Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices...
-
Upload
trinhtuong -
Category
Documents
-
view
219 -
download
1
Transcript of Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices...
![Page 1: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/1.jpg)
SESSION ID:
Predatory Hacking of Mobile Devices
MBS-W03
Jeff Forristal CTO
Bluebox Security www.bluebox.com
![Page 2: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/2.jpg)
#RSAC
If you haven’t heard…
2
the world has gone mobile.
2013 Q4 shipments: 227.8m smartphones (IDC) vs. 82.6m PCs (Gartner)
![Page 3: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/3.jpg)
#RSAC
Attackers follow opportunity Credit: Google
3
![Page 4: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/4.jpg)
#RSAC
Data has been leaking for a while Credit: Forbes
4
![Page 5: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/5.jpg)
#RSAC
Mobile Device Data & Assets
u Account logins & passwords u Email
u VPN
u Social networks
u Banking & shopping
u Services / resources u Internet & VPN
u Cellular
u SMS (premium charges)
u Documents u Email & attachments
u File storage services
u Monitoring u Microphone
u Camera
u GPS/location
u Soft auth tokens/2FA
u Pivot to PC
![Page 6: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/6.jpg)
#RSAC
Attack Surface u Communications Networks
u Cellular
u Wifi
u Malicious Apps
u Physical Access u USB
u Dock/Accessory Connector
u Lockscreen
u Other u QR Code
6
u Bluetooth
u NFC
u SIM
![Page 7: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/7.jpg)
#RSAC
Type complex passwords on this? No thanks.
7
![Page 8: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/8.jpg)
Data Theft via Malicious Apps
![Page 9: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/9.jpg)
#RSAC
It happens – ask Charlie Miller Credit: news.nbc.com
9
![Page 10: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/10.jpg)
#RSAC
Fake BBM apps, circa Sept 2013 Credit: AndroidCentral.com
10
![Page 11: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/11.jpg)
#RSAC
Malicious App Sources
u Hosted on Apple/Google stores, missed by reviews
u Jailbreak markets
u Third-party app stores
u Enterprise app stores & app distribution services
11
![Page 12: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/12.jpg)
#RSAC
Android sandbox & security layers Credit: Google
12
![Page 13: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/13.jpg)
#RSAC
Example: Android Masterkey
u Found by Bluebox in 2013
u Code modification without affecting the app cryptographic signature
u Abusing system UID apps to gain system privileges
u System UID access is outside normal app sandbox
u Sub-root data compromise u Will not be detected by normal jailbreak/root detection mechanisms
13
![Page 14: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/14.jpg)
#RSAC
Malicious IOS App Demo Malicious app steals configuration settings & passwords
Graphic credit: Iconfactory.com
![Page 15: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/15.jpg)
#RSAC
Mitigations
u Prefer vendors that patch!
u Android: disable installation from unknown sources
u Stick to trusted app sources/markets
u MAM, EMM, VDI can protect on-device data
15
A/V?
![Page 16: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/16.jpg)
Data Theft via Physical Access
![Page 17: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/17.jpg)
#RSAC
Malicious USB Chargers (“Juice Jacking”)
u Free power charging station is really an exploit host
u Presentation at Blackhat 2013 by Lau et al u Targets iPhone
u Gets UDID over USB
u Talks to Apple website, gets dev provisioning profile for that UDID
u Have a malware app signed by dev cert included in provisioning profile
u Push mobile config to phone to install the malware app
u Runs code on device, go from there…
![Page 18: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/18.jpg)
#RSAC
USB Debug Access
u Commercial phones with ADB debugging access on by default u Blu Dash 4.5 (Android 4.2.1)
u HTC One (original Android 4.1.2)
u ADB debugging access gives you shell access
u Debugging trust prompt added in Android 4.2.2 (early 2013)
![Page 19: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/19.jpg)
#RSAC
IOS PIN brute force demo Physical PIN brute force of locked iPhone via USB
Graphic credit: Alexander "PAPO1990" Papadopoulos
![Page 20: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/20.jpg)
#RSAC
Mitigations
u Android: turn off ADB debugging
u Newest IOS, Android prompt you to trust the USB connection
u MAM, EMM, VDI, containers add extra layer of data security
20
![Page 21: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/21.jpg)
Data Theft via Wifi Networks
![Page 22: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/22.jpg)
#RSAC
SSID spoofing (“WiPhishing”)
u Phones auto-connecting to ‘attwifi’ et al
u Known SSIDs from airports, cafes, etc. u Tend to be open auth w/ captive portal, easy
to spoof
u If you used it once, device will remember it for use again later
u Tools can spoof hundreds of APs, impersonate the ones clients respond to
![Page 23: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/23.jpg)
#RSAC
Non-Secure HTTP Traffic
u Mobile devices & apps sends lots of plaintext traffic u This is all observable, subject to MITM
u Interesting data seen in the clear u Android device ID
u GPS lat/long
u MITM attack vectors u Android webview javascript callback
u IOS SSL verification error
u IMEI
![Page 24: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/24.jpg)
#RSAC
Spoofed APs Pretending to be everywhere
24
DHCP
MitM
… aLwifi linksys
gogoinflight hhonors tmobile starbucks peets guest
starwood …
Mdk3 Hostapd
Mitmproxy Karma
Wifi Pineapple
Photo credit: hak5.org hakshop
![Page 25: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/25.jpg)
#RSAC
Stats 2200 phones
u 53% IOS, 31% Android, 2% Blackberry, 13% other
Top SSIDs u attwifi (36%)
u Wayport_Access (6%)
u SFO-WiFi (5%)
u United_Wi-Fi (5%)
u linksys (5%)
u gogoinflight (4%) 25
![Page 26: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/26.jpg)
#RSAC
Wifi Demo Mobile devices connect to spoofed APs, exploited by Android bug
![Page 27: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/27.jpg)
#RSAC
Mitigations u Purge old prior networks from mobile device wifi list
u Security apps can automate this
u Android: Bluebox Wifi Cleaner
u Turn off radios (Bluetooth, Wifi) when not using them
u Bonus: saves battery!
u Android: Kismet Smarter Wi-Fi Manager
u Use device VPN & app VPNs to protect traffic on untrusted networks
u Some capabilities exclusive to MAM, EMM, and containers
27
![Page 28: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/28.jpg)
Going Forward
![Page 29: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/29.jpg)
#RSAC
Fact: Mobile vulnerabilities will continue
29
Challenge: Keeping data safe;
quick detection & recovery
![Page 30: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/30.jpg)
#RSAC
Accepting Reality
u PDAs are finally ubiquitous
u Always on, always connected, always at risk
u The form factor makes traditional security controls cumbersome
u Users have minimal incentive to avoid all forms of mobile risk
![Page 31: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/31.jpg)
#RSAC
NIST SP 800-124
31
Guidelines for Managing the Security of Mobile Devices in the Enterprise
![Page 32: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/32.jpg)
Is it about the device? Is it about the apps? It’s about the DATA.
![Page 33: Predatory Hacking of Mobile Devices - Where The · PDF filePredatory Hacking of Mobile Devices MBS-W03 Jeff Forristal CTO Bluebox Security . ... Purge old prior networks from mobile](https://reader033.fdocuments.in/reader033/viewer/2022051720/5a7682ca7f8b9a63638d51f9/html5/thumbnails/33.jpg)
Bluebox Security
Securing your mobile data wherever it goes u Cloud service provider of mobile data security
u Secure what matters most – corporate data – across devices, apps, and networks
u Unprecedented visibility to inform and tune policies; take action based on data usage and movement
u Increase compliance and productivity by providing security that employees embrace
u Single pane of glass to manage mobile data security across fully managed, BYOD, and hybrid environments