Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Smartphone Insecurity

880 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Smartphone Insecurity

  1. 1. Smartphone Insecurity  Click to edit the outline text  • Georgia Click to Weidman formatedit the outline text format   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  2. 2. Agenda Smartphone Security Basics Common Attack Vectors and Examples Mitigation Strategies Common vulnerabilities in 3rd party apps Attack strategies against apps Secure coding practices for developing apps  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  3. 3. What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  4. 4. What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  5. 5. What’s on your phone Personal info Work info Location info  Click to edit the outline text Account info formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  6. 6. Do We Need Privacy? (SMS examples) “Hi meet me for lunch” “Meet me for lunch while my wife is out” “Here is your bank account credentials”  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  7. 7. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  8. 8. Attacks on Privacy (Infrastructure) ? ? Cell Network io n p t c ry E n  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  9. 9. Is GSM traffic encrypted?SMSPDU:07914140540510F1040B915117344588F100000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  10. 10. Is GSM traffic encrypted?SMSPDU:07914140540510F1040B915117344588F100000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  11. 11. Is GSM traffic encrypted?Sending Number: 1-571-435-4881Data: hellohello  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  12. 12. 2G(EDGE)Bad crypto: Up to the base station Algorithms breakable Click to edit the outline text  No authentication of base format stations Click to edit the outline text format    Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  13. 13. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  14. 14. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  15. 15. Breaking 2G CryptoBreak session key to get on the networkA5/2 trivial to breakKarsten Nohl broke A5/1 in 2009 in minutes  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  16. 16. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  17. 17. Who cares about EDGE anyway? Still deployed By default phones will drop back to EDGE Is anyone on EDGE right now?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  18. 18. Mitigation Strategies Replace 2G Option to turn off 2G on phones Encrypt data on phones before sending  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  19. 19. Attacks on Privacy (Platform) =Attackers know how to attack these platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  20. 20. Rooting/Jailbreaking Exploiting kernel/platform flaws Client side attacks Gain system level privileges similarly to PC platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  21. 21. JailbreakMe 3.0 iPhone jailbreak Client side flaw in PDF (Mobile Safari) Kernel exploit  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  22. 22. Rootstrap Android app loads kernel exploits Loads code dynamically Runs native code  Click to edit the outline text Packaged with interesting app formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  23. 23. DroidDream Android app in the market Rooted phones via kernel exploits Stole information  Click to edit the outline text Ran up charges formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  24. 24. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  25. 25. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  26. 26. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  27. 27. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  28. 28. SMS PDUSMSPDU:07914140540510F1040B915117344588F100000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  29. 29. How the Botnet Works1. Bot Receives a Message3. Bot Decodes User Data5. Checks for Bot Key  Click to edit the outline text7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  30. 30. How the Botnet Works1. Bot Receives a Message3. Bot Decodes User Data5. Checks for Bot Key  Click to edit the outline text7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  31. 31. How the Botnet Works1. Bot Receives a Message3. Bot Decodes User Data5. Checks for Bot Key  Click to edit the outline text7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  32. 32. How the Botnet Works1. Bot Receives a Message3. Bot Decodes User Data5. Checks for Bot Key (Swallows Message)  Click to edit the outline text7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  33. 33. How the Botnet Works1. Bot Receives a Message3. Bot Decodes User Data5. Checks for Bot Key  Click to edit the outline text7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  34. 34. Demo Demo of Botnet Click to edit the outline text Payload  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  35. 35. Mitigations for Platform Attacks Updating Better sandboxing Vigilance from users  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  36. 36. App attacks on privacy  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  37. 37. App Stores iPhone  Expensive  Closed  Identity verified Android  Cheap  Click to edit the outline text formatedit the outline text format  Self Signed  Click to   Second Outline Level Second Outline Level  Open − − Third Outline Level Third Outline Level  Anonymous Fourth Outline Fourth Outline  
  38. 38. Android Permission Model Specifically request permissions Users must accept at install Send SMS, Receive SMS, GPS location  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  39. 39. App attacks on privacyIs this system working? Are usersmaking good decisions aboutapps? Click to edit the outline text   formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  40. 40. Top Android App of All Time  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  41. 41. DemoDemo: App Abusing Permissions  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  42. 42. App Attacks Mitigations Oversight on apps Analysis of permissions User awareness  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  43. 43. Vulnerabilities in Android Apps No coding standards for Android apps Badly coded apps Data Leak  Click to edit the outline text Permission Leak formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  44. 44. Data Leak Access to sensitive data Insecure storage  sdcard  World readable  Stored in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  45. 45. Return to the Source Free tools available Complete source available Don’t store secrets here  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  46. 46. DemoDEMO: Abusing bad storage practices  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  47. 47. Mitigating this risk Store sensitive data privately Don’t use the sdcard Don’t put secrets in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  48. 48. Permission leak through components Other apps can call public components That’s a reason Android is awesome If not used safely, this can be dangerous  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  49. 49. DemoDEMO: Stealing permissions from exposedcomponents  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  50. 50. Mitigating This Risk Require permissions to access components Use custom permissions Don’t have dangerous functionality accessible without user interaction  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  51. 51. Contact Georgia Weidman Security Consultant, Researcher, Trainer Website: http://www.georgiaweidman.comSlides: http://www.slideshare.net/georgiaweidman Click to edit the outline text  Email:georgia@grmn00bs.com formatedit the outline text format Click to  Twitter: @georgiaweidman Outline Level Second Outline Level  Second  − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline

×