Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Transparent Smartphone Spying

4,095 views

Published on

Published in: Technology
  • Be the first to comment

Transparent Smartphone Spying

  1. 1. Transparent Smartphone Spying Georgia Weidman
  2. 2. Agenda• Smartphone Overview• Evil Applications• Evil Jailbreaks• Baseband Spying• Mitigation Strategies
  3. 3. What is a Smartphone?
  4. 4. Data Stored and Transmitted• Personal info• Work info• Location info• Account info
  5. 5. Privacy of Transmitted Data• Mobile communication standards• Encoding vs. Encryption• Attacks against privacy
  6. 6. Privacy Matters: Text Messages• “Hi meet me for lunch”• “Meet me for lunch while my wife is out”• “Here are your bank account credentials”
  7. 7. Privacy Required Examples• Vendor text messages – Vendor advertisements – Provider messages• Mobile banking – Balance sheet – Electronic bill paying – One time passwords
  8. 8. Evil Applications
  9. 9. Application Stores• iPhone – Expensive – Identity Verified – Closed – Certificate Authority• Android – Cheap – Open – Anonymous – Self signed
  10. 10. Application Protections: iPhone• ASLR• Mandatory code signing• No dynamic code loading• Sandboxed
  11. 11. Applications Protections: Android• Users accept permissions
  12. 12. Our Text Message Example• Permission to read text message(SMS) database• Specific permission to send text message(SMS) messages• Without user consent, application cannot access this information
  13. 13. Is this system working to protect users?Are users making good decisions about application permissions?
  14. 14. Top Android App of all Time
  15. 15. DemoDemo: Application abusing permissions
  16. 16. Abusing the Android Sandbox• Load exploit code at runtime• Safe application becomes malicious application• In the wild: DroidDream• In the lab: Rootstrap
  17. 17. Evil Jailbreak
  18. 18. Jailbreaking• Get root privileges• Expand feature set• Run unapproved (3rd party apps)
  19. 19. Jailbreaking Gone Wild• Run this code• It jailbreaks your phone• What else does it do?
  20. 20. So I’ve exploited a phone, what now?
  21. 21. Baseband Spying• Read all data sent/receive by the phone• Intercept data before it reaches the user/before it is sent
  22. 22. How an GSM is sent and received 22
  23. 23. How an GSM is sent and received © Georgia Weidman 2011 23
  24. 24. How an GSM is sent and received © Georgia Weidman 2011 24
  25. 25. Malicious Proxy• Intercept data• Send data• Alter data• Botnet functionality
  26. 26. DemoDemo: Stealing Text Messages
  27. 27. Mitigation Strategies• User Awareness• Encryption• Updating• Code signing
  28. 28. ContactGeorgia Weidman, Security Consultant Neohapsis, Inc. Email: georgia@grmn00bs.com georgia.weidman@neohapsis.com Website: http://www.neohapsis.com http://www.grmn00bs.com Twitter: @vincentkadmon
  29. 29. Selected Bibliography• John Oberheide and Jach Lanier “Team JOCH vs. Android” Shmoocon 2011: http://jon.oberheide.org/files/shmoo11- teamjoch.pdf• Charlie Miller and Collin Mulliner “Fuzzing the Phone in Your Phone” Blackhat USA 2009: http://www.blackhat.com/presentations/bhusa- 09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf• Dino Dai Zovi “Apple iOS Security Evalution” Blackhat USA 2011: https://media.blackhat.com/bh-us- 11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf

×