(pdf) yury chemerkin nullcon 2013
TRANSCRIPT
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
1/28
SECURITY EVALUATION OR ESCAPING
FROM "VULNERABILITY PRISON
Ph.D. YUR
NUL
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
2/28
THE SECURITYIS THECORNERSTONEA POWERFUL HIGH LEVEL INTEGRATION
IMs, SOCIAL NETWORKS
FINANCIAL DATA AND ETC.THE BLACKBERRY WAS BUILT
FREE OF MALWARE & HARMFUL ACTIONSWITH NATIVE SECURITY SOLUTIONS
MAINLY FOCUSED ON ENTERPRISE
WIDE RANGE ITPOLICYSET
UP TO 500 UNITS
A FEW THIRD PARTY SECURITY SOLUTIONS
A SIMPLIFICATIONOF THESECURPOOR INTERGRATION (ONLY BLA
NO BUILT IMs, HTML5 &
NO WALLETS OR ELSE BPLAYBOOK MIGHT
PRODUCE FEW VALUE DNOT MORE THAN LARG
TOTALLY FOCUSED ON ENTERPR
IT POLICYEXTRA REDUC
UP TO 10 UNITS
ENTERTAINMENT APPLI
BLACKBERRY SECURITY ENVIRONMENT
BLACKBERRY SMARTPHONE WAS SECURE PLAYBOOK HAS COME WITH A P
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
3/28
A LOT OF TYPES
BOOTKITS
FIRMWARE
USER-MODE
KERNEL
HYPERVISORSIMILAR TO THESPYWAREBUNDLING WITH DESIRABLE SOFTWAREWIDESPREADING, EASY DITRIBUTION AND QUITERELEVANT FOR HACKERS
BASED ON:
VENDOR-SUPPLIEDEXTE
THIRD PARTYPLUGINS
PUBLIC INTERFACES
INTERCEPTION OF SYST
EXPLOITATION OF SECUVULNERABILITIES
HOOKING AND PATCHINMETHODS
USER MODE ROOTKIT AND SPYWARE
MALWARE BOUNDS BECOME UNCLEAR HACKERS
ARE INTERESTED IN CH
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
4/28
VIA THE BUILT (INTERNAL) EXPLORER
AFTER ENTERING THE PASSWORD BUT STILLTHEINTERNAL EXPLORER
FOR EXECUTINGMALWARE FROM THE DEVICEBY CLICKINGFILE (.JAR/.JAD + .COD)
TO ALLOWCOPYINGTHE MALWARE TO THEDEVICE AS AN EXTERNAL DRIVE (LIKE AWORM)
ALL DATA ACCESSIBLE EXCEPT APP & SYSTEMDATA WITHOUT ANY API & OTHER INFO
AFTER MOUNTING AS AN EX
AFTER ENTERING THE PASSWNOT NECESSARYTO USE INTE
TO PREVENTFROM EXECUTINOUTSIDE APPWORLD (.BAR)
MALWARE IS APERSONAL APSUBTYPE IN TERMS OF RIMsS
SANDBOX PROTECTS ONLY AUSER DATA STORED IN SHAR
THE FILE SYSTEM ISSUES
BB OS v4
5 WAS ACCESSIBLE BB OS V6
7 PLUS PLAYBOOK ARE
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
5/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
6/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
7/28
THE UPGRADE FEATURE MEANSTHE INSTALL & REMOVE ACTIONS AT LEAST
AN APPLICATION ID REQUIREMENTAN ACCESSIBLE RUNNING APPLICATION LISTHANDLING ANOTHER APPsSILENTLYVIAAPI
HANDLING ANOTHER APPLICATION SILENTLY VIAPC TOOLS
MAY NEED APASSWORD
DEBUG MODE IS FOR TRACING &DEBUGING ONLY
EASY TRACKING THE NEWCOMING .CODMODULES FOR THE MALWARE PAYLOAD
THE UPGRADEMEANS AN USWITH APPWORLD
WITH HOME SCREENTHERE ARE SOME APIs BUT DITHERE ISNO API FOR SUCH ACT
HANDLING ANOTHER APPLICAPC TOOLS
MAY NEED APASSWORD
STRONGLY NEED ACTIVMODE
LOOKS LIKE MORE SECURE THDIFFICULT TO REMOVE DISTRIB
THE APPLICATION MANAGEMENT ISSUES
BLACKBERRY SMARTPHONE (LESS THAN BB 10) BLACKBERRY PLAYBOOK
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
8/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
9/28
HOW TO REVEALTHE DATA IN REAL TIME
GETCLIPBOARD()
ANYPROTECTION
NATIVE WALLETSRESTRICTTHE CLIPBOARD
ACCESS BY RETURNING NULLWHILETHE APPLICATIONIS ACTIVE(ONTOP OF SCREEN STACK) ONLY
DOES NOT WORK IN MINIMIZED STATE
HOW TO REVEAL THE DATA INR
GETDATA()
ANY PROTECTION
NO NATIVE WALLET APP
MANAGING THE LAST CSHARED FOLDER
PLAIN TEXT
HTML
ETC.
THE CLIPBOARD ISSUES
BLACKBERRY SMARTPHONE BLACKBERRY PLAYBOOK
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
10/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
11/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
12/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
13/28
SCREEN PROTECTION VIA SWITCHING
PERMIT
RESTRICT
ADDITIONALLY PER APPLICATION.
BUT DOES NOT HANDLE WINDOWs
HANDLE WITH THEKEY PREVIEWDUE THEVIRTUAL KEYBOARDMAY BE IMPROVED BYXORing TWOPHOTOSCREENS TO GETTHE DIFFERENCEMASKINGTHE ASTERISKS TAKES ADELAY
ENOUGH TO STEAL THE TEXT
MAY BEPART OF OCR ENGINES
ONLINE OR DESKTOP
RECOGNIZE TYPED DAT
WAS TESTED ON ABBYYSUBSTITUTE FOR HARDWARE K
RUNNING DOWN THE BATTERRTHAN PHOTO/VIDEO CAMERAEASY ACCESS TO ANY APPLICANO RESTRICTIONLIKE THE CLISCREENSHOTS OFTEN STORE IN
THE SAME A FILE ACCE
THE PHOTOSCREEN ISSUES
ARE AVAILABLE FOR ALL BLACKBERRY DEVICES BUT DISABLED FOR PLAYBOO
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
14/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
15/28
USING AUTHORIZED API TO INTERCEPT
MESSAGES(BBM, EMAIL, PIN-TO-PIN)
CREATE THE MESSAGE
READ THE MESSAGE
DELETE THE MESSAGE
SET THE MESSAGE STATUS (UNREAD,SENT, ANY ERROR STATE, ETC.)
THE BUTTONEVENTS(THE SAME TYPES)
OPENING THE MESSAGE
FORWARDING THE MESSAGE
SENDING THE MESSAGE
INTERCEPTING THE SMS (BASI
RECEIVING AND SENDIN
DELETING THE SENT &
ENOUGH TO HANDLESOOUTCOMING SMS (ADVANCED)
BLOCKING (DROPPING) TA NOTIFICATION IN THE
SPOOFING
THE RECEPIENT
THE BODY
TRANSMISSION RSUCH MESSAGE W
THE MESSAGES ISSUES
AVAILABLE ON THE BB DEVICES PROBABLY ON THE BLACKBERRY 10 N
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
16/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
17/28
THE PASSWORD PROTECTION COVERS
DEVICE LOCKING & ENCRYPTION FEATURE
APPWORLD REQUEST
LIMITED BY 5/10 ATTEMPTS & WIPE THEN
WIPING THE INTERNAL STORAGE ONLY
EXTRACTING THE PASSWORD TRHOUGHTELCOMSOFT PRODUCT (CUSTOM CASE)
GUI VULNERABILITY
CREATING THEFAKE WINDOWONDESKTOP SYNCHRONIZATION
BREAKING INTOBB DESKTOP SOFTWARE
HANDLING DESKTOP SOFTWAR
UNMASKING THE FIELD
GRABBING THE PASSWO
MASKING THE FIELD
DELAYTAKES NOT MOR
AFFECTED PASSWORD TYPESTHE DEVICE PASSWORD
THE BACKUP PASSWORDAFFECTED DEVICES
BLACKBERRY4-7 (BB 10
BLACKBERRYPLAYBOOK
THE DEVICE PASSWORD ISSUES
FOR THE BLACKBERRY 4 7 DUE THE INTERNAL CASE FOR ALL DEVICES DUE IN TH
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
18/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
19/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
20/28
INITIALLY BASED ON AUTHORIZED API COVERED
ALLPHYSICAL & NAVIGATIONBUTTONS
TYPING THE TEXTUAL DATA
AFFECT ALL NATIVE & THIRD PARTY APPsSECONDARY BASED ON ADDING THE MENU ITEMS
INTO THE GLOBAL MENUINTO THE SEND VIA MENU
AFFECT ALL NATIVE APPLICATIONSNATIVE APPLICATIONS ARE DEVELOPED BY RIM
BLACKBERRY WALLETS, MESSAGES,SETTINGS, FACEBOOK, TWITTER,
BBM/GTALK/YAHOO/WINDOWS IMs,
GUI EXPLOITATION HANDLES W
REDRAWING THE SCREE
ADDING NEW GUI OBJE
CHANGING THEIR PROP
GRABBING THE TEXT FR
ANY FIELDs (INCLUNLOCK THE DEV
SETTING UP THE PADDING, REMOVING TH
ORIGINAL DATAIS INACCESSIBAFFECTEDGUI OBJECTS SHUFFLING IS NO
THE GUI EXPLOITATION
CONSEQUENCE OF WIDE INTERGRATION FEATURES OFFERED FORDEVELOPERS (BLACK
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
21/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
22/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
23/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
24/28
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
25/28
KASPERSKY MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs
NO PROTECTION UNDER SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
SHOULD CHECK APIIS SIMULATORSMS MANAGEMENT (QUITE SECRET SMS)PASSWORD IS FOUR SIXTEENDIGITSSETAND CAN BEMODIFIEDIN REAL-TIMESMS IS A HALFA HASH VALUE OF GOST R34.11-94IMPLEMENTATION USESTESTCRYPTOVALUESAND NO SALT
TABLES (VALUE HASHOUTCOMING SMS CAN BWITHOUT ANY NOTIFICOUTCOMING SMS CAN BTHE SAME DEVICE ORAN
McAfee MOBILE SECURITY PRO
FIREWALL, WIPE, BLOCKNO PROTECTION FROM
NO PROTECTION UNDER
EXAMING THE TR
SHOULD CHECK AWEB MANAGEMENT CO
DIFFICULT TO BREAK SM
THE THIRD PARTY EXPLOITATION
THERE ARE A FEW OF THEM THEY MIGHT HAVE AN EXPLOIT BUT RU
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
26/28
DENIAL OF SERVICE
REPLACING/REMOVING EXEC FILES
DOSing EVENTs, NOISING FIELDSGUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPTDUMPING .COD FILES, SHARED FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-P
A FEW NOTIFICATION/EVEN
BUILT PER APPLICATION INCONCRETE PERMISSIONS
BUTCOMBINEDINTO GENER
A SCREENSHOT PERMISSIONCAMERA
GENERAL PERMISSIONS
INSTEADOF SPECIFICSUB-PA FEW NOTIFICATION/EVEN
BUILT PER APPLICATION INS
THE PERMISSIONS
PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY AP
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
27/28
SIMPLIFICATIONAND REDUCINGSECURITY CONTROLSMANYGENERALPERMISSIONS ANDCOMBINED INTO EACH OTHERNO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THETRANSPARENCYANY SECURITYVULNERABILITYARE ONLYFIXEDBY ENTIRELYNEW AND DIFFERENTOS / KERA FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONSTHE SANDBOX PROTECT ONLY APPLICATION DATA
USERSHAVE TO STORETHEIR DATAINTO SHARED FOLDERSOR EXTERNAL STORAGEAPPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSEGOVERNED BY CHANMITM / INTERCEPTION ACTIONS ARE OFTENSILENTLYTHE NATIVESPOOFING AND INTERCEPTIONFEATURESBLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVTHE BEST SECURITY (PERMISSIONS) RULED BYAMAZON WEB SERVICESPERMISSIONS SHOULD RELY ON THE DIFFERENTUSEFUL CASESSET INSTEAD OF SPECIFIC
CONCLUSION
THEVENDOR SECURITYVISION HAS NOTHING WITH REALITY AGGRAVAT
-
8/13/2019 (PDF) Yury Chemerkin Nullcon 2013
28/28