SlideShare une entreprise Scribd logo

Securitate mobila - SMS by Bogdan Alecu

M
msecnet

Prezentare Securitate mobila - SMS la DefCamp Iasi

Technologie
1  sur  41
Télécharger pour lire hors ligne
Securitate mobila – Atacuri prin SMS Prezentator: Bogdan ALECU http://m-sec.net Twitter: @msecnet
Informatii generale despre SMS Amenintari WAP Interceptare trafic de date Demo
Informatii generale SMS - Short Message Service reprezinta un mod de comunicare prin mesaje text intre telefoanele mobile / fixe, utilizand un protocol standardizat. Este un mod de comunicare eficace; utilizatorul scrie un text, apasa SEND si mesajul e livrat aproape instant catre destinatar. Folosit pentru mai multe scopuri: MMS – Multimedia Messaging Service, OTA – Over The Air – configurarea telefonului, notificari pentru mesageria vocala, email, fax, microplati – plata unor sume mici pentru diferite servicii => SECURITATE!
Informatii generale “Un dispozitiv mobil activ trebuie sa fie capabil de a primi un mesaj scurt de tipul TPDU - Transfer protocol data unit - (SMS-DELIVER) in orice moment, indiferent daca exista un apel sau trafic de date in derulare. Un raport va fi trimis intotdeauna catre SC (Serviciul de mesaje); confirmand fie ca tel a primit mesajul sau ca mesajul nu a fost livrat, incluzind si motivul refuzului.” ETSI TS 100 901 V7.5.0 (2001-12), pag 13
Amenintari - SMS SMS SPAM SMS spoofing Notificari SMS Alte tipuri
Amenintari - SMS SMS SPAM Companiile ofera servicii de publicitate prin SMS Mesaje cu castiguri false Inginerie sociala – “Suna-ma urgent pe nr asta: 0900323421! Mama”
Amenintari - SMS SMS Spoofing Servicii online ce permit modificarea expeditorului (numeric / alfanumeric) Greu de oprit, mai ales daca tinem cont de roaming Eficienta mai mare in atacurile de tip inginerie sociala
Amenintari - SMS Notificari SMS Voicemail Fax E-mail Video Utilizatorul nu poate scoate icon-ul de notificare asupra primirii unui astfel de mesaj
Amenintari - SMS Notificari SMS (voicemail)
Amenintari - SMS Notificari SMS (email)
Amenintari - SMS Alte tipuri Flash SMS (Class 0) – utilizatorul vede mesajul direct, fara a intra in Inbox Silent SMS – DCS 0xC0 = Message Waiting Indication Group: Discard Message
Amenintari - SMS Alte tipuri Flash SMS
Amenintari - SMS Alte tipuri Silent SMS
WAP Wireless Application Protocol Arhitectura de retea specifica Set de reguli Limbaj specific: Wireless Markup Language (WML) Pagini HTML ajustate pentru dimensiunea ecranului telefonului
WAP
WAP Push Permite trimiterea de continut WAP cu o interventie minima din partea utilizatorului 2 tipuri: Service Indication / Service Load
WAP Push Service Indication (SI) permite trimiterea de notificari utilizatorului intr-un mod asincron
WAP Push Service Indication (SI)
WAP Push Service Load (SL) determina “aplicatia” de pe telefon sa incarce si execute un serviciu
WAP Push Service Load (SL)
WAP Push - securitate Teoria: Doar un anumit numar este autorizat pentru trimitere; Practica: daca nu e configurat bine, un telefon accepta de la orice numar astfel de mesaje Pe Windows Mobile trebuiesc verificate setarile din HKLMSecurityPoliciesPolicies ; SL Message Policy ; (default: SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINESecurityPoliciesPolicies] "0000100c"=dword:800 ; SI Message Policy ; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINESecurityPoliciesPolicies] "0000100d"=dword:c00
WAP Push - securitate SECROLE_PPG_TRUSTED: Trusted Push Proxy Gateway. Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG). SECROLE_PPG_AUTH: Push Initiator Authenticated. Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
WAP Push - securitate
WAP Configurarea telefonului pentru acces la Internet / date poate fi facuta manual Pentru o configurare mai usoara, rapida si pentru eventualele schimbari, a fost creat un standard ce permite configurarea de la distanta Programarea Over The Air (OTA) foloseste standardul OMA – Open Mobile Alliance Programarea se face prin SMS-uri special concepute
WAP - provisioning Foloseste protocolul WAP WBXML (WAP Binary XML) prin Wireless Application Environment Wireless Session Protocol Wireless Datagram Protocol SMS
WAP - provisioning Configurarea se scrie in XML (conform specificatiilor de la http://www.openmobilealliance.org) XML-ul se va codifica in WAP Binary XML WBXML se va encapsula intr-o data de tip Wireless Session Protocol Datele se vor codifica intr-un mesaj Push, definit in Wireless Session Protocol
WAP - provisioning Mesajul Push contine diferiti parametri, unul fiind parametrul “SEC” pentru autentificare pe baza de “cheie” comuna USERPIN: string ASCII codificat in zecimale NETWPIN: cheia este specifica retelei si cunoscuta (teoretic) doar de catre operator USERNETWPIN: combinatie a celor 2
WAP - provisioning NETWPIN: IMSI = MCC+MNC+MSIN (Mobile Subscription Identification Number) Pret: 2-5 euro-centi In general limitat pentru companii, se cere un volum mare de interogari
WAP - provisioning <wap-provisioningdoc> <characteristic type="NAPDEF"> <parm name="NAME" value="NewAPN"/> <parm name="NAPID" value="NewAPN_NAPID_ME"/> <parm name="BEARER" value="GSM-GPRS"/> <parm name="NAP-ADDRESS" value="apn.operator.ro"/> <parm name="NAP-ADDRTYPE" value="APN"/> </characteristic> <characteristic type=“APPLICATION"> <parm name="NAME" value="NewAPN"/> <parm name="APPID" value="w2"/> <parm name="TO-NAPID" value="NewAPN_NAPID_ME"/> </characteristic> <wap-provisioningdoc>
WAP - provisioning <wap-provisioningdoc> - contine toata informatia transmisa <characteristic …> - grupeaza informatia in unitati logice <… value="NAPDEF"/> - configuram un nou network access point <parm name="APPID" value="w2"/> - mapeaza configuratia la activitatile de browsing Informatii la http://www.openmobilealliance.org
WAP - provisioning <wap-provisioningdoc> <characteristic type="BOOTSTRAP"> <parm name="NAME" value=“Operator NET"/> <parm name="PROXY-ID" value="OpNET_Proxy"/> </characteristic> <characteristic type="NAPDEF"> <parm name="NAME" value="OpNET"/> <parm name="NAPID" value="OpNET_NAPID"/> <parm name="BEARER" value="GSM-GPRS"/> <parm name="NAP-ADDRESS" value="net"/> <parm name="NAP-ADDRTYPE" value="APN"/> </characteristic>
WAP - provisioning <characteristic type="PXLOGICAL"> <parm name="NAME" value="OpNET"/> <parm name="PROXY-ID" value="OpNET_Proxy"/> <characteristic type="PXPHYSICAL"> <parm name="PHYSICAL-PROXY-ID" value="OpNET_PhProxy"/> <parm name="PXADDR" value=“192.168.1.1"/> <parm name="PXADDRTYPE" value="IPV4"/> <parm name="TO-NAPID" value="OpNET_NAPID"/> <characteristic type="PORT"> <parm name="PORTNBR" value="8080"/> </characteristic> </characteristic> </characteristic>
WAP - provisioning <characteristic type="APPLICATION"> <parm name="APPID" value="w2"/> <parm name="NAME" value="OpNET"/> <parm name="TO-PROXY" value="OpNET_Proxy"/> <characteristic type="RESOURCE"> <parm name="NAME" value="OpNET"/> <parm name="URI" value="http://www.google.com"/> <parm name="STARTPAGE"/> </characteristic> </characteristic> </wap-provisioningdoc>
WAP - provisioning Teoretic aceasta configurare poate fi facuta doar de catre operator, de la un numar predefinit Putem analiza SMS-ul prin WireShark Putem adauga un alt numar
WAP - provisioning <?xml version="1.0"?> <!DOCTYPE wap-provisioningdoc PUBLIC "-//WAPFORUM//DTD PROV 1.0//EN" wap- "- "http://www.wapforum.org/DTD/prov.dtd"> "http://www.wapforum.org/DTD/prov.dtd"> <wap-provisioningdoc version="1.1"> wap- <characteristic type="BOOTSTRAP"> <parm name="NAME" value=“Nume"/> value=“ Nume"/> </characteristic> <characteristic type="PXLOGICAL"> <parm name="NAME" value=“Nume"/> value=“ Nume"/> <parm name="PROXY-ID" value="Trusted_Proxy"/> name="PROXY- value="Trusted_Proxy"/> <parm name="NAME" value="Trusted Proxy"/> <characteristic type="PXPHYSICAL"> <parm name="PHYSICAL-PROXY-ID" value="Trusted_PhProxy"/> name="PHYSICAL- PROXY- value="Trusted_PhProxy"/> <parm name="PXADDR" value="40711111111"/> <parm name="PXADDRTYPE" value="E164"/> <parm name="TO-NAPID" value="Trusted_NAPID"/> name="TO- value="Trusted_NAPID"/> <parm name="PUSHENABLED" value="1"/> <parm name="PULLENABLED" value="1"/> </characteristic> </characteristic> <characteristic type="NAPDEF"> <parm name="NAME" value="Op"/> <parm name="NAPID" value="Trusted_NAPID"/> value="Trusted_NAPID"/> <parm name="BEARER" value="GSM-SMS"/> value="GSM- <parm name="NAME" value="Trusted Proxy"/> <parm name="NAP-ADDRESS" value=" 40711111111 "/> name="NAP- <parm name="NAP-ADDRTYPE" value="E164"/> name="NAP- </characteristic>
WAP - provisioning <wap-provisioningdoc> <characteristic type="NetworkPolicy"> <characteristic type="WiFi"> <characteristic type="Settings"> <parm name="Disabled" value="1"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>
Interceptare trafic Traficul trece prin proxy-ul nostru Varianta 1 – Burp Proxy
Interceptare trafic Traficul trece prin proxy-ul nostru Varianta 2 – sslstrip http://www.thoughtcrime.org/software/sslstrip/
Interceptare trafic DEMO
Protectie Operatorul poate filtra aceste tipuri de mesaje Producatorii de telefoane trebuie sa se concentreze mai mult pe securitate Verificati constant (la fel cum faceti cu factura / creditul disponibil) setarile de Internet
Intrebari?

Recommandé

Atac asupra SIM Toolkit - Bogdan Alecu
Atac asupra SIM Toolkit - Bogdan AlecuAtac asupra SIM Toolkit - Bogdan Alecu
Atac asupra SIM Toolkit - Bogdan Alecumsecnet
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecampmsecnet
 
AWS-compared-to-OpenStack
AWS-compared-to-OpenStackAWS-compared-to-OpenStack
AWS-compared-to-OpenStackJonathan Gershater
 
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPP
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPPElementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPP
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPPLouis K. H. Kuo
 
The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...Brian Solis
 
Open Source Creativity
Open Source CreativityOpen Source Creativity
Open Source CreativitySara Cannon
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)maditabalnco
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 

Recommandé

Atac asupra SIM Toolkit - Bogdan Alecu
Atac asupra SIM Toolkit - Bogdan AlecuAtac asupra SIM Toolkit - Bogdan Alecu
Atac asupra SIM Toolkit - Bogdan Alecumsecnet
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecampmsecnet
 
AWS-compared-to-OpenStack
AWS-compared-to-OpenStackAWS-compared-to-OpenStack
AWS-compared-to-OpenStackJonathan Gershater
 
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPP
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPPElementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPP
Elementary procedures for Circuit-Switched (CS) Call Control (CC) in 3GPPLouis K. H. Kuo
 
The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...The impact of innovation on travel and tourism industries (World Travel Marke...
The impact of innovation on travel and tourism industries (World Travel Marke...Brian Solis
 
Open Source Creativity
Open Source CreativityOpen Source Creativity
Open Source CreativitySara Cannon
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)maditabalnco
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 
Microservice Come in Systems
Microservice Come in SystemsMicroservice Come in Systems
Microservice Come in SystemsMarkus Eisele
 
Interoperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITInteroperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITCarol McDonald
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolgit tech
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining Tail-f Systems
 
How lagom helps to build real world microservice systems
How lagom helps to build real world microservice systemsHow lagom helps to build real world microservice systems
How lagom helps to build real world microservice systemsMarkus Eisele
 
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...OpenCredo
 
Wap architecture and wml script
Wap architecture and wml scriptWap architecture and wml script
Wap architecture and wml scriptishmecse13
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfDimitrisLogothetis10
 
Wireless iSeries Performance Monitoring
Wireless iSeries Performance MonitoringWireless iSeries Performance Monitoring
Wireless iSeries Performance Monitoringmboadway
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and moreWSO2
 
Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Balázs Antók
 
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...WSO2
 
Wap Security Arch Presentation
Wap Security Arch PresentationWap Security Arch Presentation
Wap Security Arch PresentationRam Dutt Shukla
 
WAP
WAPWAP
WAPVinishA23
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfNohaNagy5
 
introduction to Windows Comunication Foundation
introduction to Windows Comunication Foundationintroduction to Windows Comunication Foundation
introduction to Windows Comunication Foundationredaxe12
 
Web Services
Web ServicesWeb Services
Web ServicesGaurav Tyagi
 
Web Services
Web ServicesWeb Services
Web ServicesGaurav Tyagi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Contenu connexe

Similaire à Securitate mobila - SMS by Bogdan Alecu

Microservice Come in Systems
Microservice Come in SystemsMicroservice Come in Systems
Microservice Come in SystemsMarkus Eisele
 
Interoperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITInteroperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITCarol McDonald
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocolgit tech
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining Tail-f Systems
 
How lagom helps to build real world microservice systems
How lagom helps to build real world microservice systemsHow lagom helps to build real world microservice systems
How lagom helps to build real world microservice systemsMarkus Eisele
 
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...OpenCredo
 
Wap architecture and wml script
Wap architecture and wml scriptWap architecture and wml script
Wap architecture and wml scriptishmecse13
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfDimitrisLogothetis10
 
Wireless iSeries Performance Monitoring
Wireless iSeries Performance MonitoringWireless iSeries Performance Monitoring
Wireless iSeries Performance Monitoringmboadway
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and moreWSO2
 
Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Balázs Antók
 
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...WSO2
 
Wap Security Arch Presentation
Wap Security Arch PresentationWap Security Arch Presentation
Wap Security Arch PresentationRam Dutt Shukla
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfNohaNagy5
 
introduction to Windows Comunication Foundation
introduction to Windows Comunication Foundationintroduction to Windows Comunication Foundation
introduction to Windows Comunication Foundationredaxe12
 

Similaire à Securitate mobila - SMS by Bogdan Alecu (20)

Microservice Come in Systems
Microservice Come in SystemsMicroservice Come in Systems
Microservice Come in Systems
 
Interoperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSITInteroperable Web Services with JAX-WS and WSIT
Interoperable Web Services with JAX-WS and WSIT
 
Wireless application protocol
Wireless application protocolWireless application protocol
Wireless application protocol
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
 
How lagom helps to build real world microservice systems
How lagom helps to build real world microservice systemsHow lagom helps to build real world microservice systems
How lagom helps to build real world microservice systems
 
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
Microservices Manchester: How Lagom Helps to Build Real World Microservice Sy...
 
Wap architecture and wml script
Wap architecture and wml scriptWap architecture and wml script
Wap architecture and wml script
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
 
Wireless iSeries Performance Monitoring
Wireless iSeries Performance MonitoringWireless iSeries Performance Monitoring
Wireless iSeries Performance Monitoring
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ing
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ing
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and more
 
Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702
 
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
[WSO2 Integration Summit Nairobi 2019] Ballerina - Cloud Native Programming L...
 
Wap Security Arch Presentation
Wap Security Arch PresentationWap Security Arch Presentation
Wap Security Arch Presentation
 
WAP
WAPWAP
WAP
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdf
 
introduction to Windows Comunication Foundation
introduction to Windows Comunication Foundationintroduction to Windows Comunication Foundation
introduction to Windows Comunication Foundation
 
Web Services
Web ServicesWeb Services
Web Services
 
Web Services
Web ServicesWeb Services
Web Services
 

Dernier

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Dernier (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Securitate mobila - SMS by Bogdan Alecu

  • 1. Securitate mobila – Atacuri prin SMS Prezentator: Bogdan ALECU http://m-sec.net Twitter: @msecnet
  • 2. Informatii generale despre SMS Amenintari WAP Interceptare trafic de date Demo
  • 3. Informatii generale SMS - Short Message Service reprezinta un mod de comunicare prin mesaje text intre telefoanele mobile / fixe, utilizand un protocol standardizat. Este un mod de comunicare eficace; utilizatorul scrie un text, apasa SEND si mesajul e livrat aproape instant catre destinatar. Folosit pentru mai multe scopuri: MMS – Multimedia Messaging Service, OTA – Over The Air – configurarea telefonului, notificari pentru mesageria vocala, email, fax, microplati – plata unor sume mici pentru diferite servicii => SECURITATE!
  • 4. Informatii generale “Un dispozitiv mobil activ trebuie sa fie capabil de a primi un mesaj scurt de tipul TPDU - Transfer protocol data unit - (SMS-DELIVER) in orice moment, indiferent daca exista un apel sau trafic de date in derulare. Un raport va fi trimis intotdeauna catre SC (Serviciul de mesaje); confirmand fie ca tel a primit mesajul sau ca mesajul nu a fost livrat, incluzind si motivul refuzului.” ETSI TS 100 901 V7.5.0 (2001-12), pag 13
  • 5. Amenintari - SMS SMS SPAM SMS spoofing Notificari SMS Alte tipuri
  • 6. Amenintari - SMS SMS SPAM Companiile ofera servicii de publicitate prin SMS Mesaje cu castiguri false Inginerie sociala – “Suna-ma urgent pe nr asta: 0900323421! Mama”
  • 7. Amenintari - SMS SMS Spoofing Servicii online ce permit modificarea expeditorului (numeric / alfanumeric) Greu de oprit, mai ales daca tinem cont de roaming Eficienta mai mare in atacurile de tip inginerie sociala
  • 8. Amenintari - SMS Notificari SMS Voicemail Fax E-mail Video Utilizatorul nu poate scoate icon-ul de notificare asupra primirii unui astfel de mesaj
  • 9. Amenintari - SMS Notificari SMS (voicemail)
  • 11. Amenintari - SMS Alte tipuri Flash SMS (Class 0) – utilizatorul vede mesajul direct, fara a intra in Inbox Silent SMS – DCS 0xC0 = Message Waiting Indication Group: Discard Message
  • 12. Amenintari - SMS Alte tipuri Flash SMS
  • 13. Amenintari - SMS Alte tipuri Silent SMS
  • 14. WAP Wireless Application Protocol Arhitectura de retea specifica Set de reguli Limbaj specific: Wireless Markup Language (WML) Pagini HTML ajustate pentru dimensiunea ecranului telefonului
  • 15. WAP
  • 16. WAP Push Permite trimiterea de continut WAP cu o interventie minima din partea utilizatorului 2 tipuri: Service Indication / Service Load
  • 17. WAP Push Service Indication (SI) permite trimiterea de notificari utilizatorului intr-un mod asincron
  • 19. WAP Push Service Load (SL) determina “aplicatia” de pe telefon sa incarce si execute un serviciu
  • 21. WAP Push - securitate Teoria: Doar un anumit numar este autorizat pentru trimitere; Practica: daca nu e configurat bine, un telefon accepta de la orice numar astfel de mesaje Pe Windows Mobile trebuiesc verificate setarile din HKLMSecurityPoliciesPolicies ; SL Message Policy ; (default: SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINESecurityPoliciesPolicies] "0000100c"=dword:800 ; SI Message Policy ; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINESecurityPoliciesPolicies] "0000100d"=dword:c00
  • 22. WAP Push - securitate SECROLE_PPG_TRUSTED: Trusted Push Proxy Gateway. Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG). SECROLE_PPG_AUTH: Push Initiator Authenticated. Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).
  • 23. WAP Push - securitate
  • 24. WAP Configurarea telefonului pentru acces la Internet / date poate fi facuta manual Pentru o configurare mai usoara, rapida si pentru eventualele schimbari, a fost creat un standard ce permite configurarea de la distanta Programarea Over The Air (OTA) foloseste standardul OMA – Open Mobile Alliance Programarea se face prin SMS-uri special concepute
  • 25. WAP - provisioning Foloseste protocolul WAP WBXML (WAP Binary XML) prin Wireless Application Environment Wireless Session Protocol Wireless Datagram Protocol SMS
  • 26. WAP - provisioning Configurarea se scrie in XML (conform specificatiilor de la http://www.openmobilealliance.org) XML-ul se va codifica in WAP Binary XML WBXML se va encapsula intr-o data de tip Wireless Session Protocol Datele se vor codifica intr-un mesaj Push, definit in Wireless Session Protocol
  • 27. WAP - provisioning Mesajul Push contine diferiti parametri, unul fiind parametrul “SEC” pentru autentificare pe baza de “cheie” comuna USERPIN: string ASCII codificat in zecimale NETWPIN: cheia este specifica retelei si cunoscuta (teoretic) doar de catre operator USERNETWPIN: combinatie a celor 2
  • 28. WAP - provisioning NETWPIN: IMSI = MCC+MNC+MSIN (Mobile Subscription Identification Number) Pret: 2-5 euro-centi In general limitat pentru companii, se cere un volum mare de interogari
  • 29. WAP - provisioning <wap-provisioningdoc> <characteristic type="NAPDEF"> <parm name="NAME" value="NewAPN"/> <parm name="NAPID" value="NewAPN_NAPID_ME"/> <parm name="BEARER" value="GSM-GPRS"/> <parm name="NAP-ADDRESS" value="apn.operator.ro"/> <parm name="NAP-ADDRTYPE" value="APN"/> </characteristic> <characteristic type=“APPLICATION"> <parm name="NAME" value="NewAPN"/> <parm name="APPID" value="w2"/> <parm name="TO-NAPID" value="NewAPN_NAPID_ME"/> </characteristic> <wap-provisioningdoc>
  • 30. WAP - provisioning <wap-provisioningdoc> - contine toata informatia transmisa <characteristic …> - grupeaza informatia in unitati logice <… value="NAPDEF"/> - configuram un nou network access point <parm name="APPID" value="w2"/> - mapeaza configuratia la activitatile de browsing Informatii la http://www.openmobilealliance.org
  • 31. WAP - provisioning <wap-provisioningdoc> <characteristic type="BOOTSTRAP"> <parm name="NAME" value=“Operator NET"/> <parm name="PROXY-ID" value="OpNET_Proxy"/> </characteristic> <characteristic type="NAPDEF"> <parm name="NAME" value="OpNET"/> <parm name="NAPID" value="OpNET_NAPID"/> <parm name="BEARER" value="GSM-GPRS"/> <parm name="NAP-ADDRESS" value="net"/> <parm name="NAP-ADDRTYPE" value="APN"/> </characteristic>
  • 32. WAP - provisioning <characteristic type="PXLOGICAL"> <parm name="NAME" value="OpNET"/> <parm name="PROXY-ID" value="OpNET_Proxy"/> <characteristic type="PXPHYSICAL"> <parm name="PHYSICAL-PROXY-ID" value="OpNET_PhProxy"/> <parm name="PXADDR" value=“192.168.1.1"/> <parm name="PXADDRTYPE" value="IPV4"/> <parm name="TO-NAPID" value="OpNET_NAPID"/> <characteristic type="PORT"> <parm name="PORTNBR" value="8080"/> </characteristic> </characteristic> </characteristic>
  • 33. WAP - provisioning <characteristic type="APPLICATION"> <parm name="APPID" value="w2"/> <parm name="NAME" value="OpNET"/> <parm name="TO-PROXY" value="OpNET_Proxy"/> <characteristic type="RESOURCE"> <parm name="NAME" value="OpNET"/> <parm name="URI" value="http://www.google.com"/> <parm name="STARTPAGE"/> </characteristic> </characteristic> </wap-provisioningdoc>
  • 34. WAP - provisioning Teoretic aceasta configurare poate fi facuta doar de catre operator, de la un numar predefinit Putem analiza SMS-ul prin WireShark Putem adauga un alt numar
  • 35. WAP - provisioning <?xml version="1.0"?> <!DOCTYPE wap-provisioningdoc PUBLIC "-//WAPFORUM//DTD PROV 1.0//EN" wap- "- "http://www.wapforum.org/DTD/prov.dtd"> "http://www.wapforum.org/DTD/prov.dtd"> <wap-provisioningdoc version="1.1"> wap- <characteristic type="BOOTSTRAP"> <parm name="NAME" value=“Nume"/> value=“ Nume"/> </characteristic> <characteristic type="PXLOGICAL"> <parm name="NAME" value=“Nume"/> value=“ Nume"/> <parm name="PROXY-ID" value="Trusted_Proxy"/> name="PROXY- value="Trusted_Proxy"/> <parm name="NAME" value="Trusted Proxy"/> <characteristic type="PXPHYSICAL"> <parm name="PHYSICAL-PROXY-ID" value="Trusted_PhProxy"/> name="PHYSICAL- PROXY- value="Trusted_PhProxy"/> <parm name="PXADDR" value="40711111111"/> <parm name="PXADDRTYPE" value="E164"/> <parm name="TO-NAPID" value="Trusted_NAPID"/> name="TO- value="Trusted_NAPID"/> <parm name="PUSHENABLED" value="1"/> <parm name="PULLENABLED" value="1"/> </characteristic> </characteristic> <characteristic type="NAPDEF"> <parm name="NAME" value="Op"/> <parm name="NAPID" value="Trusted_NAPID"/> value="Trusted_NAPID"/> <parm name="BEARER" value="GSM-SMS"/> value="GSM- <parm name="NAME" value="Trusted Proxy"/> <parm name="NAP-ADDRESS" value=" 40711111111 "/> name="NAP- <parm name="NAP-ADDRTYPE" value="E164"/> name="NAP- </characteristic>
  • 36. WAP - provisioning <wap-provisioningdoc> <characteristic type="NetworkPolicy"> <characteristic type="WiFi"> <characteristic type="Settings"> <parm name="Disabled" value="1"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>
  • 37. Interceptare trafic Traficul trece prin proxy-ul nostru Varianta 1 – Burp Proxy
  • 38. Interceptare trafic Traficul trece prin proxy-ul nostru Varianta 2 – sslstrip http://www.thoughtcrime.org/software/sslstrip/
  • 40. Protectie Operatorul poate filtra aceste tipuri de mesaje Producatorii de telefoane trebuie sa se concentreze mai mult pe securitate Verificati constant (la fel cum faceti cu factura / creditul disponibil) setarile de Internet