Analisis Keamanan Dan Eksploitasi Kernel Android 13 Menggunakan Metasploit Reverse_Tcp

Salman Alhidamkara(1*), S Somantri(2), Ivana Lucia Kharisma(3),

(1) Universitas Nusa Putra, Indonesia
(2) Universitas Nusa Putra, Indonesia
(3) Universitas Nusa Putra, Indonesia
(*) Corresponding Author

Abstract


The development of information technology, especially in the mobile field, has changed the way we interact with devices substantially. Android, as the most dominant mobile operating system used worldwide, attracts significant attention to its security aspects. Despite improvements in the security of Android devices, exploitation attempts continue to be made by security researchers and hackers using various methods, including exploitation via Reverse_TCP with tools such as Metasploit. This research aims to analyze the security of Android 13 devices using the Reverse_TCP method via Metasploit. The methods used involve exploitation by sending backdoor applications, opening Meterpreter sessions, and stealing data such as SMS and call logs. The results showed that Google Play Protect detected malicious applications, but the applications could still be installed and run, indicating a weakness in the security detection system. Reverse_TCP exploits can lead to unauthorized access to personal data and full control of the device, posing significant risks to users. Proposed preventive measures include using the Mobile Security Framework (MobSF), enabling Google Play Protect, and disabling unnecessary app permissions. This study suggests further research to overcome limitations and explore further the security aspects of Android

Full Text:

PDF

References


P. Sharma, C. Lepcha, S. T. Bhutia, And A. Sharma, “Case Study Exploit Of Android Devices Using Payload Injected Apk,” 2023, [Online]. Available: Www.Irjmets.Com

Deshinta. Arrovadewi Dan Jelita. Asian Somantri, “Implementasi Computer Based Test Pada Smp Pgri Se-Gugus V Kecamatan Cileungsi Kabupaten Bogor,” 2023, Accessed: May 08, 2024. [Online]. Available: Https://Restikom.Nusaputra.Ac.Id/Issue/View/18

D. Özdemir And H. Ç. Zaim, “Investigation Of Attack Types In Android Operating System,” 2021.

S. Raj And N. K. Walia, “A Study On Metasploit Framework: A Pen-Testing Tool,” In 2020 International Conference On Computational Performance Evaluation, Compe 2020, Institute Of Electrical And Electronics Engineers Inc., Jul. 2020, Pp. 296–302. Doi: 10.1109/Compe49325.2020.9200028.

A. Dwivedi, “Launching An Attack And Exploiting The Android Using Metasploit Framework,” 2022. [Online]. Available: Www.Ijsrmst.Com

Mr. Gokul Reghu, Ms. Anjaly Prasad, Ms. Athira Prasad, And Ms. Grace Joseph, “Novel Approach For Android Hacking Using Bluesnarfer,” 2023.

T. Yerlikaya And S. Sen, “Hacking Android Mobile Phone With Phishing,” 2021. [Online]. Available: Http://10.40.48.145/Police.Apk

I. Riadi, D. Aprilliansyah, And S. Sunardi, “Mobile Device Security Evaluation Using Reverse Tcp Method,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, And Control, Sep. 2022, Doi: 10.22219/Kinetik.V7i3.1433.

S. Thomas, P. G. Scholar, And T. Bijimol, “Vulnerability Testing On Rooted

Android Phones Using Msf Venom Payloads,” Vol. 3, No. 1, P. 27, 2021, Doi: 10.5281/Zenodo.5112704.

R. Dwiananda, L. Putra, And I. Mardianto, “Jepin (Jurnal Edukasi Dan Penelitian Informatika) Exploitation With Reverse_Tcp Method On Android Device Using Metasploit,” Universitas Trisakti Jl. Letjen S. Parman, No. 1, P. 11440, 2019.

R. Satrio Hadikusuma And E. M. Rizaludin, “Methods Of Stealing Personal Data On Android Using A Remote Administration Tool With Social Engineering Techniques,” Ultimatics : Jurnal Teknik Informatika, Vol. 15, No. 1, 2023.

K. Barapatre And P. Parkhi, “Android Spy Agent-Remote Access Trojan,” International Research Journal Of Engineering And Technology, 2020, [Online]. Available: Www.Irjet.Net

N. Kar Zuin And V. Selvarajah, “A Case Study: Syn Flood Attack Launched Through Metasploit,” 2021.

N. Jaswal, Mastering Metasploit : Exploit Systems, Cover Your Tracks, And Bypass Security Controls With The Metasploit 5.0 Framework. 2020.

S. Rahalkar, Metasploit 5.0 For Beginners : Perform Penetration Testing To Secure Your It Environment Against Threats And Vulnerabilities. 2020.

K. N. Isnaini And D. Suhartono, “Security Analysis Of Simpel Desa Using Mobile Security Framework And Iso 27002:2013,” Intensif: Jurnal Ilmiah Penelitian Dan Penerapan Teknologi Sistem Informasi, Vol. 7, No. 1, Pp. 84–105, Feb. 2023, Doi: 10.29407/Intensif.V7i1.18742.

A. Arote And U. Mandawkar, “Android Hacking In Kali Linux Using Metasploit Framework,” International Journal Of Scientific Research In Computer Science, Engineering And Information Technology, Pp. 497–504, Jun. 2021, Doi: 10.32628/Cseit2173111.

V. K. Velu And R. Beggs, Mastering Kali Linux For Advanced Penetration Testing Secure Your Network With Kali Linux 2019.1 - The Ultimate White Hat Hackers’ Toolkit, 3rd Edition. 2019.

A. Sabbah, M. Kharma, And M. Jarrar, “Creating Android Malware Knowledge Graph Based On A Malware Ontology,” Aug. 2023, [Online]. Available: Http://Arxiv.Org/Abs/2308.02640

H. Singh And H. Sharma, Hands-On Web Penetration Testing With Metasploit : The Subtle Art Of Using Metasploit 5.0 For Web Application Exploitation. 2020.




DOI: https://doi.org/10.30645/kesatria.v5i3.410

DOI (PDF): https://doi.org/10.30645/kesatria.v5i3.410.g406

Refbacks

  • There are currently no refbacks.


Published Papers Indexed/Abstracted By: