SlideShare a Scribd company logo

Smartphone Insecurity

Download as PPT, PDF
Georgia Weidman, profile picture
Georgia Weidman

This document summarizes a presentation on smartphone security. The presentation covers smartphone security basics, common attack vectors, mitigation strategies, vulnerabilities in third-party apps, how to attack apps, and secure coding practices. Specific topics include what personal information is stored on smartphones, how 2G cellular networks have weak encryption of SMS messages that allows interception, and how the encryption on 2G networks can be broken.

TechnologyBusiness
1 of 51
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Smartphone Insecurity  Click to edit the outline text  • Georgia Click to Weidman formatedit the outline text format   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Agenda  Smartphone Security Basics  Common Attack Vectors and Examples  Mitigation Strategies  Common vulnerabilities in 3rd party apps  Attack strategies against apps  Secure coding practices for developing apps  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
What’s on your phone  Personal info  Work info  Location info  Click to edit the outline text  Account info formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Do We Need Privacy? (SMS examples)  “Hi meet me for lunch”  “Meet me for lunch while my wife is out”  “Here is your bank account credentials”  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Infrastructure) ? ? Cell Network io n p t c ry E n  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Is GSM traffic encrypted? SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Is GSM traffic encrypted? SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Is GSM traffic encrypted? Sending Number: 1-571-435-4881 Data: hellohello  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
2G(EDGE) Bad crypto: Up to the base station Algorithms breakable Click to edit the outline text  No authentication of base format stations Click to edit the outline text format    Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Breaking 2G Crypto Break session key to get on the network A5/2 trivial to break Karsten Nohl broke A5/1 in 2009 in minutes  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Who cares about EDGE anyway?  Still deployed  By default phones will drop back to EDGE  Is anyone on EDGE right now?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Mitigation Strategies  Replace 2G  Option to turn off 2G on phones  Encrypt data on phones before sending  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Attacks on Privacy (Platform) = Attackers know how to attack these platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Rooting/Jailbreaking  Exploiting kernel/platform flaws  Client side attacks  Gain system level privileges similarly to PC platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
JailbreakMe 3.0  iPhone jailbreak  Client side flaw in PDF (Mobile Safari)  Kernel exploit  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Rootstrap  Android app loads kernel exploits  Loads code dynamically  Runs native code  Click to edit the outline text  Packaged with interesting app formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
DroidDream  Android app in the market  Rooted phones via kernel exploits  Stole information  Click to edit the outline text  Ran up charges formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
SMS PDU SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key (Swallows Message)  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Demo Demo of Botnet Click to edit the outline text Payload  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Mitigations for Platform Attacks  Updating  Better sandboxing  Vigilance from users  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
App attacks on privacy  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
App Stores  iPhone  Expensive  Closed  Identity verified  Android  Cheap  Click to edit the outline text formatedit the outline text format  Self Signed  Click to   Second Outline Level Second Outline Level  Open − − Third Outline Level Third Outline Level  Anonymous Fourth Outline Fourth Outline  
Android Permission Model  Specifically request permissions  Users must accept at install  Send SMS, Receive SMS, GPS location  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
App attacks on privacy Is this system working? Are users making good decisions about apps? Click to edit the outline text   formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Top Android App of All Time  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Demo Demo: App Abusing Permissions  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
App Attacks Mitigations  Oversight on apps  Analysis of permissions  User awareness  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Vulnerabilities in Android Apps  No coding standards for Android apps  Badly coded apps  Data Leak  Click to edit the outline text  Permission Leak formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Data Leak  Access to sensitive data  Insecure storage  sdcard  World readable  Stored in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Return to the Source  Free tools available  Complete source available  Don’t store secrets here  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Demo DEMO: Abusing bad storage practices  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Mitigating this risk  Store sensitive data privately  Don’t use the sdcard  Don’t put secrets in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Permission leak through components  Other apps can call public components  That’s a reason Android is awesome  If not used safely, this can be dangerous  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Demo DEMO: Stealing permissions from exposed components  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Mitigating This Risk  Require permissions to access components  Use custom permissions  Don’t have dangerous functionality accessible without user interaction  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
Contact Georgia Weidman Security Consultant, Researcher, Trainer Website: http://www.georgiaweidman.com Slides: http://www.slideshare.net/georgiaweidman Click to edit the outline text  Email:georgia@grmn00bs.com formatedit the outline text format Click to  Twitter: @georgiaweidman Outline Level Second Outline Level  Second  − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline

More Related Content

PPT
Bypassing the Android Permission Model
Georgia Weidman
 
PPTX
Penetration testing using metasploit
Aashish R
 
PDF
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
PPTX
Finalppt metasploit
devilback
 
PDF
Metasploit
ninguna
 
PDF
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
PDF
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
PDF
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Bypassing the Android Permission Model
Georgia Weidman
 
Penetration testing using metasploit
Aashish R
 
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
Finalppt metasploit
devilback
 
Metasploit
ninguna
 
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 

Recently uploaded (20)

PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Teaching material agriculture food technology
LiaRayya
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Approach and Philosophy of On baking technology
30anthuong17
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Ad

Featured (20)

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
PDF
Everything You Need To Know About ChatGPT
Expeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
PDF
Skeleton Culture Code
Skeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
contently
 
PPTX
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
PDF
Getting into the tech field. what next
Tessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
PDF
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Ad

Smartphone Insecurity

  • 1. Smartphone Insecurity  Click to edit the outline text  • Georgia Click to Weidman formatedit the outline text format   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 2. Agenda  Smartphone Security Basics  Common Attack Vectors and Examples  Mitigation Strategies  Common vulnerabilities in 3rd party apps  Attack strategies against apps  Secure coding practices for developing apps  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 3. What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 4. What is a smartphone?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 5. What’s on your phone  Personal info  Work info  Location info  Click to edit the outline text  Account info formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 6. Do We Need Privacy? (SMS examples)  “Hi meet me for lunch”  “Meet me for lunch while my wife is out”  “Here is your bank account credentials”  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 7. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 8. Attacks on Privacy (Infrastructure) ? ? Cell Network io n p t c ry E n  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 9. Is GSM traffic encrypted? SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 10. Is GSM traffic encrypted? SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 11. Is GSM traffic encrypted? Sending Number: 1-571-435-4881 Data: hellohello  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 12. 2G(EDGE) Bad crypto: Up to the base station Algorithms breakable Click to edit the outline text  No authentication of base format stations Click to edit the outline text format    Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 13. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 14. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 15. Breaking 2G Crypto Break session key to get on the network A5/2 trivial to break Karsten Nohl broke A5/1 in 2009 in minutes  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 16. Attacks on Privacy (Infrastructure) Cell Network  Click to edit the outline text  formatedit the outline text format Click to Research by: Chris Pagent   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 17. Who cares about EDGE anyway?  Still deployed  By default phones will drop back to EDGE  Is anyone on EDGE right now?  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 18. Mitigation Strategies  Replace 2G  Option to turn off 2G on phones  Encrypt data on phones before sending  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 19. Attacks on Privacy (Platform) = Attackers know how to attack these platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 20. Rooting/Jailbreaking  Exploiting kernel/platform flaws  Client side attacks  Gain system level privileges similarly to PC platforms  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 21. JailbreakMe 3.0  iPhone jailbreak  Client side flaw in PDF (Mobile Safari)  Kernel exploit  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 22. Rootstrap  Android app loads kernel exploits  Loads code dynamically  Runs native code  Click to edit the outline text  Packaged with interesting app formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 23. DroidDream  Android app in the market  Rooted phones via kernel exploits  Stole information  Click to edit the outline text  Ran up charges formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 24. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 25. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 26. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 27. Payload example: SMS botnet  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 28. SMS PDU SMSPDU:07914140540510F1040B915117344588F100 000121037140044A0AE8329BFD4697D9EC37  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 29. How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 30. How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 31. How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 32. How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key (Swallows Message)  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 33. How the Botnet Works 1. Bot Receives a Message 3. Bot Decodes User Data 5. Checks for Bot Key  Click to edit the outline text 7. Performs Functionality formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 34. Demo Demo of Botnet Click to edit the outline text Payload  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 35. Mitigations for Platform Attacks  Updating  Better sandboxing  Vigilance from users  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 36. App attacks on privacy  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 37. App Stores  iPhone  Expensive  Closed  Identity verified  Android  Cheap  Click to edit the outline text formatedit the outline text format  Self Signed  Click to   Second Outline Level Second Outline Level  Open − − Third Outline Level Third Outline Level  Anonymous Fourth Outline Fourth Outline  
  • 38. Android Permission Model  Specifically request permissions  Users must accept at install  Send SMS, Receive SMS, GPS location  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 39. App attacks on privacy Is this system working? Are users making good decisions about apps? Click to edit the outline text   formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 40. Top Android App of All Time  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 41. Demo Demo: App Abusing Permissions  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 42. App Attacks Mitigations  Oversight on apps  Analysis of permissions  User awareness  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 43. Vulnerabilities in Android Apps  No coding standards for Android apps  Badly coded apps  Data Leak  Click to edit the outline text  Permission Leak formatedit the outline text format  Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 44. Data Leak  Access to sensitive data  Insecure storage  sdcard  World readable  Stored in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 45. Return to the Source  Free tools available  Complete source available  Don’t store secrets here  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 46. Demo DEMO: Abusing bad storage practices  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 47. Mitigating this risk  Store sensitive data privately  Don’t use the sdcard  Don’t put secrets in source code  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 48. Permission leak through components  Other apps can call public components  That’s a reason Android is awesome  If not used safely, this can be dangerous  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 49. Demo DEMO: Stealing permissions from exposed components  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 50. Mitigating This Risk  Require permissions to access components  Use custom permissions  Don’t have dangerous functionality accessible without user interaction  Click to edit the outline text  formatedit the outline text format Click to   Second Outline Level Second Outline Level − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline
  • 51. Contact Georgia Weidman Security Consultant, Researcher, Trainer Website: http://www.georgiaweidman.com Slides: http://www.slideshare.net/georgiaweidman Click to edit the outline text  Email:georgia@grmn00bs.com formatedit the outline text format Click to  Twitter: @georgiaweidman Outline Level Second Outline Level  Second  − − Third Outline Level Third Outline Level   Fourth Outline Fourth Outline

Editor's Notes

  • #13: Ubiquitous. Rural areas Saving my battery during a hurricane
  • #40: Edit and Read SMS, send SMS, receive SMS Modify/delete USB storage contents Prevent phone from sleeping, write sync settings GPS data Services that cost you money Act as account authenticator, manage accounts Read and write to your personal information including contact data Phone calls, read phone state and identity Full network access