[COURSE_PTHE] 16. 移动终端黑盒
1. 简介:移动终端黑盒测试(Mobile Ha.cking)
This modules explores how easy it is to hack mobile devices and provides some insights and tools to help you defend your wireless network and its assets.
An extension of the previous Wireless module, the Mobile Hacking module looks at the additional obstacles penetration testers and ethical hackers must face in supporting mobile devices.
The Mobile Hacking module discusses and demonstrates how to hack into mobile devices, which is surprisingly easy.
Every device type from Apple’s iPhone to Samsung’s Galaxy phone have vulnerabilities and they are each discussed thoroughly. You’ll learn how to easy it is to spoof contacts, phone numbers and other data and manipulate a cell phone processes.
The topics explored in the Mobile Hacking module include:
- Whiteboard, which shows the interrelationship of all the basic components you must master for this module
- There are no penetration testing simulation labs for the Mobile Hacking module.
2. 框架
Mobile penetration testing is a relatively new discipline.
This lecture whiteboard video covers and explains the basic terminology, the wide range of vulnerabilities, and all the forms of attacks identified with mobile hacking.
This presentation also provides a detailed overview of each wireless platform in Mobile Hacking, and the unique set of challenges each platform brings to the penetration testing and ethical hacking efforts of today.
In mobile penetration testing this is a whole new field that is really going after the mobile devices themselves. Which stems from a topic realistically called bring your own device. IT people all across the world were screaming and yelling. Security people specifically were screaming and yelling about bring your own device because just when we got the network under control with the whole mobile and laptop and people want to take their stuff home. All of a sudden now we are introducing mobile platforms which had no control with them and people were bringing viruses and worms and taking data out of networks and it just was an nightmare for security professionals everywhere. So let us take a closer look – this is the subject of mobile hacking. Some of the basic terminology that you need to be familiar with here is just robs in themselves. This is software in which platform runs and next is the subject of breaking a system. A lot of people trying to do update to their phone and they don’t know what they are doing. So they installed a non-platform specific update and it messes with the ROM in itself and therefore becomes unrecoverable. So they basically turn their mobile device literally into a brick because it is absolutely useless or bring your device. This is the coming and going of mobile devices in the corporate workplace. Some of the basic vulnerabilities that we have to deal with or just app stores. We have our legitimate app stores or I would say the default ones but then there is also unconventional app stores in which you can connect to and you can get additional software and tools and tips and tricks and all sorts of fun stuff from unauthorized sources. Then mobile malware if you look at the history of mobile malware since 2008, 9, 10, 11, 13 or 14 you will see that there is an exponential growth with mobile malware and I predicted in the 90’s that once we got over this bandwidth issue with the mobile infrastructure literally it was going to be a changing of the minds. All of a sudden we are going to be in the Jackson’s world and nowadays we pretty much are in that mode. Now we are in that 3G, 4G very, very high bandwidth. So that is changing the landscape of the way people do things mobily before we only used to make a phone call. That is it – that is all we did nowadays we are doing everything. Data analysis, hacking WiFi networks – china won our businesses mobility sinking them with all sort of devices. Connecting with USB so this mobile malware has grown to be an exponential swap. Also applications sand boxing, in some cases sand boxing is good because it restricts or quarantines. Certain code or applications but in no sense it is bad because if applications are supposed to communicate with other applications well they are stuck inside the sandbox. Also the whole subject of encryption this can be a weakness in itself – we are using bat encryption or no encryption jail breaking or rooting the device. So let us say company issues a device to someone and it has got some default setting and policies and things like that. If the user can go ahead and jail break it or root it and get administrative access to it. They pretty much can do whatever they want and turn off all those policies. So there is tons of different ways that you can jail break or root a phone depending on the platform. They are very – we are going to cover a handful of those or privacy and geo location features. If you have ever installed an app and it said – hey we would like to connect and find out your locations and things like that. I personally find that completely annoying because hey why do you need to know where I am eating lunch at. But basically it is the tracking of us – where we are going. From a privacy perspective most people are voluntarily giving up their privacy just for the flexibility of using a mobile platform and they are begging for it. Look at all over the lines when you have that new android or new Mac iOS phones that is coming. People wait overnight in lines for that stuff – just to get the latest and greatest. So it is very much an obsession also physical vulnerability if you can get physical access to someone’s phone. Bad stuff can happen – everybody is familiar with the swipe log on and over the pin pad. That is great you may not be showing someone your pin but if you just look at the glare you can see the oil from your hands and you can see the pins 1,2,3,4 and therefore get access to it. So there are physical vulnerabilities as well the major platforms that we are going to cover. Android, Mac, Blackberry and Windows it is really just that simple. Now from my experience mobile hackers are realistically experts in one of may be two of these flavors. I have been lucky enough personally to have a very, very strong Windows background. Since the 90’s I have had pretty much every version of blackberry up till about 2005 when I stopped using them. Be truthful I never touched the Macs, alright. Because once you go mac you won’t go back. So I can’t do it and then android in itself. One of my favorite open source operating systems because it does not have a lot of the restrictions that mac or blackberry or window. It is just more of the open source router things but nonetheless having an expertise in all four of these is extremely rare. Normally you are just going to be an expert in like Mac or Blackberry or windows and android etc. Normally two out of four is pretty common. But let us look at some of the attacks – you can summarize the attacks by malware, data loss, data tampering and then exploitation. So let us look at the each of these in a little more detail. You have traditional malicious software this is going to be viruses, your worms, your rootkits except instead of targeting a computer in the classic sense. Now we are just targeting a mobile computer over a wireless or 3G network. Malicious applications – I personally. If you are my friend on Facebook and I get the candy crush request – you are getting deleted. I don’t care if grand mom is sending the request. She is done – I can’t stand all of the hey connect to me, connect to me, play my game. As if I don’t have anything better to do with our lives but there is tons and tons of these applications out there and everybody has got their favorite. Everything from dungeons and dragons to candy crush and then of course operating system modifications. Certain applications need root access – so somebody wants to play the latest and greatest game of something. Sure enough they are going to figure out how to get root access and there is no shortage of tools in which we can root these phones nowadays. Then just the subject of data loss in itself. So you have application vulnerabilities which is really a generic term but anything that can yield to the exposure of data. I would consider an application vulnerability. If it is also disclosing information well then it results in data loss as well. Doesn’t matter if it is an email or like SMTP or POP3 or IMAP if it is in clear text. Ultimately your data could be at a loss and then you have physical access. Somebody gets physical access well these would include things like everything from lost and stolen devices to now somebody else has your phone and they are using it for whatever purpose. Then data tampering or the attack on integrity again application modifications. One application now trying to change the features or parameters of another application especially in the subject of bring your own device. If you allow as a corporate person – if you allow the home users to bring their own devices how are you going to be able to control what security is either brought into your network or coming out of your network. So there is application modification as well – jail breaking another name for that is just rooting your phone or exfiltration is removing – extracting data streams whether SMTP or a HTTP or whatever it is – just finding a way to extract some data from screen scrapping. Getting somebody’s screen capture information or forcing their phone to actually screen capture for you or turning on their webcam or something like that or ultimately getting USB access. So mobile hacking in itself is really a new field that has been pioneered over the last three of four years. It has gotten really, really popular and we are just now starting to get a hand full of books, courses or subject matter but a lot of people are not fluent with mobile devices especially from this security perspective. I mean Grand Mom doesn’t care about security. She just wants to care about her nephew and say happy birthday and she is not really concerned about all of this. There is a plenty of people that are a little bit more older in their mindset. They just want the cellphone to call somebody – they don’t understand cellphones only have three buttons on them where are the other – however many buttons. They don’t get it – so you kind of have the old mind set versus the newer mind set. In the old mind set people look at a phone and they think to themselves – i don’t know what to make this thing do. The newer mind set – younger kids that are realistically born with these black berries and android’s they look at it completely different. They go what can I make this to do and they are finding all sorts of creative things to actually make the cellphones do some really, really cool stuff that is why the subject of mobile pen testing in itself has come leaps and bounds in the last couple of years. I expect it to grow exponentially for the next several years. So let us go ahead and take a look at a few examples with a little bit more detail.
