Upload
sto-strategy
View
224
Download
0
Embed Size (px)
Citation preview
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 1/23
VULNERABILITY ELIMINATION BY FO
NEW MO
SECURITY
RES
YU
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 2/23
Experienced in :
Reverse Engineering & AV
Software Programming & Documentation
Mobile Security and MDM
Cyber Security & Cloud Security
Compliance & Transparency and Security Writing
Hakin9 Magazine, PenTest Magazine, eForensics Magazine,
Groteck Business Media
Participation at conferences
InfoSecurityRussia, NullCon, AthCon, PHDays
CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec
ICITST, CyberTimes, ITA, I-Society
[ Yury Chemerkin ]
www.linkedin.com/in/yurychemerkin
http://sto
-
strategy.com yury.chemerk
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 3/23
BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND AN
UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE
DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMOR
ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE
PROTECTION OF APPLICATION DATA USING SANDBOXING
MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES
BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND
BLACKBERRY SECURITY ENVIRONME
BLACKBERRY EVALUATES EVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 4/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 5/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 6/23
CAMERA AND VIDEO
HIDE THE DEFAULT CAMERA APPLICATION
PASSWORD
DEFINE PASSWORD PROPERTIES
REQUIRE LETTERS (incl. case)
REQUIRE NUMBERS
REQUIRE SPECIAL CHARACTERS
DELETE DATA AND APPLICATIONS FROM THEDEVICE AFTER
INCORRECT PASSWORD ATTEMPTS
DEVICE PASSWORD
ENABLE AUTO-LOCK
LIMIT PASSWORD AGE
LIMIT PASSWORD HISTORY
RESTRICT PASSWORD LENG
MINIMUM LENGTH FOR TPASSWORD THAT IS ALLOW
ENCRYPTION
APPLY ENCRYPTION RULES
ENCRYPT INTERNAL DEVIC
TOUCHDOWN SUPPORT
MICROSOFT EXCHANGE SY
EMAIL PROFILES
ACTIVESYNC
BLACKBERRY CAPABILITES - ANDRO
CONTROLLEDFOUR GROUPS ONLYbyBlackBerry CONTROLLED74 OUT200 APIsONLY
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 7/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 8/23
BROWSER
DEFAULT APP,
AUTOFILL, COOKIES, JAVASCRIPT, POPUPS
CAMERA, VIDEO, VIDEO CONF
OUTPUT, SCREEN CAPTURE, DEFAULT APP
CERTIFICATES (UNTRUSTED CERTs)
CLOUD SERVICES
BACKUP / DOCUMENT / PICTURE / SHARING
CONNECTIVITY
NETWORK, WIRELESS, ROAMING
DATA, VOICE WHEN ROAMING
CONTENT
CONTENT (incl. EXPLICIT)
RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
MESSAGING (DEFAULT APP)
BACKUP / DOCUMENT PICTURE / SHA
ONLINE STORE
ONLINE STORES , PURCHASES, PASSW
DEFAULT STORE / BOOK / MUSIC APP
MESSAGING (DEFAULT APP)
PASSWORD (THE SAME WITH ANDROID, NEW BLA
PHONE AND MESSAGING (VOICE DIALING)
PROFILE & CERTs (INTERACTIVE INSTALLATION)
SOCIAL (DEFAULT APP)
SOCIAL APPS / GAMING / ADDING FRI
DEFAULT SOCIAL-GAMING / SOCIAL-V
STORAGE AND BACKUP
DEVICE BACKUP AND ENCRYPTION
VOICE ASSISTANT (DEFAULT APP)
BLACKBERRY CAPABILITES - iOS
CONTROLLED16 GROUPSONLY by BlackBerry that‘s QUITE SIMLIAR to APPLE MDM
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 9/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 10/23
GENERAL
MOBILE HOTSPOT AND TETHERING
PLANS APP, APPWORLD
PASSWORD (THE SAME WITH ANDROID, iOS)
BES MANAGEMENT (SMARTPHONES, TABLETS)
SOFTWARE
OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER
TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE
BBM VIDEO ACCESS TO WORK NETWORK
VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK
SECURITY
WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
VOICE CONTROL & DICTATION IN WORK & USER APPS
BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
PERSONAL SPACE DATA ENCRYPTION
NETWORK ACCESS CONTROL FOR WO
PERSONAL APPS ACCESS TO WORK CO
SHARE WORK DATA DURING BBM VID
WORK DOMAINS, WORK NETWORK U
EMAIL PROFILES
CERTIFICATES & CIPHERS & S/MIME
HASH & ENCRYPTION ALGS AND KEY P
TASK/MEMO/CALENDAR/CONTACT/D
WI-FI PROFILES
ACCESS POINT, DEFAULT GATEWAY, D
PROXY PASSWORD/PORT/SERVER/SU
VPN PROFILES
PROXY, SCEP, AUTH PROFILE PARAMS
TOKENS, IKE, IPSEC OTHER PARAMS
PROXY PORTS, USERNAME, OTHER PA
BLACKBERRY CAPABILITES–BLACKBERR
CONTROLLED7 GROUPSONLY by BlackBerry that‘s NOT ENOUGH TO MANAGE A
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 11/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 12/23
THERE 55 GROUPS CONTROLLED IN ALL
EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO
EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED &
EACH EVENT IS
CONTROLLED BY CERTAIN PERMISSION
ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE
DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS
EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF
‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LE
BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY
SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)
SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDD
THAT PLUGIN
BLACKBERRY CAPABILITES–BLACKBERR
INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MD
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 13/23
BlackBerry Old iOS BlackBerry QNX
Quantity of Groups 55 16 7
Average perm per group 20 5 7
Efficiency 80,00 38,46 31,82
Totall permissions 1100 80 49
55
16
7 20
5 7
80,00
38,4631,82
1100
80
49
0
10
20
30
40
50
60
70
80
90
100
BlackBerry MDM
Quantity of Groups Average perm per group Efficiency Totall permiss
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 14/23
OLD BB: MERGING PERMISSIONS INTO GROUPS
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATES
QNX-BB: SCREEN CAPTURE
IS ALLOWED VIA HARDWARE BUTTONS ONLY
NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES
LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGG
OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED
ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION
QNX-BB: OFFICIALLY ANNOUNCED SANDBOX
MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECU
SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDE
ISSUES : USELESS SOLUTIONS - I
USERFULL IDEAS AT FIRST GLANCE BUT INSTEAD MAKE NO SENSE
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 15/23
OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME
HAS ENCRYPTED COMMUNICATION SESSIONS
STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)
INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)
UPGRADE FEATURE AFFECT EVERYTHING
UPDATE APP THAT CALLS THIS API – USE GENERAL API
REMOVE APP THAT CALLS THIS APPS – USE GENERAL API
REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION
HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE
OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)
REVEAL THE DATA IN REAL TIME BY ONE API CALL
NATIVE WALLETS PROTECTS BY RETURNING NJULL
WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS
EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
ISSUES : USELESS SOLUTIONS - II
USERFULL IDEAS AT FIRST GLANCE BUT INSTEAD MAKE NO SENSE
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 16/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 17/23
INITIALLY BASED ON AUTHORIZED API COVERED
ALL PHYSICAL & NAVIGATION BUTTONS
TYPING TEXTUAL DATA, AFFECT ALL APPs
SECONDARY BASED ON ADDING THE MENU ITEMS
INTO THE GLOBAL / “SEND VIA” MENU
AFFECT ALL NATIVE APPLICATIONS
NATIVE APPs ARE DEVELOPED BY BLACKBERRY
WALLETS, SOCIAL, SETTINGS, IMs,…
GUI EXPLOITATION
REDRAWING THE SCREENS
GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD
FIELD)
ADDING, REMOVING THE FIELD DATA
ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED
ADDING GUI OBJECTS BUT NOT SHUFFLING
KASPERSKY MOBILE SECURITY PROVIDES
FIREWALL, WIPE, BLOCK, INFO FEA
NO PROTECTION FROM REMOVIN
SIMULATOR
EXAMING THE TRAFFIC, B
JUST SHOULD CHECK API
SMS MANAGEMENT VIA “QUITE” S
PASSWORD IS 4 –16 DIGITS,AND M
SMS IS A HALF A HASH VALUE OF
IMPLEMENTATION USES TEST CRY
TABLES (VALUEHASH) ARE EA
OUTCOMING SMS CAN BE SPOOFE
NOTIFICATION, BECAUSE KMS DEL
OUTCOMING SMS BLOCK/WIPE TH
ISSUES : USELESS SOLUTIONS– II
THE GUI EXPLOITATION (OLD BB)–NATIVE APPs 3RDPARTY SECURE SOLITUINS RUIN
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 18/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 19/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 20/23
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 21/23
DENIAL OF SERVICE
REPLACING/REMOVING EXEC FILES
DOS’ing EVENTs, NOISING FIELDS
GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
DUMPING .COD FILES, SHARED FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PE
A FEW NOTIFICATION/EVENT
BUILT PER APPLICATION INST
CONCRETE PERMISSIONS
BUT COMBINED INTO GENER
A SCREENSHOT PERMISSION
CAMERA
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-P
A FEW NOTIFICATION/EVENT
BUILT PER APPLICATION INST
CONCLUSION - I
PRIVILEGED GENERAL PERMISSIONS OWNAPPs, NATIVE & 3RDPARTY APP
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 22/23
SIMPLIFICATION AND REDUCING SECURITY CONTROLS
MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER
NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY
ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KER
A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS
THE SANDBOX PROTECT ONLY APPLICATION DATA
USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANC
MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY
THE NATIVE SPOOFING AND INTERCEPTION FEATURES
BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUC
THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES
PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PE
CONCLUSION - II
THEVENDOR SECURITYVISION HAS NOTHING WITH REALITY AGGRAVATED BY S
8/13/2019 (PDF) Yury Chemerkin Confidence 2013
http://slidepdf.com/reader/full/pdf-yury-chemerkin-confidence-2013 23/23
Q & A