Upload
smeetsm1
View
97
Download
0
Tags:
Embed Size (px)
Citation preview
Mobile Securityy
OS3 Guest lecture – Offensive SecurityOS3 Guest lecture Offensive Security
April 2013
Marc Smeets
Why I am here
■ I pentest: infrastructures, mobile, networks, fun stuff!
■ KPMG is one of the ‘big four’ audit and advisory firms
■ One of main IT Security advisory companies globally
■ Information Protection Services team (48 fte in NL, large global network)
■ Security testing/ethical hacking, IT auditing, all fun things IT security
Why you are here
Learn abo t a ne topic■ Learn about a new topic:mobile security
■ Ask hard questions
1© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ Learn a bit about KPMG (in house day)
3© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Goodbye PC and pocket PC
Welcome iPhone, Android, tabs, ,
Apps & AppStoreQuestion:
Containerization
Are we more secure than before?
Cloud integration & online ID
4© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Are we becoming more secure?
Yes, new mobile platforms are more secure in several aspects
■ Disk encryption built-in
■ Latest and greatest core security features
■ Strong ‘sandboxing’ of Apps
Tight down platforms with eco system■ Tight down platforms with eco-system
No, new platforms still fail at basic securityp y
■ Disk encryption optional or circumvented
■ Remote wipe ineffective
– When to give up and call for remote wipe?
■ Security update cycle
Wh t d t i t d d h ( l d)?
5© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ What data is stored, and where (cloud)?
■ Malware still exists
The mobile landscape – an overview
GO
OG
LE S
ER
VIC
CORPORATE EXCHANGE SERVICES
Corporate exchange environment
Mobile DeviceManagement
INTERNET
WIFI / UMTS / GPRS
CE
S
LOC
AL N
ETW
WIFI / USB / Bluetooth / NFC INTE
RN
ET S
ER
VI
WEB
WO
RK
SE
RV
ICE
S
NETWORK
ICE
S
CLOUD
ANDROID DEVICES
INTERNET
LOCAL STORAGECORPORATE / PRIVATE
CU
STO
M R
VE
ND
OR
SE
R
AND
RO
VE
RS
IO
ALTER
NA
TM
AR
KE
T
6© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
RO
MS
RV
ICE
S
OIDN
S
TIVE
TS
iOS background
iOS
■ Apple proprietary, derived from Mac OSX
■ Pillars: iOS, selected hardware, SDK and developer community, AppStore and iTunes
Software versions
■ Version 1 in 2007
■ Current release is 6.1.3
■ GM = Gold Master = for beta testers
Hardware models
■ iPhone (3GS, 4, 4S gen. supported, CMDA+GSM)
iPad (1st 2nd and 3rd gen supported CMDA+GSM)■ iPad (1st, 2nd and 3rd gen. supported, CMDA+GSM)
■ iPod Touch = iPhone – phone, GPS and compass (4th gen. supported)
■ AppleTV (2nd and 3rd supported, 1st gen. runs true OSX)
8© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
iOS from a security viewpoint – iOS layout
iOS fundamentals
■ Based on Mac OS X = UNIX
■ Two users: root (pw = alpine) and mobile. Apps run as mobile, deamons as root
■ Disk layout:y/ : boot partition -ro/private/var : user data ( linked /var to /private/var )
■ Binary Property lists store settings, properties and meta data. It is a binary xml file, read/write ith l tilwith plutil.
■ SQLite databases store data
■ Many DBs in /var/mobile/Library, i.e.:AddressBook.sqlitedb : All contact detailsCallHistory.db : recent history in DB, full history in fileCalendar.sqlitedb : all past and upcoming eventssms.db : all text messages, including deleted
9© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Keychain.db : contain all passwords as normal keychain
iOS from a security viewpoint – iOS security features
iOS security features
■ OS support for:
– Exchange (2007), CalDAV, IMAP, LDAP
– Cisco VPN
– Hardware encryption (3Gs and up only)yp ( p y)
– Remote wipe functionality
– Configuration profiles
– SSL strict checks
■ Missing: hardware token possibility
■ App Sandboxingpp g
– Strict APIs for App.
– If App A wants resources of App B, then via API. E.g. Photo.app sending email, email.app not used
10© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
not used
■ AppStore “strictly” monitored
iOS from a hacker's perspective – iDevice boot sequence
Three boot modes
■ Normal mode
■ DFU mode - Device Firmware Upgrade: when device is unrecoverable
– Low level boot mode that uses a ramdisk for interaction with device
■ Restore mode: device is being upgraded by Apple’s ramdisk via iTunes
Boot sequence and signature checks
g pg y ppSignature checking:- Bypass results in code execution- The earlier in the boot sequence the better- @ Bootrom is in hardware
1. Power on with or without DFU-buttons
2. Bootrom is executed from VROM (Virtual Read Only Memory)
Normal: check and run LLB (Low Level Boot) and iBoot
@ Bootrom is in hardware- Different hacks for different CPUs
Normal: check and run LLB (Low Level Boot) and iBoot
Normal: boot loaders check kernel, kernel checks apps from flash
DFU: check and boot iBSS and iBEC boat loaders
11© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
DFU: boot loaders check and load kernel and ramdisk from USB connection
iOS from a hacker's perspective - jailbreaking
Removing Apple’s jail on the OS
■ Run non Apple signed Apps (e.g. Cydia.app, the alternative AppStore)
■ Get shell/SSH access to the device
■ Do all the funky stuff during a pentest Hacker’s prefered way as it can’t be fixed with new firmware
Different ways for jailbreaking
■ Tethered / untethered
■ Bootrom (e.g. limara1n)
– A4/A5/A6 chips require different approaches.
– A4 (iPhone < 4S, iPad < 2, iPod Touch) are easier( , , )
■ User land (e.g. Jailbreakme.com)
■ Kernel (e.g. Racoon configuration)
12© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
iOS from a hacker's perspective – Different layers of encryption
Disk encryption
■ Since iPhone 3Gs
■ Intended for fast wipe (1 key is used for encryption entire disk)
■ Decryption is done when device boots (also readable from ramdisk)
Data Protection
■ File level encryption when data at restyp
■ Meta data remains visible
■ Input = passcode + UID hardware key
■ It is up to the developer to use
– Mail.App is the only App from Apple
13© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
iOS from a hacker's perspective – keychain data
O l t hi th f h !!Only scratching the surface here!!
Keychain
■ Three protection classes – each being secured with own master key
– kSecAttrAccessibleWhenUnlocked
– kSecAttrAccessibleAfterFirstUnlock Also with *ThisDeviceOnly– kSecAttrAccessibleAlways
Master keys are stored in system keybag
■ /private/var/keybags/systembag.kbp y g y g
■ System keybag file is encrypted by Data Protection
■ Keybag payload is encrypted before writing to disk
■ Master keys are encrypted with device key and/or passcode key
Escrow keybag
■ For itunes to sync without passcode – stored on computer
14© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
y p p
■ Provide with same level of access as knowing the passcode
iOS from a hacker's perspective – The forensic recovery method
Getting access
1. Turn off device
– can be done without passcode knowledge
– Remote wipe commands don’t work anymore
2. Boot in DFU mode
– Disk encryption is already defeated at this moment
3. Upload custom firmware using jailbreak techniques
4. SSH over WIFI or USBMUX make iPhone image to work with
5. Crack passcode (on device!) or use escrow keybag
– On device: speed depends on hardware: p p
■ iPhone 4/iPad1 = ~6 cracks/second
■ iPhone 4S/iPad2 = ~10 cracks/second
15© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
6. Using passcode decrypt all the Data Protected data
iOS from a hacker's perspective – iTunes backup
iTunes stores backups every time you sync
■ \Users\%USERNAME%\AppData\Roaming\Apple Computer\MobileSync\Backup
■ ~/Library/Application Support/MobileSync/Backup/
■ Stored in encoded files, decode using plist file
Backup contains all user datap
■ Photos/music/address book/etc and keychain data! -> _not_ *ThisDeviceOnly
■ App developer can control if data is included in backup
B k b t dBackup can be encrypted
■ Using separate password
■ Security policy of iDevice can dictate if a password is used, not the length
■ Encryption is strong (10000 rounds of PBKDF2)
Decrypt and crack with tools
16© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ Elcomsoft Phone Password Breaker
■ iPhone Backup Extractor
iOS from a hacker's perspective – App security
App layout
■ /private/var/mobile/Applications/<APPID>/
■ /private/var/mobile/Library/<APPID>/
App code signaturepp g
■ Kernel requires signature verification to only allow approved Apps = Apps made by official App developer with an AppleID verified by Apple
■ Jailbreak patches signature *verification* out of the kernel but still signing is needed:■ Jailbreak patches signature verification out of the kernel, but still signing is needed:
– Self sign with Apple’s code sign utility -> any signature is allowed now
– Pseudo-sign -> generate the hashes that are checked by the kernel for approval
– Deactivate signing via “sysctl” command -> cripples iOS (not possible from iOS4.3 and up)
App encryption (DRM / Fairplay)
■ Same App is different binary on different iDevice
Easiest to use: no Mac needed & device still functional -> “ldid”-tool on iDevice
17© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ Same App is different binary on different iDevice
■ SC_Info (personalised for your purchase) + MAC address + iTunes keys
Binary analysis
On IOS most apps are encrypted (DRM/fairplay), check this using otool on device
otool -l APP| grep LC ENCRYPTION INFO| g p
LC_ENCRYPTION_INFO cmdsize 20 cryptoff 4096 cryptsize 1347584 cryptid 1
On runtime, the application gets decrypted. So…
Gdb –p <PROCESSID>
d d bi $(($C tOff 4096)) $(($C tSidump memory dump.bin $(($CryptOff + 4096)) $(($CryptSize + $CryptOff + 4096))
Wh th l ff t? U Cl t h d/ dC kM d > iN lWhy the manual effort? Use Clutch and/or poedCrackMod -> iNalyzer
Analyse using
■ IDA (ARM version) use ldone for changes to binaries
18© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ gdb
Google services
Play/Market
Google Backup
Google contacts
20© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Background
Version Name Release dates Specifics1.0 - 1.6 Cupcape / Donut 2008/20091.0 1.6 Cupcape / Donut 2008/20092.0 – 2.1 Eclair Oct 20092.2 Froyo May 20102 3 Gi b d D 20102.3 Gingerbread Dec 20103.0 Honeycomb Feb 2011 Tablet only4.0 Ice cream Sandwich Oct 20114.1 Jelly Bean June 20124.2 Jelly Bean Oct 2012
21© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Software stack
22© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Dalvik & Java
■ AndroidManifest.xml
■ Activities: An Activity is, generally, the code for a single, user-focused task (dispay UI)
■ Services: A service is a body of code that runs in the background.
23© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ Broadcast Receiver: receiver of intents (e.g. battery empty)
Linux Security
System drive read-only
Each app own UIDEach app own UID
Appdata in /data/data/<appname>
One app publisher can enforce different apps to the sameUID to share between his apps(!)
Sqlite files
DRMDRM
■ /data/app contains installer (.apk) for regular apps, accessible via adb
24© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
■ /data/app-private for drm apps
Application permissions
Apps are distributed as .apk files: Zipped file containing binary and AndroidManifest.xml
Install time check on permissions, user informedInstall time check on permissions, user informedof permissions
25© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Device administration & policy management
Device Administration API
Introduced in Android 2.2
Multiple device administrators allowed
<device-admin xmlns:android="http://schemas.android.com/apk/res/android"><uses-policies><uses policies>
<limit-password /><watch-login /><reset-password /><force-lock /><force lock /><wipe-data /><expire-password /><encrypted-storage /><disable-camera /><disable camera />
</uses-policies></device-admin>
http://developer.android.com/guide/topics/admin/device-admin.htm
26© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
g
Device administration & policy managementAPI options
Policy option VersionPassword enabledMinimum password lengthAl h i d i dAlphanumeric password requiredComplex password required as of 3.0Minimum letters required in password as of 3.0Minimum lowercase letters required in password as of 3 0Minimum lowercase letters required in password as of 3.0Minimum non-letter characters required in password as of 3.0Minimum numerical digits required in password as of 3.0Minimum symbols required in password as of 3.0Minimum uppercase letters required in password as of 3.0Password expiration timeout as of 3.0Password history restriction as of 3.0Maximum failed password attemptsMaximum failed password attemptsMaximum inactivity time lockRequire storage encryption as of 3.0Disable camera as of 4.0
27© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Android encryption
Implementation:
■ When init fails to mount /data, knows that volume is encrypted
■ Starts up framework and asks user password
■ After password login, restarts framework with /data mounted using password
Sidenote: As of android 4.0 a keychain API is provided
28© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Adb & rooting
Requires enabling of debug mode on device
■ Adb –d shell – provides shell to the device
■ Adb –d push/pull for file transfers
On unrooted devices you are just a regular userOn unrooted devices you are just a regular user
Then use manual local exploit (e.g. for android 2.1/2.2 use rageagainstthecage.bin / CVE-2010-EASY/ zergrush)
29© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
App Analysis
Dynamic analysis of app using Droidbox
Hashes, network data, File operations, services/classes used etc etc
http://code.google.com/p/droidbox/
ddms (Dalvik debugger)ddms (Dalvik debugger)
■ Show device and process status (ps -x)
■ Dump heap (hprof) (on Android < 2.3) -> Memory Analysisp p ( p ) ( ) y y
But why not disassemble entirely?
30© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
SMALI/BAKSMALI
SMALI/BAKSMALI
Assembly level, quite good readable
Steps to analyze app
APKTOOL d <App>
Edit resources (XML/PNG) / Edit SMALIEdit resources (XML/PNG) / Edit SMALI
Const v0, “value”
Invoke-static (v0,0). Landroid/util/Log;-( , ) g>v(Ljava/lang/String; Ljava/lang/String);)I
APKTOOL b <DIR> <packagename.apk>
Si i J i d d b k t ( t f d id SDK)Sign using Jarsigner and debug.keystore (part of android SDK)
Uninstall old app, install new app (with adb or manual)
31© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Misc
Directly starting Java classes or intents/activities
Check if state checks are adequately implemented (e.g. starting up an activity without logging in)logging in)
File permissions
getSharedPreferences, openFileOutput, or openOrCreateDatabase for storing preferences and data. Check if calls are made private/world-readable/world-writable
32© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
In house day @ KPMG Information Protection Services
What in house day
What (2) showing what we do in detail, challenge you with an assignment d tiand answer your questions
Who master students that have interest in (computer) security and related topics (as a research opportunity or job)p ( pp y j )
Why you may not know KPMG as a firm for information security
Why (2) there are free drinks at the end
When –DATE TO BE CONFIRMED– NOT 30 MAY!!
Interested ? write down your name and email address at the sheet
34© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International. 3
Android PIN ‘guessing’
What happens after 5 incorrect tries?
Question: What are the problems for the hacker?
How to improve the attack?
36© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Mobileconfig
Google searches everything
iOS Mobileconfig files contain what?
Googledork
37© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
© 2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member fi f th KPMG t k f i d d t bfirm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in the Netherlands.
The KPMG name, logo and ‘cutting through l it ’ i t d t d k f KPMGcomplexity’ are registered trademarks of KPMG
International.
Marc Smeetst @k [email protected]
+31 6 51 36 66 80
@MRAMSMEETS@MRAMSMEETS