Hacking Web File Servers for iOS
Bruno Gonçalves de Oliveira
Senior Security Consultant – Trustwave’s SpiderLabs
About Me

#whoami
• Bruno Gonçalves de Oliveira
• Senior Security Consultant @ Trustwave’s
SpiderLabs
• MSc Candidate
• Co...
INTRO
• Smartphones
– A LOT OF information
– iPhone is VERY popular

• Mobile Applications
– (MOST) Poorly designed

• Old...
What are those apps?

• Designed to provide a storage system to iOS devices.
• Data can be transferred utilizing bluetooth...
Examples
Features

• Manage/Storage files
• Create Albums, etc.
• Share Data
VULNERABILITIES
• No encryption (SSL):
• No authentication (by default):
• (Reflected) XSS
• (Persistent) XSS
• (Persistent) XSS

http://www.vulnerability-lab.com/get_content.php?id=932
• Vulnerability-Lab Advisories:
http://www.vulnerability-lab.com/show.php?cat=mobile
Disclaimer

• Trustwave (me) did this research on March/13
and just now we are disclosing these
advisories.
• Path Traversal
• WiFi HD Free Path Traversal (CVE-2013-3923)
• FTPDrive Path Traversal (CVE-2013-3922)
• Easy File Manag...
• Path Traversal (DEMO)
• Easy File Manager
• Unauthorized Access to File System (CVE2013-3960)
• Unauthorized Access to File System (CVE2013-3960)
• Getting worst with a jailbroken device.
• Remote Command Execution: Unauthorized
Access to File System (CVE-2013-3960) –
Jailbroken Device
• iOS 7 Security Improvement
How to find vulnerable systems
mDNS Queries

<= mDNS
Watch for iOS
• Conclusions
• Mobile Apps (already) are the future.
• Mobile Apps designers still don’t care too
much about security.
• ...
Upcoming SlideShare
Loading in...5
×

Appsec2013 presentation

893

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
893
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Well, vulnerabilities to compromise data shared/stored
  • Explain
  • Take a look on the date
  • Old vulnerabilities,ios 7, etcetc
  • After changed the password, the hashes will be stored at /etc/master.passwd and no longer access to the mobile user.
  • It works utilizing public IP as well.
  • The path traversal also won’t work on ios7
  • Appsec2013 presentation

    1. 1. Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs
    2. 2. About Me #whoami • Bruno Gonçalves de Oliveira • Senior Security Consultant @ Trustwave’s SpiderLabs • MSc Candidate • Computer Engineer • Offensive Security • Talks: Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC. Hosted by OWASP & the NYC Chapter
    3. 3. INTRO • Smartphones – A LOT OF information – iPhone is VERY popular • Mobile Applications – (MOST) Poorly designed • Old fashion vulnerabilities Hosted by OWASP & the NYC Chapter
    4. 4. What are those apps? • Designed to provide a storage system to iOS devices. • Data can be transferred utilizing bluetooth, iTunes and FTP. • Easiest way: HTTP protocol. • They are very popular.
    5. 5. Examples
    6. 6. Features • Manage/Storage files • Create Albums, etc. • Share Data
    7. 7. VULNERABILITIES
    8. 8. • No encryption (SSL):
    9. 9. • No authentication (by default):
    10. 10. • (Reflected) XSS
    11. 11. • (Persistent) XSS
    12. 12. • (Persistent) XSS http://www.vulnerability-lab.com/get_content.php?id=932
    13. 13. • Vulnerability-Lab Advisories: http://www.vulnerability-lab.com/show.php?cat=mobile
    14. 14. Disclaimer • Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
    15. 15. • Path Traversal • WiFi HD Free Path Traversal (CVE-2013-3923) • FTPDrive Path Traversal (CVE-2013-3922) • Easy File Manager Path Traversal (CVE-20133921) You probably want to test the app that you use.
    16. 16. • Path Traversal (DEMO)
    17. 17. • Easy File Manager • Unauthorized Access to File System (CVE2013-3960)
    18. 18. • Unauthorized Access to File System (CVE2013-3960)
    19. 19. • Getting worst with a jailbroken device.
    20. 20. • Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
    21. 21. • iOS 7 Security Improvement
    22. 22. How to find vulnerable systems mDNS Queries <= mDNS Watch for iOS
    23. 23. • Conclusions • Mobile Apps (already) are the future. • Mobile Apps designers still don’t care too much about security. • Too many apps, we have to take care. • Old fashion vulnerabilities still rock.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×