http://www.publiseek.

com/publicity/anonymous-revenge-continues-hacker-group-downs-us-govt-website/

Guu Marius-Gabriel, ISI, 2013 Facultatea de Automatic i Calculatoare Universitatea Politehnic Bucureti

11/8/2013

Guu Marius-Gabriel, ISI

Introducere Situaia curent Ameninri Control Planificare i politici

11/8/2013

Guu Marius-Gabriel, ISI

Smart Phones
utilizatorii au ncredere n ele folosite pentru uz personal, dar i pentru business programe speciale pentru smartphone-uri, nu imitaii ale programelor de securitate pentru PC s-au depistat: malware, rootkits, phishing, social engineering, direct hacker attack, intercepted communications

11/8/2013

Guu Marius-Gabriel, ISI

Smart Phones
ar putea deveni cele mai vulnerabile puncte n securitatea unei organizaii nu sunt incluse n securitatea convenional a reelei folosite n corporaii => inte atractive fiecare bre de securitate cost 47 36 % datorate pierderii sau furtului telefonului > 80 % business executives conectai permament
11/8/2013 Guu Marius-Gabriel, ISI 4

Smart Phones
ruleaz n Cellular Network, WLAN, Bluetooth PAN sisteme de operare: Symbian, iOS, Blackberry OS, Android, Windows Mobile lack of security capabilities unele nu suport SSL firewall-urile de-abia ncep s apar numr mare de consumatori => aplicaiile sunt scrise i nlocuite rapid
11/8/2013 Guu Marius-Gabriel, ISI 5

viruii clasici nu o ameninare att de mare ca pentru PC cel mai adesea cod maliios sau aplicaii care funcioneaz greit

11/8/2013

Guu Marius-Gabriel, ISI

400/an, 4 milioane/an pe PC lack of sufficient computer power, dar ncep s se apropie de PC-uri
=> utilizatorul poate nchide aplicaia de securitate (antivirusul) => nu au fost atacate att de mult precum PC-urile

comunicaiile GSM chei pe 64 de bii, slabe

=> 3 minute pentru a decoda informaia [2], [3]
11/8/2013 Guu Marius-Gabriel, ISI 7

Cabir, iunie 2004 worm Symbian OS distribuit prin Bluetooth

Comware MMS-uri cu mesaje ispititoare la contacte Skuller nlocuia iconiele cu cranii

Duts, 2006 virus Windows Mobile & CE Brador primul trojan Window Mobile Flexspy trojan Symbian OS Mosquit trimitea SMS-uri fr ca utilizatorul s tie
11/8/2013 Guu Marius-Gabriel, ISI 8

CXover trojan pentru Symbian OS i Windows PC iOS aplicaie care sun la numere cu tarif ridicat de cteva ori pe lun rootkit
atac:
phone voice nregistrare conversaii, apel pe telefon messaging GPS urmrirea utilziatorului battery activeaz power hungry features

trimise prin e-mail sau Bluetooth infecteaz kernel-ul, stau n memorie

11/8/2013 Guu Marius-Gabriel, ISI 9

phising & inundation with unwanted advertising 2 bilioane de mesaje spam privitoare la moartea lui Michael Jackson smishing = phising prin SMS
=> link pe care s dai click sau un numr de telefon => la telefon un robot i cere datele personale

11/8/2013

Guu Marius-Gabriel, ISI

10

AT&T: 4 din 10 iPhone-uri sunt cumprate pentru business Jim Mareinfeldt a trecut de ecranul de protecie cu 4 digit (PIN) i a accesat datele atacuri Bluetooth: Bluebug & Bluesnarf las atacatorul s acceseze datele fr s fie detectat atacuri care captureaz PIN-ul brute force attack pentru PIN: BT crack, btpincrack reveal the PIN (Bluetooth)
11/8/2013 Guu Marius-Gabriel, ISI 11

4 digit PIN can be cracked in miliseconds 16 digit PIN can be cracked in thousands of years Car-whisperer ncearc cele mai comune PIN-uri pentru Bluetooth device-uri: headsets, hands free (majoritatea utilizatorilor nu le schimb)

11/8/2013

Guu Marius-Gabriel, ISI

12

Man in the middle SMobile Systems:

teste pe iPhone, HTC cu Andorid, HTC cu Windows Mobile, Nokia interceptat traficul pe un laptop Arpspoof, SSLstrip, Ettercap, webspyl, Wireshark

BS-SSP-Printer-NITM attack profit de Just Words Bluetooth feature (printare fr autentificare)

rspunde cu Denial of Service cnd victima ncearc s se reconecteze, device-ul atacatorului devine releu de access pentru transmisie
11/8/2013 Guu Marius-Gabriel, ISI 13

June 2010 31.544 smartphone-uri uitate n taxiurile din New York City n ultimii 6 ani oferii londonezi de taxi au raportat 60.000 mobile, 5.500 de PDA-uri i 4.500 de laptopuri uitate n maini n ultimele 6 luni improper disposal un banker i-a bndut Blackberry-ul nefuncional, iar cumprtorul a avut acces la toate mail-urile sale i la lista de contacte
11/8/2013 Guu Marius-Gabriel, ISI 14

nchid aplicaiile de securitate (antivirus software, firewall) download-eaz aplicaii infectate folosesc IM i file sharing necorespunztor stocheaz informaii confideniale pe dispozitive removable trimit informaii confideniale prin e-mail malicious insiders: foti angajai, angajai nemulumii (dein date ale firmei pe telefon)
11/8/2013 Guu Marius-Gabriel, ISI 15

VPN WPA2 AES 256 two-factor authentication monitor and control the data on smartphones alegerea smartphone-ului

11/8/2013

Guu Marius-Gabriel, ISI

16

application delivery = the capability of the smartphone platform to validate the reliability of an applications source Apple toate aplicaiile trebuie validate; pot fi terse remote de ctre Apple Android pot fi preluate i din afara Marketplace-ului RIM semnturi encodate, dar care pot fi cumprate pentru preuri mici i aplicate de hackeri pentru malware
11/8/2013 Guu Marius-Gabriel, ISI 17

trust level can control the actions of an application; confidence value for applications or receive a privilege granularitate privilegii:
too detailed scade uzabilitatea too broad protecie inadecvat

Andorid schem bun de privilegii Windows Mobile categorie privilegiat pentru unele aplicaii (nicio restricie); categorie standard (restricioneaz accesul la unele fisiere i API-uri); blocked category nu ruleaz iOS few restrictions; minimally uses trust levels to provide protection
11/8/2013 Guu Marius-Gabriel, ISI 18

system isolation = ability to keep application from affecting each other or the supporting platform vulnerabilitatea unei aplicaii nu trebuie s poat fi folosit pentru a ataca alt aplicaie sau sistemul iPhone single privilege level, other applications can easily be affected Android fiecare aplicaie ruleaz sub un UID diferit
11/8/2013 Guu Marius-Gabriel, ISI 19

basic education regarding everything from theft and loss prevention, to malware and encryption smart phone web browsers attractive target for hackers
Microsofts Mobile Internet Explorer warnings when users leave an encrypted SSL site Mobile Internet Explorer extended validation certificates recognized

organizations need to:

evaluate the security of their smart phones browser and operating system encourage employees to adopt secure browsing practices

web widgets

11/8/2013

Guu Marius-Gabriel, ISI

20

autentificare what you know, what you are, what you have two-factor authentication control access vs SIM access PIN2 network settings standby PIN reauthentication dup un timp de nefolosire utilizatorii nu vor s introduc parole pentru activiti de scurt durat (uitat n calendar)
11/8/2013 Guu Marius-Gabriel, ISI 21

intrusion detection = defines normal system and identifies unusual events

malicious code making expensive calls malware pentru drain battery, memory or CPU Andromaly, DrodiHunter pentru Andorid

11/8/2013

Guu Marius-Gabriel, ISI

22

firewalls = can prevent unauthorized access & prevent confidential information from being communicated SMobile Windows Mobile, Symbian Netfilter/iptable Andorid

11/8/2013

Guu Marius-Gabriel, ISI

23

context aware access control = allow user to access data only under specific user controlls: location, time, type of network

11/8/2013

Guu Marius-Gabriel, ISI

24

remote management
install antivirus software ensure VPNs are properly used restrict file downloads update firewall configurations recognize new versions of malware

remote management + context aware access control => effective security requires constant monitoring and human intervention
11/8/2013 Guu Marius-Gabriel, ISI 25

digital signing and certificates

private key public key Certificate Authority

sandboxing = put restrictions on the code access to file system or services encryption & antivirus software

11/8/2013

Guu Marius-Gabriel, ISI

26

encryption & VPNs layer 2 tuneling WWAN compus din diferite protocoale (GSM, GPRS .a.)
both the phone and SIM card have unique identification codes which can be screened to grant access phones reported stolen, for example, may be entirely blocked December, 2009 Karsten Nohl published the encryption codes (A5/1) used by GSM creating a significant threat to GSM security GSM should not be used for confidential voice or data transmission > 4 billion GSM phones a new standard (A5/3), but it requires upgrades to base stations and most handsets

11/8/2013

Guu Marius-Gabriel, ISI

27

WLAN
WEP - usor de spart WPA - dictionary attack WPA2 solutia momentan

Bluetooth
no security measures security after establishing the channel security before attack vector used to conduct surveillance and direct attacks, eavesdrop, spread malware and intercept communications including man-in-the-middle attacks
11/8/2013 Guu Marius-Gabriel, ISI 28

Mobile Security Policies

companiile ar trebui s limiteze folosirea telefonului strict pentru activitile de serviciu, s ncorporeze soluii de securitate i s defineasc politici de folosire a telefonului

The State of Mobile Security Planning

96 % document security policy 54 % document security policy for smartphones ISO 27002 mobile device security
11/8/2013 Guu Marius-Gabriel, ISI 29

NIST Guidelines
recommendations for managing the security of mobile handheld devices
mobile device and PDA security policy security plan for handheld mobile devices risk assessment education and training central management and configuration control

11/8/2013

Guu Marius-Gabriel, ISI

30

Building a Smart Phone Security Program

risk assessment and analysis documenting policies and training end users develop or adopt a smartphone management system set the required base level security software requirements for smart phones which should include at a minimum firewalls, antivirus software, VPNs and encryption give special consideration to those phones at high risk
11/8/2013 Guu Marius-Gabriel, ISI 31

GPS = Global Positioning System GSM = Global System for Mobile NIST = National Institute of Standards PAN = Personal Area Network WLAN = Wireless Local Area Network

11/8/2013

Guu Marius-Gabriel, ISI

32

http://www.colocationamerica.com/blog/mobile-desktop-operating-systems-merging.htm

11/8/2013

Guu Marius-Gabriel, ISI

33

[1] Managing Smart Phone Security Risks, Max Landman, 2010

http://dl.acm.org/citation.cfm?id=1940971

[2] Are phone calls on a GSM network encrypted?, 07.11.2013

http://security.stackexchange.com/questions/35376/ar e-phone-calls-on-a-gsm-network-encrypted

[3] $15 phone, 3 minutes all thats needed to eavesdrop on GSM call, 07.11.2013
http://arstechnica.com/gadgets/2010/12/15-phone-3minutes-all-thats-needed-to-eavesdrop-on-gsm-call/
11/8/2013 Guu Marius-Gabriel, ISI 34