The Moroccan Geek

Des bits d'information qui enrichissent votre quotidien!

Category Archives: Mobile

Apple Spy on You!

Few weeks ago before the launch of visitors series on MBC, An ad was broadcasted thought the MBC’s Group channels, with a woman that show up on a white background after losing signal on TV, and said “We Came in Peace!”.; nothing special about that, it’s just an ad!( especially for the V lovers and people whom were waiting for it), but the strange about that is that Aljazeera Tv replies by a report, that said  that the MBC channels were hacked by the MOSSAD  ( the national intelligence agency of Israel)  to show that message and to communicate with Arabian people and to try to change their minds!

Recently another information was broadcasted by the same channel, this time is about Apple and The Iphone.

The Tv report in the video (Arabic only ) aims to prove that the Iphone is used by Apple to spy on the customers and to collect informations about them, their locations and even to use the front and back cameras, the microphone and the sensors to retrieve instant pictures and conversations.

The report is based on apple patent application that describes methods that may enable the iPhone and iPad to “sense” the user, detecting voice prints, faces, activity patterns and even heartbeats. If unauthorised use is detected, then many security measures could be activated.

But what aljazzera missed up is that the informations and data collected aren’t sent to apple but to the owner’s email, to allow him to track his phone, save data remotely or wipe out the device.

Maybe Aljazeera is going to release another rumor with the lunch of HTC Sense 3 which allow the same thing (not totally!), who could know?!?


NMAP on Android

I’ll show you in this topic how to run NMAP on your Smartphone, and exactly on Android Phone!!!

Nmap is one of the most wanted software used by pentesters, it help to gather informations about ports and services running on a machine, services fingerprinting, detecting Os version… it can run on android too by followind these steps.

First of all you need to download the cross compiled arm nmap from here.

Then connect your phone to your pc and on adb:

adb remount
adb push /sdcard/
adb shell (following on shell)
cd /data/local
mkdir bin
cd bin
cp /sdcard/ .
chmod 755 *

After that you can run nmap (nmap -v -iR 5 -PN -p 80 –n) using the terminal emulator like on a normal pc!

The downloaded version is 4.0 if you want to test the 5.30beta1 have a look at this!

Pentest using Android: The Iphone & N900 beat again!

After getting my new phone, an android one (The Samsung Spica i5700), I’ve started looking around on how could I use it as to pentest , the first step was to know the possibilities of the beast, so I started gathering some information about the specifications & the possibilities of The spica.

The spica comes with a 800 Mhz processor with a BCM4329 wifi chipset, which not allow the injection mode for the moment, comparing to the Apple iphone or The N900.

I forgot about the The injection mode to focus on metasploit!,

Metasploit needs to be fully ported to jRuby before it will run on the Android platform.actually We can use it and it can run on android devices offring some Basic operations (Reverse connect shells, meterpreter, etc still don’t work.) but it crashes a lot! HD Moore and his stuff are making serious progress above and maybe we will have a fully ported MSF with the release of the 3.5 metasploit Framework.

Browsing the android market, i found some interesting apps like the Netscan and the Network Discovery wich allows to discover host connected trought the network and get some basic informations like ips,mac addresses, masks… Wifiscanner can help too, to get information about Wifi network and their encryption, and Port scandroid can scan ports but it’s nothing comparing to the Nmap which is avaible and compatible with android (Fully Ported!)

Other tools like ConnectBot(SSh Client) or RemoteVnc are avaible for free on the market.

Python, Perl, JRuby, Lua, BeanShell, JavaScript, Rhino are Fully/partially ported to android and runs quite well (thanks to the devs grous !)

Pentesting with Android still in his first stages comparing to the iphone and N900, that offers a complete set of fully working pentesting tools that run smoothly; but the high speed growing of the google mobile Os and the next release of android for x86 architecture will offer some interesting stuffs in the near future, and maybe , we gonna witness the birth of a fully compatible pentesting framework on Android.

But for those who don’t want to wait, they can use their android devices without android OS to pentest, by emulating a linux operating system!

How could you do this?!? Stay tuned on moroccangeek and you’ll get the full article Soon!

Android RootKit

Two security researchers From “Spider Labs”, have made the demo of a rootkit for Android At the Defcon, which once installed on a phone (either directly or via an application available on android market) allows the attacker to have a full root remote access to the phone. The connection is established by initiating an outgoing TCP connection via 3G or WiFi. The attacker could steal data, or control the phone.

This rootkit was developed in 2 weeks, and has been distributed on DVD to those who attended the conference, and possibly gonna be avaible on internet in the upcoming weeks, pushing the manufacturers to patch their phones and to focus more on their security.

Backtrack Mobile Ca arrive!

NeoPwn est le nom de la version BACKTRACK mobile prévue pour la fin du mois de juillet 2010, et qui permettra toutes les fonctionnalités de la version Desktop.

Le premier Smartphone qui sera équipé(non-officiellement) de cette distribution sera le Nokia N900 et qui nativement sous Memo.

Les développeurs de cette distributions espèrent donner plus de liberté aux Pentesteurs en leurs permettant de se détacher de leurs Laptops pour assurer des tests d’audit et de sécurité.

La Tablette Apple : L’iPad!!!

Après le succès inattendu qu’a connu l’iphone partout dans le monde, Apple s’attaque au marché des tablettes en lançant son premier produit du genre, intitulé l’IPAD.

Présenté lors de la Keynote Apple du 27 janvier,l’Ipad bénéficie d’un design élégant bien travaillé et ressemblant au design de l’iphone, il affiche des dimensions de 242.8×189.7×13.4 mm pour 680g dans sa version WiFi et 730 dans sa version WiFi + 3G.

L’IPAD sera doté d’un écran IPS LED rétro-éclairé 9.7″ gérant le multi-touch (résolution 1024×768 pixels), du WiFi, de la 3G (en option, et DATA only…), du Bluetooth 2.1 + EDR, d’une boussole digitale, de 16, 32 ou 64Go de mémoire flash, d’un processeur Apple A4 cadencé à 1Ghz, d’un accéléromètre, d’un capteur de lumière.

L’Ipad bénéficie d’une version Mac Os adapté et d’une interface revue pour un usage tablette,il équipé de Safari, de Mail, de Photos, de YouTube et YouTube HD, de Maps, Notes, Calendar, Contacts, Spotlight ainsi que des iPod, iTunes et d’un APPSTORE pour les applications tierces.
En ce qui concerne les prix, il faudra se contenter de ceux destinées au marché américain en attendant les prix pour le marché français et européen :

IPad WiFi 16Go : 499$
IPad WiFi 32Go : 599$
IPad WiFi 64 Go : 699$

IPad WiFi + 3G 16Go : 629$
IPad WiFi + 3G 32Go : 729$
IPad WiFi + 3G 64 Go : 829$

L’Ipad sera disponible prochainement aux US,mais aucune date n’a été précisée pour le marché européen.

Source: journaldugeek

Android Sur HTC HD, Diamond, Raphael, Rhodium & Topaz!

Les génies de XDA-Developpers en collaboration avec d’autres développeurs ont pu porter l’Os Mobile Android 2.0.1 Alias Eclair sur des smart-phones Htc ne supportant pas ce système (selon HTC).
Contrairement à leur hardware,ces terminaux peuvent accueillir ce système sans aucun problème puisqu’en grande partie, c’est le même hardware utilisé sur le HTC HERO,et sur le SAPHIR qui sont d’office sous Android.
Il reste à savoir que ce portage n’est pas encore complet et que l’Os n’assure pas toutes les fonctions sur ces smart-phones.
En attendant la version complète de ce portage et la Rom installable sur ces smart-phones, je vous invite à essayer Android en téléchargent les paquets nécessaires via le lien ci-dessous ou en se rendant sur le site pour avoir plus d’informations sur le projet, et sur le statut de portage.

Package Android Eclair

N.B: cette version d’Android n’est exécutée qu’a partir de la carte SD en utilisant une application tierce, et l’Os n’est pas installable pour l’instant!