8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

1/52

QUESTIONABLE

VALUE OF MD

THE

BYODS VIE

YU

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

2/52

MULTISKILLED SECURITY RESEARCHER, WORKS FOR RUSSIAN COMPANY

EXPERIENCED IN :

REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST)

MOBILE SECURITY, INCL. MDM, MAM, etc.

CYBER SECURITY & CLOUD SECURITY

COMPLIANCE & FORENSICS ON MOBILE & CLOUD

WRITING (STO BLOG, HAKING, PENTEST, eFORENSICS Magazines)

PARTICIPATION AT CONFERENCES:

INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS,

DEFCON MOSCOW, HACKERHALTED, HACKTIVITY, HACKFEST

CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL

ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY

[ YURY CHEMERKIN ]

www.linkedin.com/in/yurychemerkin

http://sto

-

strategy.com yury.s@

http://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://sto-strategy.com/http://sto-strategy.com/mailto:yury.s@chemerkin.comhttp://sto-strategy.com/http://sto-strategy.com/http://www.linkedin.com/in/yurychemerkinhttp://www.linkedin.com/in/yurychemerkinhttp://pentestmag.com/http://pentestmag.com/http://hakin9.org/http://hakin9.org/mailto:yury.s@chemerkin.comhttp://sto-strategy.com/http://www.linkedin.com/in/yurychemerkin

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

3/52

[ MOBILE DEVICE MANAGEMENT

WHAT DO WORKERS WANT WHAT DO COMPANIES

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

4/52

[ MOBILE DEVICE MANAGEMENT

WHAT DO THIRD PART Y USUALLY SELLFIRST CASE WHAT DO THIRD

PARTY

USUALLY

SE

CASE

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

5/52

MOBILE DEVICEMOBILE DEVICE MANAGEMENT SOLUTION

NATIVE / THIRD PARTY SOLUTIONMOBILE APPLICATION MANAGEMENT SOLUTION

EMBEDDED / NATIVE / THIRD PARTY SOLUTIONMOBILE EMAIL MANAGEMENT SOLUTIONNETWORK ACCESS CONTROL SOLUTION

NOT ENOUGH NEW IDEA, BUT QUITE USEFUL IN CLOUDSADDITIONAL SOLUTION

AV, LOG MANAGEMENT, DLP-BASED SOLUTION, FORENSICS SOLUTIONCOMPLIANCE

GUIDELINES / BEST PRACTICES

[ MOBILE DEVICE MANAGEMENT

WHATS THE REAL DEVICE MANAGEMENT APPROACH INCLUDENOT LESS TH

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

6/52

APPLE IS SO SERIOUS TO LET MALWARE BE SPREADED THROUGH THEIR MARKET, EXCE

Ch. MILLER CASE

JAILBREAK,CYDIA,BLACK&OTHER MARKETS

MICROSOFT (WINDOWS PHONE) HAS IMPLEMENTED THE SAME IDEA

GOOGLE HAS A WEAK POLICY THAT WHY EVERYONE GOT MALWARE IN OFFICAL MARK

PLUS 3RD PARTY MARKET

PLUS REPACKAGES

BLACKBERRY IS THE SAFEST OS BECAUSE THAT'S ABOUT THE SIZE OF IT

[ OPINIONS ]

Blackberry Windows iOSAndroid

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

7/52

MDM HELPS TO PROTECT DATA AND MANAGE BLACKBERRY, iOS, WINDOWS, AND ANDROID DEVICES.

MDM ENHANCED BY MANAGING THE BEHAVIOR OF THE DEVICE

SECURE BOOTLOADER, SYSTEM SOFTWARE SECURITY (UPDATES),

APPLICATION CODE SIGNING

RUNTIME PROCESS SECURITY (SANDBOX, APIs)

HARDWARE SECURITY FEATURES

FILE DATA PROTECTION SSL, TLS, VPN

PASSCODE PROTECTION

SETTINGS (PERMISSIONS/ RESTRICTIONS, CONFIGURATIONS)

REMOTE MAGAGEMENT

MDM

REMOTE WIPE

[ SECURITY ENVIRONMENT ]

EACH OS EVALUATESEVERY REQUEST THATAPPLICATION S MAKESTO ACCESS

BUTLEADS AWAY FROM ANY DETAILS AND APIs

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

8/52

BYPASS MDM SOLUTIONS

iOS, ANDROID

EXPLOITS, DUMP /MEM TO GET EMAILS

BLACKHAT EU13 http://goo.gl/HN829p

BLACKBERRY PLAYBOOK

EXPLOITS, MITM, DUMP .ALL FILES SECTO11R, INFILTRATE12, SOURCE

BOSTON13 http://goo.gl/KaTtFG

GAIN ROOT ACCESS

ANDROID

APP SIGNATURE EXPLOITATION

APP MODIFICATION

BLACKHAT USA13 http://goo.gl/p5FhWG

TIME-FRAME TO FIX

7+ MONTH or WAIT FOR

WAIT FOR A VENDORS I ANALYSIS OF APPS DATA IN THE

BLACKBERRY, iOS

DATA LEAKAGE REVEAL PASSWORDS,

BLACKHAT EU12 http

ANDROID

DATA LEAKAGE

WEAKNESS OF CRYPT

PHDAY III 13 http://g

[ KNOWN ISSUES. Examples ]

THREATS BOUNDS BECOME UNCLEAR COMPLIANCEBRINGS COMMONRECOM

http://goo.gl/HN829phttp://goo.gl/HN829phttp://goo.gl/KaTtFGhttp://goo.gl/p5FhWGhttp://goo.gl/p5FhWGhttp://goo.gl/STpSllhttp://goo.gl/x1PPGKhttp://goo.gl/x1PPGKhttp://goo.gl/x1PPGKhttp://goo.gl/STpSllhttp://goo.gl/p5FhWGhttp://goo.gl/KaTtFGhttp://goo.gl/HN829p

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

9/52

PLAYBOOK ARTIFACTS (see the previous slide)

BROWSERS HISTORY

NETWORKING IDs, FLAGS, MACs

VIDEO CALLS DETAILS

ACCESS TO INTERNAL NETWORK

KERNEL BLACKBERRY Z10

DUMP MICROKERNEL

EVEN DEVELOPERS CREDENTIALS

(FACEBOOK, MOBILE, EMAILS) BLACKHAT

DEFCON MOSCOW http://goo.gl/R74leX

GUI FAILS (my results)

BLACKBERRY OS

DATA LEAKAGE

REVEAL PASSWORDS, A

NO PERMISSIONS REQUE

BORROW PERMISSIONS

NullCon13, CONFIDENC

http://goo.gl/phMey2

Havent yet test on new

[ KNOWN ISSUES. Examples ]

THREATS BOUNDS BECOME UNCLEAR COMPLIANCE BRINGS COMMONRECOM

http://goo.gl/R74leXhttp://goo.gl/R74leXhttp://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/phMey2http://goo.gl/R74leX

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

10/52

GOALS - MOBILE RESOURCES / AIM OF ATTACK

DEVICE RESOURCES

OUTSIDE-OF-DEVICE RESOURCES

ATTACKS SET OF ACTIONS UNDER THE THREAT

APIs - RESOURCES WIDELY AVAILABLE TO CODERS

SECURITY FEATURES

KERNEL PROTECTION , NON-APP FEATURES

PERMISSIONS - EXPLICITLY CONFIGURED

3RD PARTY

AV, FIREWALL, VPN, MDM

COMPLIANCE - RULES TO DESIGN A MOBILE SECURITY

IN ALIGNMENT WITH COMPLIANCE TO

[ DEVICE MANAGEMENT ]

APPLICATION LEVEL ATTACKS VECTOR

AV, MDM,

DLP, VPN

Attacks

APIs

MDM feature

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

11/52

= , , ,

set of OS permissions, set of device permissions, set

of MDM permissions, set of missed permissions (lack of

controls), set of rules are explicitly should be applied to gain

a compliance

= + ,

set of APIs , set of APIs that interact with sensitive data, set of APIs that do not interact with sensitive data

To get a mobile security designed with full granularity the set

should be empty set to get instead of , so

the matter how is it closer to empty. On another hand it should

find out whether assumptions , are true and if it is

possible to get .

Set of permissions < Set of activities ef

typical case < 100%,

ability to control each API = 100%

More than 1 permission per APIs >10

lack of knowledge about possi

improper granularity

[ DEVICE MANAGEMENT ]

Concurrency over native& additional security features The situation is very serio

MDM features

P

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

12/52

[ BLACKBERRY. PERMISSIONS ]

BB 10 Cascades SDK BB 10 AIR SDK PB (ND

Background processing + +BlackBerry Messenger -

Calendar, Contacts + via invo

Camera + +

Device identifying information + +

Email and PIN messages + via invo

GPS location + +

Internet + +

Location +

Microphone + +

Narrow swipe up - +Notebooks +

Notifications + +

Player - +

Phone +

Push +

Shared files + +

Text messages +

Volume - +

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

13/52

[ BLACKBERRY. Significant APIs ]

Feature Q. APIs Q. sign. APIs % (sign .APIs)

BlackBerry Messenger 77 70 90,91

Calendar 443 126 28,44

Camera 47 41 87,23

Contacts 316 150 47,47

Device identifying info 15 14 93,33

Email & PIN messages 347 211 60,81

Internet 161 145 90,06

Microphone 21 15 71,43

Notebooks 123 86 69,92

Notifications 32 24 75,00

Phone 27 22 81,48Push 25 22 88,00

Shared files 78 70 89,74

Text messages 10 6 60,00

Account 66 21 31,82

MediaPlayer 66 63 95,45

NFC 24 11 45,83

Radio & SIM 68 51 75,00

Clipboard 6 4 66,67

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

14/52

[ BLACKBERRY. Common activities

6

21

5

34

7

18

63

17

3 4 24 4

8

14 3 2 1 1 1 2 2 2 1 1 1 10

5

10

15

20

2530

35

Q. of m.+a. activity Q. of m.+a. permission

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

15/52

[ BLACKBERRY. Derived activities ]

6

116

24

59

7

89

1623

47

311

3

19

46

9

1 4 3 3 1 3 1 2 2 2 1 2 1 10

20

40

60

80

100

120

Q. of derived activities Q. of derived perm

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

16/52

[ BLACKBERRY. Efficiency (%) ]

16.67 19.05

60.00

5.88 14.29 5.5616.67

66.67

11.76

66.67

25.0050.00

25.00 25.00

50.0

16.67

3.45

12.50

5.08

14.29

3.37 6.25

8.704.26

66.67

9.09

66.67

5.262.17

88

0.00

50.00

100.00

150.00

200.00

250.00

% m+a activity vs perm % m+a derived activity vs perm

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

17/52

[ iOS. Info.plist (app capabilities) ]

Key Description

auto-focus-camera handle a utofocus c apabilities i n the devices still camera in case of a macro photography or im

bluetooth-le handle the p resence of Bluetooth low-energy hardware on the device.

camera-flash handle a camera flash for taking pictures or shooting video.

front-facing-camera handlea forward-facingcamerasuch as capturing video from the devices camera.

gamekit handle a Game Center.

gps handle a GPS (or AGPS) hardware to track a locations in case of need the higher accuracy more

location-services retrieve the devices current location using the Core Location framework though Cellular/Wi-F

microphone handle the built-in microphone and its accessories

peer-peer handle peer-to-peer connectivity over a Bluetooth network.sms handle the presence of the Messages application such as opening URLs with the sms scheme.

still-camera handle the p resence of a camera on the device such as c apturing images from the devices stil

telephony handle the p resence of the Phone application such as opening URLs with t he telephony schem

video-camera handle t he presence o fa camerawith video capabilitieso n d evice such ascapturing v ideo fro

wifi access to the networking features of the device.

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

18/52

[ iOS. Settings ]

Component Unit

Restrictions :: Native application

Safari

Camera, FaceTimeiTunes Store, iBookstore

Siri

Manage applications*

Restrictions :: 3rd application

Manage applications*Explicit Language (Siri)

Privacy*, Accounts*

Content Type Restrictions*

Unit subcomponents

Privacy :: LocationPer each 3rd party app

For system services

Privacy :: Private Info

Contacts, Calendar, Reminders, P

Bluetooth SharingTwitter, Facebook

Accounts

Disables changes to Mail, Contacts, Calendars, iClou

Find My Friends

Volume limit

Content Type Restrictions

Ratings per country and regio

Music and podcasts

Movies, Books, Apps, TV show

In-app purchasesRequire Passwords (in-app purch

Game CenterMultiplayer Games

Adding Friends (Game Center

Manage applicationsInstalling Apps

Removing Apps

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

19/52

[ iOS. Common activities ]

5

12

3 3

8

13

2

10

2

6

10

3

0

2

0 0

0

1

0

0

1

1

0

1

3

1 0

0

1

0

0

1

1

0

02468

1012141618

20

Q. of m.+a. activity Q. of m.+a. permission Q. of m.+a. perm plus parenta

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

20/52

[ iOS. Derived activities ]

9

20

13

13

918 12

10 2 10 10 6

0 2

0

0

0

1

0

0

1 10

1

3

1

00

1

0

0 11

0

010

20

30

40

50

60

70

80

Q. of derived activities Q. of derived perm Q. of derived perm + plus paren

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

21/52

[ iOS. Efficiency (%) ]

0.00

16.67

0.00 0.00

0.007.69

0.000.00

50.0016.67 0.00

00.00

10.00

0.00

0.00

0.00

5.560.00

0.00

50.00 10.00

0.00

0

20.00

25.00

33.33

0.00

0.00

7.69

0.00

0.00

50.00 16.67

0.0033

11.1115.00 7.69

0.000.00

5.56

0.000.00

50.00 10.00

0.00

16

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

% m+a activity vs perm % m+a derived activity vs perm Q. of m.+a. perm plus parental perm Q. of derive

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

22/52

[ Windows. Permissions ]

Permission Description

General use capabilities

musicLibrary provides access to the user's Music library, allowing the app to enumerate and access all fi

picturesLibrary provides access to the user's Pictures library, allowing to enumerate and access all files

videosLibrary provides access to the user's Videos library, allowing the app to enumerate and access al

removableStorage provides access to files on removable storage, such as USB keys and external hard drives,

microphone provides access to the microphones audio feed, which allows to record audio from conn

webcam provides access to the webcams video feed, which allows to capture snapshots, movies fro

location provides access to location functionality like a GPS sensor or derived from availab

proximityenables multiple devices in close proximity to communicate with one another via poss

Bluetooth, WiFi, and the internet.internetClient,

internetClientServerprovides outbound (inbound is for server only) access to the Internet, public networ

privateNetworkClientServerprovides inbound and outbound access to home and work networks through the firew

applications that share data across local devices.Special use capabilities

enterpriseAuthenticationenable a user to log into remote resources using their credentials, and act as if a user provid

password.

sharedUserCertificates enables an access to software and hardware certificates like smart card

documentsLibrary provides access to the user's Documents library, filtered to the file type asso

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

23/52

[ Windows. Significant APIs ]

Feature Q. APIs Q. sign. APIs % (sign. APIs) Co

General use capabilities

Notifications 68 4 5,88 +Music library 1300 138 10,62 +Pictures library 1157 133 11,50 +Videos library 1300 138 10,62 +Removablestorage 1045 109 10,43 +Microphone 274 33 12,04 +Webcam 409 91 22,25 +Location 37 5 13,51 +Proximity 54 19 35,19 +Internet and public networks 488 134 27,46 +

Home and work networks 488 134 27,46 +Special use capabilities

Enterprise authentication 8 4 50,00 +Shared User Certificates 20 5 25,00 +Documentslibrary 1045 126 12,06 +

Non-controlled capabilities

Clipboard 132 20 15,15 -Phone 18 6 33,33 -SMS 122 25 20,49 -Contacts 97 31 31,96 -Device Info 221 30 13,57 -

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

24/52

[ Windows. Common Activities ]

1 1

3

1 1

3

5

3

6

14

43

4

2

1 1 1 1 1

3

6

1 12

5

12 2

0

2

4

6

8

10

12

14

Q. of m.+a. activity Q. of m.+a. permission

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

25/52

[ Windows. Derived Activities ]

1

810

8

5

11

14

3

7

21

16

6

12 12

12 2 2

13

6

1 12

5

12 2

0

5

10

15

20

25

Q. of derived activities Q. of derived perm

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

26/52

[ Windows. Efficiency (%) ]

100.00 100.00

33.33

100.00100.00

100.00

120.00

33.33

16.6714.29

125.00

33.33

50.00

100.00

0.

100.00

25.00

20.00

25.0020.00

27.2742.8633.33

14.29

9.52

31.25

16.67 16.6716.67

0.00

20.00

40.00

60.00

80.00

100.00

120.00

% m+a activity vs perm % m+a derived activity vs perm

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

27/52

ACCESS_CHECKIN_PROPERTIES,ACCESS_COARSE_LOCATION,

ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM

ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE,

ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_

MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT

TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET

,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTEVIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL

PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_

PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY,

BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA

MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO

NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M

ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C

LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE

TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN

OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC

TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_

PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE

ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P

ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK

GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T

OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN

MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_

OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_

CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE

R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L

OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_

SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS,

READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET

ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO

RD_AUDIO,REORDER_TASKS

,SET_ACTIVITY_WATCHER,SE

SET_ANIMATION_SCALE,SET

,SET_POINTER_SPEED,SET_P

ROCESS_LIMIT,SET_TIME,SET

ET_WALLPAPER_HINTS,SIGN

TUS_BAR,SUBSCRIBED_FEEDITE,SYSTEM_ALERT_WINDOW

REDENTIALS,USE_SIP,VIBRAT

TINGS,WRITE_CALENDAR,W

TS,WRITE_EXTERNAL_STORA

STORY_BOOKMARKS,WRITE_

GS,WRITE_SETTINGS,WRITE_

RITE_SYNC_SETTINGS,WRITE

[ A droid. Permissions ]

List contains ~150 permissions I have ever seen that on old Black

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

28/52

ACCOUNTS

AFFECTS_BATTERY

APP_INFO

AUDIO_SETTINGS

BLUETOOTH_NETWORK

BOOKMARKS

CALENDAR

CAMERA

COST_MONEY

DEVELOPMENT_TOOLS

DEVICE_ALARMS

DISPLAY

HARDWARE_CONTROLS

LOCATION

MESSAGES

MICROPHONE

NETWORK

PERSONAL_INFO

PHONE_CALLS

SCREENLOCK

SOCIAL_INFO

STATUS_BAR

STORAGE

SYNC_SETTINGS

SYSTEM_CLOCK

SYSTEM_TOOLS

USER_DICTIONA

VOICEMAIL

WALLPAPER

WRITE_USER_D

[ A droid. Permission Groups ]

But there only 30 permissions groups Ihave ever seen that on old BlackBerry

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

29/52

[ A droid. Efficiency (%) ]

20.00

15.38

28.57

9.52

33.33

25.00

2.00

20.00

8.33 7.14

20.00

15.38

0.00 0.00

10.71

0.00

2.91

0.00

4.557.14

0.00

5.00

10.00

15.00

20.00

25.00

30.00

35.00

40.00

45.00

50.00

% m+a activity vs perm % m+a derived activity vs perm

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

30/52

[ Average quantitative indicators ]

394.8667.48

9.2332.48 2.01 2.19

38.427.6

435.95

62.37 3.849.68

1.47 1.63 54 20.97

119.31

60.38

7.43 17.07

0.64 0.69

9.06

5.94

102.74

60.638.86 29.26 1.89 2.32

42.0430.48

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Q. APIs Q. sign APIs Q. of m.+a.

activities

Q. of derived

activities

Q. of m.+a.

permissions

Q. of derived

permissions

% m+a activities

vs perm

%m+a derived vs

perm

Android Windows iOS BlackBerry

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

31/52

CAMERA AND VIDEO

HIDE THE DEFAULT CAMERA APPLICATION

PASSWORD

DEFINE PASSWORD PROPERTIES

REQUIRE LETTERS (incl. case)

REQUIRE NUMBERS

REQUIRE SPECIAL CHARACTERS DELETE DATA AND APPLICATIONS FROM THE

DEVICE AFTER

INCORRECT PASSWORD ATTEMPTS

DEVICE PASSWORD

ENABLE AUTO-LOCK

LIMIT PASSWORD AGE

LIMIT PASSWORD HISTORY

RESTRICT PASSWORD LENG

MINIMUM LENGTH FOR TPASSWORD THAT IS ALLOW

ENCRYPTION

APPLY ENCRYPTION RULES

ENCRYPT INTERNAL DEVIC

TOUCHDOWN SUPPORT

MICROSOFT EXCHANGE SY

EMAIL PROFILES

ACTIVESYNC

MDM . Extendyour device security capa

Android CONTROLLEDFOUR GROU

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

32/52

BROWSER

DEFAULT APP,

AUTOFILL, COOKIES, JAVASCRIPT, POPUPS

CAMERA, VIDEO, VIDEO CONF

OUTPUT, SCREEN CAPTURE, DEFAULT APP

CERTIFICATES (UNTRUSTED CERTs)

CLOUD SERVICES

BACKUP / DOCUMENT / PICTURE / SHARING

CONNECTIVITY

NETWORK, WIRELESS, ROAMING

DATA, VOICE WHEN ROAMING

CONTENT

CONTENT (incl. EXPLICIT)

RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS

DIAGNOSTICS AND USAGE (SUBMISSION LOGS)

MESSAGING (DEFAULT APP)

BACKUP / DOCUMENT PICTURE / SHA

ONLINE STORE

ONLINE STORES , PURCHASES, PASSW

DEFAULT STORE / BOOK / MUSIC APP

MESSAGING (DEFAULT APP)

PASSWORD (THE SAME WITH ANDROID, NEW BLA

PHONE AND MESSAGING (VOICE DIALING)

PROFILE & CERTs (INTERACTIVE INSTALLATION)

SOCIAL (DEFAULT APP)

SOCIAL APPS / GAMING / ADDING FRI

DEFAULT SOCIAL-GAMING / SOCIAL-V

STORAGE AND BACKUP

DEVICE BACKUP AND ENCRYPTION

VOICE ASSISTANT (DEFAULT APP)

MDM . Extend your device security capa

iOS CONTROLLED16 GROUP

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

33/52

GENERAL

MOBILE HOTSPOT AND TETHERING

PLANS APP, APPWORLD

PASSWORD (THE SAME WITH ANDROID, iOS)

BES MANAGEMENT (SMARTPHONES, TABLETS)

SOFTWARE

OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER

TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK

VIDEO CHAT APP USES ORGANIZATIONS WI-FI/VPN NETWORK

SECURITY

WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE

VOICE CONTROL & DICTATION IN WORK & USER APPS

BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE

PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)

PERSONAL SPACE DATA ENCRYPTION

NETWORK ACCESS CONTROL FOR WO

PERSONAL APPS ACCESS TO WORK CO

SHARE WORK DATA DURING BBM VID

WORK DOMAINS, WORK NETWORK U

EMAIL PROFILES

CERTIFICATES & CIPHERS & S/MIME

HASH & ENCRYPTION ALGS AND KEY P

TASK/MEMO/CALENDAR/CONTACT/D

WI-FI PROFILES

ACCESS POINT, DEFAULT GATEWAY, D

PROXY PASSWORD/PORT/SERVER/SU

VPN PROFILES

PROXY, SCEP, AUTH PROFILE PARAMS

TOKENS, IKE, IPSEC OTHER PARAMS

PROXY PORTS, USERNAME, OTHER PA

MDM . Extend your device security capa

BlackBerry (new, 10, QNX) CONTROLLED7 GROUPSONLY

d d

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

34/52

THERE 55 GROUPS CONTROLLED IN ALL

EACH GROUP CONTAINS FROM 10 TO 30 UNITS

ARE CONTROLLED TOO

EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs

INSTEAD OF A WAY DISABLE/ENABLED &HIDE/UNHIDE

EACH EVENT IS

CONTROLLED BY CERTAIN PERMISSION

ALLOWED TO CONTROL BY SIMILAR

PERMISSIONS TO BE MORE FLEXIBLE

DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME

MORE THAN OTHER DOCUMENTS

EACH UNIT CANT CONTROL ACTITSELF

CREATE, READ, WRITE/S

DELETE ACTIONS IN REG

MESSAGES LEAD TO SPO

REQUESTING A MESSAG

ONLY SOME PERMISSIONS ARE

DELETE ANY OTHER APP

SOME PERMISSIONS ARE

WHICH 3RD PARTY PLUGI

IN, INSTEAD OF THAT PLU

MDM . Extend your device security capa

Blackberry(old) Huge amountofpermissions are MD

[ l b l f d ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

35/52

[ Vulnerabilities of OS and apps ]

0

1

2

3

4

5

6

7

8

9

10

2004

2005

2007

2007

2007

2008

2008

2008

2008

2008

2009

2009

2009

2009

2009

2009

2009

2009

2009

2010

2010

2010

2010

2010

2010

2010

2010

2011

2011

2011

2011

2011

2011

2011

2012

2012

2012

2012

2012

2012

2012

2012

2012

2012

2012

2012

2012

2013

2013

2013

2 0 1 3

Score - iOS Score - Android Score - BB

[ V l bili i f OS d ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

36/52

[ Vulnerabilities of OS and apps ]

iOS Average, 6.3

Android Average, 8.2

BB-Average, 6.3

iOS Min, 1.2

Android Min, 1.9BB Min

Min & Average Score

MIN & AVERAGE SCORE

[ APPLICATION AUDIT APP ANALYSIS TO

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

37/52

HOW MANY THE TOOLS ARE(approximately):

iOS 10

ANDROID 50

WINDOWSPHONE 40 BLACKBERRY - 10

QUANTITY OF BUGS /SECURITY FLAWS

AVERAGE 50

MIN 20

MAX INFINITY

BUGS TYPE (LIKELY)

OBVIO

LIKELY

WARN(CHECK

[ APPLICATION AUDIT , APP ANALYSIS TO

HEY DUDE, WHY IS IT VULNERABLE AGAIN? SORRY, BOSS, IHAD JUST BEEN COMMITED A

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

38/52

S i & Effi i

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

39/52

Permissions

BlackBerryWindows Android iOS

MDM

BlackBerry (old) iOS BlackBerry (new)Windows

Vulnerabilities

BlackBerryWindows iOS Android

Severity & Efficiency

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

40/52

Account

country code, phone number

Device Hardware Key

login / tokens of Twitter & Facebook

Calls history

Name + internal ID

Duration + date and time

Address book

Quantity of contacts / viber-contacts

Full name / Email / phone numbers

Messages

Conversations

Quantity of message

per conversations

Additional participan

phone)

Messages

Date & Time

content of message

ID

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

41/52

Account

country code, phone number

login / tokens Facebook wasnt revealed

Buy me for.$$$

Avatars :: phone+@s.whatsapp.net.j (jfif)

Address book

No records of address book were revealed

Check log-file and find these records (!)

Messages

Messages

Date & Time

content of message

ID :: phone@s.whats

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

42/52

Account

Phone number

Password, secret code werent revealed

Trace app, find the methods use it

Repack app and have a fun

No masking of data typed Information

Amount

Full info in history section (incl. info about

who receive money)

Connected cards

Encryption?

No

Bank cards

Masked card number

Qiwi Bank cards Full & masked numbe

Cvv/cvc

All other card info

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

43/52

Account

ID , email, password

Information

Loyalty (bonus) of your membership

all you ever type

Date of birth

Passport details

Book/order history

Routes,

Date and time,

Bonus earning

Full info per each order

Connected cards

Encryption?

AES

256 bit

On password

anywayanydayanywa

Store in plaintext

Sizeof(anywayanyday

192 bit

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

44/52

Account

ID ,bonus card number, password not revealed

Other id & tokens

Information

Date of birth

Passport details

History (airlines, city, flight number only)

Flights tickets, logins credentials

Repack app and grab it

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

45/52

Account

ID , password

Loyalty (bonus) card number

Information

Not revealed (tickets, history or else)

Repack app

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

46/52

Account

ID , email, password

Other id & tokens

Information

Loyalty (bonus) of your membership

all you ever type

Date of birth

Passport details

All PASSPORT INFO (not only travel data)

Your work data (address, job, etc.) you have never typed! (except preparing member c

Flights tickets

Repack app and grab it

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

47/52

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

48/52

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

49/52

Account ::: PIN , Names, Status "74afbe19","Yury Chemerkin, "*fly*, "@ Holiday Inn (M Information

Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","

Transferred files "RemotePin, "Path","ContentType, "image/jpeg, "234

"/storage/sdcard0/Android/data/com.skype.raider/cache/photo_138373177190

Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF

Invitations: "Pin","Greeting","Timestamp",LocalPublicKey/PrivateKey","EncryptionKey

Messages (Date, Text,) :: "1383060689","Gde","Edu k metro esche, probka tut","Park

","Belorusskaja","" Logs

Revealing PINs, Email, device information,

Applications actions associated with applications modules *.c files, *.so, etc.

It helps to analyze .apk in future

[ APPLICATION EXAMINATION ]

ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

50/52

CONCLUSION

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

51/52

DENIAL OF SERVICE

REPLACING/REMOVING FILES

DOSing EVENTs, GUI INTERCEPT INFORMATION DISCLOSURE

CLIPBOARD, SCREEN CAPTURE

GUI INTERCEPT

SHARED FOLDERS

DUMPING .COD/.BAR/APK FILES

MITM (INTERCEPTION / SPOOFI

MESSAGES

GUI INTERCEPT, THIRD PA

FAKE WINDOW/CLICKJAC

GENERAL PERMISSIONS

INSTEAD OF SPECIFIC SU

A FEW NOTIFICATION/EV

USER

BUILT PER APPLICATION

SCREENs

CONCLUSION

PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY APP

http://scribd.com/ychemerkinhttp://scribd.com/ychemerkin

8/13/2019 (PDF) Yury Chemerkin Hackfest.ca 2013

52/52

Q & A

https://plus.google.com/108216608239392698703https://plus.google.com/108216608239392698703mailto:yury.s@chemerkin.commailto:yury.s@chemerkin.comhttps://twitter.com/sto_bloghttps://twitter.com/sto_bloghttps://twitter.com/yury.chemerkinhttps://twitter.com/yury.chemerkinhttp://scribd.com/ychemerkinhttp://scribd.com/ychemerkinhttps://www.facebook.com/yury.chemerkinhttps://www.facebook.com/yury.chemerkinhttp://www.slideshare.net/YuryChemerkin/http://www.slideshare.net/YuryChemerkin/http://www.linkedin.com/in/yurychemerkinhttp://www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com/http://sto-strategy.com/http://eforensicsmag.com/http://eforensicsmag.com/http://pentestmag.com/http://pentestmag.com/http://hakin9.org/http://hakin9.org/