we
play

WE? Curro Mrquez Simn Roses Femerling Director of Intelligence, - PowerPoint PPT Presentation

Oct 20, 2023 •268 likes •730 views

WE? Curro Mrquez Simn Roses Femerling Director of Intelligence, VULNEX Founder & CEO, VULNEX Blog: www.simonroses.com Twitter: @simonroses Former Microsoft, PwC, @Stake DARPA Cyber Fast Track award on

  2. WE? Curro Márquez Simón Roses Femerling Director of Intelligence, VULNEX Founder & CEO, VULNEX • • Blog: www.simonroses.com • Twitter: @simonroses • Former Microsoft, PwC, @Stake • DARPA Cyber Fast Track award • on software security project Black Hat, RSA, OWASP, • SOURCE, DeepSec, TECHNET

  3. TALK OBJECTIVES • Examination of Anti-Theft products • In a mobile world are we safe? • If stolen, what can they do?

  4. DISCLAIMER All Anti-Theft solutions are considered safe until proven guilty by a security review. Neither the authors or VULNEX support in any way the robbery and/or manipulation of electronic devices, nor shall be held liable or responsible for the information herein.

  5. AGENDA 1. Overview ¡ 2. Issues ¡& ¡Weaknesses ¡ 3. Vulnerabili7es ¡& ¡A9acks ¡ 4. Conclusions ¡

  7. 1. TERMINOLOGY NIGHTMARE: NO ESCAPE! BYOx Family • BYOD: B ring Y our O wn D evice – BYOT: B ring Y our O wn T echnology – BYOP: B ring Y our O wn P hone – BYOPC: B ring Y our O wn PC – Mxx Family • MDM: M obile D evice M anagement – MAM: M obile A pplication M anagement – MDP: M obile D ata P rotection – MDS: M obile D ata S ecurity –

  8. 1. PHONES & LAPTOPS CONTAIN YOUR LIFE • Emails • Contacts • Photos • Social Networks • Bank Accounts • Password Managers • Access to corporate / internal servers • Apps • You name it…

  9. 1. LOST & STOLEN STATISTICS “10,000 mobiles phones stolen per month in London” (that’s 314 • phones per day) London Metropolitan Police (2013) “Lost and stolen cellphones could cost U.S. consumers more than • $30 billion this year” Lookout (2012) “Laptop theft totaled more than $3.5 million dollars in 2005” • FBI FBI statistics reveal that 221,009 laptops were reported stolen in • 2008 and 2009 67,000 phones likely to be lost or stolen during London Olympics • http://www.venafi.com/67000-phones-likely-to-be-lost-or-stolen- during-london-olympics/

  10. 1. ANTI-THEFT FEATURES Encrypt & protect information • Remote Wipe files, directory or system • Lock screen • Sound alarm & alert window • Sent info to C&C: • – Screenshot – Webcam photo – Wireless (Access Point) name – GPS location – IP Claim to: • – Offer strong security – Help recovering device

  11. 1. SEA OF ANTI-THEFT: PRODUCTS BY NUMBERS Antivirus houses have also joined the party… •

  12. 1. ANTI-THEFT CLAIMS: JUST RELAX

  14. 2. PREVIOUS WORK ON THE SUBJECT • “Deactivate the Rootkit” Alfredo Ortega & Anibal Sacco http://www.blackhat.com/presentations/bh-usa-09/ORTEGA/ BHUSA09-Ortega-DeactivateRootkit-SLIDES.pdf • Issues – Huge privacy risk (bad/no authentication) – Anyone could activate it with enough privileges – Anyone can change the configuration – Anyone can de-activate it (at least in certain known cases) – Whitelisted by AV (potentially undetectable)

  15. 2. LACK OF THREAT MODELING (TM) • How data is protected (Rest / Transit)? • If stolen can Anti-Theft really: – Can data really be wiped? – Can device be recovered? – Can tampering be detected and stopped ? – How resilient are we? • No understanding of the threats • Because…

  16. 2. NOT ALL THIEVES ARE SO SEXY…

  17. 2. THIEF TACTICS • Network Analysis & Attacks • System Analysis & Attacks • Reverse Engineering Apps – Android – iOS – Windows – MacOS

  19. 4. HIDE IN PLAIN SIGHT… RIGHT!

  20. 3. ALL KIND OF INFORMATION DISCLOSURE Thief: snooping the network Emails Person Names Passwords GPS coordinates OS version Phone Numbers Device ID Application Internals

  21. 3. CLEAR TEXT SECRETS (IN TRANSIT): LOCATEMYLAPTOP (WINDOWS)

  22. 3. CLEAR TEXT SECRETS (IN TRANSIT): MITRACKER (WINDOWS)

  23. 3. CLEAR TEXT SECRETS (IN TRANSIT): PREY (IOS)

  24. 3. PHYSICAL ACCESS TO DEVICE • Thief – Shield device in a Faraday box / bag – Break device security • Recovery modes • Android – Maybe already rooted? – USB debugging • Passcode bypass • Forensic LIVE CD • Jailbreak tools

  25. 3. CLEAR TEXT SECRETS (AT REST): ANTIDROIDTHEFT (ANDROID)

  26. 3. CLEAR TEXT SECRETS (AT REST): WHERE’S MY DROID (ANDROID)

  27. 3. ANTI-THEFT CRYPTO FAILS • No crypto at all… • Weak cryptographic algorithms – MD5 no salt – SHA1 • No use of crypto hardware

  28. 3. LOCK DOWN BYPASS: PREY • DEMO

  29. 3. SECURE WIPE (AND RECOVERY) I • Apps do not have secure delete capabilities, relies on a delete() call from OS • SD Cards many times do not get deleted – Some Apps not configured by default

  30. 3. SECURE WIPE (AND RECOVERY) II • Thief: Remove SD Card as soon device is stolen! • Use forensic tools to recovered Data if device wiped – Windows: Use any LIVE CD/DVD forensic – Android • Open Source Android Forensics Toolkit http://sourceforge.net/projects/osaftoolkit/ • iCare Recovery Android http://www.icare-recovery.com/free/android-data-recovery- freeware.html – iPhone • Iphone Analyzer http://sourceforge.net/projects/iphoneanalyzer/ • iOS Forensic research http://www.iosresearch.org/

  31. 3. SECURE WIPE (AND RECOVERY) III

  32. 3. SECURE WIPE (AND RECOVERY) IV

  33. 3. JHV DEFUSER I • “John Hard Vegas, Anti-Theft defuser” • Features: – Fingerprint Anti-Theft – Steal credentials – Disable Anti-Theft

  34. 3. JHV DEFUSER II • Current Anti-Theft apps defused (* Windows only) : – Prey – LaptopLock – Bak2u / Phoenix – Snuko – LocateLaptop • More to come and other platforms…

  35. 3. JHV DEFUSER III • DEMO

  36. 3. INSERT ROOTKIT TO STOLEN DEVICE – SUBVERTING ANTI-THEFT 1. Stolen device 2. Shield device 3. Tamper device 4. Install Rootkit 5. Enable Anti-Theft and return device 6. User happy again J

  37. 3. THIEF CRAFT • Disable Anti-Theft remote if possible • Mute sound on device • Remove SD Card • Shield it • Break device security • Collect user data • Recover deleted data

  38. 3. AVOID BEING…

  40. 4. RISKS SUMMARY Clear Text Secrets • At-Rest: Mobile Top 10 2012-M1 Insecure Data Storage – In-Transit: Mobile Top 10 2012 - M3 Insufficient Transport Layer Protection – Poor Cryptographic Algorithm • CWE-327: Use of a Broken or Risky Cryptographic Algorithm – Insecure Development Practices • Shipped with Debug – No data validation – NO SSL certification checks – Privacy Violations • Wiped data can be recovered (most of the time) • Lack of Resilient & Security Defenses • Easily defeated •

  41. 4. THE UGLY TRUTH • Anti-Theft products need to improve their security • Some products need to change their claims

  42. 4. USER SECURITY • Keep up on updates • Enforce security defenses (usual suspects) – Firewall – Anti-virus • Beware of public networks • If Anti-Theft app installed, make sure it does what it claims!

  43. 4. ANTI-THEFT VENDORS • Understand your threats! • Build secure software, not security software • Protect user data effectively

  44. 4. BE SAFE IF YOU CAN

  45. 4. Q&A • Please fill out the Black Hat feedback form • Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HUBBLE SPACE TELESCOPE: S A Piecing Together the P B O H E U Workings of the Universe E

HUBBLE SPACE TELESCOPE: S A Piecing Together the P B O H E U Workings of the Universe E

HUBBLE SPACE TELESCOPE: S A Piecing Together the P B O H E U Workings of the Universe E R T R R R I A E C T A A I C Robert Williams L O H N STScI D A A I T T M A T A R G A A E R C S C T H I I V

612 views • 39 slides
Yanagihara+ (FlowQCDCollab.) arXiv:1803.01234 Newton Action-at-a-distance Faraday Local

Yanagihara+ (FlowQCDCollab.) arXiv:1803.01234 Newton Action-at-a-distance Faraday Local

XQCD2018, 23 May, 2018, Frankfurt, Germany Yanagihara+ (FlowQCDCollab.) arXiv:1803.01234 Newton Action-at-a-distance Faraday Local interaction Action through medium Pressure S Pressure Generally, F and n are not parallel v fluid

771 views • 50 slides
Ultra-High Energy Cosmic Rays Luis Villaseor UMSNH (Morelia) & BUAP (Puebla) Mexico

Ultra-High Energy Cosmic Rays Luis Villaseor UMSNH (Morelia) & BUAP (Puebla) Mexico

Ultra-High Energy Cosmic Rays Luis Villaseor UMSNH (Morelia) & BUAP (Puebla) Mexico Outline Physics Motivation Auger Observatory Telescope Array Recent Results Energy spectrum Mass composition Anisotropies Future

544 views • 53 slides
Shock profiles in the numerical analysis of hyperbolic systems of conservation laws Denis SERRE

Shock profiles in the numerical analysis of hyperbolic systems of conservation laws Denis SERRE

Shock profiles in the numerical analysis of hyperbolic systems of conservation laws Denis SERRE Ecole Normale Sup erieure de Lyon EVEQ 2008 Charles University , Prague June 1620th, 2008 1st order systems of conservation laws Space-time

1.31k views • 113 slides
MAGNETIZATION, BOUND CURRENTS AND H 6.4 A solid cylinder has uniform magnetization M throughout

MAGNETIZATION, BOUND CURRENTS AND H 6.4 A solid cylinder has uniform magnetization M throughout

MAGNETIZATION, BOUND CURRENTS AND H 6.4 A solid cylinder has uniform magnetization M throughout the volume in the x direction as shown. What's the magnitude of the total magnetic dipole moment of the cylinder? ) R 2 L M R B) 2 R L M C)

373 views • 23 slides
All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof

All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof

All iLabs and P2PSS Modern cryptography for communications security part 1 Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 17ss 1 / 34

705 views • 44 slides
Wireless Sensor Networks 5th Lecture 08.11.2006 Christian Schindelhauer

Wireless Sensor Networks 5th Lecture 08.11.2006 Christian Schindelhauer

Wireless Sensor Networks 5th Lecture 08.11.2006 Christian Schindelhauer schindel@informatik.uni-freiburg.de schindel@informatik.uni-freiburg.de University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer 1

613 views • 12 slides
Quantum many particle systems in one dimensional optical potentials Luigi Amico Dep. Fisica

Quantum many particle systems in one dimensional optical potentials Luigi Amico Dep. Fisica

Quantum many particle systems in one dimensional optical potentials Luigi Amico Dep. Fisica Materiales, Universidad Complutense de Madrid. MATIS INFM & DMFCI, Universit di Catania. Superconductivity Mesoscopics Theory group

593 views • 33 slides
Experimental quantum fast Carlo Di Franco hitting on hexagonal graphs 9th International

Experimental quantum fast Carlo Di Franco hitting on hexagonal graphs 9th International

Experimental quantum fast Carlo Di Franco hitting on hexagonal graphs 9th International Conference on Quantum Simulation and Quantum Walks CIRM, Marseille, France 21st January 2020 Outline A feasible experimental platform for implementing

627 views • 39 slides
Capturing rare events with the heterogeneous multiscale method David Kelly Eric Vanden-Eijnden

Capturing rare events with the heterogeneous multiscale method David Kelly Eric Vanden-Eijnden

Capturing rare events with the heterogeneous multiscale method David Kelly Eric Vanden-Eijnden Courant Institute New York University New York NY www.dtbkelly.com October 1, 2016 SIAM MPE 16 , Philadelphia, PE David Kelly (CIMS) HMM rare

371 views • 19 slides
Adversarial Surrogate Losses for General Multiclass Classification Rizal Zaini Ahmad Fathony

Adversarial Surrogate Losses for General Multiclass Classification Rizal Zaini Ahmad Fathony

Adversarial Surrogate Losses for General Multiclass Classification Rizal Zaini Ahmad Fathony Committee: Prof. Brian Ziebart (Chair) Prof. Bhaskar DasGupta Prof. Lev Reyzin Prof. Xinhua Zhang Prof. Simon Lacoste-Julien 1 Multiclass

530 views • 50 slides
Exponential lower bounds for hom. depth-5 circuits over finite fields Mrinal Kumar Ramprasad

Exponential lower bounds for hom. depth-5 circuits over finite fields Mrinal Kumar Ramprasad

Exponential lower bounds for hom. depth-5 circuits over finite fields Mrinal Kumar Ramprasad Saptharishi TIFR, Mumbai CCC 2017 Riga Rutgers Harvard Algebraic Circuits f ( x 1 , x 2 , x 3 ) = 2 x 2 1 + 2 x 1 x 2 + 2 x 1 x 3 + 2 x 2 x 3 =

1.56k views • 115 slides
Support Vector Machines 290N, 2014 Support Vector Machines (SVM) Supervised learning

Support Vector Machines 290N, 2014 Support Vector Machines (SVM) Supervised learning

Support Vector Machines 290N, 2014 Support Vector Machines (SVM) Supervised learning methods for classification and regression they can represent non-linear functions and they have an efficient training algorithm derived

1.15k views • 57 slides
The New Large D Limit of Matrix Models: Theory and Applications Frank FERRARI Universit Libre

The New Large D Limit of Matrix Models: Theory and Applications Frank FERRARI Universit Libre

The New Large D Limit of Matrix Models: Theory and Applications Frank FERRARI Universit Libre de Bruxelles International Solvay Institutes Institute for Basic Science, South Korea Black Holes, Quantum Information, Entanglement and All That

472 views • 21 slides
Comparison of Fault Currents in AC & DC Microgrids Mahdi Izadkhast Learning Objectives

Comparison of Fault Currents in AC & DC Microgrids Mahdi Izadkhast Learning Objectives

Comparison of Fault Currents in AC & DC Microgrids Mahdi Izadkhast Learning Objectives How is the fault current calculated in an AC microgrid? Which elements are contributing to the DC fault current of a DC microgrid?

779 views • 10 slides
Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems Viaceslav Izosimov, Paul Pop, Petru Eles, Zebo Peng Embedded Systems Lab (ESLAB) Linkping University, Sweden 1/21 1 of 14 Motivation Faults

408 views • 21 slides
Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

8/1/2012 Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too many. Not possible to consider individually. Difficult to count and analyze. Some logical fault models are considered. A fault

493 views • 15 slides
Context Since we are at the end Announcements This is the last class of the semester -- no

Context Since we are at the end Announcements This is the last class of the semester -- no

Context Since we are at the end Announcements This is the last class of the semester -- no more class meetings. Announcements This is the last class of the semester -- no more class meetings. Please respond to the Doodle poll to set

1.39k views • 138 slides
Today Memory Management: Page Replacement Dec 5, 2018 Sprenkle - CSCI330 1 Review What

Today Memory Management: Page Replacement Dec 5, 2018 Sprenkle - CSCI330 1 Review What

Today Memory Management: Page Replacement Dec 5, 2018 Sprenkle - CSCI330 1 Review What is paging? Segmentation? What are they used for? How does the OS translate from the virtual address to the physical address? Compare and

475 views • 28 slides
Final Demos on Thursday! 1. Robotic Arm Controller for Diagnostics 2. PiCar 3. Facial

Final Demos on Thursday! 1. Robotic Arm Controller for Diagnostics 2. PiCar 3. Facial

Final Demos on Thursday! 1. Robotic Arm Controller for Diagnostics 2. PiCar 3. Facial Recognition Based Attendance 4. Interactive Sign Language Training System 5. WashU Course Buddy IoT 6. Smart Soft Real-Time Security Camera 7.

932 views • 57 slides
8/14/2014

8/14/2014

8/14/2014

341 views • 3 slides
FeralCatScan community mapping resource www.feralcatscan.org.au Peter West Project Manager,

FeralCatScan community mapping resource www.feralcatscan.org.au Peter West Project Manager,

FeralCatScan community mapping resource www.feralcatscan.org.au Peter West Project Manager, Invasive Animals CRC www.feralcatscan.org.au What is FeralCatScan? 1. FeralCatScan is a web and mobile App resource for landholders and the

289 views • 14 slides
An evaluation of approaches for accommodating interactions and non-linear terms in multiple

An evaluation of approaches for accommodating interactions and non-linear terms in multiple

An evaluation of approaches for accommodating interactions and non-linear terms in multiple imputation of incomplete three-level data Rushani Wijesuriya Katherine J. Lee, Margarita Moreno-Betancur, John B. Carlin and Anurika P. De Silva

619 views • 27 slides
CSCI 4152/6509 Natural Language Processing Lab 1: FCS Computing Environment, Perl Tutorial 1

CSCI 4152/6509 Natural Language Processing Lab 1: FCS Computing Environment, Perl Tutorial 1

CSCI 4152/6509 Natural Language Processing Lab 1: FCS Computing Environment, Perl Tutorial 1 Lab Instructor: Dijana Kosmajac, Tukai Pain Faculty of Computer Science Dalhousie University 15/17-Jan-2020 (1) CSCI 4152/6509 1 Lab Overview

630 views • 46 slides

More recommend