Page 1
Advanced Social Network and Mobile Attack
Nipon Nachin, Consulting Manager
ITIL Expert, CISSP, GIAC GFCA, CISA, CISM, CSSLP, AMBCI, IRCA ISMS, ITSMS, BCMS Provisional Auditor, SSCP, Security+
Prathan Phongthiproek, Red-Team Manager
eCPPT, E|CSA, C|EH, CIW Security Analyst, CPTS, CWNP, CWSP, Security+, ITIL-F
ACIS Professional Center
Page 2
Social Network
Source: 2008 CSI Computer Crime & Security Survey2
RSS feed
Page 3
Social Network Threats
Source: 2008 CSI Computer Crime & Security Survey3
1) Malware Spam
2) Drive-By-Download
3) Malicious Applications
4) Session Hijacking
Page 4
Malware Spam
Source: 2008 CSI Computer Crime & Security Survey4
1) Osama execution video scam
2) Enable dislike button
3) Top 10 profile spies
Page 5
Malware Spam
Source: 2008 CSI Computer Crime & Security Survey5
Page 6
Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey6
1) Malicious URL Shorten
2) Internet Explorer / Mozilla Firefox / Safari / Chrome Vulnerabilities
3) Web Browsers Toolbar
4) Adobe products vulnerabilities; **Flash, PDF, Etc
5) ActiveX and Java Applets
Page 7
Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey7
Page 8
Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey8
Victim
(4) Download exploit
(1) Client visit the landing page
(2) Redirect to get exploit
(3) Redirect to get exploit
Page 9
Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey9
Spyware
Viruses
Worms
Trojans
Potentially
unwanted
applications
Adware
Unwanted/
offensive
content
Phishing
Page 10
Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey1
0
Page 11
Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey
Page 12
Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey
Page 13
Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey
Page 14
Sessions Hijacking
Source: 2008 CSI Computer Crime & Security Survey
Page 15
Sessions Hijacking with Firesheep
Source: 2008 CSI Computer Crime & Security Survey
1) For now, Unable to attack Facebook **Have to Modify source code
2) Only support over HTTP
- Hotmail, Twitter, Facebook, Etc
3) Sniff on-the-Fly (Wifi Hotspot)
4) Over Network, Have to ARP poisoning
Page 16
Sessions Hijacking
Source: 2008 CSI Computer Crime & Security Survey
Page 17
Sessions Hijacking Over HTTPS
Source: 2008 CSI Computer Crime & Security Survey
1) Using SSLStrip for kill SSL sessions
2) Rouge Access point or Arp poisoning on the wire
Page 18
Sessions Hijacking Over HTTPS
Page 19
Mobile Threats
Source: 2008 CSI Computer Crime & Security Survey1
9
Page 21
Mobile Safari Still Vulnerable To Pwn2Own Exploit
Page 22
Mobile Web Browsers
Common problem: bad security UX
Page 23
Android Content Provider File Disclosure
Page 24
Google Latitude Zero Day Attack
Page 25
Google Latitude Zero Day Attack
Page 26
Google Latitude Zero Day Attack - Example
https://www.google.com/accounts/[email protected] &password=xxxxxx&s=sss=&xxx=dddddd
Page 27
Google Latitude Zero Day Attack on iPhone
Page 28
Google Latitude Zero Day Attack
Page 29
FlexiSPY BlackBerry Spy Phone
Page 30
FlexiSPY Apple iPhone Spyphone
Page 31
Spyphone – ดักฟังการสนทนา
31
Page 32
28th – 29th June 2011, Grand Millennium Sukhumvit, Bangkok
Page 33
Copyright © 2009 TISA and its respective author(Thailand Information Security Association)
Please contact : [email protected]
http://www.TISA.or.th