System Network Configuration Discovery
On Android, details of onboard network interfaces are accessible to apps through the java.net.NetworkInterface class . The Android TelephonyManager class can be used to gather related information such as the IMSI, IMEI, and phone number .
Tactic Type: Post-Adversary Device Access
|Application Vetting||Application vetting could be used to analyze applications to determine whether they access this information, including determining whether the application requests the Android ACCESS_NETWORK_STATE permission (required in order to access NetworkInterface information) or the READ_PHONE_STATE permission (required in order to access TelephonyManager information).|
|Use Recent OS Version||Starting in Android 6.0, applications can no longer access MAC addresses of network interfaces.|
|Pegasus for Android|
|Pegasus for iOS|
- Android. (n.d.). NetworkInterface. Retrieved December 21, 2016.
- Android. (n.d.). TelephonyManager. Retrieved December 21, 2016.
- Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.
- Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
- Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.
- Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.
- Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.
- Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.
- Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.
- Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.
- Android. (n.d.). Android 6.0 Changes. Retrieved December 21, 2016.