Your SlideShare is downloading. ×
Troshichev   i os mitm attack
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Troshichev i os mitm attack

2,505
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,505
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. iOS MITM AttackTechnology and effects sieg.in 1
  • 2. sieg.in 2
  • 3. Boot validation• CA – Apple Certificate Authority• SIGN – Signature sieg.in 3
  • 4. Files Protection sieg.in 4
  • 5. Classic provisioning sieg.in 5
  • 6. Actual provisioning sieg.in 6
  • 7. Why we can’t create fake signature?Because “Apple Root CA” fingerprint hardcoded into iOS and have to be 61:1E:5B:66:2C:59:3A:08:FF:58:D1:4A:E2:24:52:D1:98:DF:6C:60 sieg.in 7
  • 8. SSLsieg.in 8
  • 9. Certificate Authority StorageFew from 186 are quite interesting : – C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA – C=JP, O=Japanese Government, OU=ApplicationCA – C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root… sieg.in 9
  • 10. Certificate authentication sieg.in 10
  • 11. I want my CA in your iOS sieg.in 11
  • 12. Ways to install CA in iOSo Safario Email attachmento MDMWith configuration profile Can be installed with Safari sieg.in 12
  • 13. Attack sieg.in 13
  • 14. Mobileconfig containsWiFi settings (pass, SSID) for “Gate”CAProxy Settings, if we want victim’s traffic even it has left attack range. (Only for iOS6)iCloud backup (enable it, if not) sieg.in 14
  • 15. Mobileconfig installation sieg.in 15
  • 16. Looks bad =( sieg.in 16
  • 17. Let’s take a look on default CA list... sieg.in 17
  • 18. COMODO trial certificate• You only need valid admin@yourdomain.com mail for confirmation• Can be used for signing sieg.in 18
  • 19. How to sign sieg.in 19
  • 20. Looks much better sieg.in 20
  • 21. SSL DefeatedBut we want more sieg.in 21
  • 22. How to get files from device sieg.in 22
  • 23. Elcomsoft Phone Password Breaker sieg.in 23
  • 24. Once again sieg.in 24
  • 25. What’s in backup?• SMS• Private photo• Emails• Application data• And more … sieg.in 25
  • 26. Files doneBut we want more sieg.in 26
  • 27. Apple Push Notification Service sieg.in 27
  • 28. Fake! Fake! Fake! sieg.in 28
  • 29. Wipe Tragedy (act 1/1) sieg.in 29
  • 30. SummaryUser only have to tap ‘Install’ two times to makeus able to : – Sniff all his SSL traffic (cookies,passwords, etc) – Steal his backup (call log, sms log, photos and application data) – Send him funny push messages or just wipe device sieg.in 30
  • 31. sieg.inal@sieg.in @siegin sieg.in 31