Hacking Web File Servers for iOS
description
Transcript of Hacking Web File Servers for iOS
Hacking Web File Servers for iOS
Bruno Gonçalves de Oliveira
Senior Security Consultant – Trustwave’s SpiderLabs
About Me
#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs
• MSc Candidate• Computer Engineer• Offensive Security• Talks:
Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.
Hosted by OWASP & the NYC Chapter
INTRO• Smartphones
– A LOT OF information– iPhone is VERY popular
• Mobile Applications– (MOST) Poorly designed
• Old fashion vulnerabilities
Hosted by OWASP & the NYC Chapter
What are those apps?
• Designed to provide a storage system to iOS devices.
• Data can be transferred utilizing bluetooth, iTunes and FTP.
• Easiest way: HTTP protocol.
• They are very popular.
Examples
Features
• Manage/Storage files
• Create Albums, etc.
• Share Data
VULNERABILITIES
• No encryption (SSL):
• No authentication (by default):
• (Reflected) XSS
• (Persistent) XSS
• (Persistent) XSS
http://www.vulnerability-lab.com/get_content.php?id=932
• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile
Disclaimer
• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
• Path Traversal
• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-
3921)
You probably want to test the app that you use.
• Path Traversal (DEMO)
• Easy File Manager
• Unauthorized Access to File System (CVE-2013-3960)
• Unauthorized Access to File System (CVE-2013-3960)
• Getting worst with a jailbroken device.
• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
• iOS 7 Security Improvement
How to find vulnerable systems
<= mDNS Watch for iOS
mDNS Queries
• Conclusions
• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too
much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.