blackhat usa 2013 - practical attacks against mobile device management solutions

49

Practical Attacks against Mobile Device Management Solutions

Upload: lacoon-mobile-security

Post on 09-Jun-2015

1.235 views

Category:

Technology

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Spyphones are surveillance tools surreptitiously planted on a users handheld device. While malicious mobile applications mainly phone fraud applications distributed through common application channels - target the typical consumer, spyphones are nation states tool of attacks. Why? Once installed, the software stealthy gathers information such as text messages (SMS), geo-location information, emails and even surround-recordings. How are these mobile cyber-espionage attacks carried out? In this engaging session, we present a novel proof-of-concept attack technique which bypass traditional mobile malware detection measures- and even circumvent common Mobile Device Management (MDM) features, such as encryption. http://www.blackhat.com/us-13/briefings.html#Brodie

TRANSCRIPT

Page 1: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Practical Attacks against Mobile

Device Management Solutions

Page 2: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

About: Daniel

•

From PC to Mobile

•

Developing an App Analysis framework for spyphones, mobile malware and exploits

Page 3: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

About: Michael

•

•

Page 4: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Agenda

•

•

•

•

Page 5: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

TARGETED

MOBILE THREATS

Page 6: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

The Mobile Threatscape

Page 7: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Mobile Remote Access Trojans (aka Spyphones)

Page 8: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Recent High-Profiled Examples

Page 9: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Varying Costs, Similar Results

Page 10: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Commercial Surveillance Software

Page 11: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Survey: Cellular Network 2M Subscribers Sampling: 650K

Page 12: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Survey: Cellular Network 2M Subscribers Sampling: 650K

June 2013:

1 / 1000 devices

Page 13: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Survey: Cellular Network 2M Subscribers Sampling: 650K

Page 14: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Survey: Cellular Network 2M Subscribers Sampling: 650K

Page 15: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDM and SECURE

CONTAINERS

101

Page 16: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Mobile Device Management

•

•

•

Page 17: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDM: Penetration in the Market

Gartner, Inc. October 2012

Page 18: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDM Key Capabilities

•

•

•

•

Page 19: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Secure Containers

Page 20: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Behind the Scenes: Secure Containers

Page 21: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDMs and Secure Containers

Page 22: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDMs and Secure Containers

Page 23: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

BYPASSING

MOBILE DEVICE

MANAGEMENT

(MDM) SOLUTIONS

Page 24: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Overview

Page 25: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

ANDROID

Page 26: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 1: Infect the Device

Page 27: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 1: Technical Details

Page 28: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 2: Install a Backdoor (i.e. Rooting)

Page 29: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 2: Install a Backdoor (i.e. Rooting)

Page 30: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 2: Technical Details

Page 31: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 3: Bypass Containerization

Page 32: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 3: Bypass Containerization

Page 33: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 3: Bypass Containerization

Page 34: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 3: Technical Details

Page 35: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 4: Exfiltrate Information

Page 36: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 4: Technical Details

Page 37: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

•

•

•

•

Who Needs Root If you Have System

Page 38: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

IOS

Page 39: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 1: Infect the device

Page 40: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 2: Install a Backdoor (i.e. Jailbreaking)

Page 41: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 2: Technical Details

Page 42: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Step 3: Bypass Containerization

Page 43: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MITIGATION

TECHNIQUES

Page 44: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

MDM

Page 45: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Key Issues

•

•

•

Page 46: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Layered Approach (Defense-In-Depth)

•

•

•

Page 47: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Page 48: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Adaptive multi-layer approach

•

•

•

Page 49: BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions

Thank You.

Practical Adversarial Attacks Against Black Box Speech

Memory Corruption Attacks The (almost) Complete …media.blackhat.com/bh-us-10/whitepapers/Meer/BlackHat-USA-2010...Memory Corruption Attacks The (almost) Complete History ... Memory

Practical Padding Oracle Attacks

Practical Invalid Curve Attacks on TLS-ECDH · Practical Invalid Elliptic Curve Attacks on TLS-ECDH Tibor Jager, Jörg Schwenk, Juraj Somorovsky 2 Recent years revealed many attacks

BlackHat-Practical Padding Oracle Attacks

Practical Attacks Against Encrypted VoIP Communications

Privacy & Stylometry: Practical Attacks Against Authorship Recognition Techniques

Practical Attacks on Implementations · Practical Attacks on Real World Crypto Implementations Juraj Somorovsky 2 Recent years revealed many crypto attacks… • ESORICS 2004, Bard:

Jeroen van Beek BlackHat USA 2008, Las VegasBlackHat USA ... · • Real life attacks, the past: – Cloning ePassports without Active Authentication • Lukas Grunwald @ BlackHat,

Practical Black-Box Attacks against Machine Learning · Practical Black-Box Attacks against Machine Learning Nicolas Papernot Pennsylvania State University [email protected] Patrick

Practical Attacks on Real-world E-voting

Beating up on Android: Practical Android Attacks

Timing Attacks Have Never Been So Practical

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

BlackHat DC 2011 Perez-Pico Mobile Attacks-Slides

Practical Defenses Against Pollution Attacks in …crix/publications/acm-tissec11b.pdf · Practical Defenses Against Pollution Attacks in Wireless Network Coding ... realistic link

Practical Adversarial Attacks AgainstSpeaker Recognition

Practical Adversarial Attacks AgainstSpeaker …zli96/publications/li2020...Practical Adversarial Attacks Against Speaker Recognition Systems Zhuohang Li The University of Tennessee

Practical state recovery attacks against legacy RNG

TCP Injection attacks in the wild - Paper Conf/Blackhat/2016/us-16... · TCP INJECTION ATTACKS IN THE WILD ... A redirection to ... ‘UYAN’ INJECTION The valid HTTP response: HTTP/1.1

Practical Attacks on the MIFARE Classic

Timing attacks have never been so practical: Advance cross site search attacks

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)

Abusing XSLT for Practical Attacks White Paper · Abusing XSLT for Practical Attacks White Paper ...

Blackhat EU 2011 - Practical Sandboxing

BlackHat DC 2011 Perez-Pico Mobile Attacks-Wp

Wp Ernw Practical Attacks Mpls Carrier Ethernet

Practical RFID Attacks - Chaos Communication Camp 2007

Practical steps to mitigate DDoS attacks

Practical Adversarial Attacks AgainstSpeaker …web.eecs.utk.edu/~jliu98/publications/li2020practical.pdfPractical Adversarial Attacks Against Speaker Recognition Systems Zhuohang

Practical Attacks Against Privacy and Availability in 4G

Practical Attacks against MPLS or Carrier Ethernet Networks

HITB Labs: Practical Attacks Against 3G/4G ...conference.hitb.org/hitbsecconf2011kul/materials/D2 LABS - Daniel... · HITB Labs: Practical Attacks Against 3G/4G Telecommunication

Practical rsa padding oracle attacks

Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph, Blackhat USA 2007