Quick jump to page content
  • Main Navigation
  • Main Content
  • Sidebar

  • Home
  • Current
  • Archives
  • Join As Reviewer
  • Info
  • Announcements
  • Statistics
  • About
    • About the Journal
    • Submissions
    • Editorial Team
    • Privacy Statement
    • Contact
  • Register
  • Login
  • Home
  • Current
  • Archives
  • Join As Reviewer
  • Info
  • Announcements
  • Statistics
  • About
    • About the Journal
    • Submissions
    • Editorial Team
    • Privacy Statement
    • Contact
  1. Home
  2. Archives
  3. Vol. 7, No. 3, August 2022
  4. Articles

Issue

Vol. 7, No. 3, August 2022

Issue Published : Aug 31, 2022
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Mobile Device Security Evaluation using Reverse TCP Method

https://doi.org/10.22219/kinetik.v7i3.1433
Imam Riadi
University Islam of Indonesia
https://orcid.org/0000-0003-4927-6385
Sunardi
Universitas Ahmad Dahlan, Yogyakarta
Deco Aprilliansyah
Universitas Ahmad Dahlan, Yogyakarta

Corresponding Author(s) : Imam Riadi

imam.riadi@is.uad.ac.id

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 7, No. 3, August 2022
Article Published : Sep 28, 2022

Share
WA Share on Facebook Share on Twitter Pinterest Email Telegram
  • Abstract
  • Cite
  • References
  • Authors Details

Abstract

Security evaluation on Android devices is critical so that users of the operating system are protected from malware attacks such as remote access trojans that can steal users' credential data. Remote access trojan (RAT) attacks can be anticipated by detecting vulnerabilities in applications and systems. This study simulates a remote access trojan attack by exploiting it until the Attacker gains full access to the victim's device. The episode is carried out with several steps: creating a payload, installing applications to the victim's device, connecting listeners, and performing exploits to retrieve important information on the victim's device. Test material using Android 12, problems occurred when trying to install the application because a harmful warning will appear from Play Protect due to not using the latest version of privacy protection which causes the application to be indicated as malware and the like. On Android 11, the application injected with the backdoor was successfully installed on the device and successfully accessed by the attacker. Attackers also get vital information, including system information, contacts, call logs, messages, and full access to the victim's device system directory. Based on this research, it is expected that Android device users constantly update the Android version on the device they are using.

Keywords

Remote Access Trojan Android Reverse TCP Exploit Metasploit
Riadi, I., Sunardi, & Aprilliansyah, D. (2022). Mobile Device Security Evaluation using Reverse TCP Method. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 7(3), 289-298. https://doi.org/10.22219/kinetik.v7i3.1433
  • ACM
  • ACS
  • APA
  • ABNT
  • Chicago
  • Harvard
  • IEEE
  • MLA
  • Turabian
  • Vancouver
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. “• Smartphone users 2026 | Statista.”.
  2. W. Khan, M. Kamran, A. Ahmad, F. A. Khan, and A. Derhab, “Formal Analysis of Language-Based Android Security Using Theorem Proving Approach,” IEEE Access, vol. 7, pp. 16550–16560, 2019. https://doi.org/10.1109/ACCESS.2019.2895261
  3. G. M. Zamroni and I. Riadi, “Instant Messaging Forensic Tools Comparison on Android Operating System,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, no. 2, pp. 137–148, 2019. https://doi.org/10.22219/kinetik.v4i2.735
  4. I. Riadi, H. Herman, and A. Z. Ifani, “Optimization of System Authentication Services using Blockchain Technology,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, 2021. https://doi.org/10.22219/kinetik.v6i4.1325
  5. R. D. Putra and I. Mardianto, “Exploitation with Reverse_tcp Method on Android Device using Metasploit,” J. Edukasi dan Penelit. Inform., vol. 5, no. 1, p. 106, 2019. http://dx.doi.org/10.26418/jp.v5i1.26893
  6. R. Singh, “An Overview of Android Operating System and Its Security Features,” Eng. Res. Appl., vol. 4, no. 2, pp. 519–521, 2014.
  7. V. G. Shankar, G. Somani, M. S. Gaur, V. Laxmi, and M. Conti, “AndroTaint: An efficient android malware detection framework using dynamic taint analysis,” ISEA Asia Secur. Priv. Conf. 2017, ISEASP 2017, pp. 1–13, 2017. https://doi.org/10.1109/ISEASP.2017.7976989
  8. P. Bhat and K. Dutta, “A survey on various threats and current state of security in android platform,” ACM Comput. Surv., vol. 52, no. 1, 2019. https://doi.org/10.1145/3301285
  9. I. Riadi and D. Aprilliansyah, “Analysis of Remote Access Trojan Attack using Android Debug Bridge,” vol. 10, no. 2, pp. 102–111, 2021. https://doi.org/10.14421/ijid.2021.2839
  10. J. Qin, H. Zhang, J. Guo, S. Wang, Q. Wen, and Y. Shi, “Vulnerability Detection on Android Apps-Inspired by Case Study on Vulnerability Related with Web Functions,” IEEE Access, vol. 8, pp. 106437–106451, 2020. https://doi.org/10.1109/ACCESS.2020.2998043
  11. R. Li, W. Diao, Z. Li, S. Yang, S. Li, and S. Guo, “Android Custom Permissions Demystified: A Comprehensive Security Evaluation,” IEEE Trans. Softw. Eng., 2021. https://doi.org/10.1109/TSE.2021.3119980
  12. T. Moletsane and P. Tsibolane, “Mobile Information Security Awareness among Students in Higher Education : An Exploratory Study,” 2020 Conf. Inf. Commun. Technol. Soc. ICTAS 2020 - Proc., pp. 1–6, 2020. https://doi.org/10.1109/ICTAS47918.2020.233978
  13. F. A. Garba, K. I. Kunya, S. A. Ibrahim, A. B. Isa, K. M. Muhammad, and N. N. Wali, “Evaluating the State of the Art Antivirus Evasion Tools on Windows and Android Platform,” 2019 2nd Int. Conf. IEEE Niger. Comput. Chapter, Niger. 2019, pp. 1–4, 2019. https://doi.org/10.1109/NigeriaComputConf45974.2019.8949637
  14. R. Surya Kusuma, R. Umar, and I. Riadi, “Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, 2021. https://doi.org/10.22219/kinetik.v6i2.1225
  15. S. Syaifuddin, Z. Sari, and M. K. Masduqi, “Analysis of Uapush Malware Infection using Static and Behavior Method on Android,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 3, no. 1, pp. 81–90, 2018. https://doi.org/10.22219/kinetik.v3i1.265
  16. M. Xu, W. Sun, and M. Alam, “Security enhancement of secure USB debugging in Android system,” 2015 12th Annu. IEEE Consum. Commun. Netw. Conf. CCNC 2015, pp. 134–139, 2015. https://doi.org/10.1109/CCNC.2015.7157959
  17. “Waspada, Pelaku Kejahatan Sebar Trojan Android via Laman Google Play Store Palsu - Tekno Liputan6.com.”.
  18. A. Mos and M. M. Chowdhury, “Mobile Security: A Look into Android,” IEEE Int. Conf. Electro Inf. Technol., vol. 2020-July, pp. 638–642, 2020. https://doi.org/10.1109/EIT48999.2020.9208339
  19. “Awas, Aplikasi Android Berikut Ini Bawa Virus Trojan | AsiaQuest Indonesia.”
  20. D. Zou, S. Wang, S. Xu, Z. Li, and H. Jin, “μVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection,” IEEE Trans. Dependable Secur. Comput., vol. PP, no. c, pp. 1–1, 2019. https://doi.org/10.1109/TDSC.2019.2942930
  21. A. Brusch, N. Nguyen, D. Schurmann, S. Sigg, and L. Wolf, “Security Properties of Gait for Mobile Device Pairing,” IEEE Trans. Mob. Comput., vol. 19, no. 3, pp. 697–710, 2020. https://doi.org/10.1109/TMC.2019.2897933
  22. D. C. Prakoso, I. Riadi, and Y. Prayudi, “Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 155–160, 2020. https://doi.org/10.22219/kinetik.v5i2.1037
  23. I. Riadi, I. T. Riyadi Yanto, and E. Handoyo, “Cyber Security Analysis of Academic Services based on Domain Delivery Services and Support using Indonesian E-Government Ratings (PEGI),” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 263–270, 2020. https://doi.org/10.22219/kinetik.v5i4.1083
  24. X. He, J. Liu, C. T. Huang, D. Wang, and B. Meng, “A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology,” IEEE Access, vol. 7, pp. 131050–131067, 2019. https://doi.org/10.1109/ACCESS.2019.2940512
  25. M. Guo, P. Bhattacharya, M. Yang, K. Qian, and L. Yang, “Learning mobile security with android security labware,” SIGCSE 2013 - Proc. 44th ACM Tech. Symp. Comput. Sci. Educ., pp. 675–680, 2013. https://doi.org/10.1145/2445196.2445394
  26. T. Rocha, E. Souto, and K. El-Khatib, “Functionality-based mobile application recommendation system with security and privacy awareness,” Comput. Secur., vol. 97, p. 101972, 2020. https://doi.org/10.1016/j.cose.2020.101972
  27. M. Wazid, S. Zeadally, and A. K. Das, “Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions,” IEEE Consum. Electron. Mag., vol. 8, no. 2, pp. 56–60, 2019. https://doi.org/10.1109/MCE.2018.2881291
  28. D. Jiang and K. Omote, “An approach to detect remote access trojan in the early stage of communication,” in Proceedings - International Conference on Advanced Information Networking and Applications, AINA, Apr. 2015, vol. 2015-April, pp. 706–713. https://doi.org/10.1109/AINA.2015.257
  29. U. Timalsina, “Use of Metasploit Framework in Kali Linux,” no. May 2015. https://doi.org/10.13140/RG.2.2.12377.93284
  30. T. Guarda, M. F. Augusto, I. Lopes, J. A. Victor, Á. Rocha, and L. Molina, Mobile Communication Systems: Evolution and Security, vol. 152. Springer Singapore, 2020. https://doi.org/10.1007/978-981-13-9155-2_8
Read More

References


“• Smartphone users 2026 | Statista.”.

W. Khan, M. Kamran, A. Ahmad, F. A. Khan, and A. Derhab, “Formal Analysis of Language-Based Android Security Using Theorem Proving Approach,” IEEE Access, vol. 7, pp. 16550–16560, 2019. https://doi.org/10.1109/ACCESS.2019.2895261

G. M. Zamroni and I. Riadi, “Instant Messaging Forensic Tools Comparison on Android Operating System,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, no. 2, pp. 137–148, 2019. https://doi.org/10.22219/kinetik.v4i2.735

I. Riadi, H. Herman, and A. Z. Ifani, “Optimization of System Authentication Services using Blockchain Technology,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, 2021. https://doi.org/10.22219/kinetik.v6i4.1325

R. D. Putra and I. Mardianto, “Exploitation with Reverse_tcp Method on Android Device using Metasploit,” J. Edukasi dan Penelit. Inform., vol. 5, no. 1, p. 106, 2019. http://dx.doi.org/10.26418/jp.v5i1.26893

R. Singh, “An Overview of Android Operating System and Its Security Features,” Eng. Res. Appl., vol. 4, no. 2, pp. 519–521, 2014.

V. G. Shankar, G. Somani, M. S. Gaur, V. Laxmi, and M. Conti, “AndroTaint: An efficient android malware detection framework using dynamic taint analysis,” ISEA Asia Secur. Priv. Conf. 2017, ISEASP 2017, pp. 1–13, 2017. https://doi.org/10.1109/ISEASP.2017.7976989

P. Bhat and K. Dutta, “A survey on various threats and current state of security in android platform,” ACM Comput. Surv., vol. 52, no. 1, 2019. https://doi.org/10.1145/3301285

I. Riadi and D. Aprilliansyah, “Analysis of Remote Access Trojan Attack using Android Debug Bridge,” vol. 10, no. 2, pp. 102–111, 2021. https://doi.org/10.14421/ijid.2021.2839

J. Qin, H. Zhang, J. Guo, S. Wang, Q. Wen, and Y. Shi, “Vulnerability Detection on Android Apps-Inspired by Case Study on Vulnerability Related with Web Functions,” IEEE Access, vol. 8, pp. 106437–106451, 2020. https://doi.org/10.1109/ACCESS.2020.2998043

R. Li, W. Diao, Z. Li, S. Yang, S. Li, and S. Guo, “Android Custom Permissions Demystified: A Comprehensive Security Evaluation,” IEEE Trans. Softw. Eng., 2021. https://doi.org/10.1109/TSE.2021.3119980

T. Moletsane and P. Tsibolane, “Mobile Information Security Awareness among Students in Higher Education : An Exploratory Study,” 2020 Conf. Inf. Commun. Technol. Soc. ICTAS 2020 - Proc., pp. 1–6, 2020. https://doi.org/10.1109/ICTAS47918.2020.233978

F. A. Garba, K. I. Kunya, S. A. Ibrahim, A. B. Isa, K. M. Muhammad, and N. N. Wali, “Evaluating the State of the Art Antivirus Evasion Tools on Windows and Android Platform,” 2019 2nd Int. Conf. IEEE Niger. Comput. Chapter, Niger. 2019, pp. 1–4, 2019. https://doi.org/10.1109/NigeriaComputConf45974.2019.8949637

R. Surya Kusuma, R. Umar, and I. Riadi, “Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, 2021. https://doi.org/10.22219/kinetik.v6i2.1225

S. Syaifuddin, Z. Sari, and M. K. Masduqi, “Analysis of Uapush Malware Infection using Static and Behavior Method on Android,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 3, no. 1, pp. 81–90, 2018. https://doi.org/10.22219/kinetik.v3i1.265

M. Xu, W. Sun, and M. Alam, “Security enhancement of secure USB debugging in Android system,” 2015 12th Annu. IEEE Consum. Commun. Netw. Conf. CCNC 2015, pp. 134–139, 2015. https://doi.org/10.1109/CCNC.2015.7157959

“Waspada, Pelaku Kejahatan Sebar Trojan Android via Laman Google Play Store Palsu - Tekno Liputan6.com.”.

A. Mos and M. M. Chowdhury, “Mobile Security: A Look into Android,” IEEE Int. Conf. Electro Inf. Technol., vol. 2020-July, pp. 638–642, 2020. https://doi.org/10.1109/EIT48999.2020.9208339

“Awas, Aplikasi Android Berikut Ini Bawa Virus Trojan | AsiaQuest Indonesia.”

D. Zou, S. Wang, S. Xu, Z. Li, and H. Jin, “μVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection,” IEEE Trans. Dependable Secur. Comput., vol. PP, no. c, pp. 1–1, 2019. https://doi.org/10.1109/TDSC.2019.2942930

A. Brusch, N. Nguyen, D. Schurmann, S. Sigg, and L. Wolf, “Security Properties of Gait for Mobile Device Pairing,” IEEE Trans. Mob. Comput., vol. 19, no. 3, pp. 697–710, 2020. https://doi.org/10.1109/TMC.2019.2897933

D. C. Prakoso, I. Riadi, and Y. Prayudi, “Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 155–160, 2020. https://doi.org/10.22219/kinetik.v5i2.1037

I. Riadi, I. T. Riyadi Yanto, and E. Handoyo, “Cyber Security Analysis of Academic Services based on Domain Delivery Services and Support using Indonesian E-Government Ratings (PEGI),” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, pp. 263–270, 2020. https://doi.org/10.22219/kinetik.v5i4.1083

X. He, J. Liu, C. T. Huang, D. Wang, and B. Meng, “A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology,” IEEE Access, vol. 7, pp. 131050–131067, 2019. https://doi.org/10.1109/ACCESS.2019.2940512

M. Guo, P. Bhattacharya, M. Yang, K. Qian, and L. Yang, “Learning mobile security with android security labware,” SIGCSE 2013 - Proc. 44th ACM Tech. Symp. Comput. Sci. Educ., pp. 675–680, 2013. https://doi.org/10.1145/2445196.2445394

T. Rocha, E. Souto, and K. El-Khatib, “Functionality-based mobile application recommendation system with security and privacy awareness,” Comput. Secur., vol. 97, p. 101972, 2020. https://doi.org/10.1016/j.cose.2020.101972

M. Wazid, S. Zeadally, and A. K. Das, “Mobile Banking: Evolution and Threats: Malware Threats and Security Solutions,” IEEE Consum. Electron. Mag., vol. 8, no. 2, pp. 56–60, 2019. https://doi.org/10.1109/MCE.2018.2881291

D. Jiang and K. Omote, “An approach to detect remote access trojan in the early stage of communication,” in Proceedings - International Conference on Advanced Information Networking and Applications, AINA, Apr. 2015, vol. 2015-April, pp. 706–713. https://doi.org/10.1109/AINA.2015.257

U. Timalsina, “Use of Metasploit Framework in Kali Linux,” no. May 2015. https://doi.org/10.13140/RG.2.2.12377.93284

T. Guarda, M. F. Augusto, I. Lopes, J. A. Victor, Á. Rocha, and L. Molina, Mobile Communication Systems: Evolution and Security, vol. 152. Springer Singapore, 2020. https://doi.org/10.1007/978-981-13-9155-2_8

Author biographies is not available.
Download this PDF file
PDF
Statistic
Read Counter : 30 Download : 162

Downloads

Download data is not yet available.

Quick Link

  • Author Guidelines
  • Download Manuscript Template
  • Peer Review Process
  • Editorial Board
  • Reviewer Acknowledgement
  • Aim and Scope
  • Publication Ethics
  • Licensing Term
  • Copyright Notice
  • Open Access Policy
  • Important Dates
  • Author Fees
  • Indexing and Abstracting
  • Archiving Policy
  • Scopus Citation Analysis
  • Statistic
  • Article Withdrawal

Meet Our Editorial Team

Ir. Amrul Faruq, M.Eng., Ph.D
Editor in Chief
Universitas Muhammadiyah Malang
Google Scholar Scopus
Agus Eko Minarno
Editorial Board
Universitas Muhammadiyah Malang
Google Scholar  Scopus
Hanung Adi Nugroho
Editorial Board
Universitas Gadjah Mada
Google Scholar Scopus
Roman Voliansky
Editorial Board
Dniprovsky State Technical University, Ukraine
Google Scholar Scopus
Read More
 

KINETIK: Game Technology, Information System, Computer Network, Computing, Electronics, and Control
eISSN : 2503-2267
pISSN : 2503-2259


Address

Program Studi Elektro dan Informatika

Fakultas Teknik, Universitas Muhammadiyah Malang

Jl. Raya Tlogomas 246 Malang

Phone 0341-464318 EXT 247

Contact Info

Principal Contact

Amrul Faruq
Phone: +62 812-9398-6539
Email: faruq@umm.ac.id

Support Contact

Fauzi Dwi Setiawan Sumadi
Phone: +62 815-1145-6946
Email: fauzisumadi@umm.ac.id

© 2020 KINETIK, All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License