OBJECTIVE 02 — ANDROID OS THREATS AND ATTACKS
ANDROID OS — CORE DEFINITION (EXAM)
| Item | Memorize |
| Android OS | An open-source, Linux-based mobile operating system developed by Google |
MEMORY HOOK:
Open-source = flexible + attackable
ANDROID ARCHITECTURE (EXAM FOUNDATION)
| Layer | Description |
| Linux Kernel | Hardware abstraction, drivers |
| HAL | Hardware Abstraction Layer |
| Native Libraries | C/C++ libraries |
| Android Runtime (ART) | Executes apps |
| Application Framework | APIs |
| Applications | User-installed apps |
MEMORY HOOK:
Kernel → HAL → Runtime → Framework → Apps
WHY ANDROID IS A HIGH-VALUE TARGET
| Reason |
| Open ecosystem |
| Third-party app installation |
| Fragmentation |
| Rooting possible |
| Weak app vetting |
ANDROID THREAT CATEGORIES (EXAM LIST)
| Category |
| Malware |
| Spyware |
| Trojans |
| Ransomware |
| Botnets |
| Backdoors |
| Adware |
MEMORY HOOK:
MST RBB A
ANDROID MALWARE — DEFINITION
| Item | Memorize |
| Android Malware | Malicious software designed to compromise Android devices |
COMMON ANDROID MALWARE BEHAVIORS
| Behavior |
| Steals credentials |
| Sends premium SMS |
| Records calls |
| Activates mic/camera |
| Joins botnets |
| Downloads payloads |
ANDROID MALWARE DELIVERY METHODS
| Method | Description |
| Malicious apps | Third-party stores |
| Repackaged apps | Legit apps modified |
| Drive-by downloads | Malicious websites |
| Phishing | Fake updates |
| SMS links | Smishing |
MEMORY HOOK:
App + Link + SMS
ANDROID PERMISSION ABUSE (HIGH-YIELD)
DANGEROUS PERMISSIONS
| Permission | Abuse |
| READ_SMS | OTP theft |
| SEND_SMS | Premium fraud |
| READ_CONTACTS | Data theft |
| RECORD_AUDIO | Eavesdropping |
| CAMERA | Surveillance |
| ACCESS_FINE_LOCATION | Tracking |
MEMORY HOOK:
SMS = money, mic = spy
ROOTING — ANDROID (EXAM FAVORITE)
ROOTING — DEFINITION
| Item | Memorize |
| Rooting | Gaining superuser (root) access on Android |
ROOTING — SECURITY IMPACT
| Impact |
| Disables sandboxing |
| Bypasses permission model |
| Enables malware persistence |
| Breaks MDM controls |
MEMORY HOOK:
Root = no rules
ROOTING METHODS (EXAM)
| Method |
| Exploiting OS vulnerabilities |
| Unlocking bootloader |
| Flashing custom ROM |
| Malicious rooting apps |
ANDROID OS ATTACKS (MUST MEMORIZE)
1. REPACKAGING ATTACK
| Aspect | Description |
| What | Malicious code added to legit app |
| How | Decompiled, modified, resigned |
| Result | User installs malware |
MEMORY HOOK:
Same app, evil inside
2. DRIVE-BY DOWNLOAD ATTACK
| Aspect | Description |
| Trigger | Visiting malicious website |
| Payload | Auto-download malware |
| Victim action | Minimal or none |
3. SMS-BASED ATTACKS
| Attack |
| Smishing |
| Premium SMS fraud |
| OTP interception |
4. MAN-IN-THE-MOBILE (MITMO)
| Aspect | Description |
| What | Malware intercepts mobile traffic |
| Target | Banking apps |
| Method | Overlay + SMS interception |
MEMORY HOOK:
MITM on mobile = MITMO
5. CLICKJACKING
| Aspect | Description |
| Method | UI overlay deception |
| Result | Unauthorized actions |
6. ANDROID BOTNETS
| Feature |
| C2 communication |
| DDoS |
| Spam |
| Data theft |
ANDROID APP VULNERABILITIES (EXAM TABLE)
| Vulnerability |
| Insecure data storage |
| Weak encryption |
| Improper session handling |
| Hardcoded credentials |
| Insecure IPC |
| Debug mode enabled |
ANDROID COMMUNICATION ATTACKS
| Attack |
| Wi-Fi sniffing |
| Rogue AP |
| SSL stripping |
| Fake certificates |
ADB — DEFINITION
| Item | Memorize |
| ADB | Command-line tool to communicate with Android devices |
COMMON ADB COMMANDS (CEH EXPECTS RECOGNITION)
| Command | Purpose |
| adb devices | List devices |
| adb shell | Access device shell |
| adb pull | Copy files from device |
| adb push | Copy files to device |
| adb install | Install APK |
MEMORY HOOK:
ADB = control channel
ANDROID SECURITY RISKS SUMMARY (EXAM BLOCK)
Android attacks exploit openness, permissions, rooting, weak apps, and insecure networks.
Malware enters via apps, SMS, and web.
Rooting breaks security.
ADB enables control.
OBJECTIVE 02 — STATUS
| Item | Status |
| Android threats | COMPLETE |
| Android attacks | COMPLETE |
| Rooting | COMPLETE |
| Permissions | COMPLETE |
| Tools | COMPLETE |
| Exam alignment | EXACT |