Reach Out and Hack Someone Session 8843

Download Reach Out and Hack Someone Session 8843

Preview text

Reach Out and Hack Someone Session 8843
Ellis Holman [email protected]

Disclaimers, for the lawyers
•The techniques described herein when applied to systems not owned by you is ILLEGAL.
•Modifications carried out may damage the cell phone and void the manufacture's warranty
•This presentation is the sole opinions of the presenter
•The intention of this presentation is not to call into question the suitability of any software mentioned
•The presentation is to merely point out what is possible within the confines of academic discussions

Statistics favor the hackers as smart phones become based on more open software
• The open source Android platform is particularly popular • Gartner research predicts that by 2012, 80% or more of
commercial software packages will include open source technology • Google reports that more than 1/3 of users, 36.2%, run the Android operating system called Froyo • According to Google, over 200,000 Android smartphones are activated each day • 2010 Coverity Scan Open Source Integrity Report uncovered "359 defects in total and of these, 88 of the defects were "high risk", which includes memory corruption, resource and memory leaks, and uninitialized variables."

Smartphones now in use are more sophisticated than ever before
•Most have programmable capabilities •Many are web capable •Many are bluetooth enabled •Some are hybrid PC/Phone combinations •Many are WIFI enabled •Applications exist to store personal and business data •Tools exist to both customize and exploit these sophisticated handsets

Warnibbling is the art of mapping bluetooth devices
•Similar to wardriving, but deals with smaller devices •Somewhat more difficult, because; the devices’ lower power •There are three primary security modes:
Mode 1: No Security Mode 2: Application/Service based (L2CAP) Mode 3: Link-layer (PIN authentication/MAC address security/encryption)

‘Bluejacking’ makes use of the bluetooth stack to send messages to unsuspecting persons nearby
The technique involves abuse of the bluetooth "pairing" protocol •The protocol defines an authentication process to identify devices to each other •During the initial "handshake" phase it is possible to pass a message to another device. •It is made possible because the "name" of the initiating bluetooth device is displayed on the target device as part of the handshake exchange •The protocol allows a large user defined name field - up to 248 characters. It is the field itself which is used to pass the message.
Could be used for spamming and unwanted advertising

A more insidious attack on bluetooth enabled phones is called ‘Bluesnarfing’
•Bluesnarfing has huge potential for abuse because it leaves no trace and victims will be unaware that their details have been stolen •The vulnerability exists in all bluetooth enabled devices, but handsets are particularly at risk because resources for functions such as menus are limited

A more insidious attack on bluetooth enabled phones is called ‘Bluesnarfing’ (continued)
•Object exchange (OBEX) protocol, which is a common method used by mobile devices to exchange information not implemented with authentication
•Minor modifications to the standard bluetooth stack used on a laptop can allow the operator to ‘snarf’
•At risk are such information as address books, dialed call information and received call information

Cabir is a virus related to snarfing and has surfaced at the Live 8 concert and Helsinki's Olympic Stadium
•Isolated to phones running the Symbian operating system (OS) with the Series 60 user interface software, have the Bluetooth wireless communications feature enabled, set to listen for Bluetooth devices, and be within 30 feet or less of a phone infected with Cabir •Requires active help of victim to answer “Yes” to download and install the Symbian Installation File (SIS) to their phone •Cabir has little in the way of malicious payload. batteries will quickly discharge in as little as 30 minutes while the virus attempts to broadcast itself onwards. •Switching off Bluetooth blocks transmission of the virus

Bluebug is an early vulnerability that was successfully demonstrated at the IKT 2004 Forum
•BlueBug attack takes only a few seconds and the victim can be totally unaware if they are not looking at the phone when the attack is executed
•The BlueBug security loophole allows commands to be issued via a covert channel to the vulnerable phones without prompting the owner of the phone
•At the CeBIT technology fair in Hannover, Germany there were about 1300 unique bluetooth devices which were advertising
•About 50 phones were proven to be vulnerable to this attack at the fair

Preparing to load PDF file. please wait...

0 of 0
Reach Out and Hack Someone Session 8843