Date post: | 23-Dec-2014 |
Category: |
Technology |
Upload: | justin-morehouse |
View: | 494 times |
Download: | 0 times |
Stratum Security
Innovative Risk Solutions
Herding SmartphonesISSA Tampa Bay - March 18, 2011
Stratum Security
Justin Morehouse, Principal Consultant
• Stratum Security
• Security Operations and Consulting
• Co-author ‘Securing the Smart Grid’
• OWASP Tampa Chapter Founder & Leader
• Presented at DEF CON, ShmooCon, OWASP, and more
About Me
Stratum Security
• Since 2008 I’ve owned, modified, and hacked the following:
• BlackBerry Bold 9700 & 8820
• T-Mobile (HTC) Dash (Windows Mobile 6.5)
• iPhone, 3G, 3GS (All iOS version)
• Motorola Droid (Android 2.1, 2.2, 2.3)
• Samsung Galaxy S (Android 2.1)
My Love (Hate) Relationship w/ Smartphones
Stratum Security
Smartphones...
Stratum Security
...are everywhere
Stratum Security
Question
Stratum Security
Smartphones outsold PCs in Q4
1,000,000,000+ smartphone users by 2013
...do amazing things
Video Conferencing
GPS Navigation
Watch streaming videos
...and are
constantly evolving
Motorola Atrix
Near Field Communications (NFC)
Question
How we use smartphones...
...as a phone
...to check email
...personal digital assistant
...what about personal use?
...entertainment
...social networking
...and more
think about your mobile footprint
Hackers do...
...money talks
objective based
Attack Vectors...
...phishing
...rogueapplications
...drive-by downloads
Examples...
Apps Gone Wild!!!
50+ malicious (rogue) applications identified
Available for download in the Official Android Market
Applications published by 3 “developers”
Post IMEI & IMSI to website in California
Contains code to steal “sensitive information”
Google remotely “wiping” rogue applications
“Taking steps” to prevent this from happening again
DroidDream
pwn2own 2011
CanSecWest
Vincenzo Iozzo, Willem Pinckaers & Ralf Philipp Weinmann
WebKit Vulnerability in BlackBerry OS 6+
Setup ‘rigged’ website
Downloaded contacts, images & wrote file
Same vulnerability used to hack iPhone 4 (same team as well)
BlackBerry “fix” = disable javascript
BlackBerry Torch 9800
Mitigation Steps...
The sky is not falling...
but attacks are increasing...
strong policies & procedures
Leverage existing technologies...
...and evaluate new solutions
Stratum Security
• Only install applications from trusted sources
• Review permissions that applications ask for
• Utilize free/cheap tools
• Install updates (Platform & Apps)
ProSumer Recommendations
Stratum Security
ProSumer Recommendations
• Don’t click on unsolicited links
• Set a strong password or pattern
• Install remote wipe/lock/locate apps