Kali NetHunter turns Android device into hacker Swiss Army knife
One of the tools we’ve leaned on heavily in some of our lab testing of software privacy and security is Kali Linux. The Debian-based operating system comes packaged with a collection of penetration testing and network monitoring tools curated and developed by the security training company Offensive Security. Today, the Kali developer team and Offensive Security released a new Kali project that runs on a Google Nexus device. Called NetHunter, the distribution provides much of the power of Kali with the addition of a browser-driven set of tools that can be used to launch attacks on wireless networks or on unattended computers via a USB connection.
NetHunter is still in its early stages, but it already includes the ability to have the Nexus device emulate a USB human interface device (HID) and launch keyboard attacks on PCs that can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. It also includes an implementation of the BadUSB man-in-the-middle attack, which can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the PC’s traffic through it for monitoring purposes.
In a phone interview with Ars, Offensive Security’s lead trainer and developer Mati Aharoni said that while NetHunter can be compiled to run on Android devices other than the Nexus family, “part of the reason we chose Nexus devices was because of the specific kernel sources we were able to get from Google. “The Nexus devices supported by NetHunter include the Nexus 5 (“hammerhead”), Nexus 7 (both 2012 and 2013 versions), and the Nexus 10 (“mantaray”).
Features that exploit those sources—such as the low-level code for Wi-Fi and USB device connections—make some of NetHunter’s features possible. “Some of the features won’t work on other devices because they are kernel dependent,” Aharoni said. “For example, wireless network injection won’t work, and the keyboard and BadUSB attacks won’t work on other devices.”
While NetHunter uses the same platform as Pwnie Express’ PwnPad and PwnPhone—which are also based on the Kali Linux distribution—“as far as we’re concerned there’s very very little in common with Pwnie,” Aharoni said. “The big difference is that our project is open source for anyone to grab and modify. And it’s very simple for anyone to build custom images of the project” to meet their own needs, he said.
While many of the features of NetHunter are currently accessible through a Web interface driven by a local Apache server on the device, Aharoni said that the web interface “is just a means for a lazy sort of access to the tools. It’s a proof of concept that we set up—long term, a proper android app would be more suitable.” And for those who want it, NetHunter also allows for a full Kali Linux desktop to run in a VNC session on the device (though that may be more practical on a Nexus tablet than a Nexus phone) or access command-line tools from a terminal session. And that’s where much of the deeper power of NetHunter resides.