1.8 KiB
1.8 KiB
Security
Quick evaluation is it is basically and older Android device, likely vulnerable to a wide range of older attacks. Has wifi, bluetooth, maybe even GSM...
The process table shows it's ready to send SMS... :)
root@ngl:/ # ps a
USER PID PPID VSIZE RSS WCHAN PC NAME
root 126 2 0 0 002366ec 00000000 S apr_driver
system 328 1 16956 4044 ffffffff a548fa20 S /system/bin/audiod
root 2528 1 5868 368 ffffffff 00434a84 S /sbin/adbd
u0_a70 4397 302 1257352 23972 ffffffff a66719c0 S com.android.smspush
Not sure this is necessary... (?)
# from lsof
/system/priv-app/Telecom/Telecom.apk
/system/priv-app/TelephonyProvider/TelephonyProvider.apk
/data/data/com.android.providers.telephony/databases/cdmacalloption.db
/data/data/com.android.providers.telephony/databases/HbpcdLookup.db
/system/app/PhoneFeatures/PhoneFeatures.apk
/system/framework/qcrilhook.jar
/data/data/com.android.providers.telephony/databases/telephony.db
/data/data/com.android.providers.telephony/databases/mmssms.db
# Ok, so it has pretty much everything enabled/running apparently...
/system/app/Email/Email.apk
# Don't think it has hardware GPS (?).
# Perhaps for use with paired GPS (e.g. android phone).
/system/priv-app/com.qualcomm.location/com.qualcomm.location.apk
/system/framework/com.android.location.provider.jar
Uses SELinux kernel.
Net
When connected to wifi the device tries to connect to port 80 of
IP 142.250.72.14, which is allocated to Google LLC.
It also tries to connect to port 443 of IP 157.240.19.19.
That IP is owneed by Facebook, Inc.. Not sure why that is needed.
Binaries
The busybox binaries are (ancient) 32-bit(?).
$ file xbin/zcat
xbin/zcat: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, stripped