Blackberry Proof-of-Concept: Malicious Applications -...
Transcript of Blackberry Proof-of-Concept: Malicious Applications -...
![Page 1: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/1.jpg)
1 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Blackberry Proof-of-Concept:
Malicious Applications
Mayank Aggarwal, C|EH, SCJPJunos Pulse Global Threat Center
Presented by Konstantin Yemelyanov, PhD
Junos Pulse Global Threat Center
![Page 2: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/2.jpg)
2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Overview
Introduction
BlackBerry Security Model
Recent Threats
Proof-of-Concept
Demonstrations
![Page 3: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/3.jpg)
3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Goals
Present the up-to-date state of
the BlackBerry mobile security.
Discuss commercial spyware &
remote monitoring applications.
Explore different malicious
applications developed for
BlackBerry phones.
![Page 4: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/4.jpg)
4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Smartphone Market
Source: CNN Money (August 11, 2010)
Total mobile OS sold ~ 713,000
Total computer OS sold ~ 887,000
2010 Smartphone Market (Est. June 28)Symbian 73 M iPhone OS 35 MAndroid 58 M Windows Mobile 8.5 MBlackberry 46 M
![Page 5: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/5.jpg)
5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Smart phone market grew by 64%
The RIM’s BlackBerry market grew by 41%.
BlackBerry Market
![Page 6: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/6.jpg)
6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Why Does Smartphone Security Matter?
Smartphones are rapidly replacing regular phones: by 2012, 65% of all new cell phones will be smartphones.
Smartphones are used for the same activities and have the same capabilities as PCs.
While most PCs have at least some security software in place, smartphones commonly do not have any security software installed.
![Page 7: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/7.jpg)
7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Mobile Banking is on the Rise
![Page 8: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/8.jpg)
8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Why Does Smartphone Security Matter?
Would you conduct online banking and shopping on a PC without an antivirus software installed?
Are you willing to remove antivirus, firewall, encryption and VPN software on your enterprise workstation?
![Page 9: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/9.jpg)
9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
The Biggest Mobile Device Challenge for Enterprises
![Page 10: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/10.jpg)
10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Attacker’s Motivation
Smartphone in its present state provides an
easy access to the enterprise networks.
Although smartphone market is growing, the
users are unaware of threats to the devices.
People think that smartphones cannot be
hacked as easily as computers.
Hacking smartphone is easy and quick way to
make money.
Easy to exploit user by social engineering.
Corporate espionage.
![Page 11: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/11.jpg)
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
BlackBerry Security Model
![Page 12: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/12.jpg)
12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Q. How does BlackBerry's security system work?
Q. Is BlackBerry's security unique?
BlackBerry Security Model
![Page 13: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/13.jpg)
13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Transport Level Security
End-to-end encryption –traffic is encrypted up to RIM servers in Canada.
No man-in-the-middle attack possible – all data traffic is tunneled.
![Page 14: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/14.jpg)
14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Device Encryption
BlackBerry encrypts the data on both internal and external memory.
Without knowing the password, encrypted SD-card content cannot be accessed even on a different device.
Lost or stolen encrypted devices are still safe.
![Page 15: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/15.jpg)
15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Device Firewall
BlackBerry device is equipped with built-in firewall.
Option to block SMS, email, MMS and PIN.
![Page 16: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/16.jpg)
16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Uniqueness of BlackBerry Security
RIM provides a device, a network and a service all bundled together.
Provides an overlay access network, called BIS (Blackberry Internet Service)
RIM network access as a gateway to the internet.
All the information transferred over RIM servers is encrypted with proprietary encryption.
Mobile operators cannot inspect the traffic between BlackBerry and RIM servers.
![Page 17: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/17.jpg)
17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
BlackBerry Security
“Smartphone could be used to cripple networks – RIM exec”
“Scott Totzke, RIM's vice-president of BlackBerry security, said hackers could use smartphones to target wireless carriers.”
“Criminals can use phone signals to order tens of thousands computers to contact a targeted site repeatedly, slowing it or eventually crashing it.”
![Page 18: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/18.jpg)
18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Facts:
Very few known vulnerabilities –
no 0wned.
Transport data is encrypted –
no MITM.
No remote installation without user
permission.
Facts & Fictions
![Page 19: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/19.jpg)
19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Facts:
Device can be lost or stolen.
Device can be controlled
remotely .
Once the permission is
provided, the full access to the
device and it’s resources is
granted.
Facts & Fictions
![Page 20: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/20.jpg)
20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Fiction:
My BlackBerry is Secure.
Facts & Fictions
![Page 21: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/21.jpg)
21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Recent Threats
![Page 22: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/22.jpg)
22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Blackjacking – 0wning the Enterprise via the Blackberry
First BlackBerry Trojan.
Attack Enterprise Networks.
Allowed access to the internal
network.
Use a BlackBerry for proxy
connections.
Tool released called BBProxy.
![Page 23: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/23.jpg)
23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Etisalat – BlackBerry Spyware
PCWorld
BBC News
The Register
![Page 24: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/24.jpg)
24 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
How does it work?
Etisalat pushed out a network
update to BackBerry users.
Such update, a remotely-triggered
spyware, intercepted messages
and e-mails.
No visible icon and run at the
background.
Stays dormant until command
message is received.
Once activated, forwards all
outgoing emails to a server.
![Page 25: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/25.jpg)
25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
CommercialSpyware
Copyright MAD Magazine
![Page 26: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/26.jpg)
26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Commercial Spyware
“FlexiSpy offered the first commercial spyware for BlackBerry in 2006.”
“Eighty percent of commercial spyware applications have surfaced in less than a year.”
![Page 27: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/27.jpg)
27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Commercial Spyware (cont’d)
“Above mentioned vendors sell their software as remote monitoring application.”
“However, due to the hidden and stealth nature of the application, it has a potential to be misused as a spyware.”
![Page 28: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/28.jpg)
28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Feature comparison
Commercial Spyware
“Commercial spyware remotely monitors all the smartphone activity and invades into the user’s privacy”
“Price varies from $50- $400 depending on activation duration and types of features.
![Page 29: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/29.jpg)
29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Remote Monitoring
![Page 30: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/30.jpg)
30 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Spyware or Remote Monitoring?
It’s a Spyware if:
Application’s icon is hidden.
User doesn’t have information
about application’s activity.
User did not provide a
consent to install the
application.
![Page 31: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/31.jpg)
31 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Spyware or Remote Monitoring ?
It’s a Remote Monitoring if:
The application has a visible
icon.
The user can control and
monitor the operation.
The users agree on certain
invasion into their privacy
![Page 32: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/32.jpg)
32 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Cut the Crap! Show me the Hack!
![Page 33: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/33.jpg)
33 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Demo Part I
Hacker’s at WORK
![Page 34: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/34.jpg)
34 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Phishing Application
Acquire user’s login and password.
Send login/password details to the attacker.
The victim has no way to identify the information sent to attacker’s email.
![Page 35: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/35.jpg)
35 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Phishing Application- Victim’s BlackBerry
![Page 36: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/36.jpg)
36 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Phishing Application (cont’d)
![Page 37: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/37.jpg)
37 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Demo Part II
![Page 38: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/38.jpg)
38 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Spyware Application
Captures data from the device’s external memory and emails it to the attacker.
As of today: collects *.doc, *.pdf and images stored on SDcard.
The victim can not identify the information sent in an email.
![Page 39: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/39.jpg)
39 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Spyware Application - Victim’s BlackBerry
![Page 40: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/40.jpg)
40 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Spyware Application - Attacker’s machine
![Page 41: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/41.jpg)
41 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Demo Part III
![Page 42: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/42.jpg)
42 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Trojan Application
Acts as a messenger application.
Deletes all the information from the SD card.
![Page 43: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/43.jpg)
43 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Trojan Application - Victim’s BlackBerry
![Page 44: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/44.jpg)
44 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Reality Bites
No spyware is as stealthy as claimed.
User can identify application even if an application icon is
hidden.
Once the application is installed and requested permissions
are approved, the complete access to the device is granted.
![Page 45: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/45.jpg)
45 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
What if your application leaks server information?
A well-known remote monitoring / commercial
spyware leaks it’s server login information.
Application features:
– Remote Listening– C&C Over SMS– Pictures, Video & Audio Logging– SMS & Email Logging– Call History Logging– Location Tracking– Call Interception– GPS Tracking
![Page 46: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/46.jpg)
46 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
What if your application leaks server information?
![Page 47: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/47.jpg)
47 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Where do we go from here?
![Page 48: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/48.jpg)
48 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Conclusion
Unlike iPhone, BlackBerry applications
can be obtained from anywhere.
Once installed, the application can gain
complete access to the device.
Lack of real time detection and
eradication.
Free apps are not always free.
Enable firewall and device encryption.
Set the device password.
Finally, don’t let others use your phone.
![Page 49: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/49.jpg)
49 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Questions?
![Page 50: Blackberry Proof-of-Concept: Malicious Applications - …archive.hack.lu/2010/Aggarwal-Blackberry-Malicious-Applications... · PC without an antivirus ... Hacking smartphone is easy](https://reader036.fdocuments.in/reader036/viewer/2022062907/5a9e3c3f7f8b9a21488d9942/html5/thumbnails/50.jpg)
50 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Thank You for Coming!