Transparent Smartphone Spying

download Transparent Smartphone Spying

of 29

  • date post

  • Category


  • view

  • download


Embed Size (px)



Transcript of Transparent Smartphone Spying

  • 1. Transparent Smartphone Spying Georgia Weidman
  • 2. Agenda Smartphone Overview Evil Applications Evil Jailbreaks Baseband Spying Mitigation Strategies
  • 3. What is a Smartphone?
  • 4. Data Stored and Transmitted Personal info Work info Location info Account info
  • 5. Privacy of Transmitted Data Mobile communication standards Encoding vs. Encryption Attacks against privacy
  • 6. Privacy Matters: Text Messages Hi meet me for lunch Meet me for lunch while my wife is out Here are your bank account credentials
  • 7. Privacy Required Examples Vendor text messages Vendor advertisements Provider messages Mobile banking Balance sheet Electronic bill paying One time passwords
  • 8. Evil Applications
  • 9. Application Stores iPhone Expensive Identity Verified Closed Certificate Authority Android Cheap Open Anonymous Self signed
  • 10. Application Protections: iPhone ASLR Mandatory code signing No dynamic code loading Sandboxed
  • 11. Applications Protections: Android Users accept permissions
  • 12. Our Text Message Example Permission to read text message(SMS) database Specific permission to send text message(SMS) messages Without user consent, application cannot access this information
  • 13. Is this system working to protect users?Are users making good decisions about application permissions?
  • 14. Top Android App of all Time
  • 15. DemoDemo: Application abusing permissions
  • 16. Abusing the Android Sandbox Load exploit code at runtime Safe application becomes malicious application In the wild: DroidDream In the lab: Rootstrap
  • 17. Evil Jailbreak
  • 18. Jailbreaking Get root privileges Expand feature set Run unapproved (3rd party apps)
  • 19. Jailbreaking Gone Wild Run this code It jailbreaks your phone What else does it do?
  • 20. So Ive exploited a phone, what now?
  • 21. Baseband Spying Read all data sent/receive by the phone Intercept data before it reaches the user/before it is sent
  • 22. How an GSM is sent and received 22
  • 23. How an GSM is sent and received Georgia Weidman 2011 23
  • 24. How an GSM is sent and received Georgia Weidman 2011 24
  • 25. Malicious Proxy Intercept data Send data Alter data Botnet functionality
  • 26. DemoDemo: Stealing Text Messages
  • 27. Mitigation Strategies User Awareness Encryption Updating Code signing
  • 28. ContactGeorgia Weidman, Security Consultant Neohapsis, Inc. Email: Website: Twitter: @vincentkadmon
  • 29. Selected Bibliography John Oberheide and Jach Lanier Team JOCH vs. Android Shmoocon 2011: teamjoch.pdf Charlie Miller and Collin Mulliner Fuzzing the Phone in Your Phone Blackhat USA 2009: 09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf Dino Dai Zovi Apple iOS Security Evalution Blackhat USA 2011: 11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf