(PDF) Yury Chemerkin Icitst 2012

8/13/2019 (PDF) Yury Chemerkin Icitst 2012

1/28

VULNERABILITY ELIMINATI

FORCE OF NEW MOBYU

THE 7TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED

TR


2/28

THE SECURITY IS THE CORNERSTONE

A POWERFUL HIGH LEVEL INTEGRATION

IMs, SOCIAL NETWORKS

FINANCIAL DATA AND ETC.

THE BLACKBERRY WAS BUILT

FREE OF MALWARE & HARMFUL ACTIONS WITH NATIVE SECURITY SOLUTIONS

MAINLY FOCUSED ON ENTERPRISE

WIDE RANGE IT POLICY SET

UP TO 500 UNITS

A FEW THIRD PARTY SECURITY SOLUTIONS

A SIMPLIFICATION OF THE SECURI

POOR INTERGRATION (ONLY BLAC

NO BUILT IMs, HTML5 &

NO WALLETS OR ELSE BU

PLAYBOOK MIGHT

PRODUCE FEW VALUE DA NOT MORE THAN LARGE

TOTALLY FOCUSED ON ENTERPRIS

IT POLICY EXTRA REDUCE

UP TO 10 UNITS

ENTERTAINMENT APPLIC

BLACKBERRY SECURITY ENVIRONM

BL CKBERRY SM RTPHONE W S SECURE PLAYBOOK HAS COME WITH A POO


3/28

A LOT OF TYPES

BOOTKITS

FIRMWARE

USER-MODE

KERNEL

HYPERVISOR

SIMILAR TO THE SPYWARE

BUNDLING WITH DESIRABLE SOFTWARE

WIDESPREADING, EASY DITRIBUTION AND QUITE

RELEVANT FOR HACKERS

BASED ON:

VENDOR-SUPPLIED EXTE

THIRD PARTY PLUGINS

PUBLIC INTERFACES

INTERCEPTION OF SYSTE

EXPLOITATION OF SECUR

VULNERABILITIES

HOOKING AND PATCHING

METHODS

USER MODE ROOTKIT AND SPYWA

M LW RE BOUNDS BECOME UNCLE R HACKERS ARE INTERESTED IN CHEA


4/28

VIA THE BUILT (INTERNAL) EXPLORER

AFTER ENTERING THE PASSWORD BUT STILLTHE INTERNAL EXPLORER

FOR EXECUTING MALWARE FROM THE DEVICE

BY CLICKING FILE (.JAR/.JAD + .COD)

TO ALLOW COPYING THE MALWARE TO THEDEVICE AS AN EXTERNAL DRIVE (LIKE A WORM)

AFTER MOUNTING AS AN EXT

AFTER ENTERING THE PASSWONOT NECESSARY TO USE INTER

TO PREVENT FROM EXECUTIN

OUTSIDE APPWORLD (.BAR)

MALWARE IS A PERSONAL APSUBTYPE IN TERMS OF RIMs S

THE FILE SYSTEM ISSUES

BB OS v45 WAS ACCESSIBLE BB OS V67 PLUS PLAYBOOK ARE AC


5/28


6/28


7/28

THE UPGRADE FEATURE MEANS

THE INSTALL & REMOVE ACTIONS AT LEAST

AN APPLICATION ID REQUIREMENT

AN ACCESSIBLE RUNNING APPLICATION LIST

HANDLING ANOTHER APPs SILENTLY VIA API

HANDLING ANOTHER APPLICATION SILENTLY VIAPC TOOLS

MAY NEED A PASSWORD

DEBUG MODE IS FOR TRACING &

DEBUGING ONLY

EASY TRACKING THE NEWCOMING .COD

MODULES FOR THE MALWARE PAYLOAD

THE UPGRADE MEANS AN USE

WITH APPWORLD

WITH HOME SCREEN

THERE ARE SOME APIs BUT DIS

THERE IS NO API FOR SUCH ACT

HANDLING ANOTHER APPLICATIPC TOOLS

MAY NEED A PASSWORD

STRONGLY NEED ACTIVAT

MODE

LOOKS LIKE MORE SECURE THAN

DIFFICULT TO REMOVE DISTRIBU

THE APPLICATION MANAGEMENT IS

BLACKBERRY SMARTPHONE (LESS THAN BB 10) BLACKBERRY PLAYBOOK (PROBABLY


8/28


9/28

HOW TO REVEAL THE DATA IN REAL TIME

GETCLIPBOARD()

ANY PROTECTION

NATIVE WALLETS RESTRICT THE CLIPBOARD

ACCESS BY RETURNING NULL WHILE THE APPLICATION IS ACTIVE (ON

TOP OF SCREEN STACK) ONLY

DOES NOT WORK IN MINIMIZED STATE

HOW TO REVEAL THE DATA IN R

GETDATA()

ANY PROTECTION

NO NATIVE WALLET APPL

MANAGING THE LAST CLSHARED FOLDER

PLAIN TEXT

HTML

ETC.

THE CLIPBOARD ISSUES

BLACKBERRY SMARTPHONE BLACKBERRY PLAYBOOK


10/28


11/28


12/28


13/28

SCREEN PROTECTION VIA SWITCHING

PERMIT

RESTRICT

ADDITIONALLY PER APPLICATION.

BUT DOES NOT HANDLE WINDOWs

HANDLE WITH THE KEY PREVIEW DUE THEVIRTUAL KEYBOARD

MAY BE IMPROVED BY XORing TWO

PHOTOSCREENS TO GET THE DIFFERENCE

MASKING THE ASTERISKS TAKES A DELAY

ENOUGH TO STEAL THE TEXT

MAY BE PART OF OCR ENGINES

ONLINE OR DESKTOP

RECOGNIZE TYPED DATA

WAS TESTED ON ABBYY O

SUBSTITUTE FOR HARDWARE KE

RUNNING DOWN THE BATTERRYTHAN PHOTO/VIDEO CAMERA

EASY ACCESS TO ANY APPLICATI

NO RESTRICTION LIKE THE CLIPB

SCREENSHOTS OFTEN STORE IN

THE SAME A FILE ACCESS

THE PHOTOSCREEN ISSUES

ARE AVAILABLE FOR ALL BLACKBERRY DEVICES BUT DISABLED FOR PLAYBOOK AND BLACK


14/28


15/28

USING AUTHORIZED API TO INTERCEPT

MESSAGES (BBM, EMAIL, PIN-TO-PIN)

CREATE THE MESSAGE

READ THE MESSAGE

DELETE THE MESSAGE

SET THE MESSAGE STATUS (UNREAD,SENT, ANY ERROR STATE, ETC.)

THE BUTTON EVENTS (THE SAME TYPES)

OPENING THE MESSAGE

FORWARDING THE MESSAGE

SENDING THE MESSAGE

INTERCEPTING THE SMS (BASICA

RECEIVING AND SENDING

DELETING THE SENT & R

ENOUGH TO HANDLE SO

OUTCOMING SMS (ADVANCED)

BLOCKING (DROPPING) T A NOTIFICATION IN THE M

SPOOFING

THE RECEPIENT

THE BODY

TRANSMISSION RE

SUCH MESSAGE W

THE MESSAGES ISSUES

AVAILABLE ON THE BB DEVICES PROBABLY ON THE BLACKBERRY 10 NO 3G, NO AP


16/28


17/28

THE PASSWORD PROTECTION COVERS

DEVICE LOCKING & ENCRYPTION FEATURE

APPWORLD REQUEST

LIMITED BY 5/10 ATTEMPTS & WIPE THEN

WIPING THE INTERNAL STORAGE ONLY

EXTRACTING THE PASSWORD TRHOUGHT ELCOMSOFT PRODUCT (CUSTOM CASE)

GUI VULNERABILITY

CREATING THE FAKE WINDOW ON

DESKTOP SYNCHRONIZATION

BREAKING INTO BB DESKTOP SOFTWARE

HANDLING MS WINDOWS VULN

UNMASKING THE FIELD

GRABBING THE PASSWO

MASKING THE FIELD

THIS DELAY TAKES 10-20

AFFECTED PASSWORD TYPES THE DEVICE PASSWORD

THE BACKUP PASSWORD

AFFECTED DEVICES

BLACKBERRY 4-7 (BB 10

BLACKBERRY PLAYBOOK

THE DEVICE PASSWORD ISSUES

FOR THE BLACKBERRY 47 DUE THE INTERNAL CASE FOR ALL DEVICES DUE IN THE DESK


18/28


19/28


20/28

INITIALLY BASED ON AUTHORIZED API COVERED

ALL PHYSICAL & NAVIGATION BUTTONS

TYPING THE TEXTUAL DATA

AFFECT ALL NATIVE & THIRD PARTY APPs

SECONDARY BASED ON ADDING THE MENU ITEMS

INTO THE GLOBAL MENU INTO THE SEND VIA MENU

AFFECT ALL NATIVE APPLICATIONS

NATIVE APPLICATIONS ARE DEVELOPED BY RIM

BLACKBERRY WALLETS, MESSAGES,

SETTINGS, FACEBOOK, TWITTER,

BBM/GTALK/YAHOO/WINDOWS IMs,

GUI EXPLOITATION HANDLES WI

REDRAWING THE SCREEN

ADDING NEW GUI OBJEC

CHANGING THEIR PROPE

GRABBING THE TEXT FRO

ANY FIELDs (INCL.

UNLOCK THE DEVI

SETTING UP THE P

ADDING, REMOVING THE

ORIGINAL DATA IS INACCESSIBL

AFFECTED

GUI OBJECTS SHUFFLING IS NOT

THE GUI EXPLOITATION

CONSEQUENCE OF WIDE INTERGRATION FEATURES OFFERED FOR DEVELOPERS (BLACKBE


21/28


22/28


23/28


24/28


25/28

KASPERSKY MOBILE SECURITY PROVIDES

FIREWALL, WIPE, BLOCK, INFO FEATURES

NO PROTECTION FROM REMOVING.CODs

NO PROTECTION UNDER SIMULATOR

EXAMING THE TRAFFIC, BEHAVIOUR

SHOULD CHECK API IS SIMULATOR SMS MANAGEMENT (QUITE SECRET SMS)

PASSWORD IS FOUR SIXTEEN DIGITS SET

AND CAN BE MODIFIED IN REAL-TIME

SMS IS A HALF A HASH VALUE OF GOST R

34.11-94

IMPLEMENTATION USES TEST CRYPTO

VALUES AND NO SALT

TABLES (VALUEHASH

OUTCOMING SMS CAN B

WITHOUT ANY NOTIFICA

OUTCOMING SMS CAN B

THE SAME DEVICE OR AN

McAfee MOBILE SECURITY PROV

FIREWALL, WIPE, BLOCK NO PROTECTION FROM R

NO PROTECTION UNDER

EXAMING THE TRA

SHOULD CHECK AP

WEB MANAGEMENT CO

DIFFICULT TO BREAK SM

THE THIRD PARTY EXPLOITATIO

THERE ARE A FEW OF THEM THEY MIGHT HAVE AN EXPLOIT BUT RUIN NA


26/28

DENIAL OF SERVICE

REPLACING/REMOVING EXEC FILES

DOSing EVENTs, NOISING FIELDS

GUI INTERCEPT

INFORMATION DISCLOSURE

CLIPBOARD, SCREEN CAPTURE

GUI INTERCEPT

DUMPING .COD FILES, SHARED FILES

MITM (INTERCEPTION / SPOOFING)

MESSAGES

GUI INTERCEPT, THIRD PARTY APPs

FAKE WINDOW/CLICKJACKING

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SUB-PE

A FEW NOTIFICATION/EVENT

BUILT PER APPLICATION INST

CONCRETE PERMISSIONS

BUT COMBINED INTO GENER

A SCREENSHOT PERMISSIONCAMERA

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SUB-P

A FEW NOTIFICATION/EVENT

BUILT PER APPLICATION INST

THE PERMISSIONS

PRIVILEGED GENERAL PERMISSIONS OWN APPs, NATIVE 3RD PARTY APP


27/28

SIMPLIFICATION AND REDUCING SECURITY CONTROLS

MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER

NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY

ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KER

A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS

THE SANDBOX PROTECT ONLY APPLICATION DATA

USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANC

MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY

THE NATIVE SPOOFING AND INTERCEPTION FEATURES

BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUC

THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES

PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PE

CONCLUSION

THE VENDOR SECURITY VISION HAS NOTHING WITH REALITY AGGRAVATED BY


28/28

THAN

YU

Documents

(PDF) Yury Chemerkin Icitst 2012