SlideShare una empresa de Scribd logo

AITP Security SIG April 2011

J
JustinNemeth

Thank you Nick!

Tecnología
1 de 34
Descargar para leer sin conexión
Mobile Attack Implications Nicholas J. Percoco Senior Vice President and head of SpiderLabs
Agenda •  About Trustwave SpiderLabs •  Attack Vector Evolution •  Mobile Attack Cookbook •  Conclusions •  Questions? Copyright Trustwave 2011
Who is SpiderLabs®? SpiderLabs is the elite security team at Trustwave, offering clients the most advanced information security expertise available today. The SpiderLabs team has performed more than 1,000 computer incident response and forensic investigations globally, as well as over 10,000 penetration and application security tests for clients -- more than any other provider. Companies and organizations in more than 50 countries rely on the SpiderLabs team’s technical expertise to identify and anticipate cyber security attacks before they happen. Featured  Speakers  at:   Copyright Trustwave 2011
SpiderLabs – Our Mission To  con2nually  deliver  the  most  advanced   exper2se  in  informa2on  security  in  order  to   protect  the  digital  assets  of  clients  worldwide   from  a  growing  spectrum  of  malicious  a=acks.   We achieve this by: •  Recruiting top of market talent from the information security community •  Performing research in lab facilities in Chicago, London, Sydney and Sao Paulo •  Using Standardized methodologies and central QA processes to ensure quality and consistency
SpiderLabs International Footprint In  country  presences:  Australia  -­‐  Brazil  -­‐  Canada  -­‐  Hong  Kong  -­‐  India  -­‐  Mexico  -­‐  Spain   United  States  -­‐  United  Kingdom     Languages   spoken:   English   French   Spanish   Greek   German   Portuguese   Mandarin   Cantonese  Japanese  Hindi    Zulu    Ndebele  Xhosa  Setswana  Sesotho  Shona   Copyright Trustwave 2011
Attack Vector Evolution
Attack Vector Evolution A"ack  Vectors  Over  Time   9   8   7   Social  Networking   Mobile   6   Client-­‐Side   5   Wireless   4   Applica2on   3   E-­‐mail   2   Network   1   Physical   0   1950   1960   1970   1980   1990   2000   2010   Copyright Trustwave 2011
Attack Vector Evolution 1980s: Physical Copyright Trustwave 2011
Attack Vector Evolution 1990s: Network Copyright Trustwave 2011
Attack Vector Evolution 2000s: E-mail Copyright Trustwave 2011
Attack Vector Evolution 2000s: Application Copyright Trustwave 2011
Attack Vector Evolution 2000s: Wireless Copyright Trustwave 2011
Attack Vector Evolution 2010s: Client-Side Copyright Trustwave 2011
Attack Vector Evolution 2010: Client Side (Malware) 1.  Targeted Attack 2.  Drive-by Infection 3.  Manual Installation Copyright Trustwave 2011
Attack Vector Evolution 2010s: Mobile Copyright Trustwave 2011
Attack Vector Evolution 2010: Mobile 1.  Mobile Phishing Attacks 2.  Mobile Ransomware 3.  Fake Firmware and Jailbreaks Copyright Trustwave 2011
Attack Vector Evolution 2010s: Social Networking Copyright Trustwave 2011
Attack Vector Evolution 2010: Social Networking 1.  Malware Propagation 2.  Personal Information Exposure 3.  Data Mining Copyright Trustwave 2011
Attack Vector Evolution A"ack  Vectors  Over  Time   9   8   7   Social  Networking   Mobile   6   Client-­‐Side   5   Wireless   4   Applica2on   3   E-­‐mail   2   Network   1   Physical   0   1950   1960   1970   1980   1990   2000   2010   Copyright Trustwave 2011
Mobile Attack Cookbook
Mobile Attack Cookbook Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Ingredients •  Motivation •  Reversing Skills •  Creativity •  Motivation Process •  Step 1 – Pick a Platform to Target •  Step 2 – Find a Vulnerability •  Step 3 – Select a Payload •  Step 4 – Build the Payload •  Step 6 – Select a Payload Delivery Method •  Step 5 – Test it Out Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 1 – Pick a Platform to Target •  Es2mated  are  20%  of  the   Smartphone  Marketshare   •  Many  users  are  non-­‐technical   •  Jailbreak  community  does  the   vulnerability  research,  so  you  don’t   have  to   •  Many  user  don’t  EVER  update  their   device  to  the  latest  iOS     Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 2 – Find a Vulnerability •  Leverage the “Jailbreakme.com” vulnerabilities •  Affect iOS 4.0.2 or earlier – still likely 50% of the user base •  What is it? •  The “star” PDF Exploit – Code execution −  Classic stack overflow −  Leverages IOSurface (IOKit) bug for privilege escalation and sandbox escape •  The IOKit Vulnerability – Priv. escalation / escaping the sandbox −  Kernel integer overflow in handling of IOSurface properties −  Calls setuid(0) inside Safari getting root •  The Jailbreak Phase – Set up residence on the iDevice −  Patches out Kernel code signing −  Installs a basic jailbreak filesystem along with Cydia (apt-get) Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 3 – Select a Payload Implement a Weaponized Jailbreak •  Patch out a “security” check comex had incorporated •  The jailbreakme.com PDFs had code to ensure they’d been downloaded from “jailbreakme.com”. •  Patching out all the GUI pop-ups •  Didn’t want the victim to realized they were being hacked •  Build a modified wad.bin with our “rootkit” Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 4 – Build the Payload SpiderLabs Research built Custom-written iOS “Rootkit” •  Patched UNIX utilities like ‘ls’, ‘ps’, ‘find’, ‘netstat’ from the JB filesystem •  Hiding our tools from actual jailbreakers •  Port knock daemon called “bindwatch” fakes its name on argv[0] •  Spawns a bind-shell called, wait for it …. “bindshell” also fakes argv[0] •  Trivial app to record AIFF on the mic – remote eavesdrop •  Patched VNC to hide itself a little better •  Nice Open Source iPhone VNC server by saurik •  Runs via a DYLIB in MobileSubstrate •  Mostly just removed the GUI config plist from System Preferences •  Coded a trivial CLI obj-C program to configure and start VNC without the GUI Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 5 – Select an Payload Delivery Method Many methods can be used: •  Fake Jailbreak site •  SEO optimized site to target an organization •  Phishing attack •  Hack a popular site and install within the mobile version Copyright Trustwave 2011
Mobile Attack Cookbook – The Recipe Step 6 – Test it Out Credit:  Eric  Mon2,  Trustwave  SpiderLabs  Research   Copyright Trustwave 2011
Conclusions
Motivations For Attackers •  There  are  over  a  half-­‐billion  devices  on  3G  networks   •  By  2020,  there  will  be  10  billion  devices   •  60%  of  all  users  carry  their  devices  with  them  at  ALL  Fmes   •  For  high-­‐profile  and  business  folks  that  is  near  100%   •  A  typical  smartphone  today  has  the  same  processing  power   as  a  PC  from  8  years  ago,  plus:   •  Always-­‐on  network  connec2vity   •  Loca2ons  aware  thanks  to  GPS   Copyright Trustwave 2011
Motivations for Attackers •  Users  accessing  highly  sensiFve  informaFon  via   smartphones  is  the  norm   •  Users  trust  a  smartphone  over  a  public  computer  or  kiosk   •  Never  ques2on  their  smartphones  integrity   •  CommunicaFon  Services  Providers  (CSPs)  must  allow  for   governments  to  access  subscribers  communicaFons   •  Case:  In  the  UAE,  E2salat  pushed  a  “performance  update”   to  all  their  Blackberry  subscribers.   •  Reality:  Malware  was  inten2onally  pushed  down  to  allow   intercep2on  of  data  communica2ons.   Copyright Trustwave 2011
Conclusions •  It  is  possible  and  feasible  to  write  malware  for  a  mobile   device.   •  With  a  li"le  work,  automated  funcFonality  can  be   embedded   •  Li"le  a"enFon  is  being  paid  to  smartphone  security,  while   everyone  trusts  their  device  to  perform  criFcal  tasks.     •  In  the  next  10  years,  we  will  see  an  explosive  growth  in  the   number  of  a"acks  against  smartphones  and  other  mobile   compuFng  device  plaUorms.  Will  we  be  prepared?   Copyright Trustwave 2011
Questions?
SpiderLabs® SpiderLabs® is an elite team of ethical hackers advancing the security capabilities of leading businesses and organizations in over 50 countries. More Information: Web: https://www.trustwave.com/spiderlabs Blog: http://blog.spiderlabs.com Twitter: @SpiderLabs Copyright Trustwave 2011

Recomendados

C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security Products
DaveEdwards12
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
hemantchaskar
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Shakacon
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
London School of Cyber Security
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
apyn
 

Recomendados

C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security Products
DaveEdwards12
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
hemantchaskar
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Shakacon
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
London School of Cyber Security
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
apyn
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
CPPGroup Plc
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
Shane Rice
 
End Point Security - K7
End Point Security - K7End Point Security - K7
End Point Security - K7
Prime Infoserv
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
Jim Fenton
 
Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015
Dejan Pogačnik
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
frcarlson
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
Test Centre case studies - Cathal McGloin (FeedHenry)
Test Centre case studies - Cathal McGloin (FeedHenry)Test Centre case studies - Cathal McGloin (FeedHenry)
Test Centre case studies - Cathal McGloin (FeedHenry)
NGN Test Centre
 
3 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 20113 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 2011
davidmaciaalcaide
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
eightbit
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
AI Frontiers
 
Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
Novosco
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
schwarz10
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
Vladimir Jirasek
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Yunfei Yang
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
Chong-Kuan Chen
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
Bill Ross
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
AlgoSec
 

Más contenido relacionado

La actualidad más candente

Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 

La actualidad más candente (6)

Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
 
End Point Security - K7
End Point Security - K7End Point Security - K7
End Point Security - K7
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015Kaspersky Internet Security Multi-Device 2015
Kaspersky Internet Security Multi-Device 2015
 

Similar a AITP Security SIG April 2011

30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
Gaurav Srivastav
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
Novosco
 
Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablement
responsedatacomms
 

Similar a AITP Security SIG April 2011 (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Test Centre case studies - Cathal McGloin (FeedHenry)
Test Centre case studies - Cathal McGloin (FeedHenry)Test Centre case studies - Cathal McGloin (FeedHenry)
Test Centre case studies - Cathal McGloin (FeedHenry)
 
3 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 20113 Nir Zuk Modern Malware Jun 2011
3 Nir Zuk Modern Malware Jun 2011
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Novosco Zero day protection webinar
Novosco Zero day protection webinarNovosco Zero day protection webinar
Novosco Zero day protection webinar
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablement
 
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscape
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

AITP Security SIG April 2011

  • 1. Mobile Attack Implications Nicholas J. Percoco Senior Vice President and head of SpiderLabs
  • 2. Agenda •  About Trustwave SpiderLabs •  Attack Vector Evolution •  Mobile Attack Cookbook •  Conclusions •  Questions? Copyright Trustwave 2011
  • 3. Who is SpiderLabs®? SpiderLabs is the elite security team at Trustwave, offering clients the most advanced information security expertise available today. The SpiderLabs team has performed more than 1,000 computer incident response and forensic investigations globally, as well as over 10,000 penetration and application security tests for clients -- more than any other provider. Companies and organizations in more than 50 countries rely on the SpiderLabs team’s technical expertise to identify and anticipate cyber security attacks before they happen. Featured  Speakers  at:   Copyright Trustwave 2011
  • 4. SpiderLabs – Our Mission To  con2nually  deliver  the  most  advanced   exper2se  in  informa2on  security  in  order  to   protect  the  digital  assets  of  clients  worldwide   from  a  growing  spectrum  of  malicious  a=acks.   We achieve this by: •  Recruiting top of market talent from the information security community •  Performing research in lab facilities in Chicago, London, Sydney and Sao Paulo •  Using Standardized methodologies and central QA processes to ensure quality and consistency
  • 5. SpiderLabs International Footprint In  country  presences:  Australia  -­‐  Brazil  -­‐  Canada  -­‐  Hong  Kong  -­‐  India  -­‐  Mexico  -­‐  Spain   United  States  -­‐  United  Kingdom     Languages   spoken:   English   French   Spanish   Greek   German   Portuguese   Mandarin   Cantonese  Japanese  Hindi    Zulu    Ndebele  Xhosa  Setswana  Sesotho  Shona   Copyright Trustwave 2011
  • 7. Attack Vector Evolution A"ack  Vectors  Over  Time   9   8   7   Social  Networking   Mobile   6   Client-­‐Side   5   Wireless   4   Applica2on   3   E-­‐mail   2   Network   1   Physical   0   1950   1960   1970   1980   1990   2000   2010   Copyright Trustwave 2011
  • 8. Attack Vector Evolution 1980s: Physical Copyright Trustwave 2011
  • 9. Attack Vector Evolution 1990s: Network Copyright Trustwave 2011
  • 10. Attack Vector Evolution 2000s: E-mail Copyright Trustwave 2011
  • 11. Attack Vector Evolution 2000s: Application Copyright Trustwave 2011
  • 12. Attack Vector Evolution 2000s: Wireless Copyright Trustwave 2011
  • 13. Attack Vector Evolution 2010s: Client-Side Copyright Trustwave 2011
  • 14. Attack Vector Evolution 2010: Client Side (Malware) 1.  Targeted Attack 2.  Drive-by Infection 3.  Manual Installation Copyright Trustwave 2011
  • 15. Attack Vector Evolution 2010s: Mobile Copyright Trustwave 2011
  • 16. Attack Vector Evolution 2010: Mobile 1.  Mobile Phishing Attacks 2.  Mobile Ransomware 3.  Fake Firmware and Jailbreaks Copyright Trustwave 2011
  • 17. Attack Vector Evolution 2010s: Social Networking Copyright Trustwave 2011
  • 18. Attack Vector Evolution 2010: Social Networking 1.  Malware Propagation 2.  Personal Information Exposure 3.  Data Mining Copyright Trustwave 2011
  • 19. Attack Vector Evolution A"ack  Vectors  Over  Time   9   8   7   Social  Networking   Mobile   6   Client-­‐Side   5   Wireless   4   Applica2on   3   E-­‐mail   2   Network   1   Physical   0   1950   1960   1970   1980   1990   2000   2010   Copyright Trustwave 2011
  • 22. Mobile Attack Cookbook – The Recipe Ingredients •  Motivation •  Reversing Skills •  Creativity •  Motivation Process •  Step 1 – Pick a Platform to Target •  Step 2 – Find a Vulnerability •  Step 3 – Select a Payload •  Step 4 – Build the Payload •  Step 6 – Select a Payload Delivery Method •  Step 5 – Test it Out Copyright Trustwave 2011
  • 23. Mobile Attack Cookbook – The Recipe Step 1 – Pick a Platform to Target •  Es2mated  are  20%  of  the   Smartphone  Marketshare   •  Many  users  are  non-­‐technical   •  Jailbreak  community  does  the   vulnerability  research,  so  you  don’t   have  to   •  Many  user  don’t  EVER  update  their   device  to  the  latest  iOS     Copyright Trustwave 2011
  • 24. Mobile Attack Cookbook – The Recipe Step 2 – Find a Vulnerability •  Leverage the “Jailbreakme.com” vulnerabilities •  Affect iOS 4.0.2 or earlier – still likely 50% of the user base •  What is it? •  The “star” PDF Exploit – Code execution −  Classic stack overflow −  Leverages IOSurface (IOKit) bug for privilege escalation and sandbox escape •  The IOKit Vulnerability – Priv. escalation / escaping the sandbox −  Kernel integer overflow in handling of IOSurface properties −  Calls setuid(0) inside Safari getting root •  The Jailbreak Phase – Set up residence on the iDevice −  Patches out Kernel code signing −  Installs a basic jailbreak filesystem along with Cydia (apt-get) Copyright Trustwave 2011
  • 25. Mobile Attack Cookbook – The Recipe Step 3 – Select a Payload Implement a Weaponized Jailbreak •  Patch out a “security” check comex had incorporated •  The jailbreakme.com PDFs had code to ensure they’d been downloaded from “jailbreakme.com”. •  Patching out all the GUI pop-ups •  Didn’t want the victim to realized they were being hacked •  Build a modified wad.bin with our “rootkit” Copyright Trustwave 2011
  • 26. Mobile Attack Cookbook – The Recipe Step 4 – Build the Payload SpiderLabs Research built Custom-written iOS “Rootkit” •  Patched UNIX utilities like ‘ls’, ‘ps’, ‘find’, ‘netstat’ from the JB filesystem •  Hiding our tools from actual jailbreakers •  Port knock daemon called “bindwatch” fakes its name on argv[0] •  Spawns a bind-shell called, wait for it …. “bindshell” also fakes argv[0] •  Trivial app to record AIFF on the mic – remote eavesdrop •  Patched VNC to hide itself a little better •  Nice Open Source iPhone VNC server by saurik •  Runs via a DYLIB in MobileSubstrate •  Mostly just removed the GUI config plist from System Preferences •  Coded a trivial CLI obj-C program to configure and start VNC without the GUI Copyright Trustwave 2011
  • 27. Mobile Attack Cookbook – The Recipe Step 5 – Select an Payload Delivery Method Many methods can be used: •  Fake Jailbreak site •  SEO optimized site to target an organization •  Phishing attack •  Hack a popular site and install within the mobile version Copyright Trustwave 2011
  • 28. Mobile Attack Cookbook – The Recipe Step 6 – Test it Out Credit:  Eric  Mon2,  Trustwave  SpiderLabs  Research   Copyright Trustwave 2011
  • 30. Motivations For Attackers •  There  are  over  a  half-­‐billion  devices  on  3G  networks   •  By  2020,  there  will  be  10  billion  devices   •  60%  of  all  users  carry  their  devices  with  them  at  ALL  Fmes   •  For  high-­‐profile  and  business  folks  that  is  near  100%   •  A  typical  smartphone  today  has  the  same  processing  power   as  a  PC  from  8  years  ago,  plus:   •  Always-­‐on  network  connec2vity   •  Loca2ons  aware  thanks  to  GPS   Copyright Trustwave 2011
  • 31. Motivations for Attackers •  Users  accessing  highly  sensiFve  informaFon  via   smartphones  is  the  norm   •  Users  trust  a  smartphone  over  a  public  computer  or  kiosk   •  Never  ques2on  their  smartphones  integrity   •  CommunicaFon  Services  Providers  (CSPs)  must  allow  for   governments  to  access  subscribers  communicaFons   •  Case:  In  the  UAE,  E2salat  pushed  a  “performance  update”   to  all  their  Blackberry  subscribers.   •  Reality:  Malware  was  inten2onally  pushed  down  to  allow   intercep2on  of  data  communica2ons.   Copyright Trustwave 2011
  • 32. Conclusions •  It  is  possible  and  feasible  to  write  malware  for  a  mobile   device.   •  With  a  li"le  work,  automated  funcFonality  can  be   embedded   •  Li"le  a"enFon  is  being  paid  to  smartphone  security,  while   everyone  trusts  their  device  to  perform  criFcal  tasks.     •  In  the  next  10  years,  we  will  see  an  explosive  growth  in  the   number  of  a"acks  against  smartphones  and  other  mobile   compuFng  device  plaUorms.  Will  we  be  prepared?   Copyright Trustwave 2011
  • 34. SpiderLabs® SpiderLabs® is an elite team of ethical hackers advancing the security capabilities of leading businesses and organizations in over 50 countries. More Information: Web: https://www.trustwave.com/spiderlabs Blog: http://blog.spiderlabs.com Twitter: @SpiderLabs Copyright Trustwave 2011