SlideShare une entreprise Scribd logo

Ransombile: yet another reason to ditch sms

Martin Vigo
Martin Vigo

The general belief is that a mobile device that is locked, encrypted and protected with a PIN or biometrics is a secure device. The truth is, major OS including iOS and Android help and encourage you to downgrade security on locked devices through certain features and default to insecure settings. Personal assistants on mobile devices are very popular. Siri, OK Google and Cortana are just a few of them. They can perform multiple tasks including calls, sending emails and reading SMS among other sensitive actions. How secure are they? Can we trust our personal assistants to keep our data safe? How about displaying your notifications on the lock screen? On the other hand, with the proliferation of cheap SDR hardware, DIY IMSI catchers, open source tools and still supported broken GSM protocols, targeting mobile communications is easier than ever. But what are the real consequences? It is well known that SMS is not a secure channel but the industry is still hesitant to move away from it. This presentation is yet another nail in the SMS coffin and aims to help push the industry away from supporting it. Ransombile is a tool that can be used in different scenarios to compromise someone's digital life in less than 2 minutes. Email accounts, financial data, social networks... all gone. Have you ever left your phone on the desk unattended? Do you belief losing your phone only impacts your wallet? Do you feel safe when crossing the border when entering USA since they can't force you to reveal the passcode? This presentation is for you.

Technologie
1  sur  36
Télécharger pour lire hors ligne
Ransombile Yet another reason to ditch SMS Martin Vigo @martin_vigo | martinvigo.com 123456
Martin Vigo Product Security Lead From Galicia, Spain Research | Scuba | Gin tonics @martin_vigo - martinvigo.com Amstrad CPC 6128 Captured while playing “La Abadía del crímen”
Have you left your phone unattended?
Did you disable the assistant on lock screen?
Did you disable notifications on lock screen?
What can the assistant do while the device is locked? ?
How to steal $2,999.99 in less than 2 minutes https://www.martinvigo.com/steal-2999-99-minute-venmo-siri
Goal Broadening the impact
Well known issues for years “Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”
Objective Help push the industry to stop relying on SMS as a secure channel
Finding more SMS services usshortcodedirectory.com
Password reset
2-factor authentication
Verification
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Obtain victim’s email “Send an email to attacker@domain.com about subject saying content”
Obtain secret codes from SMS SMSs are displayed on locked home screen “Read my texts”
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Lots to compromise, limited time We need automation
Ransombile Ransomware + Mobile Automates the entire password reset process over SMS Uses Selenium for UI automation rather APIs there is even a Firefox plugin that records your mouse movement and generates code for you Does not require any backend/API knowledge to add new SMS services
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
Ransombile … 1. “Send an email to victim.ransom@gmail.com about subject saying content” 3. Initiate password reset process 4. Send codes over SMS 5. Read codes and enter in Ransombile 2. Get email address 6. Send secret codes and complete password reset
Ransombile Demo Hi, my name is Tom Promise and I am a millenial!
Open source github.com/martinvigo/ransombile
Conclusions A locked mobile device is still insecure Unattended mobile devices can be a bigger risk than unattended computers and companies tend to ignore this Consequences of losing your phone are not only monetary
Can we do better? Getting rid of the physical access requirement
Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords Requires physical access
Chaouki Kasmi & Jose Lopes Esteves “Remote Command Injection on Modern Smartphones” Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner & Wenchao Zhou “Hidden Voice Commands” Obtain victim’s email without physical access Guoming Zhang, Chen Yan, Xiaoyu Ji, Taimin Zhang, Tianchen Zhang, Wenyuan Xu “DolphinAtack: Inaudible Voice Commands”
Dolphin Attack
Obtain secret codes from SMS without physical access SS7 attacks 2G downgrade attacks and broken A5/1 cipher Femtocells Defcon 21 - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DEF CON 18 - Kristin Paget - Practical Cellphone Spying CCC - Tobias Engel - SS7: Locate. Track. Manipulate. SIM Swapping
Conclusions It is possible to perform these attacks without physical access to the device (In theory…) POC||GTFO SMS wasn’t designed with security in mind nor to be used as a secure channel Online services should encourage app-based temp codes and make SMS opt-in
Recommendations for you Don’t leave your mobile device unattended Disable the assistant in the lock screen Disable notifications preview in the lock screen Use apps for 2FA Don’t provide your phone number if not required unless it’s the only way to get 2FA use a virtual number to prevent OSINT and SIM swapping attacks Check the settings to disable security challenges over SMS
THANK YOU! @martin_vigo martinvigo.com martinvigo@gmail.com linkedin.com/in/martinvigo github.com/martinvigo youtube.com/martinvigo Come see my DEF CON talk: “Compromising online accounts by cracking voicemail systems” Friday, 1PM in Track 1

Recommandé

Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsMartin Vigo
 
From email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachFrom email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachMartin Vigo
 
Modicare Mighty Guard
Modicare Mighty GuardModicare Mighty Guard
Modicare Mighty GuardAmritansh Barnwal
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Spoofing
Spoofing Spoofing
Spoofing paulina villanueva
 
Lenovo
LenovoLenovo
Lenovofbivirusalert
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 

Recommandé

Compromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsCompromising online accounts by cracking voicemail systems
Compromising online accounts by cracking voicemail systemsMartin Vigo
 
From email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachFrom email address to phone number, a new OSINT approach
From email address to phone number, a new OSINT approachMartin Vigo
 
Modicare Mighty Guard
Modicare Mighty GuardModicare Mighty Guard
Modicare Mighty GuardAmritansh Barnwal
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Spoofing
Spoofing Spoofing
Spoofing paulina villanueva
 
Lenovo
LenovoLenovo
Lenovofbivirusalert
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple processsagar_raj
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityQuick Heal Technologies Ltd.
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricksSudhanshu Mishra
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the HackJason Jakus
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
travel Safely
travel Safelytravel Safely
travel Safelyssuser4b758a
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSmantha Brooks
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 
Phone cloning
Phone cloning Phone cloning
Phone cloning Subhrajit Paul
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloningSALMAN SHAIKH
 
Mobile Phone Cloning
Mobile Phone CloningMobile Phone Cloning
Mobile Phone CloningShivam Jaiswal
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptxManojMudhiraj3
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloningSai Srinivas Mittapalli
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comchrist university
 

Contenu connexe

Tendances

Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple processsagar_raj
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricksSudhanshu Mishra
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Nuzhat Memon
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordChandrapriya Rediex
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareOne-IT
 

Tendances (14)

Block numbers on any i phone simple process
Block numbers on any i phone simple processBlock numbers on any i phone simple process
Block numbers on any i phone simple process
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Learn awesome hacking tricks
Learn awesome hacking tricksLearn awesome hacking tricks
Learn awesome hacking tricks
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
travel Safely
travel Safelytravel Safely
travel Safely
 
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
Std 12 Computer Chapter 5 Introduction to Mcommerce (Part 2)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time Password
 
Password hacking
Password hackingPassword hacking
Password hacking
 
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancareECSM - Ce faci dacă ți-au fost compromise conturile bancare
ECSM - Ce faci dacă ți-au fost compromise conturile bancare
 

Similaire à Ransombile: yet another reason to ditch sms

Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightParitosh Sharma
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloningSALMAN SHAIKH
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptxManojMudhiraj3
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comchrist university
 
Mobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedMobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedSai Srinivas Mittapalli
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeRocket Matter, LLC
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolutionTech and Law Center
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Techso
 

Similaire à Ransombile: yet another reason to ditch sms (20)

Phone cloning
Phone cloning Phone cloning
Phone cloning
 
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue InsightMahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
Mahindra Represented at The Mobile VAS SUMMIT 2009 by Virtue Insight
 
52 mobile phone cloning
52 mobile phone cloning52 mobile phone cloning
52 mobile phone cloning
 
Mobile Phone Cloning
Mobile Phone CloningMobile Phone Cloning
Mobile Phone Cloning
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptx
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.comMOBILE PHONE CLONING-Steginjoy2013@gmail.com
MOBILE PHONE CLONING-Steginjoy2013@gmail.com
 
Mobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedMobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermented
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and security
 
Web Security
Web SecurityWeb Security
Web Security
 
How to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law PracticeHow to Secure Your Mac Based Law Practice
How to Secure Your Mac Based Law Practice
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
Cloning. (4)
Cloning. (4)Cloning. (4)
Cloning. (4)
 
Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)Secure your Voice over IP (VoIP)
Secure your Voice over IP (VoIP)
 
Clonning
ClonningClonning
Clonning
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Mobile phone-cloning
Mobile phone-cloningMobile phone-cloning
Mobile phone-cloning
 

Plus de Martin Vigo

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsMartin Vigo
 
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsMartin Vigo
 
Mobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMartin Vigo
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile appsMartin Vigo
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKMartin Vigo
 
Breaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsBreaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsMartin Vigo
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Martin Vigo
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkMartin Vigo
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemMartin Vigo
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolMartin Vigo
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolMartin Vigo
 

Plus de Martin Vigo (11)

Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
 
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needsPhonerator, an advanced *valid* phone number generator for your OSINT/SE needs
Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs
 
Mobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLiMobile apps security. Beyond XSS, CSRF and SQLi
Mobile apps security. Beyond XSS, CSRF and SQLi
 
Building secure mobile apps
Building secure mobile appsBuilding secure mobile apps
Building secure mobile apps
 
Secure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDKSecure Salesforce: Hardened Apps with the Mobile SDK
Secure Salesforce: Hardened Apps with the Mobile SDK
 
Breaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secretsBreaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secrets
 
Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!Even the LastPass Will be Stolen Deal with It!
Even the LastPass Will be Stolen Deal with It!
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdk
 
Security Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against ThemSecurity Vulnerabilities: How to Defend Against Them
Security Vulnerabilities: How to Defend Against Them
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Ransombile: yet another reason to ditch sms

  • 1. Ransombile Yet another reason to ditch SMS Martin Vigo @martin_vigo | martinvigo.com 123456
  • 2. Martin Vigo Product Security Lead From Galicia, Spain Research | Scuba | Gin tonics @martin_vigo - martinvigo.com Amstrad CPC 6128 Captured while playing “La Abadía del crímen”
  • 3. Have you left your phone unattended?
  • 4. Did you disable the assistant on lock screen?
  • 5. Did you disable notifications on lock screen?
  • 6. What can the assistant do while the device is locked? ?
  • 7. How to steal $2,999.99 in less than 2 minutes https://www.martinvigo.com/steal-2999-99-minute-venmo-siri
  • 8.
  • 10.
  • 11. Well known issues for years “Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.”
  • 12. Objective Help push the industry to stop relying on SMS as a secure channel
  • 17. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 18. Obtain victim’s email “Send an email to attacker@domain.com about subject saying content”
  • 19. Obtain secret codes from SMS SMSs are displayed on locked home screen “Read my texts”
  • 20. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 21. Lots to compromise, limited time We need automation
  • 22. Ransombile Ransomware + Mobile Automates the entire password reset process over SMS Uses Selenium for UI automation rather APIs there is even a Firefox plugin that records your mouse movement and generates code for you Does not require any backend/API knowledge to add new SMS services
  • 23. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords
  • 24. Ransombile … 1. “Send an email to victim.ransom@gmail.com about subject saying content” 3. Initiate password reset process 4. Send codes over SMS 5. Read codes and enter in Ransombile 2. Get email address 6. Send secret codes and complete password reset
  • 25. Ransombile Demo Hi, my name is Tom Promise and I am a millenial!
  • 26.
  • 28. Conclusions A locked mobile device is still insecure Unattended mobile devices can be a bigger risk than unattended computers and companies tend to ignore this Consequences of losing your phone are not only monetary
  • 29. Can we do better? Getting rid of the physical access requirement
  • 30. Attack vector 1. Obtain victim’s email 2. Use it to initiate password reset in all services 3. Obtain secret codes from SMS 4. Use them to complete password reset process in all services 5. Set new passwords Requires physical access
  • 31. Chaouki Kasmi & Jose Lopes Esteves “Remote Command Injection on Modern Smartphones” Nicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner & Wenchao Zhou “Hidden Voice Commands” Obtain victim’s email without physical access Guoming Zhang, Chen Yan, Xiaoyu Ji, Taimin Zhang, Tianchen Zhang, Wenyuan Xu “DolphinAtack: Inaudible Voice Commands”
  • 33. Obtain secret codes from SMS without physical access SS7 attacks 2G downgrade attacks and broken A5/1 cipher Femtocells Defcon 21 - Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DEF CON 18 - Kristin Paget - Practical Cellphone Spying CCC - Tobias Engel - SS7: Locate. Track. Manipulate. SIM Swapping
  • 34. Conclusions It is possible to perform these attacks without physical access to the device (In theory…) POC||GTFO SMS wasn’t designed with security in mind nor to be used as a secure channel Online services should encourage app-based temp codes and make SMS opt-in
  • 35. Recommendations for you Don’t leave your mobile device unattended Disable the assistant in the lock screen Disable notifications preview in the lock screen Use apps for 2FA Don’t provide your phone number if not required unless it’s the only way to get 2FA use a virtual number to prevent OSINT and SIM swapping attacks Check the settings to disable security challenges over SMS
  • 36. THANK YOU! @martin_vigo martinvigo.com martinvigo@gmail.com linkedin.com/in/martinvigo github.com/martinvigo youtube.com/martinvigo Come see my DEF CON talk: “Compromising online accounts by cracking voicemail systems” Friday, 1PM in Track 1