YURY_CHEMERKIN__AthCon_2013._Conference.pdf

YuryChemerkin 13 views 18 slides Jul 26, 2024
Slide 1
Slide 1 of 18
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18

About This Presentation

This document is a presentation by Yury Chemerkin for the AthCon 2013 conference. It explores how integration features impact sandbox environments, with a focus on reverse engineering, mobile security, and compliance. The presentation provides insights into the challenges and solutions related to sa...

Size: 2.56 MB
Language: en
Added: Jul 26, 2024
Slides: 18 pages

Slide Content

THE SANDBOX DIFFERENCES OR HOW AN
INTEGRATION FEATURES AFFECT THE SANDBOX
INDEPENDENT SECURITY RESEARCHER / PhD.
YURY CHEMERKIN
AthCon‘2013

Experienced in :
Reverse Engineering& AV
Software Programming& Documentation
Mobile Security and MDM
Cyber Security & Cloud Security
Compliance & Transparency
and Security Writing
Hakin9 Magazine, PenTestMagazine, eForensicsMagazine,
GroteckBusiness Media
Participation at conferences
InfoSecurityRussia, NullCon, CONFidence, PHDays
CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec
ICITST, CyberTimes, ITA, I-Society
[ Yury Chemerkin ]
www.linkedin.com/in/yurychemerkinhttp://[email protected]

BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES.
UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE
DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE
ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE
PROTECTION OF APPLICATION DATA USING SANDBOXING
MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES
BB EVALUATES EVERY REQUEST THAT APP MAKES –BUT LEAD AWAY FROM ANY DETAILS AND APIs
BLACKBERRY SECURITY ENVIRONMENT
BLACKBERRY EVALUATES EVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY

BLACKBERRY HANDLES SEVERAL TECHNOLOGIES
NATIVE
BLACKBERRY 10, BLACKBERY PLAYBOOK
OLD BLACKBERRY DEVICES
THIRD PARTY
ADOBE AIR FOR NEW BB DEVICES
ANDROID APPLICATIONS & DEVICES
IOS DEVICES
EVERY CONTROLLED LIMITED BY
SANDBOX
PERMISSIONS
SECURITY FEATURES ON DEVICEs & MDMs
USER-MODE MALWARE
SPYWARE
ROOTKITS
EXPLOTS & ATTACKS
REVERSING NETWORK LAYER
PARTIALLY RECOVERING DATA VS. SANBOX
MDM vs. COMPLIANCE
A FEW RECOMMENDATIONS
SET IS LESSER THAN SET OF MDM FEATURES
YOUNG STANDARDS
FIRST REVISIONS
DRAFT REVISIONS
KNOWN ISSUES
MALWARE BOUNDS BECOME UNCLEAR…COMPLIANCE BRINGS USELESS RECOMMENDATIONS

CAMERA AND VIDEO
HIDE THE DEFAULT CAMERA APPLICATION
PASSWORD
DEFINE PASSWORD PROPERTIES
REQUIRE LETTERS (incl. case)
REQUIRE NUMBERS
REQUIRE SPECIAL CHARACTERS
DELETE DATA AND APPLICATIONS FROM THE
DEVICE AFTER
INCORRECT PASSWORD ATTEMPTS
DEVICE PASSWORD
ENABLE AUTO-LOCK
LIMIT PASSWORD AGE
LIMIT PASSWORD HISTORY
RESTRICT PASSWORD LENGTH
MINIMUM LENGTH FOR THE DEVICE
PASSWORD THAT IS ALLOWED
ENCRYPTION
APPLY ENCRYPTION RULES
ENCRYPT INTERNAL DEVICE STORAGE
TOUCHDOWN SUPPORT
MICROSOFT EXCHANGE SYNCHRONIZATION
EMAIL PROFILES
ACTIVESYNC
BLACKBERRY CAPABILITES -ANDROID
CONTROLLED FOUR GROUPS ONLY by BlackBerryCONTROLLED 74 OUT 200 APIs ONLY by Android

 BROWSER
 DEFAULT APP,
 AUTOFILL, COOKIES, JAVASCRIPT, POPUPS
 CAMERA, VIDEO, VIDEO CONF
 OUTPUT, SCREEN CAPTURE, DEFAULT APP
 CERTIFICATES (UNTRUSTED CERTs)
 CLOUD SERVICES
 BACKUP / DOCUMENT / PICTURE / SHARING
 CONNECTIVITY
 NETWORK, WIRELESS, ROAMING
 DATA, VOICE WHEN ROAMING
 CONTENT
 CONTENT (incl. EXPLICIT)
 RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
 DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
 MESSAGING (DEFAULT APP)
 BACKUP / DOCUMENT PICTURE / SHARING
 ONLINE STORE
 ONLINE STORES , PURCHASES, PASSWORD
 DEFAULT STORE / BOOK / MUSIC APP
 MESSAGING (DEFAULT APP)
 PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)
 PHONE AND MESSAGING (VOICE DIALING)
 PROFILE & CERTs (INTERACTIVE INSTALLATION)
 SOCIAL (DEFAULT APP)
 SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER
 DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS
 STORAGE AND BACKUP
 DEVICE BACKUP AND ENCRYPTION
 VOICE ASSISTANT (DEFAULT APP)
BLACKBERRY CAPABILITES -iOS
CONTROLLED 16 GROUPS ONLY by BlackBerrythat‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS

 GENERAL
 MOBILE HOTSPOT AND TETHERING
 PLANS APP, APPWORLD
 PASSWORD (THE SAME WITH ANDROID, iOS)
 BES MANAGEMENT (SMARTPHONES, TABLETS)
 SOFTWARE
 OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER
 TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE
 BBM VIDEO ACCESS TO WORK NETWORK
 VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK
 SECURITY
 WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
 VOICE CONTROL & DICTATION IN WORK & USER APPS
 BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
 PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
 PERSONAL SPACE DATA ENCRYPTION
 NETWORK ACCESS CONTROL FOR WORK APPS
 PERSONAL APPS ACCESS TO WORK CONTACTS
 SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING
 WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS
 EMAIL PROFILES
 CERTIFICATES & CIPHERS & S/MIME
 HASH & ENCRYPTION ALGS AND KEY PARAMS
 TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC
 WI-FI PROFILES
 ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS
 PROXY PASSWORD/PORT/SERVER/SUBNET MASK
 VPN PROFILES
 PROXY, SCEP, AUTH PROFILE PARAMS
 TOKENS, IKE, IPSEC OTHER PARAMS
 PROXY PORTS, USERNAME, OTHER PARAMS
BLACKBERRY CAPABILITES –BLACKBERRY (QNX)
CONTROLLED 7 GROUPS ONLY by BlackBerrythat‘s NOT ENOUGH TO MANAGE ALL APIs

THERE 55 GROUPS CONTROLLED IN ALL
EACH GROUP CONTAINSFROM 10 TO 30 UNITSARE CONTROLLED TOO
EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEADOF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’
EACH EVENT IS
CONTROLLED BY CERTAIN PERMISSION
ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE
DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS
EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF
‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING
BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY
SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)
SOME PERMISSIONS ARE RELATED TO APP, WHICH 3
RD
PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF
THAT PLUGIN
BLACKBERRY CAPABILITES –BLACKBERRY (OLD)
INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE

OLD BB: MERGINGPERMISSION UNITS AND GROUPS
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)
QNX-BB: SCREEN CAPTURE
IS ALLOWED VIA HARDWARE BUTTONS ONLY
NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES
LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS
OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED
ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION
QNX-BB: OFFICIALLYANNOUNCED SANBOX
MALWAREIS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY
SANDBOXPROTECTSONLYAPPDATA, WHILE USER DATA STORED IN SHARED FOLDERS
ISSUES : USELESS SOLUTIONS -I
USERFULL IDEAS AT FIRST GLANCEBUT INSTEAD MAKE NO SENSE

OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME
HAS ENCRYPTED COMMUNICATION SESSIONS
STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)
INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)
UPGRADE FEATURE AFFECT EVERYTHING
UPDATEAPP THAT CALLS THIS API –USE GENERAL API
REMOVEAPP THAT CALLS THIS APPS –USE GENERAL API
REMOVEANYOTHERAPPUNDER THE SAME API WITHOUT NOTIFICATION
HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE
OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)
REVEAL THE DATA IN REAL TIME BY ONE API CALL
NATIVE WALLETS PROTECTS BY RETURNING NJULL
WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS
EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
ISSUES : USELESS SOLUTIONS -II
USERFULL IDEAS AT FIRST GLANCEBUT INSTEAD MAKE NO SENSE

INITIALLY BASED ON AUTHORIZED API COVERED
ALL PHYSICAL & NAVIGATION BUTTONS
TYPING TEXTUAL DATA, AFFECT ALL APPs
SECONDARY BASED ON ADDING THE MENU ITEMS
INTO THE GLOBAL / “SEND VIA” MENU
AFFECTALL NATIVEAPPLICATIONS
NATIVE APPs ARE DEVELOPED BY BLACKBERRY
WALLETS, SOCIAL, SETTINGS, IMs,…
GUI EXPLOITATION
REDRAWING THE SCREENS
GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD
FIELD)
ADDING, REMOVING THE FIELD DATA
ORIGINALDATAIS INACCESSIBLE BUT NOT AFFECTED
ADDING GUI OBJECTS BUT NOT SHUFFLING
KASPERSKY MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs & UNDER
SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
JUST SHOULD CHECK API “IS SIMULATOR” ONLY
SMS MANAGEMENT VIA “QUITE” SECRET SMS
PASSWORDIS 4–16 DIGITS,AND MODIFIED IN REAL-TIME
SMSIS A HALF A HASH VALUE OF GOST R 34.11-94
IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT
TABLES (VALUEHASH) ARE EASY BUILT
OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY
NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES
OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
ISSUES : USELESS SOLUTIONS –III
THE GUI EXPLOITATION (OLD BB) –NATIVE APPs3
RD
PARTY SECURE SOLITUINS RUIN THE SECURITY

DENIAL OF SERVICE
REPLACING/REMOVING EXEC FILES
DOS’ingEVENTs, NOISING FIELDS
GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
DUMPING .COD FILES, SHARED FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCRETE PERMISSIONS
BUT COMBINEDINTO GENERAL PERMISSION
A SCREENSHOT PERMISSION IS PART OF THE
CAMERA
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCLUSION -I
PRIVILEGED GENERAL PERMISSIONSOWN APPs, NATIVE & 3
RD
PARTY APPs FEATURES

SIMPLIFICATIONAND REDUCINGSECURITY CONTROLS
MANY GENERALPERMISSIONS AND COMBINEDINTO EACH OTHER
NOLOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY
ANY SECURITY VULNERABILITY ARE ONLY FIXEDBY ENTIRELY NEWAND DIFFERENT OS/ KERNEL
A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS
THE SANDBOX PROTECT ONLY APPLICATION DATA
USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE
APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY
MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY
THE NATIVE SPOOFING AND INTERCEPTION FEATURES
BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH
THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES
PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
CONCLUSION -II
THE VENDOR SECURITY VISIONHAS NOTHING WITH REALITYAGGRAVATED BY SIMPLICITY

Q & A
Tags
yury chemerkin conference presentation mobile mobile security security information security cyber security technology
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 13
  • Slides 18
  • Age 499 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
34 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
37 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
31 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views
View More in This Category