Upload
sto-strategy
View
221
Download
0
Embed Size (px)
Citation preview
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
1/52
QUESTIONABLE
VALUE OF MD
THE
BYODS VIE
YU
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
2/52
MULTISKILLED SECURITY RESEARCHER, WORKS FOR RUSSIAN COMPANY
EXPERIENCED IN :
REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST)
MOBILE SECURITY, INCL. MDM, MAM, etc.
CYBER SECURITY & CLOUD SECURITY
COMPLIANCE & FORENSICS ON MOBILE & CLOUD
WRITING (STO BLOG, HAKING, PENTEST, eFORENSICS Magazines)
PARTICIPATION AT CONFERENCES:
INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS,
DEFCON MOSCOW, HACKERHALTED, HACKTIVITY, HACKFEST
CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL
ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY
[ YURY CHEMERKIN ]
www.linkedin.com/in/yurychemerkin
http://sto
-
strategy.com yury.s@
http://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://sto-strategy.com/http://sto-strategy.com/mailto:[email protected]://sto-strategy.com/http://sto-strategy.com/http://www.linkedin.com/in/yurychemerkinhttp://www.linkedin.com/in/yurychemerkinhttp://pentestmag.com/http://pentestmag.com/http://hakin9.org/http://hakin9.org/mailto:[email protected]://sto-strategy.com/http://www.linkedin.com/in/yurychemerkin8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
3/52
[ MOBILE DEVICE MANAGEMENT
WHAT DO WORKERS WANT WHAT DO COMPANIES
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
4/52
[ MOBILE DEVICE MANAGEMENT
WHAT DO THIRD PART Y USUALLY SELLFIRST CASE WHAT DO THIRD
PARTY
USUALLY
SE
CASE
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
5/52
MOBILE DEVICEMOBILE DEVICE MANAGEMENT SOLUTION
NATIVE / THIRD PARTY SOLUTIONMOBILE APPLICATION MANAGEMENT SOLUTION
EMBEDDED / NATIVE / THIRD PARTY SOLUTIONMOBILE EMAIL MANAGEMENT SOLUTIONNETWORK ACCESS CONTROL SOLUTION
NOT ENOUGH NEW IDEA, BUT QUITE USEFUL IN CLOUDSADDITIONAL SOLUTION
AV, LOG MANAGEMENT, DLP-BASED SOLUTION, FORENSICS SOLUTIONCOMPLIANCE
GUIDELINES / BEST PRACTICES
[ MOBILE DEVICE MANAGEMENT
WHATS THE REAL DEVICE MANAGEMENT APPROACH INCLUDENOT LESS TH
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
6/52
APPLE IS SO SERIOUS TO LET MALWARE BE SPREADED THROUGH THEIR MARKET, EXCE
Ch. MILLER CASE
JAILBREAK,CYDIA,BLACK&OTHER MARKETS
MICROSOFT (WINDOWS PHONE) HAS IMPLEMENTED THE SAME IDEA
GOOGLE HAS A WEAK POLICY THAT WHY EVERYONE GOT MALWARE IN OFFICAL MARK
PLUS 3RD PARTY MARKET
PLUS REPACKAGES
BLACKBERRY IS THE SAFEST OS BECAUSE THAT'S ABOUT THE SIZE OF IT
[ OPINIONS ]
Blackberry Windows iOSAndroid
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
7/52
MDM HELPS TO PROTECT DATA AND MANAGE BLACKBERRY, iOS, WINDOWS, AND ANDROID DEVICES.
MDM ENHANCED BY MANAGING THE BEHAVIOR OF THE DEVICE
SECURE BOOTLOADER, SYSTEM SOFTWARE SECURITY (UPDATES),
APPLICATION CODE SIGNING
RUNTIME PROCESS SECURITY (SANDBOX, APIs)
HARDWARE SECURITY FEATURES
FILE DATA PROTECTION SSL, TLS, VPN
PASSCODE PROTECTION
SETTINGS (PERMISSIONS/ RESTRICTIONS, CONFIGURATIONS)
REMOTE MAGAGEMENT
MDM
REMOTE WIPE
[ SECURITY ENVIRONMENT ]
EACH OS EVALUATESEVERY REQUEST THATAPPLICATION S MAKESTO ACCESS
BUTLEADS AWAY FROM ANY DETAILS AND APIs
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
8/52
BYPASS MDM SOLUTIONS
iOS, ANDROID
EXPLOITS, DUMP /MEM TO GET EMAILS
BLACKHAT EU13 http://goo.gl/HN829p
BLACKBERRY PLAYBOOK
EXPLOITS, MITM, DUMP .ALL FILES SECTO11R, INFILTRATE12, SOURCE
BOSTON13 http://goo.gl/KaTtFG
GAIN ROOT ACCESS
ANDROID
APP SIGNATURE EXPLOITATION
APP MODIFICATION
BLACKHAT USA13 http://goo.gl/p5FhWG
TIME-FRAME TO FIX
7+ MONTH or WAIT FOR
WAIT FOR A VENDORS I ANALYSIS OF APPS DATA IN THE
BLACKBERRY, iOS
DATA LEAKAGE REVEAL PASSWORDS,
BLACKHAT EU12 http
ANDROID
DATA LEAKAGE
WEAKNESS OF CRYPT
PHDAY III 13 http://g
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR COMPLIANCEBRINGS COMMONRECOM
http://goo.gl/HN829phttp://goo.gl/HN829phttp://goo.gl/KaTtFGhttp://goo.gl/p5FhWGhttp://goo.gl/p5FhWGhttp://goo.gl/STpSllhttp://goo.gl/x1PPGKhttp://goo.gl/x1PPGKhttp://goo.gl/x1PPGKhttp://goo.gl/STpSllhttp://goo.gl/p5FhWGhttp://goo.gl/KaTtFGhttp://goo.gl/HN829p8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
9/52
PLAYBOOK ARTIFACTS (see the previous slide)
BROWSERS HISTORY
NETWORKING IDs, FLAGS, MACs
VIDEO CALLS DETAILS
ACCESS TO INTERNAL NETWORK
KERNEL BLACKBERRY Z10
DUMP MICROKERNEL
EVEN DEVELOPERS CREDENTIALS
(FACEBOOK, MOBILE, EMAILS) BLACKHAT
DEFCON MOSCOW http://goo.gl/R74leX
GUI FAILS (my results)
BLACKBERRY OS
DATA LEAKAGE
REVEAL PASSWORDS, A
NO PERMISSIONS REQUE
BORROW PERMISSIONS
NullCon13, CONFIDENC
http://goo.gl/phMey2
Havent yet test on new
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR COMPLIANCE BRINGS COMMONRECOM
http://goo.gl/R74leXhttp://goo.gl/R74leXhttp://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/R74leX8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
10/52
GOALS - MOBILE RESOURCES / AIM OF ATTACK
DEVICE RESOURCES
OUTSIDE-OF-DEVICE RESOURCES
ATTACKS SET OF ACTIONS UNDER THE THREAT
APIs - RESOURCES WIDELY AVAILABLE TO CODERS
SECURITY FEATURES
KERNEL PROTECTION , NON-APP FEATURES
PERMISSIONS - EXPLICITLY CONFIGURED
3RD PARTY
AV, FIREWALL, VPN, MDM
COMPLIANCE - RULES TO DESIGN A MOBILE SECURITY
IN ALIGNMENT WITH COMPLIANCE TO
[ DEVICE MANAGEMENT ]
APPLICATION LEVEL ATTACKS VECTOR
AV, MDM,
DLP, VPN
Attacks
APIs
MDM feature
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
11/52
= , , ,
set of OS permissions, set of device permissions, set
of MDM permissions, set of missed permissions (lack of
controls), set of rules are explicitly should be applied to gain
a compliance
= + ,
set of APIs , set of APIs that interact with sensitive data, set of APIs that do not interact with sensitive data
To get a mobile security designed with full granularity the set
should be empty set to get instead of , so
the matter how is it closer to empty. On another hand it should
find out whether assumptions , are true and if it is
possible to get .
Set of permissions < Set of activities ef
typical case < 100%,
ability to control each API = 100%
More than 1 permission per APIs >10
lack of knowledge about possi
improper granularity
[ DEVICE MANAGEMENT ]
Concurrency over native& additional security features The situation is very serio
MDM features
P
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
12/52
[ BLACKBERRY. PERMISSIONS ]
BB 10 Cascades SDK BB 10 AIR SDK PB (ND
Background processing + +BlackBerry Messenger -
Calendar, Contacts + via invo
Camera + +
Device identifying information + +
Email and PIN messages + via invo
GPS location + +
Internet + +
Location +
Microphone + +
Narrow swipe up - +Notebooks +
Notifications + +
Player - +
Phone +
Push +
Shared files + +
Text messages +
Volume - +
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
13/52
[ BLACKBERRY. Significant APIs ]
Feature Q. APIs Q. sign. APIs % (sign .APIs)
BlackBerry Messenger 77 70 90,91
Calendar 443 126 28,44
Camera 47 41 87,23
Contacts 316 150 47,47
Device identifying info 15 14 93,33
Email & PIN messages 347 211 60,81
Internet 161 145 90,06
Microphone 21 15 71,43
Notebooks 123 86 69,92
Notifications 32 24 75,00
Phone 27 22 81,48Push 25 22 88,00
Shared files 78 70 89,74
Text messages 10 6 60,00
Account 66 21 31,82
MediaPlayer 66 63 95,45
NFC 24 11 45,83
Radio & SIM 68 51 75,00
Clipboard 6 4 66,67
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
14/52
[ BLACKBERRY. Common activities
6
21
5
34
7
18
63
17
3 4 24 4
8
14 3 2 1 1 1 2 2 2 1 1 1 10
5
10
15
20
2530
35
Q. of m.+a. activity Q. of m.+a. permission
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
15/52
[ BLACKBERRY. Derived activities ]
6
116
24
59
7
89
1623
47
311
3
19
46
9
1 4 3 3 1 3 1 2 2 2 1 2 1 10
20
40
60
80
100
120
Q. of derived activities Q. of derived perm
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
16/52
[ BLACKBERRY. Efficiency (%) ]
16.67 19.05
60.00
5.88 14.29 5.5616.67
66.67
11.76
66.67
25.0050.00
25.00 25.00
50.0
16.67
3.45
12.50
5.08
14.29
3.37 6.25
8.704.26
66.67
9.09
66.67
5.262.17
88
0.00
50.00
100.00
150.00
200.00
250.00
% m+a activity vs perm % m+a derived activity vs perm
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
17/52
[ iOS. Info.plist (app capabilities) ]
Key Description
auto-focus-camera handle a utofocus c apabilities i n the devices still camera in case of a macro photography or im
bluetooth-le handle the p resence of Bluetooth low-energy hardware on the device.
camera-flash handle a camera flash for taking pictures or shooting video.
front-facing-camera handlea forward-facingcamerasuch as capturing video from the devices camera.
gamekit handle a Game Center.
gps handle a GPS (or AGPS) hardware to track a locations in case of need the higher accuracy more
location-services retrieve the devices current location using the Core Location framework though Cellular/Wi-F
microphone handle the built-in microphone and its accessories
peer-peer handle peer-to-peer connectivity over a Bluetooth network.sms handle the presence of the Messages application such as opening URLs with the sms scheme.
still-camera handle the p resence of a camera on the device such as c apturing images from the devices stil
telephony handle the p resence of the Phone application such as opening URLs with t he telephony schem
video-camera handle t he presence o fa camerawith video capabilitieso n d evice such ascapturing v ideo fro
wifi access to the networking features of the device.
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
18/52
[ iOS. Settings ]
Component Unit
Restrictions :: Native application
Safari
Camera, FaceTimeiTunes Store, iBookstore
Siri
Manage applications*
Restrictions :: 3rd application
Manage applications*Explicit Language (Siri)
Privacy*, Accounts*
Content Type Restrictions*
Unit subcomponents
Privacy :: LocationPer each 3rd party app
For system services
Privacy :: Private Info
Contacts, Calendar, Reminders, P
Bluetooth SharingTwitter, Facebook
Accounts
Disables changes to Mail, Contacts, Calendars, iClou
Find My Friends
Volume limit
Content Type Restrictions
Ratings per country and regio
Music and podcasts
Movies, Books, Apps, TV show
In-app purchasesRequire Passwords (in-app purch
Game CenterMultiplayer Games
Adding Friends (Game Center
Manage applicationsInstalling Apps
Removing Apps
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
19/52
[ iOS. Common activities ]
5
12
3 3
8
13
2
10
2
6
10
3
0
2
0 0
0
1
0
0
1
1
0
1
3
1 0
0
1
0
0
1
1
0
02468
1012141618
20
Q. of m.+a. activity Q. of m.+a. permission Q. of m.+a. perm plus parenta
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
20/52
[ iOS. Derived activities ]
9
20
13
13
918 12
10 2 10 10 6
0 2
0
0
0
1
0
0
1 10
1
3
1
00
1
0
0 11
0
010
20
30
40
50
60
70
80
Q. of derived activities Q. of derived perm Q. of derived perm + plus paren
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
21/52
[ iOS. Efficiency (%) ]
0.00
16.67
0.00 0.00
0.007.69
0.000.00
50.0016.67 0.00
00.00
10.00
0.00
0.00
0.00
5.560.00
0.00
50.00 10.00
0.00
0
20.00
25.00
33.33
0.00
0.00
7.69
0.00
0.00
50.00 16.67
0.0033
11.1115.00 7.69
0.000.00
5.56
0.000.00
50.00 10.00
0.00
16
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
% m+a activity vs perm % m+a derived activity vs perm Q. of m.+a. perm plus parental perm Q. of derive
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
22/52
[ Windows. Permissions ]
Permission Description
General use capabilities
musicLibrary provides access to the user's Music library, allowing the app to enumerate and access all fi
picturesLibrary provides access to the user's Pictures library, allowing to enumerate and access all files
videosLibrary provides access to the user's Videos library, allowing the app to enumerate and access al
removableStorage provides access to files on removable storage, such as USB keys and external hard drives,
microphone provides access to the microphones audio feed, which allows to record audio from conn
webcam provides access to the webcams video feed, which allows to capture snapshots, movies fro
location provides access to location functionality like a GPS sensor or derived from availab
proximityenables multiple devices in close proximity to communicate with one another via poss
Bluetooth, WiFi, and the internet.internetClient,
internetClientServerprovides outbound (inbound is for server only) access to the Internet, public networ
privateNetworkClientServerprovides inbound and outbound access to home and work networks through the firew
applications that share data across local devices.Special use capabilities
enterpriseAuthenticationenable a user to log into remote resources using their credentials, and act as if a user provid
password.
sharedUserCertificates enables an access to software and hardware certificates like smart card
documentsLibrary provides access to the user's Documents library, filtered to the file type asso
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
23/52
[ Windows. Significant APIs ]
Feature Q. APIs Q. sign. APIs % (sign. APIs) Co
General use capabilities
Notifications 68 4 5,88 +Music library 1300 138 10,62 +Pictures library 1157 133 11,50 +Videos library 1300 138 10,62 +Removablestorage 1045 109 10,43 +Microphone 274 33 12,04 +Webcam 409 91 22,25 +Location 37 5 13,51 +Proximity 54 19 35,19 +Internet and public networks 488 134 27,46 +
Home and work networks 488 134 27,46 +Special use capabilities
Enterprise authentication 8 4 50,00 +Shared User Certificates 20 5 25,00 +Documentslibrary 1045 126 12,06 +
Non-controlled capabilities
Clipboard 132 20 15,15 -Phone 18 6 33,33 -SMS 122 25 20,49 -Contacts 97 31 31,96 -Device Info 221 30 13,57 -
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
24/52
[ Windows. Common Activities ]
1 1
3
1 1
3
5
3
6
14
43
4
2
1 1 1 1 1
3
6
1 12
5
12 2
0
2
4
6
8
10
12
14
Q. of m.+a. activity Q. of m.+a. permission
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
25/52
[ Windows. Derived Activities ]
1
810
8
5
11
14
3
7
21
16
6
12 12
12 2 2
13
6
1 12
5
12 2
0
5
10
15
20
25
Q. of derived activities Q. of derived perm
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
26/52
[ Windows. Efficiency (%) ]
100.00 100.00
33.33
100.00100.00
100.00
120.00
33.33
16.6714.29
125.00
33.33
50.00
100.00
0.
100.00
25.00
20.00
25.0020.00
27.2742.8633.33
14.29
9.52
31.25
16.67 16.6716.67
0.00
20.00
40.00
60.00
80.00
100.00
120.00
% m+a activity vs perm % m+a derived activity vs perm
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
27/52
ACCESS_CHECKIN_PROPERTIES,ACCESS_COARSE_LOCATION,
ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM
ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE,
ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_
MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT
TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET
,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTEVIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL
PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_
PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY,
BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA
MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO
NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M
ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C
LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE
TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN
OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC
TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_
PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE
ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P
ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK
GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T
OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN
MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_
OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_
CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE
R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L
OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_
SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS,
READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET
ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO
RD_AUDIO,REORDER_TASKS
,SET_ACTIVITY_WATCHER,SE
SET_ANIMATION_SCALE,SET
,SET_POINTER_SPEED,SET_P
ROCESS_LIMIT,SET_TIME,SET
ET_WALLPAPER_HINTS,SIGN
TUS_BAR,SUBSCRIBED_FEEDITE,SYSTEM_ALERT_WINDOW
REDENTIALS,USE_SIP,VIBRAT
TINGS,WRITE_CALENDAR,W
TS,WRITE_EXTERNAL_STORA
STORY_BOOKMARKS,WRITE_
GS,WRITE_SETTINGS,WRITE_
RITE_SYNC_SETTINGS,WRITE
[ A droid. Permissions ]
List contains ~150 permissions I have ever seen that on old Black
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
28/52
ACCOUNTS
AFFECTS_BATTERY
APP_INFO
AUDIO_SETTINGS
BLUETOOTH_NETWORK
BOOKMARKS
CALENDAR
CAMERA
COST_MONEY
DEVELOPMENT_TOOLS
DEVICE_ALARMS
DISPLAY
HARDWARE_CONTROLS
LOCATION
MESSAGES
MICROPHONE
NETWORK
PERSONAL_INFO
PHONE_CALLS
SCREENLOCK
SOCIAL_INFO
STATUS_BAR
STORAGE
SYNC_SETTINGS
SYSTEM_CLOCK
SYSTEM_TOOLS
USER_DICTIONA
VOICEMAIL
WALLPAPER
WRITE_USER_D
[ A droid. Permission Groups ]
But there only 30 permissions groups Ihave ever seen that on old BlackBerry
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
29/52
[ A droid. Efficiency (%) ]
20.00
15.38
28.57
9.52
33.33
25.00
2.00
20.00
8.33 7.14
20.00
15.38
0.00 0.00
10.71
0.00
2.91
0.00
4.557.14
0.00
5.00
10.00
15.00
20.00
25.00
30.00
35.00
40.00
45.00
50.00
% m+a activity vs perm % m+a derived activity vs perm
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
30/52
[ Average quantitative indicators ]
394.8667.48
9.2332.48 2.01 2.19
38.427.6
435.95
62.37 3.849.68
1.47 1.63 54 20.97
119.31
60.38
7.43 17.07
0.64 0.69
9.06
5.94
102.74
60.638.86 29.26 1.89 2.32
42.0430.48
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Q. APIs Q. sign APIs Q. of m.+a.
activities
Q. of derived
activities
Q. of m.+a.
permissions
Q. of derived
permissions
% m+a activities
vs perm
%m+a derived vs
perm
Android Windows iOS BlackBerry
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
31/52
CAMERA AND VIDEO
HIDE THE DEFAULT CAMERA APPLICATION
PASSWORD
DEFINE PASSWORD PROPERTIES
REQUIRE LETTERS (incl. case)
REQUIRE NUMBERS
REQUIRE SPECIAL CHARACTERS DELETE DATA AND APPLICATIONS FROM THE
DEVICE AFTER
INCORRECT PASSWORD ATTEMPTS
DEVICE PASSWORD
ENABLE AUTO-LOCK
LIMIT PASSWORD AGE
LIMIT PASSWORD HISTORY
RESTRICT PASSWORD LENG
MINIMUM LENGTH FOR TPASSWORD THAT IS ALLOW
ENCRYPTION
APPLY ENCRYPTION RULES
ENCRYPT INTERNAL DEVIC
TOUCHDOWN SUPPORT
MICROSOFT EXCHANGE SY
EMAIL PROFILES
ACTIVESYNC
MDM . Extendyour device security capa
Android CONTROLLEDFOUR GROU
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
32/52
BROWSER
DEFAULT APP,
AUTOFILL, COOKIES, JAVASCRIPT, POPUPS
CAMERA, VIDEO, VIDEO CONF
OUTPUT, SCREEN CAPTURE, DEFAULT APP
CERTIFICATES (UNTRUSTED CERTs)
CLOUD SERVICES
BACKUP / DOCUMENT / PICTURE / SHARING
CONNECTIVITY
NETWORK, WIRELESS, ROAMING
DATA, VOICE WHEN ROAMING
CONTENT
CONTENT (incl. EXPLICIT)
RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
MESSAGING (DEFAULT APP)
BACKUP / DOCUMENT PICTURE / SHA
ONLINE STORE
ONLINE STORES , PURCHASES, PASSW
DEFAULT STORE / BOOK / MUSIC APP
MESSAGING (DEFAULT APP)
PASSWORD (THE SAME WITH ANDROID, NEW BLA
PHONE AND MESSAGING (VOICE DIALING)
PROFILE & CERTs (INTERACTIVE INSTALLATION)
SOCIAL (DEFAULT APP)
SOCIAL APPS / GAMING / ADDING FRI
DEFAULT SOCIAL-GAMING / SOCIAL-V
STORAGE AND BACKUP
DEVICE BACKUP AND ENCRYPTION
VOICE ASSISTANT (DEFAULT APP)
MDM . Extend your device security capa
iOS CONTROLLED16 GROUP
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
33/52
GENERAL
MOBILE HOTSPOT AND TETHERING
PLANS APP, APPWORLD
PASSWORD (THE SAME WITH ANDROID, iOS)
BES MANAGEMENT (SMARTPHONES, TABLETS)
SOFTWARE
OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER
TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK
VIDEO CHAT APP USES ORGANIZATIONS WI-FI/VPN NETWORK
SECURITY
WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
VOICE CONTROL & DICTATION IN WORK & USER APPS
BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
PERSONAL SPACE DATA ENCRYPTION
NETWORK ACCESS CONTROL FOR WO
PERSONAL APPS ACCESS TO WORK CO
SHARE WORK DATA DURING BBM VID
WORK DOMAINS, WORK NETWORK U
EMAIL PROFILES
CERTIFICATES & CIPHERS & S/MIME
HASH & ENCRYPTION ALGS AND KEY P
TASK/MEMO/CALENDAR/CONTACT/D
WI-FI PROFILES
ACCESS POINT, DEFAULT GATEWAY, D
PROXY PASSWORD/PORT/SERVER/SU
VPN PROFILES
PROXY, SCEP, AUTH PROFILE PARAMS
TOKENS, IKE, IPSEC OTHER PARAMS
PROXY PORTS, USERNAME, OTHER PA
MDM . Extend your device security capa
BlackBerry (new, 10, QNX) CONTROLLED7 GROUPSONLY
d d
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
34/52
THERE 55 GROUPS CONTROLLED IN ALL
EACH GROUP CONTAINS FROM 10 TO 30 UNITS
ARE CONTROLLED TOO
EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs
INSTEAD OF A WAY DISABLE/ENABLED &HIDE/UNHIDE
EACH EVENT IS
CONTROLLED BY CERTAIN PERMISSION
ALLOWED TO CONTROL BY SIMILAR
PERMISSIONS TO BE MORE FLEXIBLE
DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME
MORE THAN OTHER DOCUMENTS
EACH UNIT CANT CONTROL ACTITSELF
CREATE, READ, WRITE/S
DELETE ACTIONS IN REG
MESSAGES LEAD TO SPO
REQUESTING A MESSAG
ONLY SOME PERMISSIONS ARE
DELETE ANY OTHER APP
SOME PERMISSIONS ARE
WHICH 3RD PARTY PLUGI
IN, INSTEAD OF THAT PLU
MDM . Extend your device security capa
Blackberry(old) Huge amountofpermissions are MD
[ l b l f d ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
35/52
[ Vulnerabilities of OS and apps ]
0
1
2
3
4
5
6
7
8
9
10
2004
2005
2007
2007
2007
2008
2008
2008
2008
2008
2009
2009
2009
2009
2009
2009
2009
2009
2009
2010
2010
2010
2010
2010
2010
2010
2010
2011
2011
2011
2011
2011
2011
2011
2012
2012
2012
2012
2012
2012
2012
2012
2012
2012
2012
2012
2012
2013
2013
2013
2 0 1 3
Score - iOS Score - Android Score - BB
[ V l bili i f OS d ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
36/52
[ Vulnerabilities of OS and apps ]
iOS Average, 6.3
Android Average, 8.2
BB-Average, 6.3
iOS Min, 1.2
Android Min, 1.9BB Min
Min & Average Score
MIN & AVERAGE SCORE
[ APPLICATION AUDIT APP ANALYSIS TO
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
37/52
HOW MANY THE TOOLS ARE(approximately):
iOS 10
ANDROID 50
WINDOWSPHONE 40 BLACKBERRY - 10
QUANTITY OF BUGS /SECURITY FLAWS
AVERAGE 50
MIN 20
MAX INFINITY
BUGS TYPE (LIKELY)
OBVIO
LIKELY
WARN(CHECK
[ APPLICATION AUDIT , APP ANALYSIS TO
HEY DUDE, WHY IS IT VULNERABLE AGAIN? SORRY, BOSS, IHAD JUST BEEN COMMITED A
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
38/52
S i & Effi i
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
39/52
Permissions
BlackBerryWindows Android iOS
MDM
BlackBerry (old) iOS BlackBerry (new)Windows
Vulnerabilities
BlackBerryWindows iOS Android
Severity & Efficiency
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
40/52
Account
country code, phone number
Device Hardware Key
login / tokens of Twitter & Facebook
Calls history
Name + internal ID
Duration + date and time
Address book
Quantity of contacts / viber-contacts
Full name / Email / phone numbers
Messages
Conversations
Quantity of message
per conversations
Additional participan
phone)
Messages
Date & Time
content of message
ID
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
41/52
Account
country code, phone number
login / tokens Facebook wasnt revealed
Buy me for.$$$
Avatars :: [email protected] (jfif)
Address book
No records of address book were revealed
Check log-file and find these records (!)
Messages
Messages
Date & Time
content of message
ID :: [email protected]
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
42/52
Account
Phone number
Password, secret code werent revealed
Trace app, find the methods use it
Repack app and have a fun
No masking of data typed Information
Amount
Full info in history section (incl. info about
who receive money)
Connected cards
Encryption?
No
Bank cards
Masked card number
Qiwi Bank cards Full & masked numbe
Cvv/cvc
All other card info
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
43/52
Account
ID , email, password
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
Book/order history
Routes,
Date and time,
Bonus earning
Full info per each order
Connected cards
Encryption?
AES
256 bit
On password
anywayanydayanywa
Store in plaintext
Sizeof(anywayanyday
192 bit
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
44/52
Account
ID ,bonus card number, password not revealed
Other id & tokens
Information
Date of birth
Passport details
History (airlines, city, flight number only)
Flights tickets, logins credentials
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
45/52
Account
ID , password
Loyalty (bonus) card number
Information
Not revealed (tickets, history or else)
Repack app
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
46/52
Account
ID , email, password
Other id & tokens
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
All PASSPORT INFO (not only travel data)
Your work data (address, job, etc.) you have never typed! (except preparing member c
Flights tickets
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
47/52
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
48/52
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
49/52
Account ::: PIN , Names, Status "74afbe19","Yury Chemerkin, "*fly*, "@ Holiday Inn (M Information
Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","
Transferred files "RemotePin, "Path","ContentType, "image/jpeg, "234
"/storage/sdcard0/Android/data/com.skype.raider/cache/photo_138373177190
Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF
Invitations: "Pin","Greeting","Timestamp",LocalPublicKey/PrivateKey","EncryptionKey
Messages (Date, Text,) :: "1383060689","Gde","Edu k metro esche, probka tut","Park
","Belorusskaja","" Logs
Revealing PINs, Email, device information,
Applications actions associated with applications modules *.c files, *.so, etc.
It helps to analyze .apk in future
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
50/52
CONCLUSION
8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
51/52
DENIAL OF SERVICE
REPLACING/REMOVING FILES
DOSing EVENTs, GUI INTERCEPT INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
SHARED FOLDERS
DUMPING .COD/.BAR/APK FILES
MITM (INTERCEPTION / SPOOFI
MESSAGES
GUI INTERCEPT, THIRD PA
FAKE WINDOW/CLICKJAC
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SU
A FEW NOTIFICATION/EV
USER
BUILT PER APPLICATION
SCREENs
CONCLUSION
PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY APP
http://scribd.com/ychemerkinhttp://scribd.com/ychemerkin8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013
52/52
Q & A
https://plus.google.com/108216608239392698703https://plus.google.com/108216608239392698703mailto:[email protected]:[email protected]://twitter.com/sto_bloghttps://twitter.com/sto_bloghttps://twitter.com/yury.chemerkinhttps://twitter.com/yury.chemerkinhttp://scribd.com/ychemerkinhttp://scribd.com/ychemerkinhttps://www.facebook.com/yury.chemerkinhttps://www.facebook.com/yury.chemerkinhttp://www.slideshare.net/YuryChemerkin/http://www.slideshare.net/YuryChemerkin/http://www.linkedin.com/in/yurychemerkinhttp://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://sto-strategy.com/http://eforensicsmag.com/http://eforensicsmag.com/http://pentestmag.com/http://pentestmag.com/http://hakin9.org/http://hakin9.org/