Your smartphone - a spy in the pocket?
Post on 21-Jul-2016
33 Views
Preview:
DESCRIPTION
Transcript
. . . . . .
Your smartphone - a spy in the pocket?
Denis Simonet
February 23, 2014
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 1 / 23
. . . . . .
Outline
...1 Malware on smartphones
...2 GSM issues
...3 Conclusion
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 2 / 23
. . . . . .
Malware analysisJuniper Networks Third Annual Mobile Threats Report
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 3 / 23
. . . . . .
Malware analysisJuniper Networks Third Annual Mobile Threats Report
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 3 / 23
. . . . . .
Malware analysisTechnical report from the Northwestern University
A majority of [anti-malware products] can be trivially defeated byapplying slight transformation over known malware with littleeffort.
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 4 / 23
. . . . . .
Malware analysisWiFi vs. Cellular networks
WiFi GSM, UMTS, LTE
Very popular Very popular
License-free radio spectrum Licensed radio spectrum
Cheap hardware Expensive hardware
Available to anyone Typically limited to professional operators
Easy to monitor No popular analysis tools available
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 5 / 23
. . . . . .
Malware analysisBase station
sysmoBTS for 2500AC (on themarket since 2012)
Operated with the free softwareproject Osmocom
Network in the box▶ GSM voice▶ SMS▶ GPRS
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 6 / 23
. . . . . .
Malware analysisOur set-up
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 7 / 23
. . . . . .
Malware analysisCapturing with Wireshark
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 8 / 23
. . . . . .
Malware Analysis
Two tests:
Jewels Star 2, a free game from Google Play Store
iSpyoo, spyware as a service
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 9 / 23
. . . . . .
Malware AnalysisJewels Star 2
Sends information to at least five advertising providers
Uses HTTP (i.e. no transport encryption)
Captured requests include information on the deviceand its location
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 10 / 23
. . . . . .
Malware AnalysisiSpyoo
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 11 / 23
. . . . . .
Malware AnalysisiSpyoo
Remote control target phone through web interface
Easy to handle
Functionality dependant on a monthly fee
Data is sent to a dedicated server in plain text
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 12 / 23
. . . . . .
Malware analysisFindings by c’t: Foursquare
“Find friends” transmits:▶ eMail adresses▶ phone numbers
Do your friends agree on that?
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 13 / 23
. . . . . .
Malware analysisFindings by c’t: Other apps
Shazam: Position, IP address, Android ID
Who Wants to Be a Millionaire?: List of installed apps
Samsung Chat On: IMEI, phone number
MyXperia: Position, IMSI, phone number, hardware information(without enabling this service!)
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 14 / 23
. . . . . .
Malware analysisDoes a flash light need to know your location?
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 15 / 23
. . . . . .
Malware analysisDoes a flash light need to know your location?
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 15 / 23
. . . . . .
Malware analysisReactions
Many people do not seem to really care▶ “I have nothing to hide”▶ “My data is not important”▶ “I don’t care”
The NSA is interested in advertising providers!
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 16 / 23
. . . . . .
GSM issuesOsmocom
Osmocom (the software used) provides many possibilities:▶ Run an own baseband on cheap cell phones▶ Run an own GSM network▶ Play with SIM’s▶ . . .
Facilitates GSM research
Interesting summary at 30C3 by Nohl/Melette: Mobile networkattack evolution
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 17 / 23
. . . . . .
GSM issuesKnown GSM issues
No mutual authentication between phone and network
Weak encryption algorithms
Encryption is optional
Network can obtain positional information from phone
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 18 / 23
. . . . . .
GSM issuesSniffing GSM
OsmocomBB can be used to analyse GSM traffic
E.g. find whether a cell phone is in your vicinity. . .
. . . or even decrypt phone calls! (Nohl/Munaut @ 27C3)
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 19 / 23
. . . . . .
GSM issuesBaseband processor
Closed and closed-minded business
Lacks modern security features (stack protection, address spacerandomisation, . . . )
Stability: Wrong messages lead to crashes. They did not evenintentionally send wrong information and phones already crashed.
GSM spec have many options which no real network uses. Potentialattack vectors.
See: Harald Welte @ Linux Kongress 2010
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 20 / 23
. . . . . .
GSM issuesSIM card attacks
Remote injections on the SIM card by anybody
Applications can break out of the sandbox and read any data
E.g. send the current location every 5 minutes
Stays installed on the SIM even if you put it into a new phone
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 21 / 23
. . . . . .
What to do?
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 22 / 23
. . . . . .
What to do?
Only industry can fix most of the issues
Be careful what applications you install
Disable pre-installed applications
Do not consider GSM as a secure channel
Denis Simonet () Your smartphone - a spy in the pocket? February 23, 2014 23 / 23
top related