cell phone security lite
TRANSCRIPT
![Page 1: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/1.jpg)
Your Cell Phone is Covered in Spiders
An overview of the cell phone security landscape
Cooper Quintin@cooperq
![Page 2: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/2.jpg)
We are becoming increasingly dependent on mobile devices
● We are storing more and more data on them● Pictures● Videos● Contacts● Email● Social Graphs● Location History● Etc
![Page 3: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/3.jpg)
●As the amount of data increases● The complexity increases● The desirability increases● The number of vulnerabilities increases
![Page 4: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/4.jpg)
And there are a lot of vulnerabilities!
![Page 5: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/5.jpg)
Things to Keep in Mind
If an attacker gains physical access phone can and will be completely compromised.
Also, you should assume that your phone will be compromised at some point.
Generally, you will be safest if you just take the attitude that YOU SHOULD NOT TRUST YOUR
PHONE
![Page 6: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/6.jpg)
Security is a Journey Not a Destination
The more hurdles that you put up, the harder you make it for an attacker.
Time to compromise > Determination of attacker
Don't get demoralized! There are many things you can do to improve your security.
![Page 7: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/7.jpg)
Threat Model●Random attacks
● Malicious apps ● Stolen / Lost phone
●Targeted attacker ● Law Enforcement● Corporate Espionage● Personal Enemies
●Signal Interception●Your Phone Company
![Page 8: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/8.jpg)
Burner Phones● No encryption● Trivial for Forensic Investigators● Closed Source● Usually no Screen Lock
![Page 9: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/9.jpg)
iPhoneThe Bad
● Closed source● Very little in the way of security apps● Default screen lock is a four digit number ● Privacy tools that aren't free or open source
The Good● There is a stronger screen lock that can be enabled● A couple of decent privacy apps● Less Malware
![Page 10: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/10.jpg)
BlackBerry● BEST USED IN COMBINATION WITH BES
● Otherwise about as good as any other smartphone
● BBM and Pin to Pin messaging NOT SECURE
– Not encrypted, just 'scrambled'
– RIM can read all of your messages if a govt demands● Your data is only as secure as the company is trustworthy
● RIM admitted to providing backdoors to govt. in India and has helped UK and middle east govts.
● Less Malware
● Without BES, Security on Blackberry is not so good.
![Page 11: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/11.jpg)
Android● IMO The best phone for security● Open source● Lots of security tools● Lots of encryption tools● Full Disk Encryption● Good security options● Guardian Project● Your data is in the hands of google● How much do you trust google?
![Page 12: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/12.jpg)
Lets Talk About Threat Models Again
![Page 13: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/13.jpg)
Law Enforcement Investigators are Looking for:
● Subscriber & Equipment Identifiers ● Contacts ● Appointment Calendar ● SMS, Text Messages, Instant Messages, Email● Call Logs● Photos, Audio and Video● Documents● Location Data
![Page 14: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/14.jpg)
Forensic Methods
● Recovering screen lock ● Recovery Mode● Cellbrite and UFED● JTAG
![Page 15: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/15.jpg)
Solutions●Have a strong screen lock and a short timeout●Don't tell them your password●Encryption (Text Secure, LUKS, Device encryption)
![Page 16: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/16.jpg)
Signal InterceptionThreats●Fake Cellular Towers / Drones●USRP/GNU Radio●Snooping as a Service●Cellular companies will provide wiretaps without even a warrant●Insecure apps like BBM and whatsapp
Solutions● Encrypted Calls (PrivateGSM, Redphone,
SilentCircle )● Encrypted Text on Android (Textsecure)● Talk in Person (This is the Most Secure)
![Page 17: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/17.jpg)
Lost and Stolen Phones● Phone Finding and Remote Wipe
● Android: Lookout, Prey ● BlackBerry Protect● Find My Iphone
● Strong Screen lock● Will not stop a sophisticated attacker
● Report to The Provider?● They probably don't give a damn.
![Page 18: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/18.jpg)
MalwareVendor and Espionage malware
● This stuff is extremely sophisticated● FinFisher● CarrierIQ
● Voodo carrierIQ
Standard, untargeted malware● Personal Data Theft● Premium SMS● The usual suspects (spyware, trojans, phishing)● Facebook, Angry Birds?
![Page 19: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/19.jpg)
Malware Solutions● Be careful what you install!
● Don't install apps from untrusted sources
● Don't run updates when on insecure networks
● Anti Virus won't save you!
● Don't assume that because you have an iPhone or Blackberry that you are immune to malware
● Use the same precautions as you would on any computer.
![Page 20: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/20.jpg)
Other Attacks● NFC● QR Phishing● Baseband Attacks
![Page 21: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/21.jpg)
Disk Encryption●Exists on Android●Exists on Blackberry if you have BES●Does not exist on iPhone●Vulnerable to many different attacks●You should NOT rely solely on disk encryption.
![Page 22: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/22.jpg)
Call Encryption
● SecureGSM ● Android: Redphone, OSTN
![Page 23: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/23.jpg)
To Root or Not to Root(AKA Jailbreaking)
Rooting your phone is the process of gaining super administrator control over your phone.
This means you can doANYTHING YOU WANT
To your phone.
Including mess it up in fantastic ways!
![Page 24: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/24.jpg)
To Root or Not to Root
The Good
● Custom Firmware
● Better Security Tools
● Remove Spyware
● More Cool Apps
● Performance Improvements
● Tinkering is Fun!
The Bad
● Can significantly decrease security
● You can permanently break your phone
● Will Void Your Warranty
![Page 25: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/25.jpg)
In Conclusion...● It's healthy to be paranoid about your phone● Don't loose your phone!● Trust what you install (Open Source)● Root and install custom firmware● Use a stronger screen lock● Audit your phone● Encrypt Everything!
![Page 26: Cell phone security lite](https://reader033.vdocuments.site/reader033/viewer/2022060201/559a44321a28ab250a8b4641/html5/thumbnails/26.jpg)
Thank You!
Cooper [email protected]: @cooperqJabber: [email protected]: 9B3470B9 B1F10651 B5840FEB 026D6CF7 2D949F6FPGP: 75FB9347 FA4B22A0 5068080B D0EA7B6F F0AFE2CA