Download - Securitatea mobila - Atacuri prin SMS
![Page 1: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/1.jpg)
SecuritateSecuritate mobilamobila ––
AtacuriAtacuri prinprin SMSSMS
PrezentatorPrezentator::
BogdanBogdan ALECUALECU
http://mhttp://m--sec.netsec.net
Twitter: @Twitter: @msecnetmsecnet
![Page 2: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/2.jpg)
InformatiiInformatii generalegenerale despredespre SMSSMS
AmenintariAmenintari
WAPWAP
InterceptareInterceptare trafictrafic de datede date
DemoDemo
![Page 3: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/3.jpg)
InformatiiInformatii generalegenerale
SMS SMS -- Short Message Service Short Message Service reprezintareprezinta un un mod de mod de comunicarecomunicare prinprin mesajemesaje text text intreintretelefoaneletelefoanele mobile / mobile / fixefixe, , utilizandutilizand un protocol un protocol standardizatstandardizat. . EsteEste un mod de un mod de comunicarecomunicareeficaceeficace; ; utilizatorulutilizatorul scriescrie un text, un text, apasaapasa SEND SEND sisimesajulmesajul e e livratlivrat aproapeaproape instant instant catrecatre destinatardestinatar. .
FolositFolosit pentrupentru maimai multemulte scopuriscopuri: MMS : MMS ––Multimedia Messaging Service, OTA Multimedia Messaging Service, OTA –– Over The Over The Air Air –– configurareaconfigurarea telefonuluitelefonului, , notificarinotificari pentrupentrumesageriamesageria vocalavocala, email, fax, , email, fax, microplatimicroplati –– plataplataunorunor sumesume micimici pentrupentru diferitediferite serviciiservicii => => SECURITATE!SECURITATE!
![Page 4: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/4.jpg)
InformatiiInformatii generalegenerale
““Un Un dispozitivdispozitiv mobilmobil activactiv trebuietrebuie sasa fie fie
capabilcapabil de a de a primiprimi un un mesajmesaj scurtscurt de de
tipultipul TPDU TPDU -- Transfer protocol data unit Transfer protocol data unit
-- (SMS(SMS--DELIVER) in DELIVER) in oriceorice moment, moment,
indiferentindiferent dacadaca existaexista un un apelapel sausau trafictrafic
de date in de date in derularederulare. Un . Un raportraport vava fifi
trimistrimis intotdeaunaintotdeauna catrecatre SC (SC (ServiciulServiciul
de de mesajemesaje); ); confirmandconfirmand fie ca fie ca teltel a a
primitprimit mesajulmesajul sausau ca ca mesajulmesajul nunu a a fostfost
livratlivrat, , incluzindincluzind sisi motivulmotivul refuzuluirefuzului..””
ETSI TS 100 901 V7.5.0 (2001ETSI TS 100 901 V7.5.0 (2001--12), 12), pagpag
1313
![Page 5: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/5.jpg)
AmenintariAmenintari -- SMSSMS
SMS SPAMSMS SPAM
SMS spoofingSMS spoofing
NotificariNotificari SMSSMS
AlteAlte tipuritipuri
![Page 6: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/6.jpg)
AmenintariAmenintari -- SMSSMS
SMS SPAMSMS SPAM
CompaniileCompaniile oferaofera serviciiservicii de de publicitatepublicitate
prinprin SMSSMS
MesajeMesaje cu cu castiguricastiguri falsefalse
InginerieInginerie socialasociala –– ““SunaSuna--ma urgent ma urgent pepe nr nr
astaasta: 0900323421! Mama: 0900323421! Mama””
![Page 7: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/7.jpg)
AmenintariAmenintari -- SMSSMS
SMS SpoofingSMS Spoofing
ServiciiServicii online online cece permit permit modificareamodificarea
expeditoruluiexpeditorului (numeric / (numeric / alfanumericalfanumeric))
GreuGreu de de opritoprit, , maimai ales ales dacadaca tinemtinem cont de cont de
roamingroaming
EficientaEficienta maimai mare in mare in atacurileatacurile de tip de tip
inginerieinginerie socialasociala
![Page 8: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/8.jpg)
AmenintariAmenintari -- SMSSMS
NotificariNotificari SMSSMS
VoicemailVoicemail
FaxFax
EE--mailmail
VideoVideo
UtilizatorulUtilizatorul nunu poatepoate scoatescoate iconicon--ulul de de
notificarenotificare asupraasupra primiriiprimirii unuiunui astfelastfel de de
mesajmesaj
![Page 9: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/9.jpg)
AmenintariAmenintari -- SMSSMS
NotificariNotificari SMS SMS
(voicemail)(voicemail)
![Page 10: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/10.jpg)
AmenintariAmenintari -- SMSSMS
NotificariNotificari SMS SMS
(email)(email)
![Page 11: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/11.jpg)
AmenintariAmenintari -- SMSSMS
AlteAlte tipuritipuri
Flash SMS (Class 0) Flash SMS (Class 0) –– utilizatorulutilizatorul vedevede
mesajulmesajul direct, direct, farafara a intra in Inboxa intra in Inbox
Silent SMS Silent SMS –– DCS 0xC0 = Message Waiting DCS 0xC0 = Message Waiting
Indication Group: Discard MessageIndication Group: Discard Message
![Page 12: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/12.jpg)
AmenintariAmenintari -- SMSSMS
AlteAlte tipuritipuri
Flash SMSFlash SMS
![Page 13: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/13.jpg)
AmenintariAmenintari -- SMSSMS
AlteAlte tipuritipuri
Silent SMSSilent SMS
![Page 14: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/14.jpg)
WAPWAP
Wireless Application ProtocolWireless Application Protocol
Arhitectura de Arhitectura de retearetea specificaspecifica
Set de reguliSet de reguli
Limbaj specificLimbaj specific: Wireless Markup Language : Wireless Markup Language (WML)(WML)
PaginiPagini HTML HTML ajustateajustate pentrupentru dimensiuneadimensiuneaecranuluiecranului telefonuluitelefonului
![Page 15: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/15.jpg)
WAPWAP
![Page 16: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/16.jpg)
WAP PushWAP Push
PermitePermite trimitereatrimiterea de de continutcontinut WAP cu o WAP cu o
interventieinterventie minima din minima din parteapartea utilizatoruluiutilizatorului
2 2 tipuritipuri: Service Indication / Service Load: Service Indication / Service Load
![Page 17: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/17.jpg)
WAP PushWAP Push
Service Indication (SI) Service Indication (SI) permitepermite trimitereatrimiterea
de de notificarinotificari utilizatoruluiutilizatorului intrintr--un mod un mod
asincronasincron
![Page 18: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/18.jpg)
WAP PushWAP Push
Service Indication (SI)Service Indication (SI)
![Page 19: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/19.jpg)
WAP PushWAP Push
Service Load (SL) Service Load (SL) determinadetermina ““aplicatiaaplicatia”” de de
pepe telefontelefon sasa incarceincarce sisi execute un execute un
serviciuserviciu
![Page 20: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/20.jpg)
WAP PushWAP Push
Service Load (SL)Service Load (SL)
![Page 21: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/21.jpg)
WAP Push WAP Push -- securitatesecuritate
TeoriaTeoria: : DoarDoar un un anumitanumit numarnumar esteeste autorizatautorizat pentrupentrutrimiteretrimitere; ; PracticaPractica: : dacadaca nunu e e configuratconfigurat binebine, un , un telefontelefonacceptaaccepta de la de la oriceorice numarnumar astfelastfel de de mesajemesaje
PePe Windows Mobile Windows Mobile trebuiesctrebuiesc verificateverificate setarilesetarile din din HKLMHKLM\\SecuritySecurity\\PoliciesPolicies\\PoliciesPolicies
; SL Message Policy ; (default: SECROLE_PPG_TRUSTED) ; SL Message Policy ; (default: SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINE[HKEY_LOCAL_MACHINE\\SecuritySecurity\\PoliciesPolicies\\Policies] Policies] "0000100c"=dword:800 ; SI Message Policy ; (default: "0000100c"=dword:800 ; SI Message Policy ; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED) SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED) [HKEY_LOCAL_MACHINE[HKEY_LOCAL_MACHINE\\SecuritySecurity\\PoliciesPolicies\\Policies] Policies] "0000100d"=dword:c00 "0000100d"=dword:c00
![Page 22: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/22.jpg)
WAP Push WAP Push -- securitatesecuritate
SECROLE_PPG_TRUSTED: Trusted Push Proxy SECROLE_PPG_TRUSTED: Trusted Push Proxy Gateway. Messages assigned this role indicate Gateway. Messages assigned this role indicate that the content sent by the Push Initiator is that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).Gateway (SECROLE_TRUSTED_PPG).
SECROLE_PPG_AUTH: Push Initiator SECROLE_PPG_AUTH: Push Initiator Authenticated. Messages assigned this role Authenticated. Messages assigned this role indicate that the Push Initiator is authenticated by indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG).(SECROLE_TRUSTED_PPG).
![Page 23: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/23.jpg)
WAP Push WAP Push -- securitatesecuritate
![Page 24: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/24.jpg)
WAPWAP
ConfigurareaConfigurarea telefonuluitelefonului pentrupentru accesacces la Internet la Internet
/ date / date poatepoate fifi facutafacuta manualmanual
PentruPentru o o configurareconfigurare maimai usoarausoara, , rapidarapida sisi
pentrupentru eventualeleeventualele schimbarischimbari, a , a fostfost creatcreat un un
standard standard cece permitepermite configurareaconfigurarea de la de la distantadistanta
ProgramareaProgramarea Over The Air (OTA) Over The Air (OTA) folosestefoloseste
standardulstandardul OMA OMA –– Open Mobile AllianceOpen Mobile Alliance
ProgramareaProgramarea se face se face prinprin SMSSMS--uriuri special special
conceputeconcepute
![Page 25: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/25.jpg)
WAP WAP -- provisioningprovisioning
FolosesteFoloseste protocolulprotocolul WAPWAP
WBXML (WAP Binary XML) WBXML (WAP Binary XML) prinprin Wireless Wireless
Application EnvironmentApplication Environment
Wireless Session ProtocolWireless Session Protocol
Wireless Datagram ProtocolWireless Datagram Protocol
SMSSMS
![Page 26: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/26.jpg)
WAP WAP -- provisioningprovisioning
ConfigurareaConfigurarea se se scriescrie in XML (conform in XML (conform
specificatiilorspecificatiilor de la de la
http://http://www.openmobilealliance.orgwww.openmobilealliance.org))
XMLXML--ulul se se vava codificacodifica in WAP Binary XMLin WAP Binary XML
WBXML se WBXML se vava encapsulaencapsula intrintr--oo data de tip data de tip
Wireless Session Protocol Wireless Session Protocol
DateleDatele se se vorvor codificacodifica intrintr--un un mesajmesaj Push, Push, definitdefinit
in Wireless Session Protocolin Wireless Session Protocol
![Page 27: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/27.jpg)
WAP WAP -- provisioningprovisioning
MesajulMesajul Push Push continecontine diferitidiferiti parametriparametri, ,
unulunul fiindfiind parametrulparametrul ““SECSEC”” pentrupentru
autentificareautentificare pepe bazabaza de de ““cheiecheie”” comunacomuna
USERPIN: string ASCII USERPIN: string ASCII codificatcodificat in in
zecimalezecimale
NETWPIN: NETWPIN: cheiacheia esteeste specificaspecifica reteleiretelei sisi
cunoscutacunoscuta ((teoreticteoretic) ) doardoar de de catrecatre operatoroperator
USERNETWPIN: USERNETWPIN: combinatiecombinatie a a celorcelor 22
![Page 28: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/28.jpg)
WAP WAP -- provisioningprovisioning
NETWPIN: IMSI = MCC+MNC+MSIN NETWPIN: IMSI = MCC+MNC+MSIN
(Mobile Subscription Identification (Mobile Subscription Identification
Number)Number)
PretPret: 2: 2--5 euro5 euro--centicenti
In general In general limitatlimitat pentrupentru companiicompanii, se , se cerecere
un un volumvolum mare de mare de interogariinterogari
![Page 29: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/29.jpg)
WAP WAP -- provisioningprovisioning
<<wapwap--provisioningdocprovisioningdoc>>
<characteristic type="NAPDEF"><characteristic type="NAPDEF">
<<parmparm name="NAME" value="name="NAME" value="NewAPNNewAPN"/>"/>
<<parmparm name="NAPID" value="name="NAPID" value="NewAPN_NAPID_MENewAPN_NAPID_ME"/>"/>
<<parmparm name="BEARER" value="GSMname="BEARER" value="GSM--GPRS"/>GPRS"/>
<<parmparm name="NAPname="NAP--ADDRESS" value="ADDRESS" value="apn.operator.roapn.operator.ro"/>"/>
<<parmparm name="NAPname="NAP--ADDRTYPE" value="APN"/>ADDRTYPE" value="APN"/>
</characteristic></characteristic>
<characteristic type=<characteristic type=““APPLICATION">APPLICATION">
<<parmparm name="NAME" value="name="NAME" value="NewAPNNewAPN"/>"/>
<<parmparm name="APPID" value="w2"/>name="APPID" value="w2"/>
<<parmparm name="TOname="TO--NAPID" value="NAPID" value="NewAPN_NAPID_MENewAPN_NAPID_ME"/>"/></characteristic></characteristic>
<<wapwap--provisioningdocprovisioningdoc>>
![Page 30: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/30.jpg)
WAP WAP -- provisioningprovisioning
<<wapwap--provisioningdocprovisioningdoc> > -- continecontine toatatoata informatiainformatiatransmisatransmisa
<characteristic <characteristic ……> > -- grupeazagrupeaza informatiainformatia in in unitatiunitatilogicelogice
<<…… value="NAPDEF"/> value="NAPDEF"/> -- configuramconfiguram un un nounounetwork access pointnetwork access point
<<parmparm name="APPID" value="w2"/> name="APPID" value="w2"/> --mapeazamapeaza configuratiaconfiguratia la la activitatileactivitatile de de browsingbrowsing
InformatiiInformatii la la http://http://www.openmobilealliance.orgwww.openmobilealliance.org
![Page 31: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/31.jpg)
WAP WAP -- provisioningprovisioning
<<wapwap--provisioningdocprovisioningdoc>>
<characteristic type="BOOTSTRAP"><characteristic type="BOOTSTRAP">
<<parmparm name="NAME" value=name="NAME" value=““Operator NET"/>Operator NET"/>
<<parmparm name="PROXYname="PROXY--ID" ID" value="value="OpNET_ProxyOpNET_Proxy"/>"/>
</characteristic></characteristic>
<characteristic type="NAPDEF"><characteristic type="NAPDEF">
<<parmparm name="NAME" value="name="NAME" value="OpNETOpNET"/>"/>
<<parmparm name="NAPID" value="name="NAPID" value="OpNET_NAPIDOpNET_NAPID"/>"/>
<<parmparm name="BEARER" value="GSMname="BEARER" value="GSM--GPRS"/>GPRS"/>
<<parmparm name="NAPname="NAP--ADDRESS" value="net"/>ADDRESS" value="net"/>
<<parmparm name="NAPname="NAP--ADDRTYPE" value="APN"/>ADDRTYPE" value="APN"/>
</characteristic></characteristic>
![Page 32: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/32.jpg)
WAP WAP -- provisioningprovisioning
<characteristic type="PXLOGICAL"><characteristic type="PXLOGICAL">
<<parmparm name="NAME" value="name="NAME" value="OpNETOpNET"/>"/>
<<parmparm name="PROXYname="PROXY--ID" value="ID" value="OpNET_ProxyOpNET_Proxy"/>"/>
<characteristic type="PXPHYSICAL"><characteristic type="PXPHYSICAL">
<<parmparm name="PHYSICALname="PHYSICAL--PROXYPROXY--ID" ID" value="value="OpNET_PhProxyOpNET_PhProxy"/>"/>
<<parmparm name="PXADDR" value=name="PXADDR" value=““192.168.1.1"/>192.168.1.1"/>
<<parmparm name="PXADDRTYPE" value="IPV4"/>name="PXADDRTYPE" value="IPV4"/>
<<parmparm name="TOname="TO--NAPID" value="NAPID" value="OpNET_NAPIDOpNET_NAPID"/>"/>
<characteristic type="PORT"><characteristic type="PORT">
<<parmparm name="PORTNBR" value="8080"/>name="PORTNBR" value="8080"/>
</characteristic></characteristic>
</characteristic></characteristic>
</characteristic></characteristic>
![Page 33: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/33.jpg)
WAP WAP -- provisioningprovisioning
<characteristic type="APPLICATION"><characteristic type="APPLICATION">
<<parmparm name="APPID" value="w2"/>name="APPID" value="w2"/>
<<parmparm name="NAME" value="name="NAME" value="OpNETOpNET"/>"/>
<<parmparm name="TOname="TO--PROXY" PROXY" value="value="OpNET_ProxyOpNET_Proxy"/>"/>
<characteristic type="RESOURCE"><characteristic type="RESOURCE">
<<parmparm name="NAME" value="name="NAME" value="OpNETOpNET"/>"/>
<<parmparm name="URI" name="URI" value="http://value="http://www.google.comwww.google.com"/>"/>
<<parmparm name="STARTPAGE"/>name="STARTPAGE"/>
</characteristic></characteristic>
</characteristic></characteristic>
</</wapwap--provisioningdocprovisioningdoc>>
![Page 34: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/34.jpg)
WAP WAP -- provisioningprovisioning
TeoreticTeoretic aceastaaceasta configurareconfigurare poatepoate fifi facutafacuta
doardoar de de catrecatre operator, de la un operator, de la un numarnumar
predefinitpredefinit
PutemPutem analizaanaliza SMSSMS--ulul prinprin WireSharkWireShark
PutemPutem adaugaadauga un alt un alt numarnumar
![Page 35: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/35.jpg)
WAP WAP -- provisioningprovisioning<?xml version="1.0"?><?xml version="1.0"?>
<!DOCTYPE <!DOCTYPE wapwap--provisioningdocprovisioningdoc PUBLIC "PUBLIC "--//WAPFORUM//DTD PROV 1.0//EN" //WAPFORUM//DTD PROV 1.0//EN" "http://"http://www.wapforum.org/DTD/prov.dtdwww.wapforum.org/DTD/prov.dtd">">
<<wapwap--provisioningdocprovisioningdoc version="1.1">version="1.1">
<characteristic type="BOOTSTRAP"><characteristic type="BOOTSTRAP">
<<parmparm name="NAME" value=name="NAME" value=““NumeNume"/>"/>
</characteristic></characteristic>
<characteristic type="PXLOGICAL"><characteristic type="PXLOGICAL">
<<parmparm name="NAME" value=name="NAME" value=““NumeNume"/>"/>
<<parmparm name="PROXYname="PROXY--ID" value="ID" value="Trusted_ProxyTrusted_Proxy"/>"/>
<<parmparm name="NAME" value="Trusted Proxy"/>name="NAME" value="Trusted Proxy"/>
<characteristic type="PXPHYSICAL"><characteristic type="PXPHYSICAL">
<<parmparm name="PHYSICALname="PHYSICAL--PROXYPROXY--ID" value="ID" value="Trusted_PhProxyTrusted_PhProxy"/>"/>
<<parmparm name="PXADDR" value="40711111111"/>name="PXADDR" value="40711111111"/>
<<parmparm name="PXADDRTYPE" value="E164"/>name="PXADDRTYPE" value="E164"/>
<<parmparm name="TOname="TO--NAPID" value="NAPID" value="Trusted_NAPIDTrusted_NAPID"/>"/>
<<parmparm name="PUSHENABLED" value="1"/>name="PUSHENABLED" value="1"/>
<<parmparm name="PULLENABLED" value="1"/>name="PULLENABLED" value="1"/>
</characteristic></characteristic>
</characteristic></characteristic>
<characteristic type="NAPDEF"><characteristic type="NAPDEF">
<<parmparm name="NAME" value="Op"/>name="NAME" value="Op"/>
<<parmparm name="NAPID" value="name="NAPID" value="Trusted_NAPIDTrusted_NAPID"/>"/>
<<parmparm name="BEARER" value="GSMname="BEARER" value="GSM--SMS"/>SMS"/>
<<parmparm name="NAME" value="Trusted Proxy"/>name="NAME" value="Trusted Proxy"/>
<<parmparm name="NAPname="NAP--ADDRESS" value=" 40711111111 "/>ADDRESS" value=" 40711111111 "/>
<<parmparm name="NAPname="NAP--ADDRTYPE" value="E164"/>ADDRTYPE" value="E164"/>
</characteristic></characteristic>
![Page 36: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/36.jpg)
WAP WAP -- provisioningprovisioning
<<wapwap--provisioningdocprovisioningdoc>>
<characteristic type="<characteristic type="NetworkPolicyNetworkPolicy">">
<characteristic type="<characteristic type="WiFiWiFi">">
<characteristic type="Settings"><characteristic type="Settings">
<<parmparm name="Disabled" value="1"/>name="Disabled" value="1"/>
</characteristic></characteristic>
</characteristic></characteristic>
</characteristic></characteristic>
</</wapwap--provisioningdocprovisioningdoc>>
![Page 37: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/37.jpg)
InterceptareInterceptare trafictrafic
TraficulTraficul trecetrece prinprin proxyproxy--ulul nostrunostru
VariantaVarianta 1 1 –– Burp ProxyBurp Proxy
![Page 38: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/38.jpg)
InterceptareInterceptare trafictrafic
TraficulTraficul trecetrece prinprin proxyproxy--ulul nostrunostru
VariantaVarianta 2 2 –– sslstripsslstrip
http://http://www.thoughtcrime.org/software/sslstripwww.thoughtcrime.org/software/sslstrip//
![Page 39: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/39.jpg)
InterceptareInterceptare trafictrafic
DEMODEMO
![Page 40: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/40.jpg)
ProtectieProtectie
OperatorulOperatorul poatepoate filtrafiltra acesteaceste tipuritipuri de de mesajemesaje
ProducatoriiProducatorii de de telefoanetelefoane trebuietrebuie sasa se se concentrezeconcentreze maimai multmult pepe securitatesecuritate
VerificatiVerificati constant (la constant (la felfel cum cum facetifaceti cu cu facturafactura / / creditulcreditul disponibildisponibil) ) setarilesetarile de de InternetInternet
![Page 41: Securitatea mobila - Atacuri prin SMS](https://reader038.vdocuments.net/reader038/viewer/2022102700/54bd123b4a79591f298b4573/html5/thumbnails/41.jpg)
IntrebariIntrebari??