Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Smartphone Insecurity
1. Smartphone Insecurity
Click to edit the outline text
•
Georgia
Click to Weidman
formatedit the outline text format
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
2. Agenda
Smartphone Security Basics
Common Attack Vectors and Examples
Mitigation Strategies
Common vulnerabilities in 3rd party apps
Attack strategies against apps
Secure coding practices for developing apps
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
3. What is a smartphone?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
4. What is a smartphone?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
5. What’s on your phone
Personal info
Work info
Location info
Click to edit the outline text
Account info formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
6. Do We Need Privacy? (SMS examples)
“Hi meet me for lunch”
“Meet me for lunch while my wife is out”
“Here is your bank account credentials”
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
7. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
8. Attacks on Privacy (Infrastructure)
? ? Cell Network
io n
p t
c ry
E n
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
9. Is GSM traffic encrypted?
SMSPDU:07914140540510F1040B915117344588F100
000121037140044A0AE8329BFD4697D9EC37
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
10. Is GSM traffic encrypted?
SMSPDU:07914140540510F1040B915117344588F100
000121037140044A0AE8329BFD4697D9EC37
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
11. Is GSM traffic encrypted?
Sending Number: 1-571-435-4881
Data: hellohello
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
12. 2G(EDGE)
Bad crypto:
Up to the base station
Algorithms breakable
Click to edit the outline text
No authentication of base format
stations
Click to edit the outline text format
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
13. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
14. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
15. Breaking 2G Crypto
Break session key to get on the network
A5/2 trivial to break
Karsten Nohl broke A5/1 in 2009 in minutes
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
16. Attacks on Privacy (Infrastructure)
Cell Network
Click to edit the outline text
formatedit the outline text format
Click to
Research by: Chris Pagent
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
17. Who cares about EDGE anyway?
Still deployed
By default phones will drop back to EDGE
Is anyone on EDGE right now?
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
18. Mitigation Strategies
Replace 2G
Option to turn off 2G on phones
Encrypt data on phones before sending
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
19. Attacks on Privacy (Platform)
=
Attackers know how to attack these platforms
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
20. Rooting/Jailbreaking
Exploiting kernel/platform flaws
Client side attacks
Gain system level privileges similarly to PC platforms
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
21. JailbreakMe 3.0
iPhone jailbreak
Client side flaw in PDF (Mobile Safari)
Kernel exploit
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
22. Rootstrap
Android app loads kernel exploits
Loads code dynamically
Runs native code
Click to edit the outline text
Packaged with interesting app formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
23. DroidDream
Android app in the market
Rooted phones via kernel exploits
Stole information
Click to edit the outline text
Ran up charges formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
24. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
25. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
26. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
27. Payload example: SMS botnet
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
29. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
30. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
31. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
32. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key (Swallows Message)
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
33. How the Botnet Works
1. Bot Receives a Message
3. Bot Decodes User Data
5. Checks for Bot Key
Click to edit the outline text
7. Performs Functionality formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
34. Demo
Demo of Botnet Click to edit the outline text
Payload
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
35. Mitigations for Platform Attacks
Updating
Better sandboxing
Vigilance from users
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
36. App attacks on privacy
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
37. App Stores
iPhone
Expensive
Closed
Identity verified
Android
Cheap
Click to edit the outline text
formatedit the outline text format
Self Signed
Click to
Second Outline Level
Second Outline Level
Open
−
− Third Outline Level
Third Outline Level
Anonymous Fourth Outline
Fourth Outline
38. Android Permission Model
Specifically request permissions
Users must accept at install
Send SMS, Receive SMS, GPS location
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
39. App attacks on privacy
Is this system working? Are users
making good decisions about
apps? Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
40. Top Android App of All Time
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
41. Demo
Demo: App Abusing Permissions
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
42. App Attacks Mitigations
Oversight on apps
Analysis of permissions
User awareness
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
43. Vulnerabilities in Android Apps
No coding standards for Android apps
Badly coded apps
Data Leak
Click to edit the outline text
Permission Leak formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
44. Data Leak
Access to sensitive data
Insecure storage
sdcard
World readable
Stored in source code
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
45. Return to the Source
Free tools available
Complete source available
Don’t store secrets here
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
46. Demo
DEMO: Abusing bad storage practices
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
47. Mitigating this risk
Store sensitive data privately
Don’t use the sdcard
Don’t put secrets in source code
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
48. Permission leak through components
Other apps can call public components
That’s a reason Android is awesome
If not used safely, this can be dangerous
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
49. Demo
DEMO: Stealing permissions from exposed
components
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
50. Mitigating This Risk
Require permissions to access components
Use custom permissions
Don’t have dangerous functionality accessible without
user interaction
Click to edit the outline text
formatedit the outline text format
Click to
Second Outline Level
Second Outline Level
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
51. Contact
Georgia Weidman
Security Consultant, Researcher, Trainer
Website: http://www.georgiaweidman.com
Slides: http://www.slideshare.net/georgiaweidman
Click to edit the outline text
Email:georgia@grmn00bs.com
formatedit the outline text format
Click to
Twitter: @georgiaweidman Outline Level
Second Outline Level
Second
−
− Third Outline Level
Third Outline Level
Fourth Outline
Fourth Outline
Hinweis der Redaktion
Ubiquitous. Rural areas Saving my battery during a hurricane
Edit and Read SMS, send SMS, receive SMS Modify/delete USB storage contents Prevent phone from sleeping, write sync settings GPS data Services that cost you money Act as account authenticator, manage accounts Read and write to your personal information including contact data Phone calls, read phone state and identity Full network access