SlideShare uma empresa Scribd logo
1 de 40
Baixar para ler offline
Attacking BlackBerry
                           for phun and profit




                                                y3dips[et]echo.or.id


Sunday, November 8, 2009
y3dips

                   • A Bandwidth Hunter ... A Renegade
                   • IT Security fans for more than 7 year
                   • http://google.com/search?q=y3dips


Sunday, November 8, 2009
BlackBerry

                   • Push Email
                   • Wireless
                           Messaging System
                   • Phone, SMS,
                           Cameras,
                           Browsing



Sunday, November 8, 2009
BlackBerry

                   • Photos
                   • Emails
                   • Sms
                   • Phone log
                   • Contact

Sunday, November 8, 2009
BlackBerry


                   • BlackBerry Enterprise Server (BES)
                   • BlackBerry Internet Service (BIS)


Sunday, November 8, 2009
Diagram




                           http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif




Sunday, November 8, 2009
BB Proxy

                   • Attack BES network
                   • Defcon 2006 presented by Jesse D’aguanno
                   • Making a Blackberry Device as a gateway to
                           internal Network




Sunday, November 8, 2009
Attacking Anatomy

                            Server      Apps Server               BB User
                                                  INTERNAL LAN




                                                       Firewall



                                                 INTERNET



                             Attacker

Sunday, November 8, 2009
Attacking Anatomy

                            Server      Apps Server                               BB User
                                                  INTERNAL LAN


                                                                  Connecting into Attacker
                                                                  Computer


                                                       Firewall



                                                 INTERNET



                             Attacker

Sunday, November 8, 2009
Attacking Anatomy
                                                 Connecting into App Server


                            Server      Apps Server                               BB User
                                                  INTERNAL LAN


                                                                  Connecting into Attacker
                                                                  Computer


                                                       Firewall



                                                 INTERNET



                             Attacker

Sunday, November 8, 2009
Attacking Anatomy
                                                        Connecting into App Server                  Device as a proxy


                            Server       Apps Server                                     BB User
                                                         INTERNAL LAN


                                                                         Connecting into Attacker
                                                                         Computer


                                                              Firewall
                              Attacker 0wned Internal
                              Network

                                                        INTERNET



                             Attacker

Sunday, November 8, 2009
Our Approach

                   • Attacking Wifi Network
                   • DNS Spoofing
                   • Ssl Tunneling - http://stunnel.org
                   • BlackBag - http://matasano.com

Sunday, November 8, 2009
DNS Spoofing


                   • Spoof dns entry into router/dns server
                    # echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts




Sunday, November 8, 2009
DNS Spoofing




Sunday, November 8, 2009
Stunnel

                   • Setup 2 SSL connection
                    • SSL Connection from BB device to
                             Attacker machine
                           • SSL Connection from Attacker machine
                             to BB Real Server



Sunday, November 8, 2009
Stunnel


               • Setup 2 SSL connection
                # stunnel -d 443 -r localhost:8888
                # stunnel -c -d 8889 -r 216.9.240.88:443




Sunday, November 8, 2009
BlackBag


                   • Glue the tunnel back
                    # bkb replug -b localhost:8889@8888




Sunday, November 8, 2009
BlackBag




Sunday, November 8, 2009
Attacking Anatomy


                            search rcp.ap.blackberry.com
                                                                       DNS Server



                                                                                    rcp.ap.blackberry.com
                                                                                         216.9.240.88
                                       WIFI


                                                                                     RIM Network

                                                           Attacker - 133.7.133.7




Sunday, November 8, 2009
Attacking Anatomy

                                                                        rcp.ap.blackberry.com
                                                                        133.7.133.7
                            search rcp.ap.blackberry.com
                                                                       DNS Server



                                                                                                rcp.ap.blackberry.com
                                                                                                     216.9.240.88
                                       WIFI


                                                                                                 RIM Network

                                                           Attacker - 133.7.133.7




Sunday, November 8, 2009
Attacking Anatomy

                                                                        rcp.ap.blackberry.com
                                                                        133.7.133.7
                            search rcp.ap.blackberry.com
                                                                       DNS Server



                                                                                                rcp.ap.blackberry.com
                                                                                                     216.9.240.88
                                                       Tcp/443
                                       WIFI            Tcp/8888

                                                                               Tcp/443
                                                                                                 RIM Network
                                                                               Tcp/8889


                                                           Attacker - 133.7.133.7




Sunday, November 8, 2009
Viewable




Sunday, November 8, 2009
Viewable




Sunday, November 8, 2009
Result




Sunday, November 8, 2009
Result

                   • Clear Text Sender PIN
                   • Clear Text Recipient PIN
                   • Clear Text Message type
                   • Encrypted Data

Sunday, November 8, 2009
Impact

                   • Spam? until DDOS
                   • PIN abuse; such as cloning
                   • Blackmail; identity thief, logs
                   • Email and PIN Mapping

Sunday, November 8, 2009
Next

                   • More Data to analyze (different type)
                   • Attack the Encryption?
                   • Another Infrastructur attacking Scenario


Sunday, November 8, 2009
Confession




Sunday, November 8, 2009
Raw Data




Sunday, November 8, 2009
Mal(Spy)ware

                   • The Most Famous Etisalat Issue
                   • Firmware Update
                   • Reverse by some researcher
                   • 100% Spyware

Sunday, November 8, 2009
Mal(Spy)ware




Sunday, November 8, 2009
POC
                   • Provided by Sheran Gunasekera @HITB
                           2009
                   • Bugs - Forwarding Emails
                   • PhoneSnoop - Turn your BB into Spy
                           devices
                   • http://chirashi.zensay.com

Sunday, November 8, 2009
Bugs




Sunday, November 8, 2009
Summary

                   • 0wned a blackberry with $20 (USD)
                   • Social Engineering rulez!
                   • BlackBerry User awareness


Sunday, November 8, 2009
Case Stories




Sunday, November 8, 2009
Case Stories




Sunday, November 8, 2009
Case Stories




Sunday, November 8, 2009
Mitigation
                   • Password Your Device
                   • Turn On Firewall
                   • Encrypt your Data/Media Card
                   • Controlling downloded application
                   • Protecting GPS location
                   • Connect to Legitimate Wifi Network
Sunday, November 8, 2009
References
                   •       Attack Surface Analysis of Blackberry Devices - symantec

                   •       BlackBerry: Call to Arms, some provided - Ftr & FX of
                           Phenoelit

                   •       BlackJaking:0wning the Enterprise via BlackBerry - x30n

                   •       Bugs & Kissess: Spying on Blackberry User for Fun - Sheran
                           Gunasekera

                   •       Seberapa Amankah Infrastruktur WIFI Blackberry device anda
                           - y3dips & chopstick




Sunday, November 8, 2009
Greetz

                   • Hermis Consulting
                   • Sheran Gunasekera
                   • staff@echo.or.id
                   • Info Komputer

Sunday, November 8, 2009

Mais conteúdo relacionado

Semelhante a Attacking Blackberry For Phun and Profit

Mobile Web App Development
Mobile Web App DevelopmentMobile Web App Development
Mobile Web App DevelopmentBrian LeRoux
 
Vertically Challenged
Vertically ChallengedVertically Challenged
Vertically ChallengedAurynn Shaw
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009ClubHack
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutionshemantchaskar
 
Post globe 2010 fifthlight
Post globe 2010 fifthlightPost globe 2010 fifthlight
Post globe 2010 fifthlightONEIA
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Fernand Galiana
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to GearmanGiuseppe Maxia
 
AFCEA West Demonstration
AFCEA West DemonstrationAFCEA West Demonstration
AFCEA West DemonstrationJon Marcy
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 

Semelhante a Attacking Blackberry For Phun and Profit (17)

Mobile Web App Development
Mobile Web App DevelopmentMobile Web App Development
Mobile Web App Development
 
Vagrant at LA Ruby
Vagrant at LA RubyVagrant at LA Ruby
Vagrant at LA Ruby
 
Vertically Challenged
Vertically ChallengedVertically Challenged
Vertically Challenged
 
Don Schwarz App Engine Talk
Don Schwarz App Engine TalkDon Schwarz App Engine Talk
Don Schwarz App Engine Talk
 
Gearman For Beginners
Gearman For BeginnersGearman For Beginners
Gearman For Beginners
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009
 
20091014 Google Wave
20091014 Google Wave20091014 Google Wave
20091014 Google Wave
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Post globe 2010 fifthlight
Post globe 2010 fifthlightPost globe 2010 fifthlight
Post globe 2010 fifthlight
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python Presentation
 
Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?Rhouse - Home automation is ruby ?
Rhouse - Home automation is ruby ?
 
Quick Introduction to Gearman
Quick Introduction to GearmanQuick Introduction to Gearman
Quick Introduction to Gearman
 
AFCEA West Demonstration
AFCEA West DemonstrationAFCEA West Demonstration
AFCEA West Demonstration
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
 
Intercloud ptc 13
Intercloud   ptc 13Intercloud   ptc 13
Intercloud ptc 13
 
Btree Nosql Oak
Btree Nosql OakBtree Nosql Oak
Btree Nosql Oak
 

Mais de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 

Mais de Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 

Último

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 

Último (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 

Attacking Blackberry For Phun and Profit

  • 1. Attacking BlackBerry for phun and profit y3dips[et]echo.or.id Sunday, November 8, 2009
  • 2. y3dips • A Bandwidth Hunter ... A Renegade • IT Security fans for more than 7 year • http://google.com/search?q=y3dips Sunday, November 8, 2009
  • 3. BlackBerry • Push Email • Wireless Messaging System • Phone, SMS, Cameras, Browsing Sunday, November 8, 2009
  • 4. BlackBerry • Photos • Emails • Sms • Phone log • Contact Sunday, November 8, 2009
  • 5. BlackBerry • BlackBerry Enterprise Server (BES) • BlackBerry Internet Service (BIS) Sunday, November 8, 2009
  • 6. Diagram http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif Sunday, November 8, 2009
  • 7. BB Proxy • Attack BES network • Defcon 2006 presented by Jesse D’aguanno • Making a Blackberry Device as a gateway to internal Network Sunday, November 8, 2009
  • 8. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Firewall INTERNET Attacker Sunday, November 8, 2009
  • 9. Attacking Anatomy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 10. Attacking Anatomy Connecting into App Server Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall INTERNET Attacker Sunday, November 8, 2009
  • 11. Attacking Anatomy Connecting into App Server Device as a proxy Server Apps Server BB User INTERNAL LAN Connecting into Attacker Computer Firewall Attacker 0wned Internal Network INTERNET Attacker Sunday, November 8, 2009
  • 12. Our Approach • Attacking Wifi Network • DNS Spoofing • Ssl Tunneling - http://stunnel.org • BlackBag - http://matasano.com Sunday, November 8, 2009
  • 13. DNS Spoofing • Spoof dns entry into router/dns server # echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts Sunday, November 8, 2009
  • 15. Stunnel • Setup 2 SSL connection • SSL Connection from BB device to Attacker machine • SSL Connection from Attacker machine to BB Real Server Sunday, November 8, 2009
  • 16. Stunnel • Setup 2 SSL connection # stunnel -d 443 -r localhost:8888 # stunnel -c -d 8889 -r 216.9.240.88:443 Sunday, November 8, 2009
  • 17. BlackBag • Glue the tunnel back # bkb replug -b localhost:8889@8888 Sunday, November 8, 2009
  • 19. Attacking Anatomy search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 20. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 WIFI RIM Network Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 21. Attacking Anatomy rcp.ap.blackberry.com 133.7.133.7 search rcp.ap.blackberry.com DNS Server rcp.ap.blackberry.com 216.9.240.88 Tcp/443 WIFI Tcp/8888 Tcp/443 RIM Network Tcp/8889 Attacker - 133.7.133.7 Sunday, November 8, 2009
  • 25. Result • Clear Text Sender PIN • Clear Text Recipient PIN • Clear Text Message type • Encrypted Data Sunday, November 8, 2009
  • 26. Impact • Spam? until DDOS • PIN abuse; such as cloning • Blackmail; identity thief, logs • Email and PIN Mapping Sunday, November 8, 2009
  • 27. Next • More Data to analyze (different type) • Attack the Encryption? • Another Infrastructur attacking Scenario Sunday, November 8, 2009
  • 30. Mal(Spy)ware • The Most Famous Etisalat Issue • Firmware Update • Reverse by some researcher • 100% Spyware Sunday, November 8, 2009
  • 32. POC • Provided by Sheran Gunasekera @HITB 2009 • Bugs - Forwarding Emails • PhoneSnoop - Turn your BB into Spy devices • http://chirashi.zensay.com Sunday, November 8, 2009
  • 34. Summary • 0wned a blackberry with $20 (USD) • Social Engineering rulez! • BlackBerry User awareness Sunday, November 8, 2009
  • 38. Mitigation • Password Your Device • Turn On Firewall • Encrypt your Data/Media Card • Controlling downloded application • Protecting GPS location • Connect to Legitimate Wifi Network Sunday, November 8, 2009
  • 39. References • Attack Surface Analysis of Blackberry Devices - symantec • BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit • BlackJaking:0wning the Enterprise via BlackBerry - x30n • Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera • Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick Sunday, November 8, 2009
  • 40. Greetz • Hermis Consulting • Sheran Gunasekera • staff@echo.or.id • Info Komputer Sunday, November 8, 2009