Mobile security by KPMGsecurity specialist Marc Smeets

868
-1

Published on

Guest lecture – Offensive Security April 2013

Published in: Technology
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
868
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Mobile security by KPMGsecurity specialist Marc Smeets

  1. 1. Mobile Security yOS3 Guest lecture – Offensive SecurityApril 2013Marc Smeets
  2. 2. Why I am here■ I pentest: infrastructures, mobile, networks, fun stuff!■ KPMG is one of the ‘big four’ audit and advisory firms■ One of main IT Security advisory companies globally■ Information Protection Services team (48 fte in NL, large global network)■ Security testing/ethical hacking, IT auditing, all fun things IT securityWhy you are here■ Learn abo t a ne topic about new topic: mobile security■ Ask hard questions■ Learn a bit about KPMG (in house day)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 1independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  3. 3. TheTh mobile billandscape andterms Really that hard? Apple, Blackberry, eggsbox_(360p).flv
  4. 4. © 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 3independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  5. 5. Goodbye PC and pocket PC Welcome iPhone, Android, tabs , , Apps & AppStore Question: Are we more secure than before? Containerization Cloud integration & online ID© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 4independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  6. 6. Are we becoming more secure?Yes, new mobile platforms are more secure in several aspects■ Disk encryption built-in■ Latest and greatest core security features■ Strong ‘sandboxing’ of Apps■ Tight down platforms with eco system eco-systemNo, new platforms still fail at basic security p y■ Disk encryption optional or circumvented■ Remote wipe ineffective – When to give up and call for remote wipe?■ Security update cycle■ Wh t data is stored, and where (cloud)? What d t i t d d h ( l d)?■ Malware still exists© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 5independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  7. 7. The mobile landscape – an overview CORPORATE EXCHANGE SERVICES GOOGLE SERVIC Mobile Device Corporate exchange Management environment CES INTERNET LOCAL NETW WIFI / UMTS / GPRS WORK SERVICES NETWORK WIFI / USB / Bluetooth / NFC INTERNET SERVI WEB ICES CORPORATE / PRIVATE LOCAL STORAGE ANDROID DEVICES CLOUD INTERNET VENDOR SER CUSTOM R ALTERNAT VERSIONS MARKET ANDROOID ROMS RVICES TS TIVE© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 6independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  8. 8. Mobile devicesecurity 101:AndroidA d id & iOS
  9. 9. iOS backgroundiOS■ Apple proprietary, derived from Mac OSX■ Pillars: iOS, selected hardware, SDK and developer community, AppStore and iTunesSoftware versions■ Version 1 in 2007■ Current release is 6.1.3■ GM = Gold Master = for beta testersHardware models■ iPhone (3GS, 4, 4S gen. supported, CMDA+GSM)■ iPad (1st, 2nd and 3rd gen supported, CMDA+GSM) gen. supported■ iPod Touch = iPhone – phone, GPS and compass (4th gen. supported)■ AppleTV (2nd and 3rd supported, 1st gen. runs true OSX)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 8independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  10. 10. iOS from a security viewpoint – iOS layoutiOS fundamentals■ Based on Mac OS X = UNIX■ Two users: root (pw = alpine) and mobile. Apps run as mobile, deamons as root■ Disk layout: y / : boot partition -ro /private/var : user data ( linked /var to /private/var )■ Binary Property lists store settings, properties and meta data. It is a binary xml file, read/write with plutil. ith l til■ SQLite databases store data■ Many DBs in /var/mobile/Library, i.e.: AddressBook.sqlitedb : All contact details CallHistory.db : recent history in DB, full history in file Calendar.sqlitedb : all past and upcoming events sms.db : all text messages, including deleted Keychain.db : contain all passwords as normal keychain© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 9independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  11. 11. iOS from a security viewpoint – iOS security featuresiOS security features■ OS support for: – Exchange (2007), CalDAV, IMAP, LDAP – Cisco VPN – Hardware encryption ( yp (3Gs and up only) p y) – Remote wipe functionality – Configuration profiles – SSL strict checks■ Missing: hardware token possibility■ App Sandboxing pp g – Strict APIs for App. – If App A wants resources of App B, then via API. E.g. Photo.app sending email, email.app not used■ AppStore “strictly” monitored© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 10independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  12. 12. iOS from a hackers perspective – iDevice boot sequenceThree boot modes■ Normal mode■ DFU mode - Device Firmware Upgrade: when device is unrecoverable – Low level boot mode that uses a ramdisk for interaction with device■ Restore mode: device is being upgraded by Apple’s ramdisk via iTunes g pg y pp Signature checking: - Bypass results in code execution - The earlier in the boot sequence the betterBoot sequence and signature checks - @ Bootrom is in hardware1. Power on with or without DFU-buttons - Different hacks for different CPUs2. Bootrom is executed from VROM (Virtual Read Only Memory)  Normal: check and run LLB (Low Level Boot) and iBoot  Normal: boot loaders check kernel, kernel checks apps from flash  DFU: check and boot iBSS and iBEC boat loaders  DFU: boot loaders check and load kernel and ramdisk from USB connection© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 11independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  13. 13. iOS from a hackers perspective - jailbreakingRemoving Apple’s jail on the OS■ Run non Apple signed Apps (e.g. Cydia.app, the alternative AppStore)■ Get shell/SSH access to the device■ Do all the funky stuff during a pentest Hacker’s prefered way as it can’t be fixed with new firmwareDifferent ways for jailbreaking■ Tethered / untethered■ Bootrom (e.g. limara1n) – A4/A5/A6 chips require different approaches. – A4 (iPhone < 4S, iPad < 2, iPod Touch) are easier ( , , )■ User land (e.g. Jailbreakme.com)■ Kernel (e.g. Racoon configuration)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 12independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  14. 14. iOS from a hackers perspective – Different layers of encryptionDisk encryption■ Since iPhone 3Gs■ Intended for fast wipe (1 key is used for encryption entire disk)■ Decryption is done when device boots (also readable from ramdisk)Data Protection■ File level encryption when data at rest yp■ Meta data remains visible■ Input = passcode + UID hardware key■ It is up to the developer to use – Mail.App is the only App from Apple© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 13independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  15. 15. iOS from a hackers perspective – keychain dataOnlyO l scratching the surface here!! t hi th f h !!Keychain■ Three protection classes – each being secured with own master key – kSecAttrAccessibleWhenUnlocked – kSecAttrAccessibleAfterFirstUnlock Also with *ThisDeviceOnly – kSecAttrAccessibleAlwaysMaster keys are stored in system keybag p y g y g■ /private/var/keybags/systembag.kb■ System keybag file is encrypted by Data Protection■ Keybag payload is encrypted before writing to disk■ Master keys are encrypted with device key and/or passcode keyEscrow keybag■ For itunes to sync without passcode – stored on computer y p p■ Provide with same level of access as knowing the passcode© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 14independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  16. 16. iOS from a hackers perspective – The forensic recovery methodGetting access1. Turn off device – can be done without passcode knowledge – Remote wipe commands don’t work anymore2. Boot in DFU mode – Disk encryption is already defeated at this moment3. Upload custom firmware using jailbreak techniques4. SSH over WIFI or USBMUX make iPhone image to work with5. Crack passcode (on device!) or use escrow keybag – On device: speed depends on hardware: p p ■ iPhone 4/iPad1 = ~6 cracks/second ■ iPhone 4S/iPad2 = ~10 cracks/second6. Using passcode decrypt all the Data Protected data© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 15independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  17. 17. iOS from a hackers perspective – iTunes backupiTunes stores backups every time you sync■ Users%USERNAME%AppDataRoamingApple ComputerMobileSyncBackup■ ~/Library/Application Support/MobileSync/Backup/■ Stored in encoded files, decode using plist fileBackup contains all user data p■ Photos/music/address book/etc and keychain data! -> _not_ *ThisDeviceOnly■ App developer can control if data is included in backupBackupB k can b encrypted be t d■ Using separate password■ Security policy of iDevice can dictate if a password is used, not the length■ Encryption is strong (10000 rounds of PBKDF2)Decrypt and crack with tools■ Elcomsoft Phone Password Breaker■ iPhone Backup Extractor© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 16independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  18. 18. iOS from a hackers perspective – App securityApp layout■ /private/var/mobile/Applications/<APPID>/■ /private/var/mobile/Library/<APPID>/App code signature pp g■ Kernel requires signature verification to only allow approved Apps = Apps made by official App developer with an AppleID verified by Apple■ Jailbreak patches signature *verification* out of the kernel, but still signing is needed: verification kernel – Self sign with Apple’s code sign utility -> any signature is allowed now – Pseudo-sign -> generate the hashes that are checked by the kernel for approval – Deactivate signing via “sysctl” command -> cripples iOS (not possible from iOS4.3 and up)App encryption (DRM / Fairplay) Easiest to use: no Mac needed & device still functional -> “ldid”-tool on iDevice■ Same App is different binary on different iDevice■ SC_Info (personalised for your purchase) + MAC address + iTunes keys© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 17independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  19. 19. Binary analysisOn IOS most apps are encrypted (DRM/fairplay), check this usingotool on deviceotool -l APP| grep LC ENCRYPTION INFO | g pLC_ENCRYPTION_INFO cmdsize 20 cryptoff 4096 cryptsize 1347584cryptid 1On runtime, the application gets decrypted. So…Gdb –p <PROCESSID>dump memory dd dump.bin $(($C bi $(($CryptOff + 4096)) $(($C tOff $(($CryptSize + tSi$CryptOff + 4096))Why thWh the manual effort? U Cl t h and/or poedCrackMod -> iN l l ff t? Use Clutch d/ dC kM d > iNalyzerAnalyse using■ IDA (ARM version) use ldone for changes to binaries■ gdb© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 18independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  20. 20. Android detailsA d id d t il
  21. 21. Google servicesPlay/MarketGoogle BackupGoogle contacts© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 20independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  22. 22. Background Version Name Release dates Specifics 1.0 - 1.6 Cupcape / Donut 2008/2009 2.0 – 2.1 Eclair Oct 2009 2.2 Froyo May 2010 2.3 23 Gingerbread Gi b d Dec D 2010 3.0 Honeycomb Feb 2011 Tablet only 4.0 Ice cream Sandwich Oct 2011 4.1 Jelly Bean June 2012 4.2 Jelly Bean Oct 2012© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 21independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  23. 23. Software stack© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 22independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  24. 24. Dalvik & Java■ AndroidManifest.xml■ Activities: An Activity is, generally, the code for a single, user-focused task (dispay UI)■ Services: A service is a body of code that runs in the background.■ Broadcast Receiver: receiver of intents (e.g. battery empty)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 23independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  25. 25. Linux SecuritySystem drive read-onlyEach app own UIDAppdata in /data/data/<appname>One app publisher can enforce different apps to the sameUID to share between his apps(!)Sqlite filesDRM■ /data/app contains installer (.apk) for regular apps, accessible via adb■ /data/app-private for drm apps© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 24independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  26. 26. Application permissionsApps are distributed as .apk files: Zipped filecontaining binary and AndroidManifest.xmlInstall time check on permissions, user informedof permissions© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 25independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  27. 27. Device administration & policy managementDevice Administration APIIntroduced in Android 2.2Multiple device administrators allowed<device-adminxmlns:android="http://schemas.android.com/apk/res/android"> <uses policies> <uses-policies> <limit-password /> <watch-login /> <reset-password /> <force lock <force-lock /> <wipe-data /> <expire-password /> <encrypted-storage /> <disable camera <disable-camera /> </uses-policies></device-admin> ghttp://developer.android.com/guide/topics/admin/device-admin.htm© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 26independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  28. 28. Device administration & policy managementAPI options Policy option Version Password enabled Minimum password length Alphanumeric password required Al h i d i d Complex password required as of 3.0 Minimum letters required in password as of 3.0 Minimum lowercase letters required in password as of 3 0 3.0 Minimum non-letter characters required in password as of 3.0 Minimum numerical digits required in password as of 3.0 Minimum symbols required in password as of 3.0 Minimum uppercase letters required in password as of 3.0 Password expiration timeout as of 3.0 Password history restriction as of 3.0 Maximum failed password attempts Maximum inactivity time lock Require storage encryption as of 3.0 Disable camera as of 4.0© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 27independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  29. 29. Android encryptionImplementation:■ When init fails to mount /data, knows that volume is encrypted■ Starts up framework and asks user password■ After password login, restarts framework with /data mounted using passwordSidenote: As of android 4.0 a keychain API is provided© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 28independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  30. 30. Adb & rootingRequires enabling of debug mode on device■ Adb –d shell – provides shell to the device■ Adb –d push/pull for file transfersOn unrooted devices you are just a regular userThen use manual local exploit (e.g. for android 2.1/2.2 use rageagainstthecage.bin / CVE-2010-EASY/ zergrush)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 29independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  31. 31. App AnalysisDynamic analysis of app using DroidboxHashes, network data, File operations, services/classes used etc etchttp://code.google.com/p/droidbox/ddms (Dalvik debugger)■ Show device and process status (ps -x)■ Dump heap ( p ) ( Android < 2.3) -> Memory Analysis p p (hprof) (on ) y yBut why not disassemble entirely?© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 30independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  32. 32. SMALI/BAKSMALISMALI/BAKSMALIAssembly level, quite good readableSteps to analyze appAPKTOOL d <App>Edit resources (XML/PNG) / Edit SMALI Const v0, “value” Invoke-static (v0,0). Landroid/util/Log;- ( , ) g >v(Ljava/lang/String; Ljava/lang/String);)IAPKTOOL b <DIR> <packagename.apk>Sign using J iSi i Jarsigner and d b k d debug.keystore ( t of android SDK) t (part f d idUninstall old app, install new app (with adb or manual)© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 31independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  33. 33. MiscDirectly starting Java classes or intents/activitiesCheck if state checks are adequately implemented (e.g. starting up an activity withoutlogging in)File permissionsgetSharedPreferences, openFileOutput, or openOrCreateDatabase for storingpreferences and data. Check if calls are made private/world-readable/world-writable© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 32independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  34. 34. BreakIn house day!
  35. 35. In house day @ KPMG Information Protection ServicesWhat in house dayWhat (2) showing what we do in detail, challenge you with an assignmentand answer your questions d tiWho master students that have interest in (computer) security and relatedtopics ( a research opportunity or j ) p (as pp y job)Why you may not know KPMG as a firm for information securityWhy (2) there are free drinks at the endWhen –DATE TO BE CONFIRMED– NOT 30 MAY!!Interested ? write down your name and email address at the sheet© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 34independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International. 3
  36. 36. Mobile hacking: g--REMOVED--- PIN code cracking- MobileConfig
  37. 37. Android PIN ‘guessing’What happens after 5 incorrect tries? Question: What are the problems for the hacker? How to improve the attack?© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 36independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  38. 38. MobileconfigGoogle searches everythingiOS Mobileconfig files contain what?Googledork© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of 37independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and‘cutting through complexity’ are registered trademarks of KPMG International.
  39. 39. © 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm f the fi of th KPMG network of independent member t k fi d d t b firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered t d l it ’ i t d trademarks of KPMG k f International.Marc Smeetssmeets.marc@kpmg.nl t @k l+31 6 51 36 66 80 @MRAMSMEETS

×