6. New Smartphone Best
Practices
1. IT will use the iPhone Conļ¬guration
Utility so you can talk to Exchange, use
the VPN, wireless, etc.
2. Get iFart, itās hilarious.
Friday, July 9, 2010
8. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
Friday, July 9, 2010
9. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
ā¢ I enjoy my AT&T wireless service
Friday, July 9, 2010
10. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
ā¢ I enjoy my AT&T wireless service
ā¢ Feel that I have fantastic coverage everywhere I go at
all times
Friday, July 9, 2010
11. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
ā¢ I enjoy my AT&T wireless service
ā¢ Feel that I have fantastic coverage everywhere I go at
all times
ā¢ Am sure you have the largest/fastest 3G network,
regardless of what VZW says
Friday, July 9, 2010
12. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
ā¢ I enjoy my AT&T wireless service
ā¢ Feel that I have fantastic coverage everywhere I go at
all times
ā¢ Am sure you have the largest/fastest 3G network,
regardless of what VZW says
ā¢ Looking forward to years of receiving quality service
from you
Friday, July 9, 2010
13. If AT&T is in attendance:
ā¢ Facts about AT&T and me:
ā¢ I enjoy my AT&T wireless service
ā¢ Feel that I have fantastic coverage everywhere I go at
all times
ā¢ Am sure you have the largest/fastest 3G network,
regardless of what VZW says
ā¢ Looking forward to years of receiving quality service
from you
ā¢ Would love to chat
Friday, July 9, 2010
14. Jailbreaking
blackra1n
pwnagetool
Friday, July 9, 2010
15. It opens up a whole new world
of applications
Friday, July 9, 2010
16. It opens up a whole new world
of applications
ā¢ common Unix
binaries
Friday, July 9, 2010
17. It opens up a whole new world
of applications
ā¢ common Unix
binaries
ā¢ sshd
Friday, July 9, 2010
18. It opens up a whole new world
of applications
ā¢ common Unix
binaries
ā¢ sshd
ā¢ tethering
Friday, July 9, 2010
19. It opens up a whole new world
of applications
ā¢ common Unix
binaries
ā¢ sshd
ā¢ tethering
ā¢ pirate software
Friday, July 9, 2010
20. It opens up a whole new world
of applications
ā¢ common Unix
binaries
ā¢ sshd
ā¢ tethering
ā¢ pirate software
ā¢ super easy to JB your
phone
Friday, July 9, 2010
21. Impact on security
āJail breaking removes 80% of the
iPhoneās security precautionsā
Charlie Miller, SyScan 2009
Friday, July 9, 2010
42. Devices On the Network
10,589* IPs scanned
Count Port What?
83 22 sshd
24 80 http
4 2008 PDANet
3,644 62078 iPhone Default
Friday, July 9, 2010
43. Other stuff out there
ā¢ Saw a Linux box with sshd
ā¢ Windows Mobile devices
ā¢ Blackberries
ā¢ Windows PCās
ā¢ PDANet for the iPhone is an open proxy.
Friday, July 9, 2010
48. Letās do a bit more
Erica Utilities - cmd line utilities for the
iPhone
recAudio: Record audio from the
recAudio
onboard microphone.
Queries the iPhoneās GPS API to
findme
return latitude/longitude
Friday, July 9, 2010
53. Other bad things
ā¢ ./openURL tel://1-900-XXX-XXX
Friday, July 9, 2010
54. Other bad things
ā¢ ./openURL tel://1-900-XXX-XXX
ā¢ ./openURL tel://911 or tel://mynumber
Friday, July 9, 2010
55. Other bad things
ā¢ ./openURL tel://1-900-XXX-XXX
ā¢ ./openURL tel://911 or tel://mynumber
ā¢ Pillage ļ¬lesystem: email, sms, notes, app
data, etc.
Friday, July 9, 2010
56. Other bad things
ā¢ ./openURL tel://1-900-XXX-XXX
ā¢ ./openURL tel://911 or tel://mynumber
ā¢ Pillage ļ¬lesystem: email, sms, notes, app
data, etc.
ā¢ apt-get install tcpdump nmap
Friday, July 9, 2010
57. Other bad things
ā¢ ./openURL tel://1-900-XXX-XXX
ā¢ ./openURL tel://911 or tel://mynumber
ā¢ Pillage ļ¬lesystem: email, sms, notes, app
data, etc.
ā¢ apt-get install tcpdump nmap
ā¢ go wild on whatever network en0 is
connected to.
Friday, July 9, 2010
63. Some good news
ā¢ AT&T does segment part of their network:
Friday, July 9, 2010
64. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
Friday, July 9, 2010
65. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
ā¢ But I could see friend in Boston
Friday, July 9, 2010
66. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
ā¢ But I could see friend in Boston
ā¢ No easy way to target speciļ¬c individual (Identity to
AT&T NAT IP address not super easy)
Friday, July 9, 2010
67. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
ā¢ But I could see friend in Boston
ā¢ No easy way to target speciļ¬c individual (Identity to
AT&T NAT IP address not super easy)
ā¢ No way to correlate 10.x.x.x IP to person via Safari
Friday, July 9, 2010
68. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
ā¢ But I could see friend in Boston
ā¢ No easy way to target speciļ¬c individual (Identity to
AT&T NAT IP address not super easy)
ā¢ No way to correlate 10.x.x.x IP to person via Safari
ā¢ decloak.net doesnāt really work in Mobile Safari
Friday, July 9, 2010
69. Some good news
ā¢ AT&T does segment part of their network:
ā¢ e.g. I could not see friend in CA from DC
ā¢ But I could see friend in Boston
ā¢ No easy way to target speciļ¬c individual (Identity to
AT&T NAT IP address not super easy)
ā¢ No way to correlate 10.x.x.x IP to person via Safari
ā¢ decloak.net doesnāt really work in Mobile Safari
ā¢ Man this is slow...
Friday, July 9, 2010
70. email to ID user
<img src=āhttp://10.69.62.220/i.jpgā>
10.69.63.220:80 10.69.63.110
src:10.69.63.110
10.69.63.220:80 10.69.63.110
dst:10.69.63.220
Friday, July 9, 2010
71. What to do
ā¢ Donāt Jailbreak your phone if you care about
security (sorry)
ā¢ Change root and mobile usersā passwords
ā¢ Attention Cydia Folks: Do not bind sshd to pdp
interfaces; force password change upon install
ā¢ IT Folks: Policy on jailbroken iphones
ā¢ AT&T: Filter mobile to mobile IP trafļ¬c
Friday, July 9, 2010
75. Location Based Apps
ā¢ Underworld: Sweet Deal
ā¢ Drug trafļ¬cking game with candy
Friday, July 9, 2010
76. Location Based Apps
ā¢ Underworld: Sweet Deal
ā¢ Drug trafļ¬cking game with candy
ā¢ Location matters, move product from point
A to point B
Friday, July 9, 2010
77. Location Based Apps
ā¢ Underworld: Sweet Deal
ā¢ Drug trafļ¬cking game with candy
ā¢ Location matters, move product from point
A to point B
ā¢ Phone sends high resolution coordinates to
game server
Friday, July 9, 2010
81. Paros
ā¢ Client side proxy
ā¢ Conļ¬gure iPhone to use machine running
Parosās IP address as proxy
ā¢ Watch what your apps send and receive
Friday, July 9, 2010
100. perl script
#! /usr/bin/perl
use strict;
use warnings;
# make single or multiline input into one scalar
my $glob = join('',(<>));
# extract name-to-flag records
my @records = $glob =~ /(<name>.*?</lon>)/ig;
for (@records)
{
my ($name,$lat,$lon) = $_ =~
qr|<name>(.*?)</name>.*?<lat>([-d.]*)</lat><lon>([-d
.]*)</lon>|i;
print "$lat,$lon,$namen";
}
Friday, July 9, 2010