SlideShare una empresa de Scribd logo

Ransombile: yet another reason to ditch sms

Martin Vigo
Martin Vigo

The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you.

Tecnología
1 de 36
Descargar para leer sin conexión
Ransombile Yet another reason to ditch SMS Martin Vigo @martin_vigo | martinvigo.com 123456
Martin Vigo Product Security Lead From Galicia, Spain Research | Scuba | Gin tonics @martin_vigo - martinvigo.com Amstrad CPC 6128 Captured while playing “La Abadía del crímen”
Have you left your phone unattended?
Did you disable the assistant on lock screen?
Did you disable notifications on lock screen?
What can the assistant do while the device is locked? ?
How to steal $2,999.99 in less than 2 minutes https://www.martinvigo.com/steal-2999-99-minute-venmo-siri
Goal Broadening the impact
Well known issues for years “Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”
Objective Help push the industry to stop relying on SMS as a secure channel
Finding more SMS services usshortcodedirectory.com
Password reset
2-factor authentication
Verification
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Obtain victim’s email “Send an email to attacker@domain.com about subject saying content”
Obtain secret codes from SMS SMSs are displayed on locked home screen “Read my texts”
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Lots to compromise, limited time We need automation
Ransombile Ransomware + Mobile Automates the entire password reset process over SMS Uses Selenium for UI automation rather APIs there is even a Firefox plugin that records your mouse movement and generates code for you Does not require any backend/API knowledge to add new SMS services
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Ransombile … 1. “Send an email to victim.ransom@gmail.com about subject saying content” 3. Initiate password reset process 4. Send codes over SMS 5. Read codes and enter in Ransombile 2. Get email address 6. Send secret codes and complete password reset
Ransombile Demo Hi, my name is Tom Promise and I am a millenial!
Open source github.com/martinvigo/ransombile
Conclusions A locked mobile device is still insecure Unattended mobile devices can be a bigger risk than unattended computers and companies tend to ignore this Consequences of losing your phone are not only monetary
Can we do better? Getting rid of the physical access requirement
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords Requires physical access
Chaouki Kasmi & Jose Lopes Esteves “Remote Command Injection on Modern Smartphones” Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner & Wenchao Zhou “Hidden Voice Commands” Obtain victim’s email without physical access Guoming Zhang, Chen Yan, Xiaoyu Ji, Taimin Zhang, Tianchen Zhang, Wenyuan Xu “DolphinAtack: Inaudible Voice Commands”
Dolphin Attack
Obtain secret codes from SMS without physical access SS7 attacks 2G downgrade attacks and broken A5/1 cipher Femtocells Defcon 21 - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DEF CON 18 - Kristin Paget - Practical Cellphone Spying CCC - Tobias Engel - SS7: Locate. Track. Manipulate. SIM Swapping
Conclusions It is possible to perform these attacks without physical access to the device (In theory…) POC||GTFO SMS wasn’t designed with security in mind nor to be used as a secure channel Online services should encourage app-based temp codes and make SMS opt-in
Recommendations for you Don’t leave your mobile device unattended Disable the assistant in the lock screen Disable notifications preview in the lock screen Use apps for 2FA Don’t provide your phone number if not required unless it’s the only way to get 2FA use a virtual number to prevent OSINT and SIM swapping attacks Check the settings to disable security challenges over SMS
THANK YOU! @martin_vigo martinvigo.com martinvigo@gmail.com linkedin.com/in/martinvigo github.com/martinvigo youtube.com/martinvigo Come see my DEF CON talk: “Compromising online accounts by cracking voicemail systems” Friday, 1PM in Track 1

Recomendados

Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsMartin Vigo
 
From email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachFrom email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachMartin Vigo
 
Modicare Mighty Guard
Modicare Mighty GuardModicare Mighty Guard
Modicare Mighty GuardAmritansh Barnwal
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Spoofing
Spoofing Spoofing
Spoofing paulina villanueva
 
Lenovo
LenovoLenovo
Lenovofbivirusalert
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 

Recomendados

Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsMartin Vigo
 
From email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachFrom email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachMartin Vigo
 
Modicare Mighty Guard
Modicare Mighty GuardModicare Mighty Guard
Modicare Mighty GuardAmritansh Barnwal
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Spoofing
Spoofing Spoofing
Spoofing paulina villanueva
 
Lenovo
LenovoLenovo
Lenovofbivirusalert
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple processsagar_raj
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricksSudhanshu Mishra
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the HackJason Jakus
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
travel Safely
travel Safelytravel Safely
travel Safelyssuser4b758a
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSmantha Brooks
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 
Phone cloning
Phone cloning Phone cloning
Phone cloning Subhrajit Paul
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloningSALMAN SHAIKH
 
Mobile Phone Cloning
Mobile Phone CloningMobile Phone Cloning
Mobile Phone CloningShivam Jaiswal
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptxManojMudhiraj3
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloningSai Srinivas Mittapalli
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comchrist university
 

Más contenido relacionado

La actualidad más candente

Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple processsagar_raj
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricksSudhanshu Mishra
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 

La actualidad más candente (14)

Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple process
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricks
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
travel Safely
travel Safelytravel Safely
travel Safely
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time Password
 
Password hacking
Password hackingPassword hacking
Password hacking
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
 

Similar a Ransombile: yet another reason to ditch sms

Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloningSALMAN SHAIKH
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptxManojMudhiraj3
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comchrist university
 
Mobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedMobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedSai Srinivas Mittapalli
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeRocket Matter, LLC
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolutionTech and Law Center
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Techso
 

Similar a Ransombile: yet another reason to ditch sms (20)

Phone cloning
Phone cloning Phone cloning
Phone cloning
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloning
 
Mobile Phone Cloning
Mobile Phone CloningMobile Phone Cloning
Mobile Phone Cloning
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptx
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
 
Mobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedMobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermented
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and security
 
Web Security
Web SecurityWeb Security
Web Security
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law Practice
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
Cloning. (4)
Cloning. (4)Cloning. (4)
Cloning. (4)
 
Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)
 
Clonning
ClonningClonning
Clonning
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Mobile phone-cloning
Mobile phone-cloningMobile phone-cloning
Mobile phone-cloning
 

Más de Martin Vigo

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsMartin Vigo
 
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsMartin Vigo
 
Mobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMartin Vigo
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile appsMartin Vigo
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKMartin Vigo
 
Breaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsBreaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsMartin Vigo
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Martin Vigo
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkMartin Vigo
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolMartin Vigo
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolMartin Vigo
 

Más de Martin Vigo (11)

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
 
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
 
Mobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLi
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile apps
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Breaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsBreaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secrets
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdk
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 

Último

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

Último (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 

Ransombile: yet another reason to ditch sms

  • 1. Ransombile Yet another reason to ditch SMS Martin Vigo @martin_vigo | martinvigo.com 123456
  • 2. Martin Vigo Product Security Lead From Galicia, Spain Research | Scuba | Gin tonics @martin_vigo - martinvigo.com Amstrad CPC 6128 Captured while playing “La Abadía del crímen”
  • 3. Have you left your phone unattended?
  • 4. Did you disable the assistant on lock screen?
  • 5. Did you disable notifications on lock screen?
  • 6. What can the assistant do while the device is locked? ?
  • 7. How to steal $2,999.99 in less than 2 minutes https://www.martinvigo.com/steal-2999-99-minute-venmo-siri
  • 8.
  • 10.
  • 11. Well known issues for years “Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”
  • 12. Objective Help push the industry to stop relying on SMS as a secure channel
  • 17. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 18. Obtain victim’s email “Send an email to attacker@domain.com about subject saying content”
  • 19. Obtain secret codes from SMS SMSs are displayed on locked home screen “Read my texts”
  • 20. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 21. Lots to compromise, limited time We need automation
  • 22. Ransombile Ransomware + Mobile Automates the entire password reset process over SMS Uses Selenium for UI automation rather APIs there is even a Firefox plugin that records your mouse movement and generates code for you Does not require any backend/API knowledge to add new SMS services
  • 23. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 24. Ransombile … 1. “Send an email to victim.ransom@gmail.com about subject saying content” 3. Initiate password reset process 4. Send codes over SMS 5. Read codes and enter in Ransombile 2. Get email address 6. Send secret codes and complete password reset
  • 25. Ransombile Demo Hi, my name is Tom Promise and I am a millenial!
  • 26.
  • 28. Conclusions A locked mobile device is still insecure Unattended mobile devices can be a bigger risk than unattended computers and companies tend to ignore this Consequences of losing your phone are not only monetary
  • 29. Can we do better? Getting rid of the physical access requirement
  • 30. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords Requires physical access
  • 31. Chaouki Kasmi & Jose Lopes Esteves “Remote Command Injection on Modern Smartphones” Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner & Wenchao Zhou “Hidden Voice Commands” Obtain victim’s email without physical access Guoming Zhang, Chen Yan, Xiaoyu Ji, Taimin Zhang, Tianchen Zhang, Wenyuan Xu “DolphinAtack: Inaudible Voice Commands”
  • 33. Obtain secret codes from SMS without physical access SS7 attacks 2G downgrade attacks and broken A5/1 cipher Femtocells Defcon 21 - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DEF CON 18 - Kristin Paget - Practical Cellphone Spying CCC - Tobias Engel - SS7: Locate. Track. Manipulate. SIM Swapping
  • 34. Conclusions It is possible to perform these attacks without physical access to the device (In theory…) POC||GTFO SMS wasn’t designed with security in mind nor to be used as a secure channel Online services should encourage app-based temp codes and make SMS opt-in
  • 35. Recommendations for you Don’t leave your mobile device unattended Disable the assistant in the lock screen Disable notifications preview in the lock screen Use apps for 2FA Don’t provide your phone number if not required unless it’s the only way to get 2FA use a virtual number to prevent OSINT and SIM swapping attacks Check the settings to disable security challenges over SMS
  • 36. THANK YOU! @martin_vigo martinvigo.com martinvigo@gmail.com linkedin.com/in/martinvigo github.com/martinvigo youtube.com/martinvigo Come see my DEF CON talk: “Compromising online accounts by cracking voicemail systems” Friday, 1PM in Track 1