(pdf) yury chemerkin nullcon 2013

8/13/2019 (PDF) Yury Chemerkin Nullcon 2013

1/28

SECURITY EVALUATION OR ESCAPING

FROM "VULNERABILITY PRISON

Ph.D. YUR

NUL


2/28

THE SECURITYIS THECORNERSTONEA POWERFUL HIGH LEVEL INTEGRATION

IMs, SOCIAL NETWORKS

FINANCIAL DATA AND ETC.THE BLACKBERRY WAS BUILT

FREE OF MALWARE & HARMFUL ACTIONSWITH NATIVE SECURITY SOLUTIONS

MAINLY FOCUSED ON ENTERPRISE

WIDE RANGE ITPOLICYSET

UP TO 500 UNITS

A FEW THIRD PARTY SECURITY SOLUTIONS

A SIMPLIFICATIONOF THESECURPOOR INTERGRATION (ONLY BLA

NO BUILT IMs, HTML5 &

NO WALLETS OR ELSE BPLAYBOOK MIGHT

PRODUCE FEW VALUE DNOT MORE THAN LARG

TOTALLY FOCUSED ON ENTERPR

IT POLICYEXTRA REDUC

UP TO 10 UNITS

ENTERTAINMENT APPLI

BLACKBERRY SECURITY ENVIRONMENT

BLACKBERRY SMARTPHONE WAS SECURE PLAYBOOK HAS COME WITH A P


3/28

A LOT OF TYPES

BOOTKITS

FIRMWARE

USER-MODE

KERNEL

HYPERVISORSIMILAR TO THESPYWAREBUNDLING WITH DESIRABLE SOFTWAREWIDESPREADING, EASY DITRIBUTION AND QUITERELEVANT FOR HACKERS

BASED ON:

VENDOR-SUPPLIEDEXTE

THIRD PARTYPLUGINS

PUBLIC INTERFACES

INTERCEPTION OF SYST

EXPLOITATION OF SECUVULNERABILITIES

HOOKING AND PATCHINMETHODS

USER MODE ROOTKIT AND SPYWARE

MALWARE BOUNDS BECOME UNCLEAR HACKERS

ARE INTERESTED IN CH


4/28

VIA THE BUILT (INTERNAL) EXPLORER

AFTER ENTERING THE PASSWORD BUT STILLTHEINTERNAL EXPLORER

FOR EXECUTINGMALWARE FROM THE DEVICEBY CLICKINGFILE (.JAR/.JAD + .COD)

TO ALLOWCOPYINGTHE MALWARE TO THEDEVICE AS AN EXTERNAL DRIVE (LIKE AWORM)

ALL DATA ACCESSIBLE EXCEPT APP & SYSTEMDATA WITHOUT ANY API & OTHER INFO

AFTER MOUNTING AS AN EX

AFTER ENTERING THE PASSWNOT NECESSARYTO USE INTE

TO PREVENTFROM EXECUTINOUTSIDE APPWORLD (.BAR)

MALWARE IS APERSONAL APSUBTYPE IN TERMS OF RIMsS

SANDBOX PROTECTS ONLY AUSER DATA STORED IN SHAR

THE FILE SYSTEM ISSUES

BB OS v4

5 WAS ACCESSIBLE BB OS V6

7 PLUS PLAYBOOK ARE


5/28


6/28


7/28

THE UPGRADE FEATURE MEANSTHE INSTALL & REMOVE ACTIONS AT LEAST

AN APPLICATION ID REQUIREMENTAN ACCESSIBLE RUNNING APPLICATION LISTHANDLING ANOTHER APPsSILENTLYVIAAPI

HANDLING ANOTHER APPLICATION SILENTLY VIAPC TOOLS

MAY NEED APASSWORD

DEBUG MODE IS FOR TRACING &DEBUGING ONLY

EASY TRACKING THE NEWCOMING .CODMODULES FOR THE MALWARE PAYLOAD

THE UPGRADEMEANS AN USWITH APPWORLD

WITH HOME SCREENTHERE ARE SOME APIs BUT DITHERE ISNO API FOR SUCH ACT

HANDLING ANOTHER APPLICAPC TOOLS

MAY NEED APASSWORD

STRONGLY NEED ACTIVMODE

LOOKS LIKE MORE SECURE THDIFFICULT TO REMOVE DISTRIB

THE APPLICATION MANAGEMENT ISSUES

BLACKBERRY SMARTPHONE (LESS THAN BB 10) BLACKBERRY PLAYBOOK


8/28


9/28

HOW TO REVEALTHE DATA IN REAL TIME

GETCLIPBOARD()

ANYPROTECTION

NATIVE WALLETSRESTRICTTHE CLIPBOARD

ACCESS BY RETURNING NULLWHILETHE APPLICATIONIS ACTIVE(ONTOP OF SCREEN STACK) ONLY

DOES NOT WORK IN MINIMIZED STATE

HOW TO REVEAL THE DATA INR

GETDATA()

ANY PROTECTION

NO NATIVE WALLET APP

MANAGING THE LAST CSHARED FOLDER

PLAIN TEXT

HTML

ETC.

THE CLIPBOARD ISSUES

BLACKBERRY SMARTPHONE BLACKBERRY PLAYBOOK


10/28


11/28


12/28


13/28

SCREEN PROTECTION VIA SWITCHING

PERMIT

RESTRICT

ADDITIONALLY PER APPLICATION.

BUT DOES NOT HANDLE WINDOWs

HANDLE WITH THEKEY PREVIEWDUE THEVIRTUAL KEYBOARDMAY BE IMPROVED BYXORing TWOPHOTOSCREENS TO GETTHE DIFFERENCEMASKINGTHE ASTERISKS TAKES ADELAY

ENOUGH TO STEAL THE TEXT

MAY BEPART OF OCR ENGINES

ONLINE OR DESKTOP

RECOGNIZE TYPED DAT

WAS TESTED ON ABBYYSUBSTITUTE FOR HARDWARE K

RUNNING DOWN THE BATTERRTHAN PHOTO/VIDEO CAMERAEASY ACCESS TO ANY APPLICANO RESTRICTIONLIKE THE CLISCREENSHOTS OFTEN STORE IN

THE SAME A FILE ACCE

THE PHOTOSCREEN ISSUES

ARE AVAILABLE FOR ALL BLACKBERRY DEVICES BUT DISABLED FOR PLAYBOO


14/28


15/28

USING AUTHORIZED API TO INTERCEPT

MESSAGES(BBM, EMAIL, PIN-TO-PIN)

CREATE THE MESSAGE

READ THE MESSAGE

DELETE THE MESSAGE

SET THE MESSAGE STATUS (UNREAD,SENT, ANY ERROR STATE, ETC.)

THE BUTTONEVENTS(THE SAME TYPES)

OPENING THE MESSAGE

FORWARDING THE MESSAGE

SENDING THE MESSAGE

INTERCEPTING THE SMS (BASI

RECEIVING AND SENDIN

DELETING THE SENT &

ENOUGH TO HANDLESOOUTCOMING SMS (ADVANCED)

BLOCKING (DROPPING) TA NOTIFICATION IN THE

SPOOFING

THE RECEPIENT

THE BODY

TRANSMISSION RSUCH MESSAGE W

THE MESSAGES ISSUES

AVAILABLE ON THE BB DEVICES PROBABLY ON THE BLACKBERRY 10 N


16/28


17/28

THE PASSWORD PROTECTION COVERS

DEVICE LOCKING & ENCRYPTION FEATURE

APPWORLD REQUEST

LIMITED BY 5/10 ATTEMPTS & WIPE THEN

WIPING THE INTERNAL STORAGE ONLY

EXTRACTING THE PASSWORD TRHOUGHTELCOMSOFT PRODUCT (CUSTOM CASE)

GUI VULNERABILITY

CREATING THEFAKE WINDOWONDESKTOP SYNCHRONIZATION

BREAKING INTOBB DESKTOP SOFTWARE

HANDLING DESKTOP SOFTWAR

UNMASKING THE FIELD

GRABBING THE PASSWO

MASKING THE FIELD

DELAYTAKES NOT MOR

AFFECTED PASSWORD TYPESTHE DEVICE PASSWORD

THE BACKUP PASSWORDAFFECTED DEVICES

BLACKBERRY4-7 (BB 10

BLACKBERRYPLAYBOOK

THE DEVICE PASSWORD ISSUES

FOR THE BLACKBERRY 4 7 DUE THE INTERNAL CASE FOR ALL DEVICES DUE IN TH


18/28


19/28


20/28

INITIALLY BASED ON AUTHORIZED API COVERED

ALLPHYSICAL & NAVIGATIONBUTTONS

TYPING THE TEXTUAL DATA

AFFECT ALL NATIVE & THIRD PARTY APPsSECONDARY BASED ON ADDING THE MENU ITEMS

INTO THE GLOBAL MENUINTO THE SEND VIA MENU

AFFECT ALL NATIVE APPLICATIONSNATIVE APPLICATIONS ARE DEVELOPED BY RIM

BLACKBERRY WALLETS, MESSAGES,SETTINGS, FACEBOOK, TWITTER,

BBM/GTALK/YAHOO/WINDOWS IMs,

GUI EXPLOITATION HANDLES W

REDRAWING THE SCREE

ADDING NEW GUI OBJE

CHANGING THEIR PROP

GRABBING THE TEXT FR

ANY FIELDs (INCLUNLOCK THE DEV

SETTING UP THE PADDING, REMOVING TH

ORIGINAL DATAIS INACCESSIBAFFECTEDGUI OBJECTS SHUFFLING IS NO

THE GUI EXPLOITATION

CONSEQUENCE OF WIDE INTERGRATION FEATURES OFFERED FORDEVELOPERS (BLACK


21/28


22/28


23/28


24/28


25/28

KASPERSKY MOBILE SECURITY PROVIDES

FIREWALL, WIPE, BLOCK, INFO FEATURES

NO PROTECTION FROM REMOVING.CODs

NO PROTECTION UNDER SIMULATOR

EXAMING THE TRAFFIC, BEHAVIOUR

SHOULD CHECK APIIS SIMULATORSMS MANAGEMENT (QUITE SECRET SMS)PASSWORD IS FOUR SIXTEENDIGITSSETAND CAN BEMODIFIEDIN REAL-TIMESMS IS A HALFA HASH VALUE OF GOST R34.11-94IMPLEMENTATION USESTESTCRYPTOVALUESAND NO SALT

TABLES (VALUE HASHOUTCOMING SMS CAN BWITHOUT ANY NOTIFICOUTCOMING SMS CAN BTHE SAME DEVICE ORAN

McAfee MOBILE SECURITY PRO

FIREWALL, WIPE, BLOCKNO PROTECTION FROM

NO PROTECTION UNDER

EXAMING THE TR

SHOULD CHECK AWEB MANAGEMENT CO

DIFFICULT TO BREAK SM

THE THIRD PARTY EXPLOITATION

THERE ARE A FEW OF THEM THEY MIGHT HAVE AN EXPLOIT BUT RU


26/28

DENIAL OF SERVICE

REPLACING/REMOVING EXEC FILES

DOSing EVENTs, NOISING FIELDSGUI INTERCEPT

INFORMATION DISCLOSURE

CLIPBOARD, SCREEN CAPTURE

GUI INTERCEPTDUMPING .COD FILES, SHARED FILES

MITM (INTERCEPTION / SPOOFING)

MESSAGES

GUI INTERCEPT, THIRD PARTY APPs

FAKE WINDOW/CLICKJACKING

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SUB-P

A FEW NOTIFICATION/EVEN

BUILT PER APPLICATION INCONCRETE PERMISSIONS

BUTCOMBINEDINTO GENER

A SCREENSHOT PERMISSIONCAMERA

GENERAL PERMISSIONS

INSTEADOF SPECIFICSUB-PA FEW NOTIFICATION/EVEN

BUILT PER APPLICATION INS

THE PERMISSIONS

PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY AP


27/28

SIMPLIFICATIONAND REDUCINGSECURITY CONTROLSMANYGENERALPERMISSIONS ANDCOMBINED INTO EACH OTHERNO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THETRANSPARENCYANY SECURITYVULNERABILITYARE ONLYFIXEDBY ENTIRELYNEW AND DIFFERENTOS / KERA FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONSTHE SANDBOX PROTECT ONLY APPLICATION DATA

USERSHAVE TO STORETHEIR DATAINTO SHARED FOLDERSOR EXTERNAL STORAGEAPPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSEGOVERNED BY CHANMITM / INTERCEPTION ACTIONS ARE OFTENSILENTLYTHE NATIVESPOOFING AND INTERCEPTIONFEATURESBLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVTHE BEST SECURITY (PERMISSIONS) RULED BYAMAZON WEB SERVICESPERMISSIONS SHOULD RELY ON THE DIFFERENTUSEFUL CASESSET INSTEAD OF SPECIFIC

CONCLUSION

THEVENDOR SECURITYVISION HAS NOTHING WITH REALITY AGGRAVAT


28/28

(pdf) yury chemerkin nullcon 2013

Documents