Enterprise_Mobile_Security_Forum_2013.pdf

YuryChemerkin 66 views 25 slides Jul 18, 2024
Slide 1
Slide 1 of 25
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25

About This Presentation

This PDF delves into the aspects of information security from a forensic perspective, focusing on privacy leaks. It provides insights into the methods and tools used in forensic investigations to uncover and mitigate privacy breaches in mobile and cloud environments.

Size: 3.57 MB
Language: en
Added: Jul 18, 2024
Slides: 25 pages

Slide Content

NEPCNEKTUBHbIN
MOHVUTOPUHT AHasm3 6esonacHocTu MHCbopMaliMOHHbIx CHCTEM

www.advancedmonitoring.ru
8) Enterprise Mobile
Security Forum
Oopym no 6ezonacHoctH
Pr O KOPNOPATABHOË MOÖWAbHON CEAIH
03-06.09.2013
ph nomepnxe Cayx6b Kopnoparnanon autres OAO «Fa3npoM»

Privacy Le@K
AcnekTbI UE c nozuuun Forensics

KOPUN YEMEPKUH

Enterprise Mobile Security Forum 2013

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

www.advancedmonitoring.ru

[ Yury Chemerkin ]
[email protected]

> Reverse Engineering & AV

> Software Programming & Documentation
> Mobile Security and MDM

> Cyber Security & Cloud Security

> Compliance & Transparency

> Forensics and Security Writing

> Participation at conferences

NEPCNEKTUBHbIN
MOHUTOPUHT Axanu3 6e30NaCHOCTN MHOPMALIMOHHbIX CHCTEM

www.advancedmonitoring.ru

Yactb 1. PakKTbI

NEPCNEKTUBHbIN
J MOHUTOPUHT AHann3 6e30nacHoCTN MHOPMALNOHHBIX CHCTEM
WN

MHeHua

+ iOS - crporaa nposepka npunorKeHui 8 MarasuHe npunoxeHnuú >
MeHbLlile BUpycoB

+ ¡OS Jailbreak — Hosbie mara3uHbI npunoxenuó GonbwWe BupycoB

+ Android — ymepeHHaa nposepka npunomeHuó B mMara3uHe
npunoxenuá Y Gonbuwe BHpycoB

+ Android (root) — Hosbie marasuHbi mpunoxeHuó > Gonbue
BUpycoB

+ iOS vs. Android — iOS 3auuuéHHee ,uem Android

+ My6nukauna Cnews (July, 2013) - Android sauynıyännHee, 4em ¡OS

* «Mnarpopma iOS asnaetca 6onee 3akpbiTOú, Bce ny6nukyembie B
App Store mpunoxeHua nogsepratoTca TUaTenbHoó nmposepke.
Croga TPyAHO MOMECTWTb BpeaoHocHoe MPUNOMKEHNE, uero He
ckaxeuwb o Google Play, c KoTopbim Bce HamHoro mpouje, -
pestomupyer 3Kcnept. - Ho 4TO Kacaerca YaCTHOM >KU3HU,
paspa6otunukn ¡OS-npunoxeHuú 6onee 6ecuepemoHHbi».

ing.ru

NEPCNEKTMBHbIN
MOHUTOPUHT

©
x
Ss
E
O
S
Fr
©
ke
O

Ss
=
=
a
ES
°
5
=
oa
E



19)

°

Ss
o
[1
o
o
=
=
a
mn
ES
>
L
=
=
E

»S
©

a

10,0

9,0

8,0

7,0

6,0

5,0

4,0

3,0

2,0

1,0

0,0

€TOZ
€TOZ
zroz
ZToz
zToz
zıoz
zroz
TIOZ
zIOz
zToz
zıoz
zroz
Troz
Troz
Troz
Troz
Troz
TIOZ
Oroz
OTOZ
Oroz
Oroz
Oroz
6007
6007
6007
6007
6007
6007
6007
8007
8007
8007
1007
1007
1007

—-Score-i0S —-Score - Android

10,0

9,0

8,0

7,0

6,0

5,0

4,0

3,0

2,0

1,0

0,0

NEPCNEKTMBHbIN
A MOHUTOPUHT

CtaTuctuka

Min & average score

Android Average;
8,2

iOS Average; 6,3

Android Min; 1,9
iOS Min; 1,2

Min & Average Score

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

VHCTpyMeHTbI

+ WHcTpymeHTb! Ana CTaTuyeckoro U AUHAMU4ECKOTO aHanu3a kona
— lOS- 10
— Android — 50
+ KonuuecTBo own6oK
— CpenHee — 50
— MuHumanbhoe - 20
+ XapakTtep oum6ok (OyesuaHo | BepoaTHo)
— Heaopaborku tuna free ()x2
debug-aprepakTbi
plaintext & hard-code napone/rokeHo8/knroueñ

BepoaTHo HeGe3onacHbie MecTa
* BO3MOXHO SQL UHbEKUMA
+ Orcyrcreme https npu 3anpocax

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

Mpaktuka

+ Kpatkaa BbI6opka 3a NocnegHue Asa ropa:
— 06x04 MDM http://goo.gl/HN829p
— Kak nonyyuTb root Ha Android'e http://g00.gl/p5FhwG
— AhHanm3 CPeACTB wndposaHua
+ BlackBerry & iOS - http://goo.gl/STpSIl
+ Android - http://goo.gl/x1PPGK
+ Bpema ucnpasnenva cepbé3HbIx yasBumocTeó >= 7 month
— Jin6o Ao Bbixoga cneaymınei Bepcun ©
+ Bpema ucnpasneuua privacy-npo6nem
— Tonbko ecnn nyónmkaunto 3aMmeTaT pa3pa6OTUUKU©)

NEPCNEKTUBHbIM
MOHVUTOPUHT AHasm3 6esonacHocTu MHCbopMaliMOHHbIx CHCTEM

www.advancedmonitoring.ru

Mobile Secure Capabilities

Secure Bootloader
System Software Security (06HoBneHnA)
Application Code Signing
Runtime Process Security
— Sandbox,
— APIs

Hardware Security Features e
File Data Protection
SSL, TLS, VPN
Passcode Protection
Settings
— Permissions / Restrictions =

— Configurations
Mobile Device Management
Remote Wipe

NEPCNEKTUBHbIN
MOHUTOPUHT Axanu3 6e30NaCHOCTN MHOPMALIMOHHbIX CHCTEM

www.advancedmonitoring.ru

Yactb 2. Forensics

NEPCNEKTUBHbIM
MOHUTOPUHT AHanna 6esonacı A MHOPMALIUOHHBIX CHCTEM

www.advancedmonitoring.ru

Forensics Methodology

+ Wro Takoe Forensic'a?

— C6op AaHHbIX

— Mpornsogeúcrene saute
+ UTo Takoe GesonacHocTb

— 3auuTa 8 namaTn, npu nepegaue u xpaHeHnn

— Cooreercrene npakTukam (Kak MMHNMaNbHbIM YPOBEHb 3ALMTbI)
+ Wro uccnepyetca?

— 3auyta B NAMATH 4 NP XpaHeHun

+ Kak?
— AHanu3 BCE AaHHbIX, AO KOTOPbIX MONYUMTCA AOTAHYTbCA
— Bernbih Ananna
— HemHoro cepbézHee

* 3auem?

— He TpaTum Bpema Ha nporpammy, koTOpaa Aa»e He COÓNIOAAeT NPAKTHKU
— Bce OC o6ecneunBaroT OAMHAKOBbIX HAÓOP HHCTPYMEHTOB AJA 3ALUMTbI AAHHBIX
— ManoBepoñTHO, 4TO NPHAËTCA aHanN3NPOBaTb OAHO N TOKE MPUNOKEHNE ABAKAbI

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30na A MHCPOPMALIMOHHbIX CHCTEM

www.advancedmonitoring.ru

Forensics Examination. Viber

a ci
AKKayHT i
— Kogctpanbi, Homep Tenedoua
— Device Hardware Key (uma Tenebona)
— ma / rokenbi Twitter / Facebook akkayHTa
Uctopua 380HKOB
— ma + WaeHtndukatop

— MNpofomkutenbHocTd + [lata y Bpema ?
Undopmauna 06 aapecHoï kHure
— CKOAbKO KOHTAKTOB / CkonbKO M3 Hux viber-KOHTAKTOB 5 f2
= MO kontaxta / Email / Homepa TenedoHoB ed
f Ñ SS on
- Crtatyc viber / Cratyc m36paHHoe / Cnucok viber-KOHTaKTOB M MX HoMepoB

Uctopua coo6ujeHuin
- Tpynnbi 6ecea

+ Konmuecrso cooëwennñ/yuacraukos 8 rpynne 6ecea

+ Vibopmauua 06 yuacraukax (DUO, Homepa renebonos)
- Coo6uweHua

+ Raranspema,

+ Homep yuacthuka,

NEPCNEKTUBHbIM
J MOHUTOPUHT AHany3 6e30NaCHOCTN UHOPMALIMOHHPIX CHCTEM
W

www.advancedmonitoring.ru

Forensics Examination. Whatsapp

AKKayHT
— Koa CTpaHbl, HOMep reneboHa
— Ckonbko CTOMT $$$, ToKeHbI MPUNOKEHMA
— Uma / Tokenbi Facebook He Óbinm pacKpbiTbI
DNS cache agpecos Whatsapp
Asarapbı 8 bopmare [email protected] (j
Horn
— [ata u Bpema,
— Own6xu / Tunbı ceteü,
— Cnucox whatsapp Homepos 8 opmate [email protected]~ = ae
— Cnucox Bcex HOMEPOB

Uctopua coo6weHuin
— Daran Bpema, GPS AaHHble
— IDyuactHuka 8 bopmare [email protected],
— Cogepxumoe coobweHnii
— Konnyectso rpynn 6ecea, coo6weHnñ

NEPCNEKTUBHbIM
MOHUTOPUHF AHany3 GesonacHocTn HHOPMALIMOHHEIX CHCTEM
W

www.advancedmonitoring.ru

Forensics Examination. AeroExpress

e.

+ AKKayHT
— Moura / JloruH
— Maponb
— Homep tenepoha
+ Tosapbl
Homep 6unera
— QR-k0A,
— Vhcrpykuna no npumeneHuto ©
— PacnucaHve mapwipytos ©
+ MnatéxHble JaHHble

— Uma snagenbua

— Homep

— Cpok aeúcteuna

— CVC/CV2 He Gbinm packpbiTbi
* U3BneKatoTca 43 namatn

NEPCNEKTMBHbIN
A MOHUTOPUHT anus ac A MOHHBIX CH

Forensics Examination. Aeroflot

+ AKKayHT

+ Mapopmauua

www.advancedmonitoring.ru

ag

<=

Moura / Jlorun
Naponb

ID ceccn u npouue ToKeHbI

BoHycHbie Munn, ypoBeHb,

Uctopua Hauncnennii, gata, HHbopmauua o nonéte
facnoprHbie aanHbie

Aapec aomauHnñ & pa6ounÿ

Homep Tenedoua, email
paa re
Uma KOMNaHHY, AOMKHOCTb

* Mpouee

MapupyrHble KenTanunn He PACKPbITEI
+ Visenexaiorca us namarn

NEPCNEKTUBHbIN
J MOHUTOPUHT AHann3 6e30nacHoCTN MHOPMALNOHHBIX CHCTEM
N

www.advancedmonitoring.ru

Forensics Examination. Anyw

+ AKKayHT
— ID akkayHra (email)
— Naponb
+ WMHpopmauna
— BoHycHaa unbopmauna (Homepa Kapr/norukbı)
— fata poxaenua
— MacnoprHbie aaHHbie
* Mcropua sakasos
MapupyT
Hara u Bpema

CroumocTb, 6oHycHbie Gannbl

— MonnHaa getanuzauna Ha KaKAbIA 3aka3
+ __ MnaTéxHbie KapTbI

— LUndposanne (AES, CBC)

= UTA een 192 < 256 bit)

NEPCNEKTUBHbIM
MOHUTOPUHT Axanu3 6esonacı A MHCPOPMALIMOHHbIX CHCTEM
W

www.advancedmonitoring.ru

Forensics Examination. Qiwi Wallet
ze

* AKkKayHT
— Homep TeneboHa
(

— 3auyrHbiú kon & Mapone
+ Wsenexatorca M3 NAMATH
* Orcyrcrsyer macknposanne/wndpoBanne npu BBoge
+ MHbopmauna
— Ocratok Ha cueTax (RUR, USD, EUR)

= Ublpiamios 6 VISA A
+ ID akkayHta, Hazsanne, Cymma Ana nepesoga À
AS

* Homepa (reneboHos, cueros, ...) SE
+ Mnaréxbie AaHhble a

— MoaknioyeHHble KapTbi
* MackmpogaHHbiá Homep KapTbi (AAAAAAXXXXXXAAAA)
+ Tun KapTbi, Ganka, Uma Bnagenbua
— Qiwi KapTbi
+ Cpok geiictena / CVV
* MacnoprHbie AaHHble
+ ID akkayHTa / Tunbı KapTbi (QVP, QVC, QVV)
+ Homep KapTbI + MackMpOBAHHbIÁ HOMEP KAPTbI

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

www.advancedmonitoring.ru

+ AKKAaYHT
— Homep TeneboHa
— TOKEHbI 4 AaHHble ceccul npuv NPMBA3bIBaHN
+ [lpouee
— Maponb saundposaH

— Mpoune aaHHbie He packpbitbl NZ

* Usenexaiotca U3 namaTn
+ OtcytctByeT MackyposaHye/uubposaHye npu BBoge

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

Forensics Examination. Yande

AKKayHT

www.advancedmonitoring.ru

ID akkayHTa Yandex Money

ID akkayHTa Yandex

Uma 6aHka, KapTa KOTOporo nPNBA3aHa
NcTopua onepaumü

?
+ ID, Cymma, KomMmeHTapun J
+ Cratyc, Bpema SEE
* Us pasnena u36paHHoe En A
* Jlorux npn nnatexe
* Mpoune aaHHbie
MnatémHbiÁ naponb u naponb OT akKayHTa He packpbiTbI
* MaBnekalOTCA M3 namatn
+ OtcyTcTByeT MackupoBaHue/wndpoBaHve npu BBoge
* EcTb BO3MOXHOCTb NepeHoca AaHHbIX 6e3 HEOGxXOAMMOCTH BBOAA napona npn
nocneayiouyem 3anycke (ucnonbayetca CoxpaHéHHbIii akKayHT)

NEPCNEKTUBHbIN
J MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM
WN

www.advancedmonitoring.ru

Forensics Examination. Mail.Ru

+ AKKayHT
— ID akkayHTa (nnaTéKHbIi ID)
— ID akkayHTa (email)
— Maponb - conéHbiä xew
* USBNEKAlOTCA 43 NaMATU
* OrcyTcreyeT Mackyposanye/wubposanue nps A
* MoxHo noAo6pate naponu ”
* _DuHaHcoBaa UHbopMmauıma
— Banahc
— fata nocneaHero o6HoBNeHuA 6anaHca
— MackhpoBaHHbi HOMep npuBazaHHoú GaHKOBCKON KapTbi

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM
W

www.advancedmonitoring.ru

Forensics Examination. RBK

AKKayHT
— ID akkayHTa (email)
— Maponb
PuHaHcoBaa HHpopmMauina
— banaHc má J
— [ata nocneguero o6HoBneHva 6ananca LF
— MackuposaHHbiii Homep npusazaHHoú 6aHKOBCKON Mpal
— Uctopua nepesogos

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM
WN

+ Alfabank, Sberbank, TinkoffBank, CitiBank

www.advancedmonitoring.ru

Forensics Examination. HBO

Het packpbiTua HHbopmauuu in-rest
Bmecto NOruHOB UCNOND3YIOTCA TOKEHbI
Bca noruka BbIHeceHa Ha Cepsep
Bo3moxHocTb in-memory nepexBaTa
* Bsogumbix AaHHEIX (NorMHa, napona, T.n.)
+ Bsogumbix AaHHbiX (cekpeTHoro Koza, PIN)
— Kpome Tinkoff — cBoa digit-knasuatypa
* Tpouux aaHHbIX npu Tpaccuposke
EcTb 3NnEMEHTHI O6HYckauun Koa
Tpe6yetca AononHyTenbHo aHanus in-transit AaHHbIX
OgHako, sozmoxHa LieneBan aTaka c in-memory nepexBaToM AaHHbIX
* Tpe6yerca Monnbykauna HCXOAHOTO MPUNOXEHNA
+ Jlerko ckayaTb
+ He Tak cnoxHo U3MeHHTb MO, sHeapus csoú Kog (no KpaiiHeii mepe, ana

Android

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

Pe3yNbTaTbI

+ In-Rest
— OrcyTcTBME 3aLUTbI AaHHbIX
+ BoTKpbiTOM Bnge
+ OtcytcTBve AaHHbIX
— XeumposaHve
* U3BecTHbI UHCTpyMEHTbI A/A nepebopa Bcex anropurmos kpome GOST
* Bes con UN C CONDIO, HO MOHO MONYYUTb B Mpouecce HCNONHEHUA Kona
— lLiubposanne
+ HekoppekTHoe ynpasneuue K1KHUaMH (8 1.4. 8 OTKPbITOM Bue)
+ Mactep-katoun, TOKEHbI, KNIOYN, MaponN u npouee B OKTPbITOM

+ Cna6oe / wubposaHue — KMIONN 1 CONb MOMHO MONY4NTb B Mpouecce
UCNONHEHMA Koga

+ In-Memory
— Her macknposaHna/wndpoBaHua BBOANMbIX AaHHbIX
— Mepexsat aaHHeix , Tpaccuposka, XyKuHr
— Moandukauna OpuruHanbHoro NPHAIOKEHUA BPEAOHOCHbIM KOAOM
+ Jlyuwe u shhekrusHee Angry Birds

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

Pe3yNbTaTbI

+ He Haú/eno paznuunú 8 Koge uccnegyembIx mpunoxeHuó mex ay ¡OS u
Android
+ Oco6eHHocTu TUNOB NPHAOKEHUA
— MpunoxeHua 6e3 BO3MOXHOCTH ONNATbI — 3alllMTa OTCyTCTByeT 160

cna6aa

— MpunorkeHua C BO3MOKHOCTbIO ONNATbI — 3aLMTa OTCYTCTBYET AU60
cna6aa

— MpunoxeHva 6aHKOBCKUE — 3aLLUTA CPEAHAA, MOMHO U3yWaTb
AONOAHUTEALHO

+ HecooTBeTcTBne GONbLUMHCTBY pekomeHAaunú secure coding 'a

NEPCNEKTUBHbIM
MOHUTOPUHT AHann3 6e30nacHoCTN MHPOPpMaLMoHHbIX CHCTEM

www.advancedmonitoring.ru

? 1

Bonpocbi?
Tags
mobile mobile security yury chemerkin security information security cyber security conference conferences presentation
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 66
  • Slides 25
  • Age 512 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
37 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
40 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
37 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
34 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
32 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
36 views
View More in This Category