SlideShare ist ein Scribd-Unternehmen logo

Attacking Blackberry For Phun and Profit

Ammar WK
Ammar WK
Technologie
1 von 40
Downloaden Sie, um offline zu lesen
Attacking BlackBerry for phun and profit y3dips[et]echo.or.id Sunday, November 8, 2009
y3dips • A Bandwidth Hunter ... A Renegade • IT Security fans for more than 7 year • http://google.com/search?q=y3dips Sunday, November 8, 2009
BlackBerry • Push Email • Wireless Messaging System • Phone, SMS, Cameras, Browsing Sunday, November 8, 2009
BlackBerry • Photos • Emails • Sms • Phone log • Contact Sunday, November 8, 2009
BlackBerry • BlackBerry Enterprise Server (BES) • BlackBerry Internet Service (BIS) Sunday, November 8, 2009
Diagram http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif Sunday, November 8, 2009
BB Proxy • Attack BES network • Defcon 2006 presented by Jesse D’aguanno • Making a Blackberry Device as a gateway to internal Network Sunday, November 8, 2009
Attacking Anatomy Server Apps Server BB User INTERNAL LAN Firewall INTERNET Attacker Sunday, November 8, 2009
Attacking Anatomy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
Attacking Anatomy Connecting into App Server Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
Attacking Anatomy Connecting into App Server Device as a proxy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall Attacker 0wned Internal Network INTERNET Attacker Sunday, November 8, 2009
Our Approach • Attacking Wifi Network • DNS Spoofing • Ssl Tunneling - http://stunnel.org • BlackBag - http://matasano.com Sunday, November 8, 2009
DNS Spoofing • Spoof dns entry into router/dns server # echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts Sunday, November 8, 2009
DNS Spoofing Sunday, November 8, 2009
Stunnel • Setup 2 SSL connection • SSL Connection from BB device to Attacker machine • SSL Connection from Attacker machine to BB Real Server Sunday, November 8, 2009
Stunnel • Setup 2 SSL connection # stunnel -d 443 -r localhost:8888 # stunnel -c -d 8889 -r 216.9.240.88:443 Sunday, November 8, 2009
BlackBag • Glue the tunnel back # bkb replug -b localhost:8889@8888 Sunday, November 8, 2009
BlackBag Sunday, November 8, 2009
Attacking Anatomy search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 Tcp/443 WIFI Tcp/8888 Tcp/443 RIM Network Tcp/8889 Attacker - 133.7.133.7 Sunday, November 8, 2009
Viewable Sunday, November 8, 2009
Viewable Sunday, November 8, 2009
Result Sunday, November 8, 2009
Result • Clear Text Sender PIN • Clear Text Recipient PIN • Clear Text Message type • Encrypted Data Sunday, November 8, 2009
Impact • Spam? until DDOS • PIN abuse; such as cloning • Blackmail; identity thief, logs • Email and PIN Mapping Sunday, November 8, 2009
Next • More Data to analyze (different type) • Attack the Encryption? • Another Infrastructur attacking Scenario Sunday, November 8, 2009
Confession Sunday, November 8, 2009
Raw Data Sunday, November 8, 2009
Mal(Spy)ware • The Most Famous Etisalat Issue • Firmware Update • Reverse by some researcher • 100% Spyware Sunday, November 8, 2009
Mal(Spy)ware Sunday, November 8, 2009
POC • Provided by Sheran Gunasekera @HITB 2009 • Bugs - Forwarding Emails • PhoneSnoop - Turn your BB into Spy devices • http://chirashi.zensay.com Sunday, November 8, 2009
Bugs Sunday, November 8, 2009
Summary • 0wned a blackberry with $20 (USD) • Social Engineering rulez! • BlackBerry User awareness Sunday, November 8, 2009
Case Stories Sunday, November 8, 2009
Case Stories Sunday, November 8, 2009
Case Stories Sunday, November 8, 2009
Mitigation • Password Your Device • Turn On Firewall • Encrypt your Data/Media Card • Controlling downloded application • Protecting GPS location • Connect to Legitimate Wifi Network Sunday, November 8, 2009
References • Attack Surface Analysis of Blackberry Devices - symantec • BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit • BlackJaking:0wning the Enterprise via BlackBerry - x30n • Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera • Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick Sunday, November 8, 2009
Greetz • Hermis Consulting • Sheran Gunasekera • staff@echo.or.id • Info Komputer Sunday, November 8, 2009

Empfohlen

Connected Home Eu Tour Oct2009
Connected Home Eu Tour Oct2009Connected Home Eu Tour Oct2009
Connected Home Eu Tour Oct2009Rob Blaauboer
 
Video Meets Documentation
Video Meets DocumentationVideo Meets Documentation
Video Meets DocumentationHealy Consulting Services
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 

Empfohlen

Connected Home Eu Tour Oct2009
Connected Home Eu Tour Oct2009Connected Home Eu Tour Oct2009
Connected Home Eu Tour Oct2009Rob Blaauboer
 
Video Meets Documentation
Video Meets DocumentationVideo Meets Documentation
Video Meets DocumentationHealy Consulting Services
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Mobile Web App Development
Mobile Web App DevelopmentMobile Web App Development
Mobile Web App DevelopmentBrian LeRoux
 
Vagrant at LA Ruby
Vagrant at LA RubyVagrant at LA Ruby
Vagrant at LA RubyMitchell Hashimoto
 
Vertically Challenged
Vertically ChallengedVertically Challenged
Vertically ChallengedAurynn Shaw
 
Don Schwarz App Engine Talk
Don Schwarz App Engine TalkDon Schwarz App Engine Talk
Don Schwarz App Engine TalkTech in the Middle
 
Gearman For Beginners
Gearman For BeginnersGearman For Beginners
Gearman For BeginnersGiuseppe Maxia
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009ClubHack
 
20091014 Google Wave
20091014 Google Wave20091014 Google Wave
20091014 Google WaveAlexander Benker
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutionshemantchaskar
 
Post globe 2010 fifthlight
Post globe 2010 fifthlightPost globe 2010 fifthlight
Post globe 2010 fifthlightONEIA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Fernand Galiana
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to GearmanGiuseppe Maxia
 
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 20092009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009Caue Guerra
 
AFCEA West Demonstration
AFCEA West DemonstrationAFCEA West Demonstration
AFCEA West DemonstrationJon Marcy
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 
Intercloud ptc 13
Intercloud ptc 13Intercloud ptc 13
Intercloud ptc 13davidrbernstein
 
Btree Nosql Oak
Btree Nosql OakBtree Nosql Oak
Btree Nosql OakChris Anderson
 
Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 

Weitere ähnliche Inhalte

Ähnlich wie Attacking Blackberry For Phun and Profit

Mobile Web App Development
Mobile Web App DevelopmentMobile Web App Development
Mobile Web App DevelopmentBrian LeRoux
 
Vertically Challenged
Vertically ChallengedVertically Challenged
Vertically ChallengedAurynn Shaw
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009ClubHack
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutionshemantchaskar
 
Post globe 2010 fifthlight
Post globe 2010 fifthlightPost globe 2010 fifthlight
Post globe 2010 fifthlightONEIA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Fernand Galiana
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to GearmanGiuseppe Maxia
 
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 20092009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009Caue Guerra
 
AFCEA West Demonstration
AFCEA West DemonstrationAFCEA West Demonstration
AFCEA West DemonstrationJon Marcy
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 

Ähnlich wie Attacking Blackberry For Phun and Profit (18)

Mobile Web App Development
Mobile Web App DevelopmentMobile Web App Development
Mobile Web App Development
 
Vagrant at LA Ruby
Vagrant at LA RubyVagrant at LA Ruby
Vagrant at LA Ruby
 
Vertically Challenged
Vertically ChallengedVertically Challenged
Vertically Challenged
 
Don Schwarz App Engine Talk
Don Schwarz App Engine TalkDon Schwarz App Engine Talk
Don Schwarz App Engine Talk
 
Gearman For Beginners
Gearman For BeginnersGearman For Beginners
Gearman For Beginners
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009
 
20091014 Google Wave
20091014 Google Wave20091014 Google Wave
20091014 Google Wave
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Post globe 2010 fifthlight
Post globe 2010 fifthlightPost globe 2010 fifthlight
Post globe 2010 fifthlight
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python Presentation
 
Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to Gearman
 
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 20092009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
2009, o ano do Ruby on Rails no Brasil - CaelumDay 2009
 
AFCEA West Demonstration
AFCEA West DemonstrationAFCEA West Demonstration
AFCEA West Demonstration
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
 
Intercloud ptc 13
Intercloud ptc 13Intercloud ptc 13
Intercloud ptc 13
 
Btree Nosql Oak
Btree Nosql OakBtree Nosql Oak
Btree Nosql Oak
 

Mehr von Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 

Mehr von Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 

Kürzlich hochgeladen

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Kürzlich hochgeladen (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Attacking Blackberry For Phun and Profit

  • 1. Attacking BlackBerry for phun and profit y3dips[et]echo.or.id Sunday, November 8, 2009
  • 2. y3dips • A Bandwidth Hunter ... A Renegade • IT Security fans for more than 7 year • http://google.com/search?q=y3dips Sunday, November 8, 2009
  • 3. BlackBerry • Push Email • Wireless Messaging System • Phone, SMS, Cameras, Browsing Sunday, November 8, 2009
  • 4. BlackBerry • Photos • Emails • Sms • Phone log • Contact Sunday, November 8, 2009
  • 5. BlackBerry • BlackBerry Enterprise Server (BES) • BlackBerry Internet Service (BIS) Sunday, November 8, 2009
  • 6. Diagram http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif Sunday, November 8, 2009
  • 7. BB Proxy • Attack BES network • Defcon 2006 presented by Jesse D’aguanno • Making a Blackberry Device as a gateway to internal Network Sunday, November 8, 2009
  • 8. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Firewall INTERNET Attacker Sunday, November 8, 2009
  • 9. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 10. Attacking Anatomy Connecting into App Server Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 11. Attacking Anatomy Connecting into App Server Device as a proxy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall Attacker 0wned Internal Network INTERNET Attacker Sunday, November 8, 2009
  • 12. Our Approach • Attacking Wifi Network • DNS Spoofing • Ssl Tunneling - http://stunnel.org • BlackBag - http://matasano.com Sunday, November 8, 2009
  • 13. DNS Spoofing • Spoof dns entry into router/dns server # echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts Sunday, November 8, 2009
  • 15. Stunnel • Setup 2 SSL connection • SSL Connection from BB device to Attacker machine • SSL Connection from Attacker machine to BB Real Server Sunday, November 8, 2009
  • 16. Stunnel • Setup 2 SSL connection # stunnel -d 443 -r localhost:8888 # stunnel -c -d 8889 -r 216.9.240.88:443 Sunday, November 8, 2009
  • 17. BlackBag • Glue the tunnel back # bkb replug -b localhost:8889@8888 Sunday, November 8, 2009
  • 19. Attacking Anatomy search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 20. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 21. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 Tcp/443 WIFI Tcp/8888 Tcp/443 RIM Network Tcp/8889 Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 25. Result • Clear Text Sender PIN • Clear Text Recipient PIN • Clear Text Message type • Encrypted Data Sunday, November 8, 2009
  • 26. Impact • Spam? until DDOS • PIN abuse; such as cloning • Blackmail; identity thief, logs • Email and PIN Mapping Sunday, November 8, 2009
  • 27. Next • More Data to analyze (different type) • Attack the Encryption? • Another Infrastructur attacking Scenario Sunday, November 8, 2009
  • 30. Mal(Spy)ware • The Most Famous Etisalat Issue • Firmware Update • Reverse by some researcher • 100% Spyware Sunday, November 8, 2009
  • 32. POC • Provided by Sheran Gunasekera @HITB 2009 • Bugs - Forwarding Emails • PhoneSnoop - Turn your BB into Spy devices • http://chirashi.zensay.com Sunday, November 8, 2009
  • 34. Summary • 0wned a blackberry with $20 (USD) • Social Engineering rulez! • BlackBerry User awareness Sunday, November 8, 2009
  • 38. Mitigation • Password Your Device • Turn On Firewall • Encrypt your Data/Media Card • Controlling downloded application • Protecting GPS location • Connect to Legitimate Wifi Network Sunday, November 8, 2009
  • 39. References • Attack Surface Analysis of Blackberry Devices - symantec • BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit • BlackJaking:0wning the Enterprise via BlackBerry - x30n • Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera • Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick Sunday, November 8, 2009
  • 40. Greetz • Hermis Consulting • Sheran Gunasekera • staff@echo.or.id • Info Komputer Sunday, November 8, 2009