Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Thursday, July 19, 2012

Android device stored the proxy conf. details in clear text


This is basically android platform vulnerability, the android platform stores the proxy configuration details (like proxy server IP address, port number, domain name, username and password) in clear text in the device. In this scenario I am using the android simulator to show the vulnerability, and configured the proxy setting details in the emulator APN as shown below. Navigate to home > menu > wireless & Network > Mobile Networks > Access Point Names and update the following settings:




Then use the DDMS tool to browse the directory structure of android device. Goto android installation folder > android-sdk > tools and lunch ddms.bat. Then goto any application for example com.android.email then click on device and select file explore. Then browse the below directory structure:

data  > data > com.android.settings > shared_prefs > com.android.settings_preferences.xml

and open the xml file you will find all the configuration details in clear text. So in case you lost your device all your credential details will be compromised.



  

No comments:

Post a Comment