Iasi code camp 20 april 2013 playing buggy-bogdan-alecu

215 views
176 views

Published on

Published in: Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
215
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Iasi code camp 20 april 2013 playing buggy-bogdan-alecu

  1. 1. Playing boogie buggyBogdan ALECU
  2. 2. Topics▪ About me▪ The buggy world▪ Where does your data go?Bogdan ALECU
  3. 3. About meBogdan ALECU▪ Independent security researcher▪ Sysadmin @ LEVI9▪ Passionate about security, specially when it’s related tomobile devices, CISSP, CEH, CISA,CCSP▪ #infosec conferences: DeepSec, DefCamp, EUSecWest▪ Started with NetMonitor, continued with VoIP and finallyGSM networks / mobile phones▪ @msecnet / www.m-sec.net / alecu@m-sec.net
  4. 4. The buggy worldBogdan ALECU▪Developers▪Testers▪Customers▪How do you test?▪But is it enough?
  5. 5. The buggy worldBogdan ALECUREADY FOR SOMEREAL LIFE EXAMPLES?
  6. 6. The buggy worldBogdan ALECU
  7. 7. The buggy worldBogdan ALECU
  8. 8. The buggy worldBogdan ALECU
  9. 9. The buggy worldBogdan ALECU
  10. 10. The buggy worldBogdan ALECUNEVER trust the user’s input!
  11. 11. The buggy worldBogdan ALECU
  12. 12. The buggy worldBogdan ALECUNEVER trust the user’s input!
  13. 13. The buggy worldBogdan ALECU
  14. 14. The buggy worldBogdan ALECUNEVER trust the user’s input!
  15. 15. The buggy worldBogdan ALECU
  16. 16. The buggy worldBogdan ALECU▪ 20K application▪ Two factor authentication▪ ACL IP▪ User authenticated automatically if …… coming from the right internal IP
  17. 17. The buggy worldBogdan ALECUPLEASE CHECK YOURERS
  18. 18. The buggy worldBogdan ALECU▪How was the IP address checked?
  19. 19. The buggy worldBogdan ALECU▪ X-FORWARDED-FOR HTTP header
  20. 20. The buggy worldBogdan ALECU▪ Modify Headers – Firefox Extension▪ https://addons.mozilla.org/en-US/firefox/addon/modify-headers/
  21. 21. The buggy worldBogdan ALECU
  22. 22. The buggy worldBogdan ALECU▪ Try accessing the website while pretendingto be browsing from your mobile device▪ You would be surprised of the instantaccess you get▪ No luck? Try Googlebot!▪ If your log shows a sensitive access beingmade by GoogleBot, will you worry ?
  23. 23. The buggy worldBogdan ALECU▪ Those damn headers …DEMO time
  24. 24. The buggy worldBogdan ALECU▪ Having the right headers (security byobscurity) can open a lot of doors
  25. 25. The buggy worldBogdan ALECU▪ Those damn headers … AGAIN!Yet another demo
  26. 26. The buggy worldBogdan ALECU▪ Don’t bullshit me: admit your weakness!
  27. 27. The buggy worldBogdan ALECU▪Implementation gone wild▪ How many of you use the Internet onyour mobile device?▪ Do you know what DNS is?
  28. 28. The buggy worldBogdan ALECUSetup a VPN server on port 53, UDP (DNSport)… and connect to your server… pass the traffic to the InternetUNLIMITEDMOBILE DATA TRAFFIC!
  29. 29. The buggy worldBogdan ALECU
  30. 30. The buggy worldBogdan ALECU▪ The standard itself may have issues
  31. 31. The buggy worldBogdan ALECU▪SIM Toolkit
  32. 32. The buggy worldBogdan ALECU▪SIM Toolkit
  33. 33. The buggy worldBogdan ALECU▪ SIM Toolkit▪ Vulnerability discovered in June 2010▪ Reported on August 26 2010▪ CVE-2010-3612
  34. 34. The buggy worldBogdan ALECU
  35. 35. The buggy worldBogdan ALECU
  36. 36. The buggy worldBogdan ALECU▪ SIM Toolkit… and the demo
  37. 37. The buggy worldBogdan ALECU▪ FIX THIS NOW!
  38. 38. Where does your data go?Bogdan ALECU
  39. 39. Where does your data go?Bogdan ALECU▪Is the data securely transferred?▪What info is the app sending?▪When does it sends the info?▪Does the app accept any certificate?▪What is it stored locally?
  40. 40. Where does your data go?Bogdan ALECU▪Mallory gatewayhttp://intrepidusgroup.com/insight/2010/12/mallory-and-me-setting-up-a-mobile-mallory-gateway/
  41. 41. Where does your data go?Bogdan ALECU▪ Short demo
  42. 42. Call to actionBogdan ALECU▪ Don’t rely on thing that most users have noidea how to check if your app is secure.You might meet someone like me and itwill get ugly ▪ Write your code in a secure way▪ Testers: learn how to really tests mobileapps. It’s not all about the usageexperience!
  43. 43. The end?!?Bogdan ALECUThank you all!Don’t forget about feedbackformswww.m-sec.net / @msecnet

×