Troshichev i os mitm attack

Post on 27-May-2015

2.569 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

Transcript of Troshichev i os mitm attack

iOS MITM Attack Technology and effects

sieg.in 1

sieg.in 2

Boot validation

• CA – Apple Certificate Authority

• SIGN – Signature

sieg.in 3

Files Protection

sieg.in 4

Classic provisioning

sieg.in 5

Actual provisioning

sieg.in 6

Because “Apple Root CA” fingerprint hardcoded into iOS and have to be 61:1E:5B:66:2C:59:3A:08:FF:58:D1:4A:E2:24:52:D1:98:DF:6C:60

Why we can’t create fake signature?

sieg.in 7

SSL

sieg.in 8

Certificate Authority Storage

Few from 186 are quite interesting :

– C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA

– C=JP, O=Japanese Government, OU=ApplicationCA

– C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root

sieg.in 9

Certificate authentication

sieg.in 10

I want my CA in your iOS

sieg.in 11

Ways to install CA in iOS

o Safari

o Email attachment

o MDM

With configuration profile

Can be installed with Safari

sieg.in 12

Attack

sieg.in 13

Mobileconfig contains

WiFi settings (pass, SSID) for “Gate”

CA

Proxy Settings, if we want victim’s traffic even it has left attack range. (Only for iOS6)

iCloud backup (enable it, if not)

sieg.in 14

Mobileconfig installation

sieg.in 15

Looks bad =(

sieg.in 16

Let’s take a look on default CA list...

sieg.in 17

COMODO trial certificate

• You only need valid admin@yourdomain.com mail for confirmation

• Can be used for signing

sieg.in 18

mailto:admin@yourdomain.com

How to sign

sieg.in 19

Looks much better

sieg.in 20

SSL Defeated But we want more

sieg.in 21

How to get files from device

sieg.in 22

Elcomsoft Phone Password Breaker

sieg.in 23

Once again

sieg.in 24

What’s in backup?

• SMS • Private photo • Emails • Application data • And more …

sieg.in 25

Files done But we want more

sieg.in 26

Apple Push Notification Service

sieg.in 27

Fake! Fake! Fake!

sieg.in 28

Wipe Tragedy (act 1/1)

sieg.in 29

Summary

User only have to tap ‘Install’ two times to make us able to :

– Sniff all his SSL traffic (cookies,passwords, etc)

– Steal his backup (call log, sms log, photos and application data)

– Send him funny push messages or just wipe device

sieg.in 30

sieg.in 31

sieg.in al@sieg.in

@siegin

Top related

MitM Attack by Name Collision: Cause Analysis and ...alfchen/alfred_sp16.pdfMitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era Qi Alfred
 Documents
MITM : man in the middle attack
 Education
Collaborative Approach to Mitigating ARP Poisoning-based ...yu.ac.kr/~synam/papers/arp_spoofing_mitigation_general_submit.pdf · ARP poisoning on Node A and the MITM attack be-tween
 Documents
Recent Meet-in-the-Middle Attacks on Block Ciphersweb.spms.ntu.edu.sg/~ask/2012/slides_03_Takanori_Isobe.pdf · Background Meet-in-the-Middle(MitM)attack was proposed by Diffie
 Documents
CS255 Programming Project 2crypto.stanford.edu/~dabo/courses/cs255_winter07/proj2_pres.pdf · • Implement a simple Man In The Middle (MITM) attack on SSL • Use Java’s networking,
 Documents
MITM Attacks on HTTPS: Another Perspective · - A. stops the MitM attack 4. JS can interact with HostA in a usual way Browser knows nothing about MitM! ... MITM Attacks on HTTPS:
 Documents
MITM attack demov2
 Documents
Converting MITM Preimage Attack into Pseudo Collision ...fse2012.inria.fr/SLIDES/67.pdf · MITM preimage attack with the matching point at the end is considered as partial target
 Documents
MitM Attack by Name Collision: Cause Analysis and Vulnerability ...
 Documents
iOS MITM Attack
 Documents
MITM ARP Poison Attack - simms-teach.com · CIS 76 MITM via ARP Poisoning MITM ARP Poison Attack 1 DRAFT Last updated 9/4/2017
 Documents
A COUNTERMEASURE FOR FLOODING ATTACK IN MOBILE … · Man-In-The-Middle (MITM) MITM attacks occur when an adversary deceives a MSS to appear as a legitimate BS while simultaneously
 Documents
All Subkeys Recovery Attack on Block Ciphers: Extending ...ark/mitm_preprint.pdf · All Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle ... (MITM) attacks on
 Documents
Mitm Presentation
 Documents
20170629 pses mitm - confs.imirhil.fr
 Documents
Man-in-middle-attack (MITM) - Portal
 Documents
BeEF Injection MITM
 Documents
Ev Ssl Mitm Slides
 Documents
Legacy of Heartbleed: MITM and Revoked - Zeronights 2017 · Legacy of Heartbleed: MITM and Revoked Certificates Alexey Busygin busygin@neobit.ru NeoBIT . ... Man-in-the-Middle Attack
 Documents
SELF STUDY REPORT - MITM
 Documents

Copyright © 2022 FDOCUMENTS