mobile privacy tor on the iphone and other unusual devices
play

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco - PowerPoint PPT Presentation

May 02, 2023 •399 likes •943 views

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user & researcher @ SLP-IT

  1. Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l.

  2. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user & researcher @ SLP-IT http://sid77.slackware.it/ http://twitter.com/_sid77/ http://sid77.soup.io/

  3. Outline Mobile Phones (In)Security Tor On Mobile Phones And Other Strange Devices Tor On The Chumby One Tor On Maemo And The Nokia N900 Orbot: Tor On Android Mobile Tor: Tor for iDevices

  4. Mobile Phones (In)Security

  5. Mobile Phones Growth Computational power High speed data networks “Real” operating system

  6. Phones Are Personal Raise hand who does not own a mobile phone We take them everywhere we go Never leave the house without it ;-)

  7. Phones Are Critical Call logs Documents Address book Calendar events E-mail Calendar tasks SMS Browser history GPS data Browser cache

  8. Too Much Trust Users trust their phone Phones trust the operator Operators trust themselves Users trust operators as well

  9. Too Much Trust

  10. Too Much Heterogeneity Closed communication protocols Heterogeneous networks Fragmented hardware landscape Many different operating systems

  11. Architectural Issues Made for chatting and texting Keyboards adopted to the model Difficult passwords are... difficult!

  12. Architectural Issues Phones are mobile devices Screen size is limited Checking important stuff is nearly impossible!

  13. Who Own The Device? Manufacturer / vendor “Apple iPhone banned for ministers” (CBS, 2010) “Exercising Our Remote Application Removal Feature” (android-developers, 2010) Carrier operator “BlackBerry update bursting with spyware” (The register, 2009) Application developer “iPhone Privacy” (BlackHat DC, 2010) End user We're here!

  14. Data (In)Security Data is stored in cleartext Blackberry and Nokia allows some sort of encryption Data access is an “all or nothing” approach Need permissions fine tuning

  15. Communication (In)Security GSM has been broken UMTS is not feeling very well SMS has been abused MMS remote exploit for Windows Mobile, iPhone and many more

  16. Communication (In)Security Bluetooth is dangerous WiFi offers a plethora of attacks NFC has already been worm-ed Operator injected HTTP headers SSL/WTSL heavy on lower end phones

  17. To recap Mobile phones are everywhere Mobile phones are primary designed for making calls and sending text messages Stored data can not be easily protected Communications need to be secured

  18. Tor On Mobile Phones And Other Strange Devices

  19. Tor Crash Course

  20. Tor On Unusual Devices December 2007: iPhone December 2009: Chumby One February 2010: iPhone, again February 2010: Nokia N900 March 2010: Android

  21. Problems to address Available hardware Hosting operating system and code rewrite Installation process Graphical user interface

  22. Tor On The Chumby One

  23. Chumby One Hackable Linux device ARM CPU 64MB of RAM Made by bunnie of bunnie:studios and Jacob Appelbaum

  24. Install: the hard way Install Chumby cross-toolchain Checkout sources make Unzip build on usb key Reboot Chumby with usb key inserted

  25. Install: the easy way Unzip build on usb key Reboot Chumby with usb key inserted

  26. Running Tor Swap file needed Configured as a bridge Listening on TCP 443 Low consumption of resources No upgrade mechanism Unofficial support for 3G dongles

  27. Achievements Running Tor on limited resources Easy install method

  28. Tor On Maemo And The Nokia N900

  29. Nokia N900 Powerful ARM CPU Tor in Maemo community 256MB RAM

  30. Install Enable extras-devel Reported as dangerous! Look for Tor in the package manager Done!

  31. Running Tor Just toggle it!

  32. Achievements Easy install Easy upgrade First graphical controller application

  33. Orbot: Tor On Android

  34. Android Linux based operating system Many different devices Orbot built by The Guardian Project

  35. Install Scan the QR code! Not yet in the Android Market

  36. Running Tor Just toggle it! Easily configurable Runs as transparent proxy for rooted devices

  37. Achievements Easy installation Highly configurable Transparent proxy

  38. Mobile Tor: Tor for iDevices

  39. iDevices Hackable Darwin (iOS) devices Powerful ARM CPU From 128MB to 512MB of RAM

  40. Tor On Unusual Devices December 2007: iPhone December 2009: Chumby One February 2010: iPhone, again February 2010: Nokia N900 March 2010: Android

  41. The Original Port Made by cjacker huang Built for iOS 1.1.1 Tor sources patched to overcome firmware limitations Shipped with a copy of Privoxy Shipped with iTor.app controller

  42. The Original Port cjacker huang disappeared iTor.app disappeared with its author Tor patches were still available in the main Tor source tree

  43. Bringing Back Tor On The iPhone Open source toolchain SDK target: iOS 3.1.2 Cross-compiling from Slackware 13.1

  44. Bringing Back Tor On The iPhone Built following Jay Freeman's conventions for Cydia packages Sources are an overlay for Telesphoreo Tangelo http://sid77.slackware.it/iphone/

  45. The New Port Made by me :-P Built for iOS 3.1.2+ Old patches no longer needed Shipped with a copy of Polipo Shipped with an SBSettings plugin

  46. Running Tor Add my repository Install Tor Toggle Just toggle it!

  47. Running Tor Client Relay Hidden Services Both via wireless and cellular data network iOS should do transparent proxy

  48. iOS Limitations No support for SOCKS proxies Run Polipo! No HTTP proxies for cellular data networks VPN trick! No Tor-secure browser

  49. Tor Limitations Cryptographically intense Heavy on battery drain Cellular data networks aren't very Tor friendly Rapidly changing IP addresses Spot coverage

  50. Development Still too much fiddling with CLI Need for a graphical controller, Vidalia style Need for a secure browser

  51. Some Crazy Ideas Arm is working... somehow OnionCat looks promising Some work on ttdnsd Anything else?

  52. Questions?

  53. Released under Creative Commons Attribution Share-Alike 3.0 Unported http://creativecommons.org/licenses/by-sa/3.0/ - http://sid77.slackware.it/ http://twitter.com/_sid77/ http://sid77.soup.io/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady

SoK: Privacy on Mobile Devices Its Complicated Chad Spensky , Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham Privacy Enhancing Technologies Symposium 2016 Is Privacy Possible

542 views • 15 slides
Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

971 views • 52 slides
Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile

Usability and Small Screens SWEN-444 iPhone Android Windows Phone 8 The phrase mobile usability is pretty much an oxymoron. It's neither easy nor pleasant to use the Web on mobile devices. designing for mobile is hard

337 views • 14 slides
Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone 6 (500/500/500 per month) 2 mobile hotspots (900MB each per month) Total cost per month?? ~$18.25 per month iPhone SE (~$2.00 per

322 views • 18 slides
NWRDC Skyward Mobile Presentation Apple Products iPhone and iPad HTC Droid Phone and the Kindle

NWRDC Skyward Mobile Presentation Apple Products iPhone and iPad HTC Droid Phone and the Kindle

NWRDC Skyward Mobile Presentation Apple Products iPhone and iPad HTC Droid Phone and the Kindle Fire (uses Droid technology) Users can use the browser on any of these and like devices with the following URL http://mobile. DISTRICTNAME

581 views • 5 slides
Face detection on the iPhone The current generation of Alasdair Allan, Babilim Light Industries

Face detection on the iPhone The current generation of Alasdair Allan, Babilim Light Industries

Face detection on the iPhone The current generation of Alasdair Allan, Babilim Light Industries high-end mobile devices, such as the iPhone or iPod touch, are quite capable of performing fairly advanced feats of computer vision in real-time.

852 views • 43 slides
PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as Lab study with 20 participants and a Mturk survey with 366 part of the app decision- participants making

473 views • 16 slides
Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW C42 Tuesday, 29th May 2001 Roger Zimmermann Overview Overview Introduction Why Technologies Absolute Positioning Relative

314 views • 30 slides
Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece

Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece

Mobility, Data Mining, and Privacy Yannis Theodoridis InfoLab, University of Piraeus, Greece infolab.cs.unipi.gr Mobile devices and services Large diffusion of mobile devices, mobile services and location-based services 2 Wireless networks

664 views • 39 slides
iPhone Privacy Nicolas Seriot Black Hat DC 2010 Arlington, Virginia, USA http://seriot.ch

iPhone Privacy Nicolas Seriot Black Hat DC 2010 Arlington, Virginia, USA http://seriot.ch

iPhone Privacy Nicolas Seriot Black Hat DC 2010 Arlington, Virginia, USA http://seriot.ch Twitter @nst021 Who am I? Nicolas Seriot , Switzerland HES Software Engineer Cocoa developer and iPhone programming trainer at Sen:te

978 views • 67 slides
Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische Universitt Wien martina@iseclab.org https://martina.lindorfer.in @lindorferin About Me Assistant Professor at TU Wien (Security &

319 views • 17 slides
Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The

Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The

Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The iOS Family Media Computing 13 iPhone Application Programming Group Mobile Device Characteristics Screen size is compact Memory is limited

546 views • 35 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International Data Tracking 2 http://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found Two Main Attack

986 views • 63 slides
Mobile Mail @aol.com From the Motorola StarTAC to the Apple iPhone 1-800-AOL-1234 Challenges

Mobile Mail @aol.com From the Motorola StarTAC to the Apple iPhone 1-800-AOL-1234 Challenges

Mobile Mail @aol.com From the Motorola StarTAC to the Apple iPhone 1-800-AOL-1234 Challenges Voice Recognition Accuracy Scalability Large Mailbox Management Thank You More Information: http://en.wikipedia.org/wiki/Rickrolled

454 views • 6 slides
Puppet for Developers - Intermediate SOE That other talk Setup an SOE based on:

Puppet for Developers - Intermediate SOE That other talk Setup an SOE based on:

Puppet for Developers - Intermediate SOE That other talk Setup an SOE based on: Repo Server with Kickstart; and Puppetmaster; Write some modules for every day things: files, users, some templates, etc; very simple

1.26k views • 105 slides
Surviving your phone: protecting mobile communications with Tor Marco Bonetti - CutAway s.r.l.

Surviving your phone: protecting mobile communications with Tor Marco Bonetti - CutAway s.r.l.

Surviving your phone: protecting mobile communications with Tor Marco Bonetti - CutAway s.r.l. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user &

608 views • 57 slides
Insert your photo here! Michelle McCaleb B.A. Child Developm ent 25 plus years in Education

Insert your photo here! Michelle McCaleb B.A. Child Developm ent 25 plus years in Education

Insert your photo here! Michelle McCaleb B.A. Child Developm ent 25 plus years in Education Some of Some of my nieces my nieces and and nephews nephews Kitten: Annie Pups: Athena, J oker, Buddy and Spot. Purple Purple Mexican

509 views • 13 slides
Exploring Majorana landscape J.J. Gmez-Cadenas Instituto de Fsica Corpuscular (CSIC &

Exploring Majorana landscape J.J. Gmez-Cadenas Instituto de Fsica Corpuscular (CSIC &

Exploring Majorana landscape J.J. Gmez-Cadenas Instituto de Fsica Corpuscular (CSIC & UVEG) Florence, July, 2012 mircoles 11 de julio de 12 Double beta decay 10 Atomic Mass Difference (MeV) 136 I 8 136 Pr - 6 + /EC

1.07k views • 37 slides
SI425 : NLP Set 8 Words as Vectors (distributional similarity) Fall 2020 : Chambers some

SI425 : NLP Set 8 Words as Vectors (distributional similarity) Fall 2020 : Chambers some

SI425 : NLP Set 8 Words as Vectors (distributional similarity) Fall 2020 : Chambers some slides adapted from Dan Jurafsky and Bill MacCartney Why are these so different? P( ball | threw, the) = 0.12 P( baseball | threw, the) = 0.01 P( ran |

1.22k views • 20 slides
Disclosures Leadership in the Safety Net: Lessons from the field We have nothing to disclose!

Disclosures Leadership in the Safety Net: Lessons from the field We have nothing to disclose!

3/12/2016 Disclosures Leadership in the Safety Net: Lessons from the field We have nothing to disclose! Jeff Critchfield, MD Chief Medical Experience Officer Medical Director Risk Management, Zuckerberg San Francisco General Professor, UCSF

299 views • 8 slides
Re Responding to changes in child au audien iences es for screen een conten ent t in in

Re Responding to changes in child au audien iences es for screen een conten ent t in in

Re Responding to changes in child au audien iences es for screen een conten ent t in in Europe Naomi Sakr Communication and Media Research Institute University of Westminster, UK www.euroarabchildrensmedia.org Twitter: @EuroArabCM

474 views • 12 slides
HTML5: BUILDING THE NEXT GENERATION OF WEB APP Features Performance Tools Compatibility

HTML5: BUILDING THE NEXT GENERATION OF WEB APP Features Performance Tools Compatibility

HTML5: BUILDING THE NEXT GENERATION OF WEB APP Features Performance Tools Compatibility Eric Bidelman, Google COSCUP / GNOME.Asia - Taipei, Taiwan August 14, 2010 Saturday, August 14, 2010 1 AGENDA Quick Performance Wins New

497 views • 46 slides

More recommend