some files, some text files, or XML files will have passwords also in them which are quoted so you can look for that. So it is just about applying your logic. Ah, it's about like finding the correct file, which we want The main. The main part is identifying the file that we want, So that is the main part of here. So this is how you extract data. So to conclude in this article, we have seen how to bypass Ah, in this study in this model, basically, we have seen how toe what are the what were the security mechanisms by which you can security around our device? Then we had bypassed the android screen look under different conditions. Onda, Um, Now we have seen how to extract the application data fall from an android phone. So that's it for this video. Thanks a lot for watching