Monday, December 21, 2015
Monday, February 9, 2015
android hack
aayush marketing 25 new jagnath main road near mangalam hospital opp astron garden rajkot 360005 9898048483 gujarat india
https://www.fbi.h-da.de/fileadmin/gruppen/FG-IT-Sicherheit/Publikationen/2011/2011_10_Nazar_NordSec.pdf
Here’s what you can see in Permission Manager if you launch the settings of a particular app.
Yeah, disabling any Android System UI permissions would really mess up my phone, perhaps even irreversibly.
Since Permission Manager only works in Android 4.3 and 4.4, you’ll need to install another app if you want to manage app permissions in an older version of Android. Or, even if you use 4.3+, you might want to have easy access to the permissions of all of your apps, without having to pay for Permission Manager’s “Pro” version. A possible option is SnoopWall, which can be installed for free from https://play.google.com/store/apps/details?id=com.snoopwall.android.
One of the nice things about SnoopWall is that it works in all versions of Android from 2.3.3 Gingerbread and up. It’ll also allow you to manage the permissions of all of your apps, free of charge. What I’m not crazy about, but what you might enjoy and benefit from, is that the app is designed to do a lot more than just manage app permissions. It runs an antivirus shield and firewall that’s not supposed to conflict with any antivirus shield or firewall you already have. It checks for, and blocks eavesdropping and spying. It stops your camera, GPS, WiFi, microphone and NFC from being used without your authorization. It even has a special security mode designed to be used if you’re doing any online banking on your phone or tablet.
Unlike Permission Manager, SnoopWall asked for a number of different permissions upon installation.
The following are screens you’ll see when launching SnoopWall (“Antivirus Privacy Firewall”) for the first time.
After launching SnoopWall for the first time and it tells you “You are not secure,” you can choose a security mode.
“Phone Mode,” “Internet Mode,” and “Apps Mode” disable a lot of functionality, which can be very annoying. For instance, apps are blocked in “Phone Mode,” and Internet access is blocked in “Apps Mode.” (What about most apps, which require network connectivity?) “Bank Mode” is only useful if you’re doing online banking, either via your Web browser or a native online banking app. So, I chose “Autopilot Mode.”
When you choose a “mode,” you’ll see this screen.
Here’s what SnoopWall’s main control screen looks like.
Tap “Control Apps” (at the bottom) to manage the permissions of each and every one of your apps. I happen to have about 250 apps in total.
Handy green icons in your app list will give you a quick overview about what kind of permissions each app has. Tap on the blue circle next to the app name to customize the permissions you give that particular app.
I’ve decided to leave Chrome’s permissions alone, based on the “if I can’t trust Google, I’m screwed by having an Android device” principle.
Her are the permission settings for another one of my apps, Barcode Scanner+.
Tapping on “Block App” doesn’t necessarily block the app completely; instead it gives you the option to selectively enable or disable its permissions.
As Barcode Scanner+ uses my phone’s camera to scan QR codes and UPC codes, disabling the Camera permission would defeat the purpose of the app. Here’s what I chose to enable and disable.
I cannot see why Barcode Scanner+ should be able to activate or use WiFi, but it obviously needs my camera, and its NFC (near field communication) and mobile data (3G or 4G) functions could be useful, so those are risks I’m willing to take.
I went through each and every one of my apps via SnoopWall, and I set their permissions to my liking, being mindful to not disable permissions that could impair app functions I’d like to have, or would prevent my device from working properly. As I have over 250 apps, it was a long and tedious process, but well worth it.
One thing I don’t like about SnoopWall is that running the app forces Bluetooth to be turned on. Leaving Bluetooth on when you’re not using Bluetooth peripherals with your phone or tablet can be an unnecessary drain on your battery. Bluetooth can also be used for a third party to obtain malicious access to your device, so for security reasons, Bluetooth should only be turned on while you’re using it.
So, after I set my app permissions with SnoopWall, I went into my system app settings (in the OS, not in SnoopWall) and disabled SnoopWall from running. Then, I was able to turn Bluetooth off again. Based on what I know about how Android apps work, I assume the app permission changes I made via SnoopWall are still set.
There are other third party apps that you can install on your Android device to manage your app permissions. You may give them a try, but keep in mind that I haven’t yet installed and tried them on my phone.
Advanced Permission Manager (https://play.google.com/store/apps/details?id=com.gmail.heagoo.pmaster) is supposed to work on Android Froyo 2.2 and every later version of Android.
F-Secure App Permissions (https://play.google.com/store/apps/details?id=com.fsecure.app.permissions.privacy) is supposed to work on Android 2.3.3 Gingerbread and up.
Fix Permissions (https://play.google.com/store/apps/details?id=com.stericson.permissionfix) is supposed to work on versions of Android as old as 1.6 Donut. But regardless of the version of Android you install it in, your device must be rooted.
You’ll find many other permission control apps in the Google Play store, as well. Be conscientious about which app you choose, and how you operate it. Most importantly, look at the user ratings of the app, and the user reviews. I wouldn’t install any app that has less than four stars.
I hope in the future that Google’s Android development team decides to reverse the decision they made for KitKat 4.4.2. I hope future versions of Android allow app permission customization without being hidden (as in 4.3) and without requiring root. They could always design the program so that users are warned to customize permissions at their own risk.
Your Android device should be fully in your control, and you should be able to customize functionality with security in mind, so that Android app developers can’t take control or security away from you.
References
How App Permissions Work & Why You Should Care
http://www.makeuseof.com/tag/app-permissions-work-care-android/
Android 101: What some of those scary application permissions mean
http://m.androidcentral.com/look-application-permissions
System Permissions | Android Developers
http://developer.android.com/guide/topics/security/permissions.html
App to manage Android app permissions
http://www.theregister.co.uk/2014/01/07/app_to_manage_android_app_permissions/
KitKat update removes app permission toggle
http://news.cnet.com/8301-1009_3-57615607-83/kitkat-update-removes-app-permissions-toggle/
App Ops: Android 4.3’s Hidden App Permission Manager, Control Permissions for Individual Apps!
http://www.androidpolice.com/2013/07/25/app-ops-android-4-3s-hidden-app-permission-manager-control-permissions-for-individual-apps/
Permission Manager | Google Play
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
AppOps Launcher | Google Play
https://play.google.com/store/apps/details?id=com.pixelmonster.AppOps
SnoopWall Antivirus Privacy Firewall | Google Play
https://play.google.com/store/apps/details?id=com.snoopwall.android
Advanced Permission Manager | Google Play
https://play.google.com/store/apps/details?id=com.gmail.heagoo.pmaster
Fix Permissions | Google Play
https://play.google.com/store/apps/details?id=com.stericson.permissionfix
Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.
Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.
People familiar with the Federal Bureau of Investigation's programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can't be wiretapped like a phone, is called "going dark" among law enforcement.
ENLARGE
A spokeswoman for the FBI declined to comment.
The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc. 's Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.
The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.
The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.
Since at least 2005, the FBI has been using "web bugs" that can gather a computer's Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.
The FBI "hires people who have hacking skill, and they purchase tools that are capable of doing these things," said a former official in the agency's cyber division. The tools are used when other surveillance methods won't work: "When you do, it's because you don't have any other choice," the official said.
Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.
Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren't misused. "People should understand that local cops are going to be hacking into surveillance targets," said Christopher Soghoian, principal technologist at the American Civil Liberties Union. "We should have a debate about that."
Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.
A search warrant would be required to get content such as files from a suspect's computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department's primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.
But if the software gathers only communications-routing "metadata"—like Internet protocol addresses or the "to" and "from" lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect's property, he added.
An official at the Justice Department said it determines what legal authority to seek for such surveillance "on a case-by-case basis." But the official added that the department's approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.
In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.
A group at the FBI called the Remote Operations Unit takes a leading role in the bureau's hacking efforts, according to former officials.
Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects' machines and installed malicious software using a thumb drive, a former U.S. official said.
The bureau has controls to ensure only "relevant data" are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.
The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.
Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.
U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed "0 day exploits"—meaning that the software maker doesn't yet know about the security hole—for software including Microsoft Corp.'s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn't respond to requests for comment, nor did Microsoft.
https://www.fbi.h-da.de/fileadmin/gruppen/FG-IT-Sicherheit/Publikationen/2011/2011_10_Nazar_NordSec.pdf
Here’s what you can see in Permission Manager if you launch the settings of a particular app.
Yeah, disabling any Android System UI permissions would really mess up my phone, perhaps even irreversibly.
Since Permission Manager only works in Android 4.3 and 4.4, you’ll need to install another app if you want to manage app permissions in an older version of Android. Or, even if you use 4.3+, you might want to have easy access to the permissions of all of your apps, without having to pay for Permission Manager’s “Pro” version. A possible option is SnoopWall, which can be installed for free from https://play.google.com/store/apps/details?id=com.snoopwall.android.
One of the nice things about SnoopWall is that it works in all versions of Android from 2.3.3 Gingerbread and up. It’ll also allow you to manage the permissions of all of your apps, free of charge. What I’m not crazy about, but what you might enjoy and benefit from, is that the app is designed to do a lot more than just manage app permissions. It runs an antivirus shield and firewall that’s not supposed to conflict with any antivirus shield or firewall you already have. It checks for, and blocks eavesdropping and spying. It stops your camera, GPS, WiFi, microphone and NFC from being used without your authorization. It even has a special security mode designed to be used if you’re doing any online banking on your phone or tablet.
Unlike Permission Manager, SnoopWall asked for a number of different permissions upon installation.
The following are screens you’ll see when launching SnoopWall (“Antivirus Privacy Firewall”) for the first time.
After launching SnoopWall for the first time and it tells you “You are not secure,” you can choose a security mode.
“Phone Mode,” “Internet Mode,” and “Apps Mode” disable a lot of functionality, which can be very annoying. For instance, apps are blocked in “Phone Mode,” and Internet access is blocked in “Apps Mode.” (What about most apps, which require network connectivity?) “Bank Mode” is only useful if you’re doing online banking, either via your Web browser or a native online banking app. So, I chose “Autopilot Mode.”
When you choose a “mode,” you’ll see this screen.
Here’s what SnoopWall’s main control screen looks like.
Tap “Control Apps” (at the bottom) to manage the permissions of each and every one of your apps. I happen to have about 250 apps in total.
Handy green icons in your app list will give you a quick overview about what kind of permissions each app has. Tap on the blue circle next to the app name to customize the permissions you give that particular app.
I’ve decided to leave Chrome’s permissions alone, based on the “if I can’t trust Google, I’m screwed by having an Android device” principle.
Her are the permission settings for another one of my apps, Barcode Scanner+.
Tapping on “Block App” doesn’t necessarily block the app completely; instead it gives you the option to selectively enable or disable its permissions.
As Barcode Scanner+ uses my phone’s camera to scan QR codes and UPC codes, disabling the Camera permission would defeat the purpose of the app. Here’s what I chose to enable and disable.
I cannot see why Barcode Scanner+ should be able to activate or use WiFi, but it obviously needs my camera, and its NFC (near field communication) and mobile data (3G or 4G) functions could be useful, so those are risks I’m willing to take.
I went through each and every one of my apps via SnoopWall, and I set their permissions to my liking, being mindful to not disable permissions that could impair app functions I’d like to have, or would prevent my device from working properly. As I have over 250 apps, it was a long and tedious process, but well worth it.
One thing I don’t like about SnoopWall is that running the app forces Bluetooth to be turned on. Leaving Bluetooth on when you’re not using Bluetooth peripherals with your phone or tablet can be an unnecessary drain on your battery. Bluetooth can also be used for a third party to obtain malicious access to your device, so for security reasons, Bluetooth should only be turned on while you’re using it.
So, after I set my app permissions with SnoopWall, I went into my system app settings (in the OS, not in SnoopWall) and disabled SnoopWall from running. Then, I was able to turn Bluetooth off again. Based on what I know about how Android apps work, I assume the app permission changes I made via SnoopWall are still set.
There are other third party apps that you can install on your Android device to manage your app permissions. You may give them a try, but keep in mind that I haven’t yet installed and tried them on my phone.
Advanced Permission Manager (https://play.google.com/store/apps/details?id=com.gmail.heagoo.pmaster) is supposed to work on Android Froyo 2.2 and every later version of Android.
F-Secure App Permissions (https://play.google.com/store/apps/details?id=com.fsecure.app.permissions.privacy) is supposed to work on Android 2.3.3 Gingerbread and up.
Fix Permissions (https://play.google.com/store/apps/details?id=com.stericson.permissionfix) is supposed to work on versions of Android as old as 1.6 Donut. But regardless of the version of Android you install it in, your device must be rooted.
You’ll find many other permission control apps in the Google Play store, as well. Be conscientious about which app you choose, and how you operate it. Most importantly, look at the user ratings of the app, and the user reviews. I wouldn’t install any app that has less than four stars.
I hope in the future that Google’s Android development team decides to reverse the decision they made for KitKat 4.4.2. I hope future versions of Android allow app permission customization without being hidden (as in 4.3) and without requiring root. They could always design the program so that users are warned to customize permissions at their own risk.
Your Android device should be fully in your control, and you should be able to customize functionality with security in mind, so that Android app developers can’t take control or security away from you.
References
How App Permissions Work & Why You Should Care
http://www.makeuseof.com/tag/app-permissions-work-care-android/
Android 101: What some of those scary application permissions mean
http://m.androidcentral.com/look-application-permissions
System Permissions | Android Developers
http://developer.android.com/guide/topics/security/permissions.html
App to manage Android app permissions
http://www.theregister.co.uk/2014/01/07/app_to_manage_android_app_permissions/
KitKat update removes app permission toggle
http://news.cnet.com/8301-1009_3-57615607-83/kitkat-update-removes-app-permissions-toggle/
App Ops: Android 4.3’s Hidden App Permission Manager, Control Permissions for Individual Apps!
http://www.androidpolice.com/2013/07/25/app-ops-android-4-3s-hidden-app-permission-manager-control-permissions-for-individual-apps/
Permission Manager | Google Play
https://play.google.com/store/apps/details?id=com.appaholics.applauncher
AppOps Launcher | Google Play
https://play.google.com/store/apps/details?id=com.pixelmonster.AppOps
SnoopWall Antivirus Privacy Firewall | Google Play
https://play.google.com/store/apps/details?id=com.snoopwall.android
Advanced Permission Manager | Google Play
https://play.google.com/store/apps/details?id=com.gmail.heagoo.pmaster
Fix Permissions | Google Play
https://play.google.com/store/apps/details?id=com.stericson.permissionfix
Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.
Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.
People familiar with the Federal Bureau of Investigation's programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can't be wiretapped like a phone, is called "going dark" among law enforcement.
ENLARGE
The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc. 's Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.
The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.
The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.
Since at least 2005, the FBI has been using "web bugs" that can gather a computer's Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.
The FBI "hires people who have hacking skill, and they purchase tools that are capable of doing these things," said a former official in the agency's cyber division. The tools are used when other surveillance methods won't work: "When you do, it's because you don't have any other choice," the official said.
Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.
Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren't misused. "People should understand that local cops are going to be hacking into surveillance targets," said Christopher Soghoian, principal technologist at the American Civil Liberties Union. "We should have a debate about that."
Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.
A search warrant would be required to get content such as files from a suspect's computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department's primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.
But if the software gathers only communications-routing "metadata"—like Internet protocol addresses or the "to" and "from" lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect's property, he added.
An official at the Justice Department said it determines what legal authority to seek for such surveillance "on a case-by-case basis." But the official added that the department's approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.
In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.
A group at the FBI called the Remote Operations Unit takes a leading role in the bureau's hacking efforts, according to former officials.
Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects' machines and installed malicious software using a thumb drive, a former U.S. official said.
The bureau has controls to ensure only "relevant data" are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.
The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.
Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.
U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed "0 day exploits"—meaning that the software maker doesn't yet know about the security hole—for software including Microsoft Corp.'s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn't respond to requests for comment, nor did Microsoft.
Subscribe to:
Posts (Atom)