• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Appsec2013 presentation
 

Appsec2013 presentation

on

  • 616 views

 

Statistics

Views

Total Views
616
Views on SlideShare
616
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Well, vulnerabilities to compromise data shared/stored
  • Explain
  • Take a look on the date
  • Old vulnerabilities,ios 7, etcetc
  • After changed the password, the hashes will be stored at /etc/master.passwd and no longer access to the mobile user.
  • It works utilizing public IP as well.
  • The path traversal also won’t work on ios7

Appsec2013 presentation Appsec2013 presentation Presentation Transcript

  • Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs
  • About Me #whoami • Bruno Gonçalves de Oliveira • Senior Security Consultant @ Trustwave’s SpiderLabs • MSc Candidate • Computer Engineer • Offensive Security • Talks: Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC. Hosted by OWASP & the NYC Chapter
  • INTRO • Smartphones – A LOT OF information – iPhone is VERY popular • Mobile Applications – (MOST) Poorly designed • Old fashion vulnerabilities Hosted by OWASP & the NYC Chapter
  • What are those apps? • Designed to provide a storage system to iOS devices. • Data can be transferred utilizing bluetooth, iTunes and FTP. • Easiest way: HTTP protocol. • They are very popular.
  • Examples
  • Features • Manage/Storage files • Create Albums, etc. • Share Data
  • VULNERABILITIES
  • • No encryption (SSL):
  • • No authentication (by default):
  • • (Reflected) XSS
  • • (Persistent) XSS
  • • (Persistent) XSS http://www.vulnerability-lab.com/get_content.php?id=932
  • • Vulnerability-Lab Advisories: http://www.vulnerability-lab.com/show.php?cat=mobile
  • Disclaimer • Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
  • • Path Traversal • WiFi HD Free Path Traversal (CVE-2013-3923) • FTPDrive Path Traversal (CVE-2013-3922) • Easy File Manager Path Traversal (CVE-20133921) You probably want to test the app that you use.
  • • Path Traversal (DEMO)
  • • Easy File Manager • Unauthorized Access to File System (CVE2013-3960)
  • • Unauthorized Access to File System (CVE2013-3960)
  • • Getting worst with a jailbroken device.
  • • Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
  • • iOS 7 Security Improvement
  • How to find vulnerable systems mDNS Queries <= mDNS Watch for iOS
  • • Conclusions • Mobile Apps (already) are the future. • Mobile Apps designers still don’t care too much about security. • Too many apps, we have to take care. • Old fashion vulnerabilities still rock.