© OMTP All rights reserved Slide 1 - ETSI · Telephony API •Calls to initiate and handle...
Transcript of © OMTP All rights reserved Slide 1 - ETSI · Telephony API •Calls to initiate and handle...
© OMTP All rights reserved Slide 1
© OMTP All rights reserved Slide 2
Surfing with the Sharks
Securing Mobile Widgets
5th ETSI Security Workshop
20th January 2010
Sophia Antipolis, France
David Rogers, Director of External Relations, OMTP
© OMTP All rights reserved Slide 3
OMTP – Who are we?
Advisor
members
Operator Members
Sponsor members
© OMTP All rights reserved Slide 4
OMTP Non-BONDI Activity
• Updating common charger publication with to reflect enhanced
power requirementsGreen Chargers
• Defragmentation of Bluetooth profiles Bluetooth
• Defining standard camera propertiesCamera
• Defining mechanisms for in store wired updates for devicesWired Updates
• Standardising common device errors for simplified reportingCommon Errors
• Defining enhancements to existing visual voicemail specificationsVisual voicemail client
• Addressing the end to end problem of ensuring multiple applications
can maintain always on connectivity, (network and battery)
Network and battery
optimisation
© OMTP All rights reserved Slide 5
What are Widgets?
• Small self-contained web applications:
• CSS, HTML, JavaScript, XML - zipped
• Perfect for mobile – easy to program and distribute
• Device independent, cross-platform
• Opportunity for Apps everywhere: (overcoming fragmentation)
=
© OMTP All rights reserved Slide 6
Widgets, widgets or
widgets?
DesktopYahoo! Konfabulator
Apple Dashboard
Microsoft Gadgets
Klipfolio
Plasma
Screenlets
Yahoo! Blueprint
BluePulse
Mywidz
Plusmo
Webwag
Widsets
WidX
Zumobi
Java
MobileAccess Netfront
Blueprint
Google Gears
Opera
Qualcomm Plaza
Symbian
WidX
AJAX
WebiGoogle
NetVibes
Pageflakes
My Yahoo!
Windows Live
Some examples:
c.15 others
© OMTP All rights reserved Slide 7
Making widgets useful
– device APIs• Connects the web world with the real world
• Enables richer and more useful applications
• Much easier to develop on than proprietary platforms
• Mostly mobile but not the future is not limited to that:
Televisions & Set-top boxes
Vehicles
White Goods Other Consumer Electronics
Security &
Privacy?
Streaming Media
Temperature sensors
Timers
Location
Messaging
Gallery
Weight
Speed
Diagnostics
Fares / charging
Gallery
© OMTP All rights reserved Slide 8
What are the Dangers?
http://i393.photobucket.com/albums/pp12/mario12_023/surfer1.jpg
• We are enabling cross-platform, cross-device, easy to develop, highly
functional applications:
• Will this meet all the criteria for really successful malware on
mobile?
• Are we opening Pandora’s box?
© OMTP All rights reserved Slide 9
Example 1 – Premium Rate Abuse
• A widget that seems benign but is actually spewing out SMSs to
premium rate numbers without the user’s knowledge
• Could be modified from an original safe widget.
http://www.dailydigest.voolstra.de/wp-content/uploads/2008/03/shark-vs-surfer.jpg
• Examples seen in the past, this
model could be used for ‘diallers’
too.
• Recent warnings on this:
© OMTP All rights reserved Slide 10
Example 2 – Privacy Breach
• Location, contacts, gallery…
• Silently uploads data to a site from
a game?
• Clear goal for attackers already:
• Numerous high-profile examples in the
past
• Paris Hilton, Miley Cyrus, Lindsay Lohan
• Schoolkids getting a teacher’s private
pictures / videos
• News of the World, voicemail hacking
http://img.photobucket.com/albums/v251/joserouse/Surfing/Yikes.jpg
© OMTP All rights reserved Slide 11
Example 3 – Integrity Breach
• A widget that replaces the
voicemail number with a
premium rate number instead?
• Planting evidence – photos,
files etc?
• Pure theft of data for various
reasons
http://images.paraorkut.com/img/funnypics/images/s/surfers_with_shark-12742.png
© OMTP All rights reserved Slide 12
Example 4 – Phishing
• Widgets contain web content –
easy to duplicate and
masquerade as something
legitimate… perhaps a bank?
http://www.f-secure.com/weblog/archives/00001852.html
© OMTP All rights reserved Slide 13
Making it safe to surf
• On the face of it, widgets look potentially very dangerous
• We need to protect the user
“If I say it’s safe to surf this beach,
then it’s safe to surf this beach!”
© OMTP All rights reserved Slide 14
Signing
• Digital Signing has worked quite well for native
applications on mobile so far
• Some hiccups
• Signing schemes and App Stores have to be very careful what they
sign and allow
• Not a Panacea, but part of a holistic security solution:
• Provides Integrity and Identity
• Not a guarantee of authenticity
• Process needs to be simple for developers
• W3C Widget Digital Signatures spec.
• Combined with effective revocation or ‘kill-switches’ this
can work well
© OMTP All rights reserved Slide 15
Policy
• Governs and regulates access to physical features
• Remotely configurable and managed
• Can be updated – intelligent and adaptable
• Most devices have a binary go / no-go solution at present
• Protects the user – potentially from themselves
• Prompting doesn’t work
• Users make bad decisions
• People don’t read things
• Automatic behaviour
• Give them the chance to click ‘yes’ and they will
• But: technology can’t always take a decision – user still
has to bear responsibility for their own actions
© OMTP All rights reserved Slide 16
Policy Example
• BONDI provides a policy framework based on OASIS XACML
• 3rd parties can provide policy for users
• Operators, anti-virus vendors, consumer groups, charities etc.?
• Human-readable, easy to create:
• Automated tools for policy creation
<?xml version="1.0" encoding="us-ascii" ?>
- <policy-set combine="deny-overrides" id="9a956cf4-2be8-4c2b-b9a6-7343e48efff6">
- <policy combine="first-applicable" id="3a701221-12cb-4ebe-981d-ee5a5dab76c7" description="permit sms if number in current
country">
- <rule effect="permit">
- <condition>
- <resource-match attr="param:number">
<environment-attr attr="country-code" />
*
</resource-match>
<resource-match attr="device-cap">messaging.sms.send</resource-match>
</condition>
</rule>
- <rule effect="deny">
- <condition>
<resource-match attr="device-cap">messaging.sms.send</resource-match>
</condition>
</rule>
</policy>
</policy-set>
© OMTP All rights reserved Slide 17
Browser Web runtime
Secure Access
Web engine
Widget
Package
Architecture
Sys
tem
Eve
nts
Co
mm
sH
isto
ry
Ap
pli
ca
tio
n In
vok
e
Me
ssa
gin
g
Ga
lle
ry
Pe
rsis
ten
ce
Ph
on
e S
tatu
s
PIM
Lo
ca
tio
n
Us
er
Inte
racti
on
Ap
pli
ca
tio
n S
ett
ing
s Dynamic
API
New API
Policy
Management
JavaScript ExtensionJavaScript
ErrorsEvents
Ca
me
ra
API
Management
Policy
Web
Package
Operating Systems RTOSs
© OMTP All rights reserved Slide 18
Summary
Widgets are coming, be prepared!
• Don’t: be afraid – the risks can be managed
• Don’t: allow unrestricted access to device functions and APIs
• Do: ensure your app stores are properly inspecting submitted widgets
for malicious code
• Do: use digital signatures
• Do: use policy and encourage partners to work on this
• Do: share information on incidents with other industry members
© OMTP All rights reserved Slide 19
Thanks!
Questions?
© OMTP All rights reserved Slide 20
Appendix – Additional
Information
© OMTP All rights reserved Slide 21
BONDI Group -
http://www.linkedin.com/groups?gid=1784510
follow us at “OMTP_BONDI”
http://bondi.omtp.org
http://www.omtp.org
BONDI Group –http://www.facebook.com/home.php#/group.php?gid=59780786136
More information
http://blog.omtpbondi.orgblog
http://bondidev.omtp.orgdev
© OMTP All rights reserved Slide 22
BONDI 1.1 DeliveriesFinal release Jan 2010
• Primary enhancement is the addition of
notification API that can respond to device events System Event APIs
• New Windows Mobile implementation
implementing the updated features
Updated Reference
Implementation
• Online Quality Assurance tools for the BONDI
Compliance Test Suite.
Compliance
Reporting
• Eclipse plug-in, and integrated help to aid
developers Developer tools
• Online signing tools to help widget packaging Security tools
© OMTP All rights reserved Slide 23
BONDI 1.5 DeliveriesCandidate release planned Mar 2010
•Calls to initiate and handle telephony eventsTelephony API
• Interacting with core Bluetooth features Bluetooth API
• Developer APIs for accelerometer integrationSensors API
• Enhance existing APIs to allow BONDI to
interact with built in applicationsApp launcher API
• A set of requirements to define how and when a
Widget runtime can be updated
Widget Runtime Update
requirements
•Provide the ability for SCWS services to access BONDI APIsSmart Card Web Server
• APIs to interact with DLNA enabled devices DLNADigital Living Network Alliance
• APIs to access SIM capabilities APDU access API
© OMTP All rights reserved Slide 24
BONDI 2.0 Deliveries
Candidate release planned Sept 2010
•APIs to grant access to security assets and functionsCrypto APIs
•Efficient mechanisms of server based notificationServer Push API
•Protocols and conventions to allow widgets to talk to one
another
Widget
intercommunication
•Negotiation and delivery mechanisms for new APIsAPI Extensibility
•Describing the characteristics of a connection for use in
APIs and policy
Connection Profile
Definition
•An API for using SIM identity in applicationsSubscriber Identity API
•Requirements and APIs to make widgets fit for mission
critical applications
Widget security
enhancements
•A discovery and provisioning protocol for security policies Policy Management
Protocol
© OMTP All rights reserved Slide 25
W3C SpecificationsWidgets
http://www.w3.org/2008/webapps/wiki/WidgetSpecs
• Widgets 1.0: Packaging & Configuration (P&C)
• Widgets 1.0: Digital Signatures
• Widgets 1.0: Widget Interface
• Widgets 1.0: Widget Access Requests Policy (WARP)
• Widgets 1.0: Widget URIs
• Widgets 1.0: Widget Updates
• Widgets 1.0: View Modes Media Feature
Device APIs and Policy (DAP)
http://www.w3.org/2009/dap/
• Security Policy Framework
• APIs:
• PIM (Contacts, Calendar, Tasks)
• Camera
• Gallery
• Messaging
• System Information and Events
• FileSystem
• Application Launcher
• Application Configuration
• Communications Log
• User Interaction
Others
http://www.w3.org/2008/webapps/wiki/Main_Page
• Web Sockets API
• Web Workers
• Web Storage
• File API
HTML5
http://dev.w3.org/html5/spec/Overview.html
Geolocation
http://www.w3.org/2008/geolocation