SlideShare a Scribd company logo

MACTANS: Injecting Malware
into iOS Devices via Malicious Chargers

Joon Young Park
Joon Young Park

Paper Survey BlackHat 2013 Mactans, a malicious charger injects malware to iOS devices.

Engineering
1 of 21
Download to read offline
MACTANS: Injecting Malware
 into iOS Devices via Malicious Chargers 석사 29기 박준영
Introduction • iOS is considered more secure. - mandatory code signing - app sandboxing - centralized app store. • Charging a device is everyday activities in our life. • Successfully install & execute arbitrary software. • Mactans (BeagleBoard, looks like charger) • Patched on iOS 7 beta 2
Observations • Any Host is trusted by the Client. • Client does not indicate what Host does. • Installed app can be hidden. • Host can execute apps on the Client in stealth mode • Provisioning for making Client as a Developer device is easy. • Unified Data, Control, Power Interface ? Host Client ?
Hide app on SpringBoard • /Application/<appname>.app/Info.plist …… <key>SBAppTags</key> 
 <array>
 <string>hidden</string>
 </array>
 ……
Stealth Execution • Mounts disk image(DeveloperDiskImage.dmg) • Launch com.apple.debugserver • Can execute hidden application
Provisioning • Obtain UDID easily • Provisioning also can be easily automated • To obtain a provisioning profile
 -> To install a malware application to Client
Proof-of-Concept
Proof-of-Concept • 30Pin or Lightening USB cable
Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License
 - For use of provisioning portal
Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License • Internet Connection
Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License • Internet Connection • Mactans charger (BeagleBoard)
 - USB power source
 - microprocessor/microcontroller
 - Linux OS
 - iOS RPC comm. library
BeagleBoard • Cortex-A8 CPU • US.B, HDMI, SD/MMC, JTAG.. • 7.5cm x 7.5cm
Obtain UDID • UDI.D
 - 40 digit hexadecimal ID
 - SHA1(serial + ECID + WiFiMAC + BluetoothMAC) • Simply obtained while query over USB
With UDID.. • UDID Registration via developer.apple.com • Provisioning Profile can be generated • Allow devices to run apps signed by a non-Apple entity
An.d install Malware... • Replace original famous app wi.th repackaged, hidden version • Install malware wi.th icon of replaced app • When launched, malware plays then executes original app
Malware can do.. • Taking screenshots with Private API call • Simulating touch event • Simulating button pressing (Home, Sleep ..) • And so many other things…
Attack Scenarios • General
 - Public charging stations (e.g., airports, libraries) • Targeted
 - Exchange or provide charger to target
 - Modify environment of target
 (e.g., airplane seat, hotel room)
Fixing the problems
Fixing the problems • Charger? Computer? • Provisioning profile abuse
 - Use CAPTCHA • Over-privileged USB capabilities • Third party hidden apps considered harmful
Mactans concept • Not a jailbreak • Automatic • Stealthy • Powerful
Q&A

Recommended

CocoaHeads Toulouse - iOS TechTalk - Mélanie Bessagnet
CocoaHeads Toulouse - iOS TechTalk - Mélanie BessagnetCocoaHeads Toulouse - iOS TechTalk - Mélanie Bessagnet
CocoaHeads Toulouse - iOS TechTalk - Mélanie BessagnetCocoaHeads France
 
Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.DataArt
 
Odoo Experience 2018 - The IoT Box and the Cloud
Odoo Experience 2018 - The IoT Box and the CloudOdoo Experience 2018 - The IoT Box and the Cloud
Odoo Experience 2018 - The IoT Box and the CloudElínAnna Jónasdóttir
 
Session 1 - Introduction to iOS 7 and SDK
Session 1 - Introduction to iOS 7 and SDKSession 1 - Introduction to iOS 7 and SDK
Session 1 - Introduction to iOS 7 and SDKVu Tran Lam
 
Никита Корчагин - Introduction to Apple iOS Development.
Никита Корчагин - Introduction to Apple iOS Development.Никита Корчагин - Introduction to Apple iOS Development.
Никита Корчагин - Introduction to Apple iOS Development.DataArt
 
Adventures in USB land
Adventures in USB landAdventures in USB land
Adventures in USB landValentinas Bakaitis
 
Extensions
ExtensionsExtensions
ExtensionsManjula Jonnalagadda
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 

Recommended

CocoaHeads Toulouse - iOS TechTalk - Mélanie Bessagnet
CocoaHeads Toulouse - iOS TechTalk - Mélanie BessagnetCocoaHeads Toulouse - iOS TechTalk - Mélanie Bessagnet
CocoaHeads Toulouse - iOS TechTalk - Mélanie BessagnetCocoaHeads France
 
Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.DataArt
 
Odoo Experience 2018 - The IoT Box and the Cloud
Odoo Experience 2018 - The IoT Box and the CloudOdoo Experience 2018 - The IoT Box and the Cloud
Odoo Experience 2018 - The IoT Box and the CloudElínAnna Jónasdóttir
 
Session 1 - Introduction to iOS 7 and SDK
Session 1 - Introduction to iOS 7 and SDKSession 1 - Introduction to iOS 7 and SDK
Session 1 - Introduction to iOS 7 and SDKVu Tran Lam
 
Никита Корчагин - Introduction to Apple iOS Development.
Никита Корчагин - Introduction to Apple iOS Development.Никита Корчагин - Introduction to Apple iOS Development.
Никита Корчагин - Introduction to Apple iOS Development.DataArt
 
Adventures in USB land
Adventures in USB landAdventures in USB land
Adventures in USB landValentinas Bakaitis
 
Extensions
ExtensionsExtensions
ExtensionsManjula Jonnalagadda
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 
Beginning Real World iOS App Development
Beginning Real World iOS App DevelopmentBeginning Real World iOS App Development
Beginning Real World iOS App DevelopmentAndri Yadi
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Gigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsAlex Rupérez
 
Deploy All The Games
Deploy All The GamesDeploy All The Games
Deploy All The GamesAdam Hill
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovJose Moruno Cadima
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
NSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkAlex Rupérez
 
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...Enterprise Mobile
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceJen Looper
 
Gigigo Workshop - iOS Extensions
Gigigo Workshop - iOS ExtensionsGigigo Workshop - iOS Extensions
Gigigo Workshop - iOS ExtensionsAlex Rupérez
 
Active Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion IDActive Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion IDbanerjeea
 
Active authentication to protect IT assets
Active authentication to protect IT assetsActive authentication to protect IT assets
Active authentication to protect IT assetsPlesk
 
CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)Sam Bowne
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mipsSierraware
 
Node on Guard
Node on GuardNode on Guard
Node on GuardIBM
 
Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15Peter Gallagher
 
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101wireharbor
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 

More Related Content

What's hot

Beginning Real World iOS App Development
Beginning Real World iOS App DevelopmentBeginning Real World iOS App Development
Beginning Real World iOS App DevelopmentAndri Yadi
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Gigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsAlex Rupérez
 
Deploy All The Games
Deploy All The GamesDeploy All The Games
Deploy All The GamesAdam Hill
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovJose Moruno Cadima
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
NSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkAlex Rupérez
 
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...Enterprise Mobile
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceJen Looper
 
Gigigo Workshop - iOS Extensions
Gigigo Workshop - iOS ExtensionsGigigo Workshop - iOS Extensions
Gigigo Workshop - iOS ExtensionsAlex Rupérez
 
Active Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion IDActive Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion IDbanerjeea
 
Active authentication to protect IT assets
Active authentication to protect IT assetsActive authentication to protect IT assets
Active authentication to protect IT assetsPlesk
 
CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)Sam Bowne
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mipsSierraware
 
Node on Guard
Node on GuardNode on Guard
Node on GuardIBM
 
Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15Peter Gallagher
 

What's hot (17)

Beginning Real World iOS App Development
Beginning Real World iOS App DevelopmentBeginning Real World iOS App Development
Beginning Real World iOS App Development
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Gigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeaconsGigigo Keynote - Geofences & iBeacons
Gigigo Keynote - Geofences & iBeacons
 
Deploy All The Games
Deploy All The GamesDeploy All The Games
Deploy All The Games
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copy
 
NSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity FrameworkNSCoder Keynote - Multipeer Connectivity Framework
NSCoder Keynote - Multipeer Connectivity Framework
 
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
2013 Devices -- Take the Guesswork out of New Mobile Devices & Platforms for ...
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT Conference
 
Gigigo Workshop - iOS Extensions
Gigigo Workshop - iOS ExtensionsGigigo Workshop - iOS Extensions
Gigigo Workshop - iOS Extensions
 
Active Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion IDActive Authentication to Protect IT Assets - Onion ID
Active Authentication to Protect IT Assets - Onion ID
 
Active authentication to protect IT assets
Active authentication to protect IT assetsActive authentication to protect IT assets
Active authentication to protect IT assets
 
CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mips
 
Node on Guard
Node on GuardNode on Guard
Node on Guard
 
Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15Windows 10 iot core dot net notts - 27-07-15
Windows 10 iot core dot net notts - 27-07-15
 

Similar to MACTANS: Injecting Malware
into iOS Devices via Malicious Chargers

[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...Hackito Ergo Sum
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)ClubHack
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101wireharbor
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Exploring Your Apple M1 devices with Open Source Tools
Exploring Your Apple M1 devices with Open Source ToolsExploring Your Apple M1 devices with Open Source Tools
Exploring Your Apple M1 devices with Open Source ToolsKoan-Sin Tan
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsviaForensics
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...Codemotion
 
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...Codemotion
 
Android Things, from mobile apps to physical world
Android Things, from mobile apps to physical worldAndroid Things, from mobile apps to physical world
Android Things, from mobile apps to physical worldStefano Sanna
 
2012 java one-con3648
2012 java one-con36482012 java one-con3648
2012 java one-con3648Eing Ong
 
Mobile application and Game development
Mobile application and Game developmentMobile application and Game development
Mobile application and Game developmentWomen In Digital
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
IoT Getting Started with Intel® IoT Devkit
IoT Getting Started with Intel® IoT DevkitIoT Getting Started with Intel® IoT Devkit
IoT Getting Started with Intel® IoT DevkitVasily Ryzhonkov
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhonessaurabhharit
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
 
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Veduruparthy Bharat
 

Similar to MACTANS: Injecting Malware
into iOS Devices via Malicious Chargers (20)

[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
[HES2013] Hacking apple accessories to pown iDevices – Wake up Neo! Your phon...
 
Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)Hacking your Droid (Aditya Gupta)
Hacking your Droid (Aditya Gupta)
 
Mobile Security Assessment: 101
Mobile Security Assessment: 101Mobile Security Assessment: 101
Mobile Security Assessment: 101
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
Exploring Your Apple M1 devices with Open Source Tools
Exploring Your Apple M1 devices with Open Source ToolsExploring Your Apple M1 devices with Open Source Tools
Exploring Your Apple M1 devices with Open Source Tools
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...
Android Things, from mobile apps to physical world - Stefano Sanna - Giovanni...
 
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...
Android Things, from mobile apps to physical world by Giovanni Di Gialluca an...
 
Android Things, from mobile apps to physical world
Android Things, from mobile apps to physical worldAndroid Things, from mobile apps to physical world
Android Things, from mobile apps to physical world
 
2012 java one-con3648
2012 java one-con36482012 java one-con3648
2012 java one-con3648
 
Mobile application and Game development
Mobile application and Game developmentMobile application and Game development
Mobile application and Game development
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
 
IoT Getting Started with Intel® IoT Devkit
IoT Getting Started with Intel® IoT DevkitIoT Getting Started with Intel® IoT Devkit
IoT Getting Started with Intel® IoT Devkit
 
Outsmarting SmartPhones
Outsmarting SmartPhonesOutsmarting SmartPhones
Outsmarting SmartPhones
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !Android and ios cracking, hackintosh included !
Android and ios cracking, hackintosh included !
 

More from Joon Young Park

MoLe: Motion Leaks through Smartwatch Sensors
MoLe: Motion Leaks through Smartwatch SensorsMoLe: Motion Leaks through Smartwatch Sensors
MoLe: Motion Leaks through Smartwatch SensorsJoon Young Park
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Joon Young Park
 
Android Security Internals (Lesson 3)
Android Security Internals (Lesson 3)Android Security Internals (Lesson 3)
Android Security Internals (Lesson 3)Joon Young Park
 
Delegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoTDelegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoTJoon Young Park
 
Lithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of ThingsLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of ThingsJoon Young Park
 
Internet of secure things
Internet of secure thingsInternet of secure things
Internet of secure thingsJoon Young Park
 
SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksJoon Young Park
 
License Plate Recognition
License Plate RecognitionLicense Plate Recognition
License Plate RecognitionJoon Young Park
 

More from Joon Young Park (18)

WheelLogger_WISA
WheelLogger_WISAWheelLogger_WISA
WheelLogger_WISA
 
Power spy
Power spyPower spy
Power spy
 
MoLe: Motion Leaks through Smartwatch Sensors
MoLe: Motion Leaks through Smartwatch SensorsMoLe: Motion Leaks through Smartwatch Sensors
MoLe: Motion Leaks through Smartwatch Sensors
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...
 
Android Security Internals (Lesson 3)
Android Security Internals (Lesson 3)Android Security Internals (Lesson 3)
Android Security Internals (Lesson 3)
 
Delegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoTDelegation-based Authentication and Authorization for the IP-based IoT
Delegation-based Authentication and Authorization for the IP-based IoT
 
Lithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of ThingsLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of Things
 
Internet of secure things
Internet of secure thingsInternet of secure things
Internet of secure things
 
Electronic Signature
Electronic SignatureElectronic Signature
Electronic Signature
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor NetworksSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor Networks
 
MiTumb
MiTumbMiTumb
MiTumb
 
Linux Remote Connection
Linux Remote ConnectionLinux Remote Connection
Linux Remote Connection
 
License Plate Recognition
License Plate RecognitionLicense Plate Recognition
License Plate Recognition
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
DDD
DDDDDD
DDD
 
Baas.io
Baas.ioBaas.io
Baas.io
 
LBSNS Flatform Business
LBSNS Flatform BusinessLBSNS Flatform Business
LBSNS Flatform Business
 

Recently uploaded

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 

Recently uploaded (20)

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 

MACTANS: Injecting Malware
into iOS Devices via Malicious Chargers

  • 1. MACTANS: Injecting Malware
 into iOS Devices via Malicious Chargers 석사 29기 박준영
  • 2. Introduction • iOS is considered more secure. - mandatory code signing - app sandboxing - centralized app store. • Charging a device is everyday activities in our life. • Successfully install & execute arbitrary software. • Mactans (BeagleBoard, looks like charger) • Patched on iOS 7 beta 2
  • 3. Observations • Any Host is trusted by the Client. • Client does not indicate what Host does. • Installed app can be hidden. • Host can execute apps on the Client in stealth mode • Provisioning for making Client as a Developer device is easy. • Unified Data, Control, Power Interface ? Host Client ?
  • 4. Hide app on SpringBoard • /Application/<appname>.app/Info.plist …… <key>SBAppTags</key> 
 <array>
 <string>hidden</string>
 </array>
 ……
  • 5. Stealth Execution • Mounts disk image(DeveloperDiskImage.dmg) • Launch com.apple.debugserver • Can execute hidden application
  • 6. Provisioning • Obtain UDID easily • Provisioning also can be easily automated • To obtain a provisioning profile
 -> To install a malware application to Client
  • 8. Proof-of-Concept • 30Pin or Lightening USB cable
  • 9. Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License
 - For use of provisioning portal
  • 10. Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License • Internet Connection
  • 11. Proof-of-Concept • 30Pin or Lightening USB cable • Active Developer’s License • Internet Connection • Mactans charger (BeagleBoard)
 - USB power source
 - microprocessor/microcontroller
 - Linux OS
 - iOS RPC comm. library
  • 12. BeagleBoard • Cortex-A8 CPU • US.B, HDMI, SD/MMC, JTAG.. • 7.5cm x 7.5cm
  • 13. Obtain UDID • UDI.D
 - 40 digit hexadecimal ID
 - SHA1(serial + ECID + WiFiMAC + BluetoothMAC) • Simply obtained while query over USB
  • 14. With UDID.. • UDID Registration via developer.apple.com • Provisioning Profile can be generated • Allow devices to run apps signed by a non-Apple entity
  • 15. An.d install Malware... • Replace original famous app wi.th repackaged, hidden version • Install malware wi.th icon of replaced app • When launched, malware plays then executes original app
  • 16. Malware can do.. • Taking screenshots with Private API call • Simulating touch event • Simulating button pressing (Home, Sleep ..) • And so many other things…
  • 17. Attack Scenarios • General
 - Public charging stations (e.g., airports, libraries) • Targeted
 - Exchange or provide charger to target
 - Modify environment of target
 (e.g., airplane seat, hotel room)
  • 19. Fixing the problems • Charger? Computer? • Provisioning profile abuse
 - Use CAPTCHA • Over-privileged USB capabilities • Third party hidden apps considered harmful
  • 20. Mactans concept • Not a jailbreak • Automatic • Stealthy • Powerful
  • 21. Q&A