SlideShare une entreprise Scribd logo

Phone Hacking: A lucrative, but largely hidden history

Télécharger en tant que PPTX, PDF
David Rogers
David Rogers

This talk explains some of the things that have been going on in the mobile phone hacking world for a number of years. SIM unlocking and other types of hacking associated with it have been extremely lucrative for many embedded systems hackers, but the topic has never really been covered by the media, whilst things like "carding" have been because of its illegality. Some of the artificial protection mechanisms such as SIMlock have actually driven hacking research, with end users actively seeking to remove the locks and pay people to do it. This hacking community has steadily evolved and merged into the rooting and jailbreaking scene, where again ordinary end users are more than willing to stump up cash to break the mechanisms to free their device, whilst unwittingly driving mobile phone theft. The ultimate result is an arms race between the hacking community and the device security engineers. A race of engineering wit and skill, combined with some war-like strategy and tactics.

Périphériques & matérielTechnologie
1  sur  25
Mobile Phone Hacking: A lucrative, but largely hidden history DC4420 David Rogers 27th May 2014 Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. http://www.mobilephonesecurity.org
Car Radio Hacking – 1990s / 2000s  PIN locks to deter and remove value of theft  Hacking tools reset / calculate / remove security codes Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Some Phone Terms: SIMlock & IMEI  SIMlock: – used to secure the device to a particular network during the period of the subsidy, can be unlocked with CK codes by calling operator – Different variants of locks – Recent court case in the US over legality (and lots of other previous fights)  IMEI : – the International Mobile Equipment Identity number – unique to each device – can be blocked if device is stolen  Other interesting information on device that would be hacked – E.g. to change language packs, phone lock removal, text etc.  Big battle between mobile industry and hacking groups between c.1999 and now – has evolved to jailbreak / root community Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
‘Unlocking’ and IMEI changing  What is ‘unlocking? – SIMlocks – Most hacking used to be aimed at the SIMlock area  The security area in the handset would protect all sensitive data – including IMEI and SIMlock  What is a dirty hack? – Hacks targeted against the security area would often cause corruption to data – including the IMEI. – Data such as RF calibration settings would often be wiped out  Hacking tools usually dual-use (SIMlock and IMEI) – Causes problems in countries where IMEI changing is illegal – difficult and costly to get direct proof Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
INTERNET Historic Criminal Structure EMBEDDED HACKER HACKING GROUP INTERNET SHOP SHOP OR STALL REPAIR CENTRE APPLICATION HACKER ORGANISED CRIME RE-SELLER END-USERTHIEF DRUG DEALER MASS THEFT SUBSCRIPTION FRAUD STREET CRIME BLACK MARKET EXPORTER (UNLOCKING / IMEI CHANGING) EBAY COUNTERFEITING IP THEFT ‘USER’ CRIMES MURDER ETC. Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
INTERNET EMBEDDED HACKER HACKING GROUP INTERNET SHOP SHOP OR STALL REPAIR CENTRE APPLICATION HACKER ORGANISED CRIME RE-SELLER FREE SOFTWARE END-USERTHIEF DRUG DEALER VALUE METHOD £10 - £30 CASH DEBIT / CREDIT CARD £50 - £500 WESTERN UNION PAYPAL POSTAL ORDER £500 - £5000 WESTERN UNION £5000+ WESTERN UNION Mobile Phone Security - David Rogers Historic Financial Structure Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Examples of Hacking Hardware  Standard service repair equipment – Fraudulent purchasing of manufacturer’s equipment  Mass produced hardware by hacking groups – Griffin Box – UFS-3 (Twister) – Blazer – Clips  Evolution – New equipment was constantly developed as new models were released – New technologies and hardware security to ensure revenue Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Mass Manufacture of Hacking Hardware Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Examples of Hacking Hardware (2) • Most hacks steal their solutions from already existing hacks — May seem to be 22 hacks available – just old hacks re-packaged. — Different front-end to software — Different hardware — the ‘golden’ part of the source code is from 1 hack • Lots of ‘ghost’ hacks that are aimed at defrauding people — same in 2012 with jailbreaking on iOS6 Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Hardware Hacking Methods  EEPROM cloning or ‘Chipping’ – Old method – Copied EEPROM with basic equipment – Main aim to put EEPROM with no SIMlock on – Result: IMEI number was cloned  PIC’s (Programmable Integrated Circuits) – Execute small sequences of commands – Placed in-line to ‘snatch’ or modify data  Flash device hot-swapping (almost impossible now)  Exploitation of boundary scan ports  External clips and dongles  Note: less economical than software hacks Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
In-line PIC Between SIM and Device Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Software Hacking Methods  Direct change – Breaking a programming algorithm – Finding the correct test interface protocol command • Still used(!) serial communications / USB monitoring equipment  Modifying binary files (software download files) – Inserting jump code – Hijacking other functions in the code to subvert security – Taking advantage of software design flaws  Abuse of boundary scan to monitor phone processes  ‘Dumping’ to logs of data from secure areas  Brute force cracking of algorithms  Theft of information from Design Centres / Factories / Service Centres  “Voodoo Galaxy SIII SIM unlock” tool required device to be rooted… Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Typical (Old) Software Hack Methodology MARKETING LAUNCH AT TRADE SHOW PHONE RELEASED TO MARKET RESEARCH THEFT OF EARLY MODEL NETWORK OPERATOR SAMPLES MANUFACTURER HACKER OPEN SOURCE INFO AND HACKING TOOLS TIMESCALE 0 MONTHS 6 - 12 MONTHS HACKING SOLUTION DISTRIBUTE APPLICATION PROTECT APPLICATION APPLICATION PROTECTION TOOLS PRODUCT SECURITY DETECTION Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Use of Hardware Clips – 5 Second Unlocking!  Simple to use, takes it’s power from the handset  Contains a Programmable Integrated Circuit  Bombards the handset with commands in a repetitive sequence  The handset eventually gives up and resets itself – unfortunately resetting the SIMlock!  This type of attack was used on many different makes of handsets  Clips have now evolved and the term is usually used in reference to dongles Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
“Logs”  Used as a method of continually generating revenue for the real hackers and re-sellers at the top of the food chain – a historical issues for hackers  Original concept by 3 Nokia hackers and dealers from Serbia: – George, Boban (Slobodan Andrics) and Dejan (Dejan Kaljevic)  How do logs work? – Encrypted by hackers to avoid cracking by other hackers – An example: • Crack the master security locks -> generate an encrypted log of security area information -> close the security lock on the handset again!  ‘Logs’ will be available only if the hacking solution is two part – ‘Dumb’ client application to communicate with handset – Data is sent to hacker / re-seller – Corresponding data to unlock / change IMEI received from hacker / re- seller Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
 Some manufacturers and ODMs used symmetric algorithms based on the IMEI number to generate CK codes – Broken and every possible iteration for each IMEI available  Later versions cracked the factory / service tools because they were leaked rather than cracking the handset  Down to poor manufacturer security and breaking principle of no stored, shared secrets! CK Algorithm Breaches Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
De-capping and Focused Ion Beam Equipment Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Newer Hardware and System Level Attacks  George Hotz – original iPhone jailbreak – Used hardware flaw to XOR data address and insert jump code to empty memory where he could execute his own bootloader – Allegedly assisted by European Infineon hacking teams  Rooting – Various methods, exploiting vulnerabilities – Usually used as a staging area for other attacks (e.g. malware) – Examples: • RageAgainstTheCage, uboot, zergRush, gingerbreak • Other private exploits – Some manufacturers providing it as a service in order to prevent people hacking  Legal battles around this area (e.g. US copyright office 2010, 2012) – OK to remove SIMlocks and root devices Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Newer Motivations  Main targets / motivations recently have been:  Rooting / jailbreak device – for piracy / other apps / custom OS / spyware  SIM unlocking – break out of subsidy (cheap device) / fraud / export of stolen devices  IMEI changing – re-enable stolen handsets in same country  Launchpad attacks – spyware / malware / anti-theft tools / in- app billing  Fixing issues – e.g. old SIMlocked device, can’t contact operator Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
2002 2003 2004 2005 2006 2007 2008 2009 2010/11 2012 EICTA / GSMA 9 Principles OMTP Trusted Environment: OMTP TR0 OMTP Advanced Trusted Environment: OMTP TR1 TCG MPWG Specification GSMA Pay-Buy-Mobile FragmentedSecurity Handset Embedded Security Evolution (to 2012) Google / Apple Proprietary hardware security features Banking / film industry requirements WAC RIM / Nokia proprietary security features webinos Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Evad3rs, i0n1c, geohot, RedSn0w – iOS6 & iOS7  iOS6 hack “used more zero-days than stuxnet”*  Millions of downloads – huge market  Evasi0n iOS7 jailbreak rushed out due to competition (and 7.1 release), packaged with Chinese app store (Taig) – Rumoured to be $1million – Rumours of dirty tricks / questionable sources for some holes – Strategic and tactical thinking, all ‘untethered’  Some holes allegedly held back by various teams for future cracks on iOS8  Teams still reverse and hack each others tools (like SIMlock)  George Hotz tried to sell to a Chinese team (via a broker) for $350,000 – Audio clip released with negotiation discussions * Ref: http://www.forbes.com/sites /andygreenberg/2013/02/05 /inside-evasi0n-the-most- elaborate-jailbreak-to-ever- hack-your-iphone/ Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
May 2014 – Root Bounty for Verizon & AT&T Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Kill Switch / Anti-Theft Mechanism Targeting?  Obvious this would happen Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. Car Radio Hacking - 2014
Questions? david.rogers {@} copperhorse.co.uk @drogersuk Mobile Systems Security course: http://www.cs.ox.ac.uk/softeng/subjects/MSS.html Mobile Security: A Guide for Users: http://www.lulu.com/gb/en/shop/david-rogers/mobile-security-a- guide-for-users/paperback/product-21197551.html Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. http://www.mobilephonesecurity.org

Recommandé

Mobile Hacking
Mobile HackingMobile Hacking
Mobile HackingNovizul Evendi
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile AppsSophos Benelux
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 

Recommandé

Mobile Hacking
Mobile HackingMobile Hacking
Mobile HackingNovizul Evendi
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile AppsSophos Benelux
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014n|u - The Open Security Community
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationVeridium
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for MobileAppvigil - Mobile App Security Scanner
 
Ethical Hacking Tools
Ethical Hacking ToolsEthical Hacking Tools
Ethical Hacking ToolsMultisoft Virtual Academy
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Securing Online Transactions and Customer Data
Securing Online Transactions and Customer DataSecuring Online Transactions and Customer Data
Securing Online Transactions and Customer DataNational Retail Federation
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DivePrathan Phongthiproek
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M SecurityYu-Hsin Hung
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Abhinav Biswas
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction Speakinprivate
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile securitySatya Harish
 
The Future Mobile Security
The Future Mobile Security The Future Mobile Security
The Future Mobile Security Qualcomm Developer Network
 

Contenu connexe

Tendances

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationVeridium
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Securing Online Transactions and Customer Data
Securing Online Transactions and Customer DataSecuring Online Transactions and Customer Data
Securing Online Transactions and Customer DataNational Retail Federation
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Abhinav Biswas
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction Speakinprivate
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 

Tendances (20)

Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
The Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric AuthenticationThe Password Is Dead: An Argument for Multifactor Biometric Authentication
The Password Is Dead: An Argument for Multifactor Biometric Authentication
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for Mobile
 
Ethical Hacking Tools
Ethical Hacking ToolsEthical Hacking Tools
Ethical Hacking Tools
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 
Securing Online Transactions and Customer Data
Securing Online Transactions and Customer DataSecuring Online Transactions and Customer Data
Securing Online Transactions and Customer Data
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 Risks
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
Smart Defense: Strategic Approach to fight contemporary Security, Privacy & A...
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
 

Similaire à Phone Hacking: A lucrative, but largely hidden history

UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile securitySatya Harish
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityVitor Domingos
 
Dark Clouds and Rainy Days, the Bad Side of Cloud Computing
Dark Clouds and Rainy Days, the Bad Side of Cloud ComputingDark Clouds and Rainy Days, the Bad Side of Cloud Computing
Dark Clouds and Rainy Days, the Bad Side of Cloud ComputingDavid Rogers
 
Sniffer for detecting lost mobiles
Sniffer for detecting lost mobilesSniffer for detecting lost mobiles
Sniffer for detecting lost mobileshome
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Android phone identifiers and eavesdropping audio
Android phone identifiers and eavesdropping audioAndroid phone identifiers and eavesdropping audio
Android phone identifiers and eavesdropping audioAndy Lee
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarForgeRock
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
 
Cell phone cloning
Cell phone cloningCell phone cloning
Cell phone cloningGudia Khan
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile AppsDenim Group
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraTyfone, Inc.
 
Security Best Practices for Mobile Development
Security Best Practices for Mobile DevelopmentSecurity Best Practices for Mobile Development
Security Best Practices for Mobile DevelopmentSalesforce Developers
 

Similaire à Phone Hacking: A lucrative, but largely hidden history (20)

UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile security
 
The Future Mobile Security
The Future Mobile Security The Future Mobile Security
The Future Mobile Security
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile Security
 
Dark Clouds and Rainy Days, the Bad Side of Cloud Computing
Dark Clouds and Rainy Days, the Bad Side of Cloud ComputingDark Clouds and Rainy Days, the Bad Side of Cloud Computing
Dark Clouds and Rainy Days, the Bad Side of Cloud Computing
 
Sniffer for detecting lost mobiles
Sniffer for detecting lost mobilesSniffer for detecting lost mobiles
Sniffer for detecting lost mobiles
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
 
Android phone identifiers and eavesdropping audio
Android phone identifiers and eavesdropping audioAndroid phone identifiers and eavesdropping audio
Android phone identifiers and eavesdropping audio
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things Webinar
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
 
Cell phone cloning
Cell phone cloningCell phone cloning
Cell phone cloning
 
Designing Secure Mobile Apps
Designing Secure Mobile AppsDesigning Secure Mobile Apps
Designing Secure Mobile Apps
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
 
Security Best Practices for Mobile Development
Security Best Practices for Mobile DevelopmentSecurity Best Practices for Mobile Development
Security Best Practices for Mobile Development
 

Dernier

VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...Call Girls in Nagpur High Profile
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Pooja Nehwal
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Pooja Nehwal
 
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...Pooja Nehwal
 
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort Girls
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort GirlsDeira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort Girls
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort GirlsEscorts Call Girls
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Call Girls in Nagpur High Profile
 
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Lubrication and it's types and properties of the libricabt
Lubrication and it's types and properties of the libricabtLubrication and it's types and properties of the libricabt
Lubrication and it's types and properties of the libricabtdineshkumar430venkat
 
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...ranjana rawat
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...Call Girls in Nagpur High Profile
 
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)amitlee9823
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)kojalkojal131
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Dernier (20)

VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
 
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
 
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
 
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort Girls
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort GirlsDeira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort Girls
Deira Dubai Escorts +0561951007 Escort Service in Dubai by Dubai Escort Girls
 
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
Book Sex Workers Available Pune Call Girls Yerwada 6297143586 Call Hot India...
 
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Lubrication and it's types and properties of the libricabt
Lubrication and it's types and properties of the libricabtLubrication and it's types and properties of the libricabt
Lubrication and it's types and properties of the libricabt
 
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Dharwad 7001035870 Whatsapp Number, 24/07 Booking
 
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
 
@Delhi ! CAll GIRLS IN Defence Colony 🦋 9999965857 🤩 Dwarka Call Girls
@Delhi ! CAll GIRLS IN Defence Colony 🦋 9999965857 🤩 Dwarka Call Girls@Delhi ! CAll GIRLS IN Defence Colony 🦋 9999965857 🤩 Dwarka Call Girls
@Delhi ! CAll GIRLS IN Defence Colony 🦋 9999965857 🤩 Dwarka Call Girls
 
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Arekere ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
 
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Ashok Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
(ISHITA) Call Girls Service Aurangabad Call Now 8617697112 Aurangabad Escorts...
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
 

Phone Hacking: A lucrative, but largely hidden history

  • 1. Mobile Phone Hacking: A lucrative, but largely hidden history DC4420 David Rogers 27th May 2014 Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. http://www.mobilephonesecurity.org
  • 2. Car Radio Hacking – 1990s / 2000s  PIN locks to deter and remove value of theft  Hacking tools reset / calculate / remove security codes Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 3. Some Phone Terms: SIMlock & IMEI  SIMlock: – used to secure the device to a particular network during the period of the subsidy, can be unlocked with CK codes by calling operator – Different variants of locks – Recent court case in the US over legality (and lots of other previous fights)  IMEI : – the International Mobile Equipment Identity number – unique to each device – can be blocked if device is stolen  Other interesting information on device that would be hacked – E.g. to change language packs, phone lock removal, text etc.  Big battle between mobile industry and hacking groups between c.1999 and now – has evolved to jailbreak / root community Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 4. ‘Unlocking’ and IMEI changing  What is ‘unlocking? – SIMlocks – Most hacking used to be aimed at the SIMlock area  The security area in the handset would protect all sensitive data – including IMEI and SIMlock  What is a dirty hack? – Hacks targeted against the security area would often cause corruption to data – including the IMEI. – Data such as RF calibration settings would often be wiped out  Hacking tools usually dual-use (SIMlock and IMEI) – Causes problems in countries where IMEI changing is illegal – difficult and costly to get direct proof Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 5. INTERNET Historic Criminal Structure EMBEDDED HACKER HACKING GROUP INTERNET SHOP SHOP OR STALL REPAIR CENTRE APPLICATION HACKER ORGANISED CRIME RE-SELLER END-USERTHIEF DRUG DEALER MASS THEFT SUBSCRIPTION FRAUD STREET CRIME BLACK MARKET EXPORTER (UNLOCKING / IMEI CHANGING) EBAY COUNTERFEITING IP THEFT ‘USER’ CRIMES MURDER ETC. Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 6. INTERNET EMBEDDED HACKER HACKING GROUP INTERNET SHOP SHOP OR STALL REPAIR CENTRE APPLICATION HACKER ORGANISED CRIME RE-SELLER FREE SOFTWARE END-USERTHIEF DRUG DEALER VALUE METHOD £10 - £30 CASH DEBIT / CREDIT CARD £50 - £500 WESTERN UNION PAYPAL POSTAL ORDER £500 - £5000 WESTERN UNION £5000+ WESTERN UNION Mobile Phone Security - David Rogers Historic Financial Structure Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 7. Examples of Hacking Hardware  Standard service repair equipment – Fraudulent purchasing of manufacturer’s equipment  Mass produced hardware by hacking groups – Griffin Box – UFS-3 (Twister) – Blazer – Clips  Evolution – New equipment was constantly developed as new models were released – New technologies and hardware security to ensure revenue Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 8. Mass Manufacture of Hacking Hardware Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 9. Examples of Hacking Hardware (2) • Most hacks steal their solutions from already existing hacks — May seem to be 22 hacks available – just old hacks re-packaged. — Different front-end to software — Different hardware — the ‘golden’ part of the source code is from 1 hack • Lots of ‘ghost’ hacks that are aimed at defrauding people — same in 2012 with jailbreaking on iOS6 Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 10. Hardware Hacking Methods  EEPROM cloning or ‘Chipping’ – Old method – Copied EEPROM with basic equipment – Main aim to put EEPROM with no SIMlock on – Result: IMEI number was cloned  PIC’s (Programmable Integrated Circuits) – Execute small sequences of commands – Placed in-line to ‘snatch’ or modify data  Flash device hot-swapping (almost impossible now)  Exploitation of boundary scan ports  External clips and dongles  Note: less economical than software hacks Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 11. In-line PIC Between SIM and Device Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 12. Software Hacking Methods  Direct change – Breaking a programming algorithm – Finding the correct test interface protocol command • Still used(!) serial communications / USB monitoring equipment  Modifying binary files (software download files) – Inserting jump code – Hijacking other functions in the code to subvert security – Taking advantage of software design flaws  Abuse of boundary scan to monitor phone processes  ‘Dumping’ to logs of data from secure areas  Brute force cracking of algorithms  Theft of information from Design Centres / Factories / Service Centres  “Voodoo Galaxy SIII SIM unlock” tool required device to be rooted… Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 13. Typical (Old) Software Hack Methodology MARKETING LAUNCH AT TRADE SHOW PHONE RELEASED TO MARKET RESEARCH THEFT OF EARLY MODEL NETWORK OPERATOR SAMPLES MANUFACTURER HACKER OPEN SOURCE INFO AND HACKING TOOLS TIMESCALE 0 MONTHS 6 - 12 MONTHS HACKING SOLUTION DISTRIBUTE APPLICATION PROTECT APPLICATION APPLICATION PROTECTION TOOLS PRODUCT SECURITY DETECTION Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 14. Use of Hardware Clips – 5 Second Unlocking!  Simple to use, takes it’s power from the handset  Contains a Programmable Integrated Circuit  Bombards the handset with commands in a repetitive sequence  The handset eventually gives up and resets itself – unfortunately resetting the SIMlock!  This type of attack was used on many different makes of handsets  Clips have now evolved and the term is usually used in reference to dongles Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 15. “Logs”  Used as a method of continually generating revenue for the real hackers and re-sellers at the top of the food chain – a historical issues for hackers  Original concept by 3 Nokia hackers and dealers from Serbia: – George, Boban (Slobodan Andrics) and Dejan (Dejan Kaljevic)  How do logs work? – Encrypted by hackers to avoid cracking by other hackers – An example: • Crack the master security locks -> generate an encrypted log of security area information -> close the security lock on the handset again!  ‘Logs’ will be available only if the hacking solution is two part – ‘Dumb’ client application to communicate with handset – Data is sent to hacker / re-seller – Corresponding data to unlock / change IMEI received from hacker / re- seller Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 16.  Some manufacturers and ODMs used symmetric algorithms based on the IMEI number to generate CK codes – Broken and every possible iteration for each IMEI available  Later versions cracked the factory / service tools because they were leaked rather than cracking the handset  Down to poor manufacturer security and breaking principle of no stored, shared secrets! CK Algorithm Breaches Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 17. De-capping and Focused Ion Beam Equipment Mobile Phone Security - David Rogers Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 18. Newer Hardware and System Level Attacks  George Hotz – original iPhone jailbreak – Used hardware flaw to XOR data address and insert jump code to empty memory where he could execute his own bootloader – Allegedly assisted by European Infineon hacking teams  Rooting – Various methods, exploiting vulnerabilities – Usually used as a staging area for other attacks (e.g. malware) – Examples: • RageAgainstTheCage, uboot, zergRush, gingerbreak • Other private exploits – Some manufacturers providing it as a service in order to prevent people hacking  Legal battles around this area (e.g. US copyright office 2010, 2012) – OK to remove SIMlocks and root devices Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 19. Newer Motivations  Main targets / motivations recently have been:  Rooting / jailbreak device – for piracy / other apps / custom OS / spyware  SIM unlocking – break out of subsidy (cheap device) / fraud / export of stolen devices  IMEI changing – re-enable stolen handsets in same country  Launchpad attacks – spyware / malware / anti-theft tools / in- app billing  Fixing issues – e.g. old SIMlocked device, can’t contact operator Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 20. 2002 2003 2004 2005 2006 2007 2008 2009 2010/11 2012 EICTA / GSMA 9 Principles OMTP Trusted Environment: OMTP TR0 OMTP Advanced Trusted Environment: OMTP TR1 TCG MPWG Specification GSMA Pay-Buy-Mobile FragmentedSecurity Handset Embedded Security Evolution (to 2012) Google / Apple Proprietary hardware security features Banking / film industry requirements WAC RIM / Nokia proprietary security features webinos Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 21. Evad3rs, i0n1c, geohot, RedSn0w – iOS6 & iOS7  iOS6 hack “used more zero-days than stuxnet”*  Millions of downloads – huge market  Evasi0n iOS7 jailbreak rushed out due to competition (and 7.1 release), packaged with Chinese app store (Taig) – Rumoured to be $1million – Rumours of dirty tricks / questionable sources for some holes – Strategic and tactical thinking, all ‘untethered’  Some holes allegedly held back by various teams for future cracks on iOS8  Teams still reverse and hack each others tools (like SIMlock)  George Hotz tried to sell to a Chinese team (via a broker) for $350,000 – Audio clip released with negotiation discussions * Ref: http://www.forbes.com/sites /andygreenberg/2013/02/05 /inside-evasi0n-the-most- elaborate-jailbreak-to-ever- hack-your-iphone/ Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 22. May 2014 – Root Bounty for Verizon & AT&T Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 23. Kill Switch / Anti-Theft Mechanism Targeting?  Obvious this would happen Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved.
  • 24. Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. Car Radio Hacking - 2014
  • 25. Questions? david.rogers {@} copperhorse.co.uk @drogersuk Mobile Systems Security course: http://www.cs.ox.ac.uk/softeng/subjects/MSS.html Mobile Security: A Guide for Users: http://www.lulu.com/gb/en/shop/david-rogers/mobile-security-a- guide-for-users/paperback/product-21197551.html Copyright © 2014 Copper Horse Solutions Ltd. All rights reserved. http://www.mobilephonesecurity.org