(PDF) Yury Chemerkin Confidence 2013

16
VULNERABILITY ELIMINATION BY FORCE OF NEW MOBILE OS SECURITY RESEARCHER / PhD. YURY CHEMERKIN CONFidence‘2013

Transcript of (PDF) Yury Chemerkin Confidence 2013

Page 1: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 1/23

VULNERABILITY ELIMINATION BY FO

NEW MO

SECURITY

RES

YU

Page 2: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 2/23

Experienced in :

Reverse Engineering & AV

Software Programming & Documentation

Mobile Security and MDM

Cyber Security & Cloud Security

Compliance & Transparency and Security Writing

Hakin9 Magazine, PenTest Magazine, eForensics Magazine,

Groteck Business Media

Participation at conferences

InfoSecurityRussia, NullCon, AthCon, PHDays

CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec

ICITST, CyberTimes, ITA, I-Society

[ Yury Chemerkin ]

www.linkedin.com/in/yurychemerkin

http://sto

-

strategy.com  yury.chemerk

http://www.linkedin.com/in/yurychemerkin
http://sto-strategy.com/
http://sto-strategy.com/
http://sto-strategy.com/
mailto:[email protected]
http://sto-strategy.com/
mailto:[email protected]
http://www.linkedin.com/in/yurychemerkin
http://eforensicsmag.com/
http://pentestmag.com/
http://hakin9.org/
mailto:[email protected]
http://sto-strategy.com/
http://www.linkedin.com/in/yurychemerkin
Page 3: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 3/23

BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND AN

UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE

DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMOR

ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE

PROTECTION OF APPLICATION DATA USING SANDBOXING

MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES

BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND

BLACKBERRY SECURITY ENVIRONME

BLACKBERRY EVALUATES EVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A

Page 4: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 4/23

Page 5: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 5/23

Page 6: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 6/23

CAMERA AND VIDEO

HIDE THE DEFAULT CAMERA APPLICATION

PASSWORD

DEFINE PASSWORD PROPERTIES

REQUIRE LETTERS (incl. case)

REQUIRE NUMBERS

REQUIRE SPECIAL CHARACTERS

DELETE DATA AND APPLICATIONS FROM THEDEVICE AFTER

INCORRECT PASSWORD ATTEMPTS

DEVICE PASSWORD

ENABLE AUTO-LOCK

LIMIT PASSWORD AGE

LIMIT PASSWORD HISTORY

RESTRICT PASSWORD LENG

MINIMUM LENGTH FOR TPASSWORD THAT IS ALLOW

ENCRYPTION

APPLY ENCRYPTION RULES

ENCRYPT INTERNAL DEVIC

TOUCHDOWN SUPPORT

MICROSOFT EXCHANGE SY

EMAIL PROFILES

ACTIVESYNC

BLACKBERRY CAPABILITES - ANDRO

CONTROLLEDFOUR GROUPS ONLYbyBlackBerry CONTROLLED74 OUT200 APIsONLY

Page 7: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 7/23

Page 8: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 8/23

BROWSER

DEFAULT APP,

AUTOFILL, COOKIES, JAVASCRIPT, POPUPS

CAMERA, VIDEO, VIDEO CONF

OUTPUT, SCREEN CAPTURE, DEFAULT APP

CERTIFICATES (UNTRUSTED CERTs)

CLOUD SERVICES

BACKUP / DOCUMENT / PICTURE / SHARING

CONNECTIVITY

NETWORK, WIRELESS, ROAMING

DATA, VOICE WHEN ROAMING

CONTENT

CONTENT (incl. EXPLICIT)

RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS

DIAGNOSTICS AND USAGE (SUBMISSION LOGS)

MESSAGING (DEFAULT APP)

BACKUP / DOCUMENT PICTURE / SHA

ONLINE STORE

ONLINE STORES , PURCHASES, PASSW

DEFAULT STORE / BOOK / MUSIC APP

MESSAGING (DEFAULT APP)

PASSWORD (THE SAME WITH ANDROID, NEW BLA

PHONE AND MESSAGING (VOICE DIALING)

PROFILE & CERTs (INTERACTIVE INSTALLATION)

SOCIAL (DEFAULT APP)

SOCIAL APPS / GAMING / ADDING FRI

DEFAULT SOCIAL-GAMING / SOCIAL-V

STORAGE AND BACKUP

DEVICE BACKUP AND ENCRYPTION

VOICE ASSISTANT (DEFAULT APP)

BLACKBERRY CAPABILITES - iOS

CONTROLLED16 GROUPSONLY by BlackBerry that‘s QUITE SIMLIAR to APPLE MDM

Page 9: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 9/23

Page 10: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 10/23

GENERAL

MOBILE HOTSPOT AND TETHERING

PLANS APP, APPWORLD

PASSWORD (THE SAME WITH ANDROID, iOS)

BES MANAGEMENT (SMARTPHONES, TABLETS)

SOFTWARE

OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER

TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE

BBM VIDEO ACCESS TO WORK NETWORK

VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK

SECURITY

WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE

VOICE CONTROL & DICTATION IN WORK & USER APPS

BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE

PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)

PERSONAL SPACE DATA ENCRYPTION

NETWORK ACCESS CONTROL FOR WO

PERSONAL APPS ACCESS TO WORK CO

SHARE WORK DATA DURING BBM VID

WORK DOMAINS, WORK NETWORK U

EMAIL PROFILES

CERTIFICATES & CIPHERS & S/MIME

HASH & ENCRYPTION ALGS AND KEY P

TASK/MEMO/CALENDAR/CONTACT/D

WI-FI PROFILES

ACCESS POINT, DEFAULT GATEWAY, D

PROXY PASSWORD/PORT/SERVER/SU

VPN PROFILES

PROXY, SCEP, AUTH PROFILE PARAMS

TOKENS, IKE, IPSEC OTHER PARAMS

PROXY PORTS, USERNAME, OTHER PA

BLACKBERRY CAPABILITES–BLACKBERR

CONTROLLED7 GROUPSONLY by BlackBerry that‘s NOT ENOUGH TO MANAGE A

Page 11: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 11/23

Page 12: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 12/23

THERE 55 GROUPS CONTROLLED IN ALL

EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO

EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED &

EACH EVENT IS

CONTROLLED BY CERTAIN PERMISSION

ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE

DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS

EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF

‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LE

BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY

SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)

SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDD

THAT PLUGIN

BLACKBERRY CAPABILITES–BLACKBERR

INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MD

Page 13: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 13/23

BlackBerry Old iOS BlackBerry QNX

Quantity of Groups   55 16 7

Average perm per group   20 5 7

Efficiency   80,00 38,46 31,82

Totall permissions   1100 80 49

55

16

7  20

5   7

80,00

38,4631,82  

1100

80

49

0

10

20

30

40

50

60

70

80

90

100

BlackBerry MDM

Quantity of Groups Average perm per group Efficiency Totall permiss

Page 14: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 14/23

OLD BB: MERGING PERMISSIONS INTO GROUPS

‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)

‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATES

QNX-BB: SCREEN CAPTURE

IS ALLOWED VIA HARDWARE BUTTONS ONLY

NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES

LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGG

OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED

ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION

QNX-BB: OFFICIALLY ANNOUNCED SANDBOX

MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECU

SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDE

ISSUES : USELESS SOLUTIONS - I

USERFULL IDEAS AT FIRST GLANCE BUT INSTEAD MAKE NO SENSE

Page 15: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 15/23

OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME

HAS ENCRYPTED COMMUNICATION SESSIONS

STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)

INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)

UPGRADE FEATURE AFFECT EVERYTHING

UPDATE APP THAT CALLS THIS API – USE GENERAL API

REMOVE APP THAT CALLS THIS APPS – USE GENERAL API

REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION

HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE

OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)

REVEAL THE DATA IN REAL TIME BY ONE API CALL

NATIVE WALLETS PROTECTS BY RETURNING NJULL

WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS

EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD

ISSUES : USELESS SOLUTIONS - II

USERFULL IDEAS AT FIRST GLANCE BUT INSTEAD MAKE NO SENSE

Page 16: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 16/23

Page 17: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 17/23

INITIALLY BASED ON AUTHORIZED API COVERED

ALL PHYSICAL & NAVIGATION BUTTONS

TYPING TEXTUAL DATA, AFFECT ALL APPs

SECONDARY BASED ON ADDING THE MENU ITEMS

INTO THE GLOBAL / “SEND VIA” MENU

AFFECT ALL NATIVE APPLICATIONS

NATIVE APPs ARE DEVELOPED BY BLACKBERRY

WALLETS, SOCIAL, SETTINGS, IMs,…

GUI EXPLOITATION

REDRAWING THE SCREENS

GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD

FIELD)

ADDING, REMOVING THE FIELD DATA

ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED

ADDING GUI OBJECTS BUT NOT SHUFFLING

KASPERSKY MOBILE SECURITY PROVIDES

FIREWALL, WIPE, BLOCK, INFO FEA

NO PROTECTION FROM REMOVIN

SIMULATOR

EXAMING THE TRAFFIC, B

JUST SHOULD CHECK API

SMS MANAGEMENT VIA “QUITE” S

PASSWORD IS 4 –16 DIGITS,AND M

SMS IS A HALF A HASH VALUE OF

IMPLEMENTATION USES TEST CRY

TABLES (VALUEHASH) ARE EA

OUTCOMING SMS CAN BE SPOOFE

NOTIFICATION, BECAUSE KMS DEL

OUTCOMING SMS BLOCK/WIPE TH

ISSUES : USELESS SOLUTIONS– II

THE GUI EXPLOITATION (OLD BB)–NATIVE APPs 3RDPARTY SECURE SOLITUINS RUIN

Page 18: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 18/23

Page 19: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 19/23

Page 20: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 20/23

Page 21: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 21/23

DENIAL OF SERVICE

REPLACING/REMOVING EXEC FILES

DOS’ing EVENTs, NOISING FIELDS

GUI INTERCEPT

INFORMATION DISCLOSURE

CLIPBOARD, SCREEN CAPTURE

GUI INTERCEPT

DUMPING .COD FILES, SHARED FILES

MITM (INTERCEPTION / SPOOFING)

MESSAGES

GUI INTERCEPT, THIRD PARTY APPs

FAKE WINDOW/CLICKJACKING

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SUB-PE

A FEW NOTIFICATION/EVENT

BUILT PER APPLICATION INST

CONCRETE PERMISSIONS

BUT COMBINED INTO GENER

A SCREENSHOT PERMISSION

CAMERA

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SUB-P

A FEW NOTIFICATION/EVENT

BUILT PER APPLICATION INST

CONCLUSION - I

PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY APP

Page 22: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 22/23

SIMPLIFICATION AND REDUCING SECURITY CONTROLS

MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER

NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY

ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KER

A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS

THE SANDBOX PROTECT ONLY APPLICATION DATA

USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANC

MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY

THE NATIVE SPOOFING AND INTERCEPTION FEATURES

BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUC

THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES

PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PE

CONCLUSION - II

THEVENDOR SECURITYVISION HAS NOTHING WITH REALITY AGGRAVATED BY S

Page 23: (PDF) Yury Chemerkin Confidence 2013

8/13/2019 (PDF) Yury Chemerkin Confidence 2013

http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 23/23

Q & A

https://plus.google.com/108216608239392698703
mailto:[email protected]
https://twitter.com/sto_blog
https://twitter.com/yury.chemerkin
http://scribd.com/ychemerkin
https://www.facebook.com/yury.chemerkin
http://www.slideshare.net/YuryChemerkin/
http://www.linkedin.com/in/yurychemerkin
http://sto-strategy.com/
http://eforensicsmag.com/
http://pentestmag.com/
http://hakin9.org/

Yury Marychev

Yury Marychev

(Pdf) yury chemerkin _icitst_2012

(Pdf) yury chemerkin _icitst_2012

(Pdf) yury chemerkin def_con_2013

(Pdf) yury chemerkin def_con_2013

(PDF) Yury Chemerkin Balccon 2013

(PDF) Yury Chemerkin Balccon 2013

Laf2010 yury buluy

Laf2010 yury buluy

(Pdf) yury chemerkin hacktivity_2013

(Pdf) yury chemerkin hacktivity_2013

(Pdf) yury chemerkin intelligence_sec_2013

(Pdf) yury chemerkin intelligence_sec_2013

Borzakovskiy Yury

Borzakovskiy Yury

(PDF) Yury Chemerkin Deepintel 2013

(PDF) Yury Chemerkin Deepintel 2013

(PDF) Yury Chemerkin Athcon 2013

(PDF) Yury Chemerkin Athcon 2013

Yury Vetrov — Algorithm-Driven Design

Yury Vetrov — Algorithm-Driven Design

(PDF) Yury Chemerkin Icitst 2012

(PDF) Yury Chemerkin Icitst 2012

Yury Grigoryev - Feline ABC

Yury Grigoryev - Feline ABC

Yury Chemerkin Cyber Crime Forum 2012

Yury Chemerkin Cyber Crime Forum 2012

(PDF) Yury Chemerkin Hacktivity 2013

(PDF) Yury Chemerkin Hacktivity 2013

(PDF) Yury Chemerkin Hackfest.ca 2013

(PDF) Yury Chemerkin Hackfest.ca 2013

Yury Grabovsky and Lev Truskinovsky

Yury Grabovsky and Lev Truskinovsky

(Pdf) yury chemerkin _null_con_2013

(Pdf) yury chemerkin _null_con_2013

(Pdf) yury chemerkin _ita_2013 proceedings

(Pdf) yury chemerkin _ita_2013 proceedings

(Pptx) yury chemerkin hacker_halted_2013

(Pptx) yury chemerkin hacker_halted_2013