1

Is there any virtualbox or vmware appliances or anything like metasploitable that one can use to practice mobile pentest without the real hardware? I can find those for traditional ethernet but what about mobile, especially phone network like 3g/lte and also others like wifi, bluetooth etc.

Thanks.

xyz
  • 387
  • 2
  • 8
  • possible duplicate of [Securely building a local pentest lab in a VM](http://security.stackexchange.com/questions/8445/securely-building-a-local-pentest-lab-in-a-vm) – thexacre Feb 13 '15 at 23:20
  • 1
    hi, but i am interested to know if there is a way to support mobile network like 3g and wifi in the pentest lab. i don't see that in the suggested link. thanks. – xyz Feb 13 '15 at 23:25

2 Answers2

3
  1. There are vulnerable mobile apps that one can run in an emulator, simulator, or on device. (*)
  2. There is a testing ground for smart grid and industrial controls systems which includes an RF test ground component. It's called SamuraiSTFU, a nameplay on the original SamuraiWTF guest VM for testing vulnerable web applications. I think WTF stands for Web Testing Framework while STFU stands for Security Testing For Utilities (i.e., smart grids and control engineering systems). (**)
  3. I agree that there should be a guest VM to practice the full mobile stack including carrier technology such as 3G and LTE, however this is a gap that can be filled. Start a project to do it yourself!

(*) A short list of available apps include iGoat, "Damn Vulnerable" apps of other kinds, the Exploit-Me labs from Security Compass, and most importantly the amazing work behind OWASP GoatDroid and the Sieve APK app intended to be a testing ground for the Drozer mobile attack framework. Ideally, a person interested in the security footprint of the mobile space would utilize a variety of open source apps (available by searching the Internet) or by building their own apps that expose the full functionality of the vendor SDKs.

(**) The particular components in SamuraiSTFU that cover RF technology generally focus on technologies that are not specifically 3G or LTE. Thus, I might recommend instead that you check out a variety of other resources including a book that came out last week called "Getting Started with OpenBTS" (O'Reilly Press) which mentions the Ettus Research and other GSM network hardware/software that can run production, but amateur, carrier-like networks.

Other important titles include: "Hacking and Securing iOS Applications", "Bulletproof Android: Practical Advice for Building Secure Apps", "Android Security Internals", "Mac OS X and iOS Internals: To the Apple's Core", "Android Security Cookbook" -- as well as a few titles that you may or may not be able to get early access to: "The Mobile Application Hacker's Handbook" and "iOS Application Security: The Definitive Guide for Hackers and Developers", but that will be out soon available from bookstores such as Amazon or services such as SafariBooksOnline or Books24x7. There are a few books that I left out of this list because there are quite a lot and perhaps too numerous to list right here right now.


Just as an aside, I do a lot of mobile and payment (e.g., digital wallet) testing for my full-time job, about 8 years in these specific industries. So I've been penetration testing mobile devices and platforms since the original iPhone was released. I have had a keen interest in NFC technology, especially Secure Element and TEE sub technologies involved in the mobile payment space directly (the Android Internals book mentioned above touches on these a little bit).

For a more complete set of resources covering 3G and earlier technologies in terms of security issues one would expect to hear about as exploitable from a penetration testing perspective, be sure to check out all of these:

atdre
  • 18,945
  • 6
  • 59
  • 108
1

Since all of the common virtualization products only emulate ethernet adapters and not 3G or LTE the answer is, that there can not be such virtual appliance. Also, there is no difference between 3G, LTE, DSL, and local ethernet apart from MTU, bandwidth and latency as long as you stay on the IP level.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • This answer isn't entirely accurate. SamuraiSTFU, mentioned in my long answer (seen in this thread), can help one simulate a radio frequency (RF) network. It also provides security testing tools that target RF networks, heavily based on GNU Radio Companion (GRC) as well as a few techniques around signaturing entropy. RF is weak against MIJI attacks, but wireline attacks are not – atdre Feb 15 '15 at 02:42