security in mobile devices
play

Security in Mobile Devices Hacking Mobiles for Fun and Profit - PowerPoint PPT Presentation

Oct 11, 2023 •176 likes •974 views

Intro Hardware Security Platform Security Hacking Q&A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at Hamburg & Dublin City University 2010-12-16 1 / 54 Intro Hardware Security

  1. Intro Hardware Security Platform Security Hacking Q&A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit¨ at Hamburg & Dublin City University 2010-12-16 1 / 54

  2. Intro Hardware Security Platform Security Hacking Q&A 1 Hardware Security 2 Platform Security 3 Hacking 4 Q&A 2 / 54

  3. Intro Hardware Security About me Platform Security Motivation Hacking Q&A About me Contact Jabber muelli@jabber.ccc.de ACF0 F5EC E9DC 1BDC F09D B992 4147 7261 7CB6 4CEF Mail muelli@cryptobitch.de CF3E D935 AE6B DE0A D508 AF86 3EE0 57FF AA20 8D9E Talk ∼ 40 mins Ask immediately Q&A afterwards 3 / 54

  4. Intro Hardware Security About me Platform Security Motivation Hacking Q&A Motivation Why the heck? Show underlying Technology Show Security Frameworks Show Exploits in the Wild Maybe get you started hacking Making you feel responsible No Policies Not showing anything very new No cr4ckz for ur appz Explore not exploit 4 / 54

  5. Intro Hardware Security About me Platform Security Motivation Hacking Q&A Why mobile? Interfaces WiFi Bluetooth Email Web Video (Podcasts?) GSM (Calls, Texts) 5 / 54

  6. Intro Hardware Security About me Platform Security Motivation Hacking Q&A Why mobile? (cont.) More than a PC Personal Data GPS Cellular Financial Gain/Loss Always on Infection Not Obvious pwn 1 pwn many (cloud syndrome) 6 / 54

  7. Intro Hardware Security About me Platform Security Motivation Hacking Q&A Why mobile? (cont.) However... few publicly known vulnerabilities just PoCs, nobody really exploiting... orly? 7 / 54

  8. In the news

  9. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A Outline 1 Hardware Security Complexity Buffer Overflow Function Calls Overwrite Ret Addr Shellcode Protection 2 Platform Security 3 Hacking 4 Q&A 9 / 54

  10. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A x86 vs. ARM What’s different then? Classic Vulnerabilites/Architecture revisited: Opcodes Buffer Overflows Endianness Format Strings 10 / 54

  11. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A Complexity ARM is much less complex Opcodes Usage: N900: Cortex A8, N800: ARM 9E ARM, MIPS, SPARC: 4 bytes, “NOP”: 4 bytes (ARM with THUMBS: 2 bytes) x86: omgwtf NOP: 1 byte 11 / 54

  12. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A Complexity (cont.) Remember f0 0f c7 c8 ? Admittedly, it’s old: 1997, but still interesting lock cmpxchg8b eax Using the LOCK prefix on this form of CMPXCHG8B is illegal in and of itself. LOCK prefixes are only allowed on memory-based read-modify-write instructions. Hence a LOCK prefix on the register-based CMPXCHG8B EAX instruction should also generate an invalid opcode exception. 12 / 54

  13. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . ← %esp mov %esp, %ebp return address %ebp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  14. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . mov %esp, %ebp return address ← %esp %ebp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  15. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . mov %esp, %ebp return address %ebp ← %esp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  16. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . label: . . . push %ebp . . . mov %esp, %ebp return address %ebp ← %ebp %esp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  17. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . label: . . . push %ebp . . . mov %esp, %ebp return address %ebp ← %ebp sub $0x08,%esp bytebuffer ← %esp do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  18. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . label: . . . push %ebp . . . mov %esp, %ebp return address %ebp ← %ebp sub $0x08,%esp bytebuffer ← %esp do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  19. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . label: . . . push %ebp . . . mov %esp, %ebp return address %ebp sub $0x08,%esp ← %ebp ← %esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  20. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . mov %esp, %ebp return address ← %esp %ebp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  21. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . ← %esp mov %esp, %ebp return address sub $0x08,%esp %ebp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret = pop %eip 13 / 54

  22. Intro Complexity Hardware Security Buffer Overflow Platform Security Shellcode Hacking Protection Q&A function calls call label next instruction the stack . . . ↓ 0xFF . . . ← %ebp label: . . . push %ebp . . . ← %esp mov %esp, %ebp return address %ebp sub $0x08,%esp bytebuffer do something interesting mov %ebp, %esp ↑ 0x00 pop %ebp ret 13 / 54

  23. Example: vulnerable.c #include < s t d i o . h > #include < s t r i n g . h > void v u l n e r a b l e ( char ∗ source ) { char d e s t i n a t i o n [ 8 0 ] ; s t r c p y ( d e s t i n a t i o n , source ) ; } void main ( int argc , char ∗∗ argv ) { v u l n e r a b l e ( argv [ 1 ] ) ; }

  24. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp movl %esp, %ebp subl $80, %esp leal -80(%ebp), %eax pushl 8(%ebp) # source pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

  25. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp return address movl %esp, %ebp subl $80, %esp leal -80(%ebp), %eax pushl 8(%ebp) # source pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

  26. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp return address movl %esp, %ebp %ebp subl $80, %esp leal -80(%ebp), %eax pushl 8(%ebp) # source pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

  27. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp return address movl %esp, %ebp %ebp subl $80, %esp leal -80(%ebp), %eax pushl 8(%ebp) # source pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

  28. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp return address movl %esp, %ebp %ebp subl $80, %esp buffer[76-79] leal -80(%ebp), %eax . . . pushl 8(%ebp) # source buffer[0-3] pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

  29. Overwrite Return Address “push *source” #1st arg the stack call vulnerableFunction next instruction ↓ 0xFF . . . . . . *source vulnerableFunction: pushl %ebp return address movl %esp, %ebp %ebp subl $80, %esp buffer[76-79] leal -80(%ebp), %eax . . . pushl 8(%ebp) # source buffer[0-3] pushl %eax call strcpy mov %ebp, %esp pop %ebp ↑ 0x00 . . . ret

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW C42 Tuesday, 29th May 2001 Roger Zimmermann Overview Overview Introduction Why Technologies Absolute Positioning Relative

314 views • 30 slides
MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT

MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT

SERVER FOR IOT DEVICES AND MOBILE DEVICES USING WIFI NETWORK JOAQUIN BERENGUER 30 MINUTES IMAGES OF IOT CONTENT Environment Architecture Server Functionality Security IoT Devices Mobile and Desktop Devices Events

904 views • 23 slides
Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

971 views • 52 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
What Tizen has been focusing on Profiles Devices OSP Mobile Common NFC Enlightment Security

What Tizen has been focusing on Profiles Devices OSP Mobile Common NFC Enlightment Security

Tizen Micro , small footprint Tizen for headless IoT devices Bingwei Liu ( ) Intel Open Source Technology Center ( ) What Tizen has been focusing on Profiles Devices OSP Mobile Common NFC Enlightment

250 views • 9 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives Identify mobile devices Identify mobile devices Learn how mobile devices obtain and transmit information transmit information Identify

863 views • 68 slides
devices Im going to be talking about how we hold and interact our mobile devices And how

devices Im going to be talking about how we hold and interact our mobile devices And how

Im going to be introducing you to ergonomics More specifically ergonomics in terms of designing touch interfaces for mobile devices Im going to be talking about how we hold and interact our mobile devices And how you can use

1.12k views • 62 slides
Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference

Tutorial: Development of Interactive Applications for Mobile Devices 7th International Conference on Human Computer Interaction with Mobile Devices and Services (Mobile HCI 2005) Enrico Rukzio (Media Informatics Group, University of Munich )

641 views • 24 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON MOBILE DEVICES Key Questions 1. How are Web

Anil Dhawan, Program Manager Rich Internet Applications Windows Mobile [anild@microsoft.com] Geir Olsen, Program Manager Security for Windows Mobile [geiro@microsoft.com] Microsoft Corp SECURITY CHALLENGES FOR INTERNET TECHNOLOGIES ON

454 views • 6 slides
Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or

Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or

Characteristics of Mobile Web Content Felix Nwaobasi Text Block #3 Contact, Department, or Other Information Background 2 Worcester Polytechnic Institute Mobile vs. Non-Mobile Devices Non-mobile devices Mobile devices Great

333 views • 20 slides
Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P . Madhusudan University of Illinois at Urbana-Champaign Mobiles devices are powerful Security of mobile devices is important High value

912 views • 89 slides
Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc.

Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc.

Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc. 2016/10/20 Mobile Security Mobile Security is an important issue More data could be more danger with mobile devices

242 views • 23 slides
What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017

What, exactly, is different or new about MOBILE mobile security? SECURITY TECHNOLOGIES 2017 Dan S. Wallach , Rice University tl;dr The computers inside the computer Every chip has one or more CPUs inside; they have exploitable bugs

1.23k views • 87 slides
A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support

A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support

A Support Engineer Walkthrough on pt-stalk Marcos Albe Marcelo Altmann Principal Support Engineer - Percona Senior Support Engineer - Percona Thank You Sponsors! 2 April 23-25, 2018 SAVE THE DATE! Santa Clara Convention Center CALL FOR

870 views • 30 slides
CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve

CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve

CALL OF DUTY: DEV OPS STEPHEN BURTON, TECH EV ANGELIST , APPDYNAMICS my company Im Steve Burton my passion tech ev angelist @burtonsa ys THE GAME toda y GAME SELECT DEVELOPER DEVELOPER A OPERATIONS DEVOPS NOOPS Dev MISSION

811 views • 53 slides
Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University

Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University

Tensor-Matrix Products with a Compressed Sparse Tensor Shaden Smith George Karypis University of Minnesota Department of Computer Science &amp; Engineering shaden@cs.umn.edu Tensor-Matrix Products with a Compressed Sparse Tensor 1 / 47

1.09k views • 47 slides
The Way of Optimizing and Troubleshooting Our Lua Waf agentzh@gmail.com Yichun Zhang

The Way of Optimizing and Troubleshooting Our Lua Waf agentzh@gmail.com Yichun Zhang

pdf |&lt;&lt; &lt; &gt; &gt;&gt;| 1 / 25 The Way of Optimizing and Troubleshooting Our Lua Waf agentzh@gmail.com Yichun Zhang (agentzh) 2013.04.19 Dane now loves to open a conversation with me via a Flame Graph. One day, Dane

1.06k views • 26 slides
E/R Diagrams Converting E/R Diagrams to Relations DB design is a serious and

E/R Diagrams Converting E/R Diagrams to Relations DB design is a serious and

E/R Diagrams Converting E/R Diagrams to Relations DB design is a serious and possibly complex business. A client may know they want a database, but they don t know what they want in it or how it should look. E/R

977 views • 75 slides
draft-ietf-dnsop-nsec-aggressiveuse and draft-wkumari-dnsop-cheese-shop 1 IETF96 - Berlin, .de

draft-ietf-dnsop-nsec-aggressiveuse and draft-wkumari-dnsop-cheese-shop 1 IETF96 - Berlin, .de

draft-ietf-dnsop-nsec-aggressiveuse and draft-wkumari-dnsop-cheese-shop 1 IETF96 - Berlin, .de - 07/2016 V0.02 I know one thing: that I know nothing -- Plato, quoting Socrates* 2 *: Not really.... 50000ft example / reminder

271 views • 11 slides
Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret

Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret

MACHINE LEARNING TOOLBOX Welcome to the Machine Learning Toolbox! Machine Learning Toolbox Supervised learning caret R package Automates supervised learning (a.k.a. predictive modeling ) Target variable Machine Learning Toolbox

634 views • 16 slides
CS6220: DATA MINING TECHNIQUES Chapter 2: Getting to Know Your Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Chapter 2: Getting to Know Your Data Instructor: Yizhou Sun

CS6220: DATA MINING TECHNIQUES Chapter 2: Getting to Know Your Data Instructor: Yizhou Sun yzsun@ccs.neu.edu January 8, 2013 Chapter 2: Getting to Know Your Data Data Objects and Attribute Types Basic Statistical Descriptions of Data

880 views • 52 slides

More recommend