Transparent Smartphone Spying
Embed Size (px)
Transcript of Transparent Smartphone Spying
- 1. Transparent Smartphone Spying Georgia Weidman
- 2. Agenda Smartphone Overview Evil Applications Evil Jailbreaks Baseband Spying Mitigation Strategies
- 3. What is a Smartphone?
- 4. Data Stored and Transmitted Personal info Work info Location info Account info
- 5. Privacy of Transmitted Data Mobile communication standards Encoding vs. Encryption Attacks against privacy
- 6. Privacy Matters: Text Messages Hi meet me for lunch Meet me for lunch while my wife is out Here are your bank account credentials
- 7. Privacy Required Examples Vendor text messages Vendor advertisements Provider messages Mobile banking Balance sheet Electronic bill paying One time passwords
- 8. Evil Applications
- 9. Application Stores iPhone Expensive Identity Verified Closed Certificate Authority Android Cheap Open Anonymous Self signed
- 10. Application Protections: iPhone ASLR Mandatory code signing No dynamic code loading Sandboxed
- 11. Applications Protections: Android Users accept permissions
- 12. Our Text Message Example Permission to read text message(SMS) database Specific permission to send text message(SMS) messages Without user consent, application cannot access this information
- 13. Is this system working to protect users?Are users making good decisions about application permissions?
- 14. Top Android App of all Time
- 15. DemoDemo: Application abusing permissions
- 16. Abusing the Android Sandbox Load exploit code at runtime Safe application becomes malicious application In the wild: DroidDream In the lab: Rootstrap
- 17. Evil Jailbreak
- 18. Jailbreaking Get root privileges Expand feature set Run unapproved (3rd party apps)
- 19. Jailbreaking Gone Wild Run this code It jailbreaks your phone What else does it do?
- 20. So Ive exploited a phone, what now?
- 21. Baseband Spying Read all data sent/receive by the phone Intercept data before it reaches the user/before it is sent
- 22. How an GSM is sent and received 22
- 23. How an GSM is sent and received Georgia Weidman 2011 23
- 24. How an GSM is sent and received Georgia Weidman 2011 24
- 25. Malicious Proxy Intercept data Send data Alter data Botnet functionality
- 26. DemoDemo: Stealing Text Messages
- 27. Mitigation Strategies User Awareness Encryption Updating Code signing
- 28. ContactGeorgia Weidman, Security Consultant Neohapsis, Inc. Email: email@example.com firstname.lastname@example.org Website: http://www.neohapsis.com http://www.grmn00bs.com Twitter: @vincentkadmon
- 29. Selected Bibliography John Oberheide and Jach Lanier Team JOCH vs. Android Shmoocon 2011: http://jon.oberheide.org/files/shmoo11- teamjoch.pdf Charlie Miller and Collin Mulliner Fuzzing the Phone in Your Phone Blackhat USA 2009: http://www.blackhat.com/presentations/bhusa- 09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf Dino Dai Zovi Apple iOS Security Evalution Blackhat USA 2011: https://media.blackhat.com/bh-us- 11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf