Your SlideShare is downloading. ×
Attacking Blackberry For Phun and Profit
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Attacking Blackberry For Phun and Profit

1,844
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,844
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Attacking BlackBerry for phun and profit y3dips[et]echo.or.id Sunday, November 8, 2009
  • 2. y3dips • A Bandwidth Hunter ... A Renegade • IT Security fans for more than 7 year • http://google.com/search?q=y3dips Sunday, November 8, 2009
  • 3. BlackBerry • Push Email • Wireless Messaging System • Phone, SMS, Cameras, Browsing Sunday, November 8, 2009
  • 4. BlackBerry • Photos • Emails • Sms • Phone log • Contact Sunday, November 8, 2009
  • 5. BlackBerry • BlackBerry Enterprise Server (BES) • BlackBerry Internet Service (BIS) Sunday, November 8, 2009
  • 6. Diagram http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif Sunday, November 8, 2009
  • 7. BB Proxy • Attack BES network • Defcon 2006 presented by Jesse D’aguanno • Making a Blackberry Device as a gateway to internal Network Sunday, November 8, 2009
  • 8. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Firewall INTERNET Attacker Sunday, November 8, 2009
  • 9. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 10. Attacking Anatomy Connecting into App Server Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 11. Attacking Anatomy Connecting into App Server Device as a proxy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall Attacker 0wned Internal Network INTERNET Attacker Sunday, November 8, 2009
  • 12. Our Approach • Attacking Wifi Network • DNS Spoofing • Ssl Tunneling - http://stunnel.org • BlackBag - http://matasano.com Sunday, November 8, 2009
  • 13. DNS Spoofing • Spoof dns entry into router/dns server # echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts Sunday, November 8, 2009
  • 14. DNS Spoofing Sunday, November 8, 2009
  • 15. Stunnel • Setup 2 SSL connection • SSL Connection from BB device to Attacker machine • SSL Connection from Attacker machine to BB Real Server Sunday, November 8, 2009
  • 16. Stunnel • Setup 2 SSL connection # stunnel -d 443 -r localhost:8888 # stunnel -c -d 8889 -r 216.9.240.88:443 Sunday, November 8, 2009
  • 17. BlackBag • Glue the tunnel back # bkb replug -b localhost:8889@8888 Sunday, November 8, 2009
  • 18. BlackBag Sunday, November 8, 2009
  • 19. Attacking Anatomy search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 20. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 21. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 Tcp/443 WIFI Tcp/8888 Tcp/443 RIM Network Tcp/8889 Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 22. Viewable Sunday, November 8, 2009
  • 23. Viewable Sunday, November 8, 2009
  • 24. Result Sunday, November 8, 2009
  • 25. Result • Clear Text Sender PIN • Clear Text Recipient PIN • Clear Text Message type • Encrypted Data Sunday, November 8, 2009
  • 26. Impact • Spam? until DDOS • PIN abuse; such as cloning • Blackmail; identity thief, logs • Email and PIN Mapping Sunday, November 8, 2009
  • 27. Next • More Data to analyze (different type) • Attack the Encryption? • Another Infrastructur attacking Scenario Sunday, November 8, 2009
  • 28. Confession Sunday, November 8, 2009
  • 29. Raw Data Sunday, November 8, 2009
  • 30. Mal(Spy)ware • The Most Famous Etisalat Issue • Firmware Update • Reverse by some researcher • 100% Spyware Sunday, November 8, 2009
  • 31. Mal(Spy)ware Sunday, November 8, 2009
  • 32. POC • Provided by Sheran Gunasekera @HITB 2009 • Bugs - Forwarding Emails • PhoneSnoop - Turn your BB into Spy devices • http://chirashi.zensay.com Sunday, November 8, 2009
  • 33. Bugs Sunday, November 8, 2009
  • 34. Summary • 0wned a blackberry with $20 (USD) • Social Engineering rulez! • BlackBerry User awareness Sunday, November 8, 2009
  • 35. Case Stories Sunday, November 8, 2009
  • 36. Case Stories Sunday, November 8, 2009
  • 37. Case Stories Sunday, November 8, 2009
  • 38. Mitigation • Password Your Device • Turn On Firewall • Encrypt your Data/Media Card • Controlling downloded application • Protecting GPS location • Connect to Legitimate Wifi Network Sunday, November 8, 2009
  • 39. References • Attack Surface Analysis of Blackberry Devices - symantec • BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit • BlackJaking:0wning the Enterprise via BlackBerry - x30n • Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera • Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick Sunday, November 8, 2009
  • 40. Greetz • Hermis Consulting • Sheran Gunasekera • staff@echo.or.id • Info Komputer Sunday, November 8, 2009