Disclaimer

Disclaimer Disclaimer - Start

2016-07-06 48K 48 0 0

Disclaimer - Description

No Packets where injured in the making of this talk. . All research results and analysis was . done from the safety of my lab with my own equipment and my own packets and most importantly my own permission. . ID: 392453 Download Presentation

Download Presentation

Disclaimer




Download Presentation - The PPT/PDF document "Disclaimer" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in Disclaimer

Slide1

Slide2

Disclaimer

No Packets where injured in the making of this talk.

All research results and analysis was

done from the safety of my lab with my own equipment and my own packets and most importantly my own permission.

No packets were obtained by War Walking, War Dining or Stroll Trolling from unauthorized networks without permission.

Knowledge is a

tool

that can help or hinder society. Please wield it responsibly.

Caution:

Just because we can apply a moral and ethical filter doesn’t mean everyone else will. Get informed then make decisions!

Slide3

Objectives

Change Smart Phone Perceptions

Wi-Fi computer with phone capabilities vs. Phone with “ apps”.

Utilize No Cost High Availability Framework

Discuss and use free non-commercial tools from Google Play and the Internet.

Introduce Terms and Techniques that help facilitate discussions and awareness of mobile threats.

War Walking

War Dining

Wi-Fi

Phaking

Stroll Trolling

Discuss and demonstrate remediation and mitigation techniques

Enterprise and personal best practices discussed.

Slide4

Prerequisites: “Do Root Robots”*

A Smart Device - Android /

IphoneA jail broke Apple I-phone will also do the trickWi-Fi tablets are also an effective attack vectorSome phones may not be “root-able”…yet. Popular Rooting ProgramsAndroid 2.2 – UnrevokedAndroid 2.3 – RevolutionaryAndroid 2.4 – Eris and More to ComeIphone – Jailbreak.meRemember your roots!Rooting your device is accomplished by exploiting a vulnerability and dropping a payload that allows the capability to escalate privileges when requested.

*http://jon.oberheide.org/files/bsides11-dontrootrobots.pdf

Slide5

Risks and Rewards of Rooting

Pros

Increased Functionality and Control

Pen-test / Packet Acquisition

tool

Wi-Fi Tethering

Enhanced File Management

Screen Capture

Free or Almost Free

No/Little cost for apps and programs

Freedom

Install other Operating Systems and Custom ROMS

(Ex.

BackTrack

Linux)

Cons

Support

You may void your warranty and support

Cost

You may brick the device

Slide6

Super User World Domination!?

Slide7

It’s Rooted, Now What?

Data Gathering and Analysis

Packer Sniffer – Mobile Device

Used to record packets on a network

Wi-Fi Hotspot – Mobile Device

Mobile internet capable gateway

Data Aggregation Tool – Home Analysis

Used to find information in a capture file

Slide8

Smart Phone Facts

Time reported in early 2012, 46% of Americans own a smart phone.

Most modern data plans have data limits.Open network are highly available in public.Smart phones send packets like computers.

Slide9

Obtaining a Network Sniffer from Google Play

Slide10

Packet Capturing – Making Pcap Files

Shark for Root

Free from Google Play a.k.a. Marketplace

Used to passively sniff packets using a smart device.

Gives network and security professionals the ability to analyze data to and from a target device.

Gives criminals the ability to gather and exploit sensitive data of the uninformed for profit.

Pirni

for

IPhone

Free on the internet – See references for link

Slide11

Wireless in a Sea of Sharks!

Slide12

1 – 2 – 3 Hack Me!

Step

1

) Turn

on the Wi

-Fi Functionality

.

Slide13

Step 2) Tell your phone to inform you of open connections.

Step 2: Join Public Network

Slide14

Step 2: Join Public Network

Slide15

Step 3: Start Shark for Root

Slide16

War Walking

Difficult To Detect

No backpacks or antennasNo sitting in a parked car for hoursNo aircraft circlingNo hot air balloon hoveringPassive sniffing so no network anomalies or IDS detection

Slide17

War Walking

The act of lingering or loitering in a geographical area for the purpose of gathering packets without prior authorized over a public wireless network using a smart phone or tablet.

Slide18

War Walking

Scenarios

Walking a dog or playing with a kid at a parkHanging out at a mallReading on a park benchWatching a movie – War Watching Eating a meal – War Dining

Slide19

War Dining

The

unauthorized act

of gathering packets over a

public

wireless network with

a

smart phone or tablet

while

congregating

in a Wi-Fi enabled

establishment with the intent to eat or drink

.

Slide20

What if the Access Point Does Not Leak Data?

*https://github.com/robquad/Arpspoof/Arpspoof.apk/qr_code

In Walks

Arpspoof!

Slide21

Arpspoof

ArpSpoof

is freely available on the Internet but was pulled from Google Play earlier this year.It creates a MITM session by wait for it….spoofing arp.It passes packets first to the device and then to the public Wi-Fi hotspot.Packets become readable because they pass through the phone first and then the Shark for Root capture before being passed to the public Wi-Fi access point.

Slide22

Just for Fun.

Want to take a Peek with

Piik?

Slide23

PIIK

Piik

can be purchased from Google Play for $1.99Allows images of captured and displayed from your smart phoneEasy way to confirm data is being captured after Arpspoof is initialized.

Slide24

Data Analysis After Capture

Packet captures (.

pcap’s) need analysisNetWitness® Investigator 9.6 is the award-winning interactive threat analysis softwareFree – non commercialEffortlessly discovers and categorizes sensitive data

Slide25

Using Netwitness 9.6 or Higher for Analysis

Download and install

Netwitness on Win MachineStart, register, and activate the free software

Slide26

Using Netwitness 9.6 or Higher for Analysis

Slide27

Using Netwitness 9.6 or Higher for Analysis

Slide28

Using Netwitness 9.6 or Higher for Analysis

Slide29

Using Netwitness 9.6 or Higher for Analysis

Slide30

Using Netwitness 9.6 or Higher for Analysis

Slide31

Using Netwitness 9.6 or Higher for Analysis

Slide32

Using Netwitness 9.6

Slide33

Look at all this

cleartext

!

Slide34

Lots of Sensitive Data!

Slide35

Passwords are not the only sensitive data at risk!

Slide36

Lessons Learned

Email App – Leaked AD Permissions in clear text.

Pcap

analysis found that mail synch was allowed with http and https.

Network

credential where synching many times a minute in clear text!Misconfiguration was identified and corrected by this analysis.Many Apps will login in using http without users knowledgeAngry Birds Season is phoning home

Slide37

No Access Point…No Problem?

A Recipe for Trouble

1 Part – Bad Guy/Girl with Rooted/Jailbroke Phone1 Part – Wi-Fi Tethering App1 Part – Social Engineering_________________________________ = “Wi-Fi Phaking”

Slide38

Introducing “Wi-Fi Phaking”

The act of configuring a smart phone as a Wi-Fi hotspot using a socially engineered naming convention like “

Free Internet

” with the sole purpose of luring devices and individuals to join the network with the intent of capturing and exploiting personal/confidential data.

Slide39

Introducing “Stroll Trolling”

The act of lingering or loitering in a specific geographical location usually densely populated using a “

Phaked” Wi-Fi connection with the intent of enticing unsuspecting individuals and devices into joining that network with the intent of capturing and exploiting clear text data leaked from the device.

Slide40

Examples of

Stroll Trolling

Name Mobile Wi-Fi Hotspot “Lions Free Wi-Fi” at the Detroit game.

Name Mobile Wi-Fi Hotspot “Free Internet” at the Mall or crowded area.

Name Mobile Wi-Fi Hotspot “GM Free Internet” when in the Renaissance Center.

Slide41

Smart Phone Risk Assessment

Slide42

Mitigation And Remediation

So now that we know what can

be done, how do we fix it?

Three categories of corrective action:

(Good)

Personal - Free

(Better)

Personal - Low Cost

(Best)

Enterprise Level – Higher Cost

Slide43

(Good) Personal - Free

1) Policy/Behavioral Change:

Turn off Wi-Fi when in public areas if not needed.

On Off

This stops your device from auto-connecting to open available Hot Spots.

Slide44

(Good) Personal - Free

2) Use

https

vs

http

whenever possible if you are going to use a open Wi-Fi.

However, not the best solution because

data is still leaked.

Ex. DNS and Apps are still clear text

Slide45

(Good) Personal - Free

3)

Paradigm shift

- Treat a open connection as a public terminal.

Do not perform sensitive searches and perform private confidential tasks like banking while joined to an open Wi-Fi connection unless absolutely necessary.

Assume all actions are being watched and monitored.

Slide46

(Good) Personal - Free

Use your mobile Wi-Fi hotspot with WPA2 and > 10 character password for you tablet or laptop to join instead of the joining an available public hotspot when in public.**

**This may quickly exhaust your data plan.

Slide47

(Better) Personal - Low Cost

Use and inexpensive VPN service with your mobile devices which encrypts data from a public Wi-Fi hotspots.

VPN services as low as $3 dollars a month.

Ex. IBVPN – Around $37 a year.

Cheaper than purchasing extra data from your mobile provider.

Encrypts all data to and from the public hotspot once active once active including DNS and App data.

Slide48

(Better) Personal - Low Cost

Easy to configure the Encrypted Tunnel

Renders War Walking, War Dining, and Stroll Trolling ineffective once VPN is active.

Free VPN management applications available in the App Store and Google Play. (Ex. 5VPN)

Same account can be shared by any of your mobile devices including laptops, tablets, and phones.

Slide49

(Best) Enterprise Level - Higher Cost

Some Mobile Device Attack Vectors

BYOD

Malware

- Infections

MITM

- War Walking, War Dining

Remote Access to Resources

MITM

- War Walking, War Dining, Stroll Trolling

Theft/Forgery –

Stolen/Lost phone

Slide50

(Best) Enterprise Level - Higher Cost

Categorization and Management of Smart Devices

Smart phones are mini computers with phone capabilities.

Should be place firmly in the Remote Access Domain and be treated like work issue laptops and tablets.

This means SSL, Certificates and Corporate VPN solutions should be administered for all interactions with corporate resources.

Slide51

(Best) Enterprise Level - Higher Cost

If possible segregate the Mobile Wi-Fi Network from the rest of the corporate network

Funnels all data back inside corporate walls which means that it can be analyzed for data leakage and compliance.

Allows ACLs, Group Policy and Proxies to be applied on some level to enrich security and compliance on these devices.

Slide52

Take Away

Remember: We have a computer in our pocket that can make

phone calls instead of a phone with applications installed.

Public Wi-Fi points can be dangerous if one does not understand what is at stake. Armed with just a little knowledge and technology one can practice safe surfing when using these public connections.

Ask everyone you know if they have heard the following terms and explain to them what they mean. This helps the less technologically savvy friends and family to understand the threats associated with using Public Wi-Fi access points:

War Walking

War Dining

Wi-Fi

Phaking

Stroll Trolling

Slide53

15

Possible devices could have been Stroll Trolled in 7 hours at this event!

Thank You!

RabidSecurity@gmail.com

Twitter Handle:

RabidSecurity

If you tried to join the

Phaked

access point during this conference…what data would your device leaked in clear text.

How much and what sensitive data does your device leak?

Are you taking precautions to safeguard your data?

Do you run a VPN solution on Public Wi-Fi?

Slide54

References

Revolutionary: S-OFF & Recovery Tool. (2012). Retrieved Feb 10,2012 from

http://revolutionary.io- rooting software for android usually for Android 2.3 phones

Unrevoked – set your phone free. (2012). Retrieved Feb 10,2012 from

http://unrevoked.com/ - rooting software for android usually for Android 2.2 phones

Shark for Root. (2012) Retrieved Feb 11, 2012 from

http://market.android.com/details?id=lv.n3o.shark&hl=en – Used to passively sniff and record packets from an android device

Pirni

for

IPhone

. (2012) Retrieved March 5, 2012 from

http://apt.thebigboss.org/repofiles/cydia/debs2.0/pirni_1.1.1.deb – Used to passively sniff and record packets from a Jail broke

IPhone

Slide55

References

Time Business - Nearly 50% of Americans Own

Smartphones

; Android,

iPhone

Dominate

(3-1-2012). Retrieved on March 5, 2012 from http://business.time.com/2012/03/01/nearly-50-of-americans-own-smartphones-android-iphone-dominate/

Netwitness

Investigator

(2012)-

Retrieved March 13, 2012 from

http://netwitness.com/products-services/investigator-freeware

Invisible Browsing VPN(2012

)-

Retrieved March 27, 2012 from

http://www.ibvpn.com/

Android Robot Blender Model

-

Retrieved January, 1 2012 from

http://www.blendswap.com/blends/author/darmau5/

Slide56

Slide57

Slide58

Slide59

Slide60

Slide61

Slide62

Slide63

Slide64

Slide65

Slide66


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.