CYBER RISK CONSULTING€¦ · zLimited security : No security manager, limited bytecode...

CYBER RISK CONSULTING

Blackhat Blackhat Briefings Europe 2004Briefings Europe 2004

Smartphone Security Smartphone Security IssuesIssues

May 2004May 2004Luc DELPHA Luc DELPHA –– Maliha Maliha RASHIDRASHID

©© 2004 2004 CyberCyber--Networks, utilisation interdite sans autorisation Networks, utilisation interdite sans autorisation éécrite prcrite prééalablealable 22

1.1. IntroductionIntroductionWhy smartphonesWhy smartphones??FunctionalitiesFunctionalitiesOperating Operating SystemsSystemsSupported ConnectivitySupported ConnectivityWireless Wireless NetworksNetworks

2.2. RisksRisksInherent Inherent nature of nature of smartphonessmartphonesBluetoothBluetoothGPRSGPRSJava applicationsJava applications

3.3. ChallengesChallengesLegal Legal IssuesIssuesSecurity policySecurity policyA A secure frameworksecure frameworkPerspectivesPerspectives

4.4. ConclusionConclusion

Summary






Summary


1.IntroductionWhy smartphones ?1.IntroductionWhy smartphones ?

Why smartphonesWhy smartphones??

Same functionalitiesSame functionalities asas traditionaltraditional PDAsPDAs

More More connectivityconnectivityGPRS : GPRS : Always Always ononBluetoothBluetooth

MainstreamMainstream availability availability –– Gadget Gadget AppealAppeal

General tendancyGeneral tendancy to to become become more more popular thanpopular than PDAsPDAs

Highly personal Highly personal interactioninteraction


1. IntroductionFunctionalities1. IntroductionFunctionalities

TelephoneTelephone : GSM / GPRS (in Europe): GSM / GPRS (in Europe)CameraCameraPIM Data PIM Data –– ((Personal Personal Information Management)Information Management)

ContactsContactsCalendarCalendarTasksTasks

SynchronizationSynchronization

EmailEmail client (POP3, IMAP)client (POP3, IMAP)Web browsingWeb browsingJava ApplicationsJava ApplicationsFile File exchangeexchange ((vCardvCard, photos…) via , photos…) via IrDA IrDA or or BluetoothBluetoothMultiMulti--player games with Bluetooth player games with Bluetooth (N(N--Gage)Gage)


1. IntroductionOperating systems1. IntroductionOperating systems

Symbian Symbian OS, Palm OS, Windows Mobile, OS, Palm OS, Windows Mobile, LinuxLinuxSymbian Symbian OS version 8.0OS version 8.0


1. IntroductionSupported Connectivity1. IntroductionSupported Connectivity

GPRS : GPRS : General Packet General Packet Radio ServiceRadio Service

WiWi--Fi :Fi :for PDAsfor PDAsSymbian Symbian 0S 8 supports 0S 8 supports WifiWifi

BluetoothBluetooth

IrDAIrDA

……


1. IntroductionBluetooth1. IntroductionBluetooth

Core specification Core specification more more than than a a thousand thousand pages pages Profiles : Profiles : SynchronizationSynchronization -- Service Service Discovery Discovery -- Generic ObjectGeneric Object Exchange Profile …Exchange Profile …


1. IntroductionGPRS1. IntroductionGPRS

GPRS : Extension of GSM GPRS : Extension of GSM –– IP IP BackboneBackboneMain Main Elements Elements : GGSN & SGSN: GGSN & SGSNFirewall between the Firewall between the GGSN GGSN and external and external data networksdata networks

GPRS IP BackboneGPRS IP GPRS IP BackboneBackbone

GGSNGGSN

SGSNSGSN

External Data Networks

Internet …External External Data NetworksData Networks

Internet …Internet …

FirewallFirewall






Summary


2. RisksInherent nature of smartphones2. RisksInherent nature of smartphones

Dedicated Dedicated operating operating systemssystemsBugs Bugs –– Implementation errors Implementation errors –– Security holesSecurity holes

MIDP 2.0 MIDP 2.0 implementation implementation issues on issues on the Nokiathe Nokia 66006600Windows Windows based devicesbased devices

Access ControlAccess ControlPIN CodePIN CodeIn In mostmost cases no native cases no native authentication authentication for data for data stored stored on on the devicethe deviceWith physical access With physical access to to the device anyone can access the the device anyone can access the data (flash data (flash chipsetschipsets or or removable memory cardsremovable memory cards))

Device can easily be destroyedDevice can easily be destroyed


2. RisksThe users2. RisksThe users

Smartphone used Smartphone used to store to store confidential confidential datadataCorporateCorporate DiaryDiary, , EmailEmail, Data, DataPersonalPersonal DiaryDiary, , EmailEmail, Data, Data

RiskRisk of of lossloss or or thefttheft because because the device isthe device is not not physically containedphysically contained

Synchronization with the Synchronization with the information systeminformation systemPIM Data PIM Data –– EmailEmail –– Attachments Attachments ……Difficult Difficult to controlto control

If If the smartphone is compromisedthe smartphone is compromised, , the the information system information system is exposedis exposed

Back to Back to corporate corporate data... data... Understanding the Understanding the user user with the eBay examplewith the eBay example


2. RisksWireless networks - Bluetooth2. RisksWireless networks - Bluetooth

Bluetooth security implementationBluetooth security implementation in in smartphones restrained smartphones restrained to :to :non non discoverable discoverable modemodepairing mechanismpairing mechanism

Non Non discoverable discoverable mode mode can be bypassedcan be bypassedRedfang Redfang –– BtscannerBtscannerBrute forcing Brute forcing the the last six bytes of last six bytes of the the MAC MAC Address and calling Address and calling a a readread__remoteremote__namename()()

Ways Ways to force to force the pairing the pairing –– The Bluejacking crazeThe Bluejacking craze«« U’ve U’ve been been bluejackedbluejacked » in place of » in place of Bluetooth device nameBluetooth device nameSend Send to to surrounding Bluetooth devicessurrounding Bluetooth devicesWatch surprised Watch surprised expressionexpressionHarmless Harmless but but the the message message can can prompt to pairprompt to pairIf If pairing succeedspairing succeeds, , bluejacker gets access bluejacker gets access to files on to files on the victim’s devicethe victim’s device


2. RisksWireless networks - Bluetooth2. RisksWireless networks - Bluetooth

Vulnerabilities in Bluetooth implementationsVulnerabilities in Bluetooth implementationsNokia Bluetooth enabled phones vulnerableNokia Bluetooth enabled phones vulnerable

CANCAN--20042004--01430143Buffer overflow provoked by malBuffer overflow provoked by mal--formed OBEX messageformed OBEX message

Persistence of trust relationship even after the device has beenPersistence of trust relationship even after the device has been removed from removed from list of paired deviceslist of paired devices

Bluetooth is a complex protocolBluetooth is a complex protocolInteroperability of devices is a priorityInteroperability of devices is a prioritySpecification is deliberately not explicit on implementation detSpecification is deliberately not explicit on implementation detailsails

Implementation errors are bound to happenImplementation errors are bound to happen

Increasing the risk of security holesIncreasing the risk of security holes


2. RisksWireless Networks - GPRS2. RisksWireless Networks - GPRS

GPRS GPRS security depends security depends on on measures taken measures taken by by operator operator to to secure the secure the GGSNGGSN

If If the the GGSN GGSN is compromisedis compromised, , the the GPRS network GPRS network is exposedis exposed

Possible GPRS Possible GPRS Attacks Attacks ::FirewallFirewallNAT : NAT : reserving reserving all all the the portsportsFlooding the Flooding the GPRS GPRS connection with connection with TCP TCP traffic from the traffic from the InternetInternet

Multiple PDP Multiple PDP Contexts supported Contexts supported in in Symbian Symbian 0S v 8.00S v 8.0Simultaneous private and Simultaneous private and public public contextscontextsPrivate context can be attacked Private context can be attacked by public by public context context !!Same Same as as having having a PC a PC connected connected to to the the LAN LAN and the and the Internet via a modem Internet via a modem at at the same the same timetime


2. RisksJava Applications 2. RisksJava Applications

MIDlet : Java standMIDlet : Java stand--alonealone application for mobile application for mobile devicesdevicesMIDP : Mobile Information MIDP : Mobile Information Device Device ProfileProfileMIDP 1.0MIDP 1.0

Limited possibilities Limited possibilities : : Sandbox means limited access Sandbox means limited access to to the devicethe deviceLimitedLimited securitysecurity : No : No security security manager, manager, limited bytecode verificationlimited bytecode verification, , security security packages packages discarded discarded due to performance issues, no support for HTTPS due to performance issues, no support for HTTPS connexionsconnexions

MIDP 2.0MIDP 2.0Concept of Concept of trustedtrusted MIDlet : If MIDlet : If thethe MIDlet MIDlet is trustedis trusted, , access access to PIM, to PIM, MessagingMessaging, , BluetoothBluetooth APIs APIs amongst othersamongst othersThe The user user can decide whether can decide whether or not to trust or not to trust thethe MIDletMIDletCan Can the the user user be trusted be trusted to do to do thisthis??

Third party maliciousThird party malicious MIDlet MIDlet can access can access information on information on the device and send it the device and send it to a to a remote serverremote server, , posing posing as an «as an « innocentinnocent » application» application

Game that Game that prompts to prompts to connect connect to to the the Internet to put Internet to put the highscores the highscores on a on a websitewebsite






Summary


3. ChallengesLegal Issues3. ChallengesLegal Issues

Given the risksGiven the risks, , the the use of use of these devices these devices by by employees needsemployees needsto to be supervisedbe supervised

ForbiddingForbidding useuseUnrealisticUnrealisticImpossible to control Impossible to control and enforceand enforceSame dilemma Same dilemma as as allowing personal allowing personal use of use of the the Internet Internet at workat work

Privacy Privacy issues in France issues in France and most and most of Europeof Europe

Even Even if if the device belongs the device belongs to to the employeethe employee, , responsibility responsibility belongs belongs to to the companythe company to to secure the secure the datadata

In case of In case of disaster disaster –– the eBay worst the eBay worst case case scenario scenario –– Company Company responsibleresponsible


3. ChallengesSecurity policy3. ChallengesSecurity policy

Inform employees Inform employees of of risksrisks

Clearly define Clearly define interaction interaction between smartphones and between smartphones and information systeminformation system

Clearly define harmless and harmful Clearly define harmless and harmful actionsactions

Clearly define what the smartphone Clearly define what the smartphone infrastructure infrastructure can and can and can’tcan’t dodo

Define the limits Define the limits of of existing existing technologiestechnologies


3. ChallengesA secure framework3. ChallengesA secure framework

Treat the smartphone like Treat the smartphone like a a laptoplaptop

CentralizedCentralized administrationadministration

Mutual authentication between devices and serversMutual authentication between devices and servers

End to end End to end encryption encryption ::VPN IPSecVPN IPSec

Harden Harden the smartphone the smartphone Logon authenticationLogon authenticationEncrypt the Encrypt the datadataAntivirusAntivirusPersonal FirewallPersonal Firewall


3. ChallengesPerspectives3. ChallengesPerspectives

Smartphone security Smartphone security model model is complex is complex because :because :Implicates Implicates a a variety variety of of actors actors ::

ManufacturorsManufacturorsOperatorsOperatorsSmartphone Smartphone designersdesignersSoftware designersSoftware designersProtocol Protocol designersdesignersAdministratorsAdministratorsPolicy makersPolicy makersLast but not least : Last but not least : UsersUsers

Goals of Goals of these actors may conflictthese actors may conflictCoordination Coordination is difficultis difficultLegislation may be requiredLegislation may be required






Summary


4. Conclusion4. Conclusion

Smartphone Smartphone design, architecture design, architecture and associated and associated network network protocols protocols are are complexcomplex

Door Door open to :open to :Implementation errorsImplementation errorsStructural Structural WeaknessesWeaknesses

Growing interest Growing interest in GPRS in GPRS andand BluetoothBluetoothAttacks Attacks simple to simple to implementimplement

To To counter these risks counter these risks ::Communicate with users Communicate with users on on the risksthe risksAnticipate Anticipate on on incorporating these devices incorporating these devices as part of as part of the the information information systemsystemCreate Create a a suitable environment suitable environment in in which theses devices can be usedwhich theses devices can be used


Questions / AnswersQuestions / Answers

Date post:	29-Jun-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

CYBER RISK CONSULTING€¦ · zLimited security : No security manager, limited bytecode...

Documents