Android Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
Android Pen Test
Initial Access to Android by Adversaries
1. Deliver Malicious App via Authorised App Store.
2. Deliver Malicious App via Other Means.
3. Drive-by Compromise.
4. Exploit via Charging Station or System.
5. Exploit via Radio Interfaces.
6. Install Insecure or Malicious Configuration.
7. Lockscreen Evasion.
8. Masquerade as Legitimate Apps.
9. Supply Chain Compromise.
Execution on Android by Adversaries
1. Broadcast Receivers.
2. Native Code.
Persistence of Adversaries in the Android

1. Abuse Device Administrator Access to Prevent Removal.
2. Broadcast Receivers.
3. Code Injection.
4. Compromise Application Executable.
5. Foreground Persistence.
6. Modify Cached Executable Code.
7. Modify OS Kernel or Boot Partition.
8. Modify System Partition.
9. Modify Trusted Execution Environment.
Privilege Escalation of Adversaries in the Android

1. Code Injection.
2. Exploit Android Vulnerability.
3. Exploit TEE Vulnerability.

Command and Control

1. Code Injection.
2. Exploit Android Vulnerability.
3. Exploit TEE Vulnerability.

Defence Evasion of Adversaries in the Android

1. Application Discovery.
2. Code Injection.
3. Device Lockout.
4. Disguise Root/Jailbreak Indicators.
5. Download New Code at Runtime.
6. Evade Analysis Environment.
7. Input Injection.
8. Install Insecure or Malicious Configuration.
9. Masquerade as Legitimate Apps.
10. Modify OS Kernel or Boot Partition.
11. Modify System Partition.
12. Modify Trusted Execution Environment.
13. Native Code.
14. Obfuscated Files or Information.
15. Suppress Application Icons.
16. Uninstall Malicious Apps.
Credential Access of the Android by Adversaries

1. Access Notifications.
2. Access Sensitive Data in the Device Logs.
3. Access Stored Apps Data.
4. Android Intent Hijacking.
5. Capture Clipboard Data.
6. Capture SMS Messages.
7. Exploit TEE Vulnerability.
8. Input Capture.
9. Input Prompt.
10. Network Traffic Capture or Redirection.
Discovery

1. Attack System via USB Connection.
2. Exploit Enterprise Resources.
Lateral Movement
1. Exploitation of Remote Services.
2. Replication through Removable Media.
Collection

1. Access Calendar Entries.
2. Access Call Logs.
3. Access Contact List.
4. Access Notifications.
5. Access Sensitive Data in Device Logs.
6. Access Stored Application Data.
7. Capture Audio.
8. Capture Camera.
9. Capture Clipboard Data.
10. Capture SMS Messages.
11. Data from Local System.
12. Foreground Persistence.
13. Input Capture.
14. Location Tracking.
15. Network Information Discovery.
16. Network Traffic Capture or Redirection.
17. Screen Capture.
Exfiltration

1. Alternate Network Medium.
2. Commonly Used Port.
3. Data Encrypted.
4. Standard Application Layer Protocol.

Impact of Android Hacks
1. Carrier Billing Fraud.
2. Clipboard Modification.
3. Data Encrypted for Impact.
4. Delete Device Data.
5. Device Lockout.
6. Generate Fraudulent Advertising Revenue.
7. Input Injection.
8. Manipulate App Store Rankings or Ratings.
9. Modify System Partition.