Abstract:
This presentation is about a creative approach to intrusion tests, as the popular saying would say: "–The dog is man's best friend" (he makes you feel good and secure). Let's explore the vulnerability of layer eight, the human being, subject to error and the social engineering techniques; This is an innovative method, with art and style, will be simpler than it sounds; The dog will be used as an attack tool, which will carry a mobile phone hidden along with its pectoral collar.
The attack vectors are triggered automatically without any human interaction. This may include geographically close attacks, such as fake Wi-Fi access points, cellular base stations or local user attacks on a network, we can exploit DNS hijacking, packet injection, Evil-Twin, rogue router or ISP, and many other variants. Furthermore, the target will connect to your rogue wifi access point and the rules are enabled with the DHCP configurations to allow fake AP to allocate IP address to the clients and forward traffic to a fake/malicious web-site; Then, the information can be stored easily as well the injection of malicious file to remotely control the victim.
And it's done. You can drop your hacker dog in a park and expect him to hack people for you, quietly, that's perfect!
About Rafael:
Rafael Fontes Souza aka b4ckd00r is a Senior Information Security Consultant at CIPHER. He is a core member of Cipher Intelligence Labs - the advanced security team focused on penetration testing, application security and computer forensics for premier clients. He started studying at age 13 and since then has disclosed security vulnerabilities and has received recognition and awards from major companies such as Apple, Microsoft, ESET, HP and others. Being done hundreds of successful penetration tests for various organizations, including government, banking, commercial sectors, as well the payment card industry.
4. $DISCLAIMER
All the information provided in this
presentation are only for educational
purposes.
I’m not responsible for any actions that
may occur afterwards.
I don’t speak for my employer. All the
opinions and information here are mine.
5. $REQUIREMENTS
• A supported USB wireless adapter;
• A Mobile phone compatible with NetHunter/Kali;
• 3G/4G Connection;
• The dog with a backpack or a fitted pectoral collar;
$LIMITATIONS
• Systems of protection installed in the target
devices can prevent some types of attacks.
• The version of the browser or operating system
used by the victim can prevent certain types of
attacks on some devices.
6. $AGENDA
• DiTm (Dog In The Middle)
• Hacking mobile phones
Rooted devices
Non rooted devices
• Mobile Malwares
• Social Engineering Techniques
Using QR code to RCE
• Demonstration
• Analysis of graphs
22. #HOW TO PROTECT YOURSELF?
• Check before downloading and installing if the application is true and original;
• Don’t click on links or attachments in unsolicited emails or text messages;
• Log out of sites after you have made a payment;
• Keep your operating system and apps updated;
• Use secure Wi-Fi;
• Turn off Wi-Fi, location services and Bluetooth when not in use;
• Don't jailbreak or root your device;
• Back up and encrypt your data;
• Install protection software;
23. $MICROSHIP IMPLANT
• Will a microchip tell me my pet’s
location?
• Can anyone with a scanner access
my contact information from the
chip?
34. GLOBAL OPERATING SYSTEMS MARKET SHARE
FOR PERSONAL COMPUTERS, FROM JANUARY
2013 TO FEB 2017
https://developer.android.com/
35. $NUMBER OF MOBILE PHONE USERS WORLDWIDE FROM
2013 TO 2019 (IN BILLIONS)
https://developer.android.com/
36. CONCLUSION
https://developer.android.com/
The numbers speak for me:
Billions of vulnerable people.
• Use of mobile devices has increased
every year;
• Windows operating system is the most
used in PCs;
• Android operating system is the most
used in mobile phones;
• Most operating systems are out of date;