A tool which can be used for Forensic Investigations, Hacking, Backing up and Debugging of Android devices

Most of us use smart phones in our day to day lives either to take a call, send an SMS, browse internet, view mails or play games. Therefore Smartphone contain our personal information such as photos, videos, contact details, emails and SMS. Some of us even store usernames and passwords of mail addresses or of favorite web sites in our smart phones for ease of access. This certainly makes our lives easier but what will happen if someone steal your phone or you lose it. The person who receives it will have the full access to all of your personal information.

If you are a security concerned person, you may have locked your phone to protect it. But this lock can be easily broken by a person who knows his way around. For example, if you are using an Android phone, there is a really nice tool called ADB or the Android Debug Bridge which allows you to open a shell to access the Android device by issuing two three commands. And if your phone is rooted, this shell can be easily created with super user permission thus allowing the full control of the device.

Even though there are many uses, the most interesting use of ADB is its ability to capture and retrieve databases in the Android Phone. Android Stores all of its information such as Contacts, SMS, Usernames and Passwords in SQLite databases. If the phone is rooted, ADB can be used to easily download these databases to your PC and to analyze them to capture the information stored in them. Following image show how acquiring Contacts Database is done and a snapshot of the content inside the database.

Figure1
Figure1

 

Figure 2
Figure 2

As the above table shows, it is possible to acquire all the contacts in the contact database. Furthermore deleted contacts which were deleted several days ago can also be found using SQLite Forensic tools such as epilog.

Not only Contact Details, but much other information such as SMS, Call Logs, Web History, emails, Geo Tags and even saved usernames and passwords can be easily acquired using ADB (Those acquired information are represented at the end of the post). The interesting part is that even the general lock that you put into your phone will not work in this scenario to secure your information since ADB directly access the Kernel module.

Getting information is not only the end of what a hacker can do using ADB. Once the databases are obtained it is possible to write cracks and malicious triggers to those databases and then upload them back again to the Smartphone making it more vulnerable and allowing hackers to obtain any information at any time they want.

Even though all of the above talk make ADB looks bad, ADB, however is not only a tool used by hackers to exploit Android, but it is a tool which helps developers to debug the Android Kernel. Furthermore it can be used widely for Forensic Investigations and for taking backups of the information.

ADB can be used to find and carve forensic information from the phone by investigators through the ADB Shell. Furthermore experienced users can use ADB to backup their SMS and contact databases to their PCs while Developers can run, test and debug their applications using ADB. Therefore ADB can be defined as a tool which can be used for both the good and bad.

As users, it is our own responsibility to make sure that malicious users cannot use ADB on our Android devices to gather our personal information. The way to do this is also simple, we only have to turn off USB Debugging mode (Settings > Applications > Development) of the Android Phone and to put a lock to the phone restricting others from turning this option back on. This is a very simple yet effective method, but most of the people leave this option on mainly because of their ignorance.

Even though smart phones are really useful for us in many ways, they can present certain security risks as mentioned above, possibly because of the ignorance of the users. Therefore it is a must for all of us to learn how to use smart phones securely protecting our personal information.

Following are some of the information gathered using ADB from a Smartphone

SMS extracted from the Message

Figure3
Figure3

Call Logs extracted from the Message

Figure 4
Figure 4

Extracted Browsing History and Bookmarks

Figure 5
Figure 5

Extracted Google Search Results

Figure 6
Figure 6

 

Extracted passwords and usernames in clear text

 

Extracted email credentials in clear text

Figure 8
Figure 8

 

Samples of extracted emails

Figure9
Figure9

 

Extracted Geo Information

Figure10
Figure10

 

4 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here