Presented Talk : PoC(k)ET, les détails d'un rootkit pour Windows Mobile 6. Sogeti - ESEC R&D



Similar documents
Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Bring Your Own Device Bring Your Own Data? Thursday 10th April 2014 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co

Mobile Operating Systems. Week I

How To Secure Your Smartphone Applications

Middleware- Driven Mobile Applications

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Industry Analysis of the Nigerian Mobile Technology Development

Data Synchronization in Mobile Computing Systems Lesson 06 Synchronization Software HotSync, ActiveSync and Intellisync

Mobile Phones Operating Systems

Mobile Device Management and Security Glossary

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Feature List for Kaspersky Security for Mobile

... Lecture 11. Market Overview of Mobile Operating Systems and Security Aspects. Mobile Business I (WS 2014/15) Prof. Dr.

Kaspersky Lab Mobile Device Management Deployment Guide

BYOD: End-to-End Security

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Tutorial on Smartphone Security

Analysis of advanced issues in mobile security in android operating system

Version 1.3. Kaspersky Lab FOR INTERNAL USE ONLY

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

FortiClient dialup-client configurations

Mobile Device Management Glossary.

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Fromdistance MDM. Setting the standard in device management

BlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note

Chris Boykin VP of Professional Services

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

introducing The BlackBerry Collaboration Service

IT Research BYTE. Extending the Reach of Instant Messaging to Mobile Devices. Key Enablers for Mobile IM within Ford

Review and Evaluation of Performance Measures in the Mobile Operating Systems

Secure Your Mobile Workplace

Kaspersky Security 10 for Mobile Implementation Guide

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Pentesting Mobile Applications

esarinformation Systems Simplifying your Technology Mobile Applications Development Profile

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Xperia TM and apps


Thanks for joining We ll start at 10am

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

Trust Digital Best Practices

Certified Ethical Hacker Exam Version Comparison. Version Comparison

How To Protect Your Mobile Device From Attack

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Mobile Application Security

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual

Mobile Operating Systems Lesson 05 Windows CE Part 1

Mobile Device Management

Successful Mobile Deployments Require Robust Security

A state-of-the-art solution that brings mobility to SCADA alarms

THE ENTERPRISE MOBILITY POLICY GUIDEBOOK

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

Penetration Testing for iphone Applications Part 1

Loophole+ with Ethical Hacking and Penetration Testing

Mitel Unified Communicator Advanced

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Mobile Application Security Sharing Session May 2013

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Click to edit Master title style

Symantec Mobile Management 7.1

Smartphone Enterprise Application Integration

Good for Enterprise Good Dynamics

Bell Mobile Device Management (MDM)

Mobile Operating Systems Lesson 07 Symbian OS

Develop Once, Deploy Anywhere

FORBIDDEN - Ethical Hacking Workshop Duration

Xperia TM and apps

Discovering Computers

Installation Guide. Mobile Surveillance Distance makes no difference. eagleeyes_quick_v1.5

DilRoom. Improving, accelerating and simplifying the sharing of sensitive information.

X Series Application Note 43:

Fast remote data access for control of TCP/IP network using android Mobile device

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Lee Barnes, CTO Utopia Solutions. Utopia Solutions

UNIVERSITY - APPLE MACINTOSH

Windows Phone 7 from a Digital Forensics Perspective

Spyware Analysis. Security Event - April 28, 2004 Page 1

DEVICE MANAGEMENT EXTENSIONS

Security Threats for Mobile Platforms

ONE Mail Direct for Mobile Devices

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

Mobility Challenges & Trends The Financial Services Point Of View

Kaspersky Security for Mobile

Android Architecture. Alexandra Harrison & Jake Saxton

Detailed Description about course module wise:

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner IAIK

Spyware vs. Anti-Spyware

FAQ s. 2. Do I need any special hardware or software to access the tracking data?

For Businesses with more than 25 seats.

DOCUMENT REFERENCE: SQ EN. SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper. March 2014

The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager

MITEL UNIFIED COMMUNICATOR ADVANCED

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Symantec Mobile Management 7.1

Preamble: Remote Storage in Android Using SCTP

Introduction to Android

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Transcription:

Presented Talk : PoC(k)ET, les détails d'un rootkit pour Windows Cédric Halbronn, Sogeti - ESEC R&D Keywords : Rootkit, Mobile, Windows Quentin Pernier : quentin.pernier@ensimag.fr Kévin Gellenoncourt : kevin.gellenoncourt@ensimag.fr Zak Pavel : zak.pavel@ensimag.fr https://ensiwiki.ensimag.fr/index.php/4mmsr 1/17

Paper's author: Cédric Halbronn - Security engineer and researcher at Sogeti Skills - Smartphone security - Development of network/security VoIP softwares - Network - etc. 2/17

Objectives Create a rootkit proof of concept using Windows (WM 6) Why WM6? WM6 use the same APIs as Windows PC => easier to implement. Some attacks have already been done on Windows CE5 which is the kernel of WM 6 3/17

What is a Rootkit? A set of software hidden from users/programs Give an administrator access to the system Characterized by 4 steps: Injection: integration into OS Protection: hide its existence and activities Backdoor: communication with owner Services: access to camera, GPS data... 4/17

I. Environment Summary II. Technical Aspect of Windows III. Rootkit Architecture IV. Rootkit Implementation V. Rootkit Provided Services 5/17

Environment Constraints and assets comparison : PC-based Rootkit + Connectivity : Internet + Services : Wi-Fi Client, Web Browser, microphone Smartphone-based Rootkit - Limited Battery and memory +/- Connectivity : localisation by GSM, depend on the operator + Services : same as PC + 3G,GPS, Camera 6/17

Environment Operating-System (OS) on smartphone in 2012 Source : Gartner 7/17

Technical aspect of WM6 Based on Windows CE CE = Compact, Connectable,Compatible, Companion, and Efficient. PS: Compact edition,consumer electronic OS developed by Microsoft for embedded systems Same API (application programming interface) asstandard Windows Virtual memory address space(2gb kernel, 2GB user) Limited to 32 processes 8/17

Technical aspect of WM6 Registers: HKLM\Security\Policies\Policies Policy ID Description Auto run policy 2 0 (allowed), 1 (restricted) Unsigned Applications Policy 1006 1 (allowed), 0 (restricted) Unsigned Prompt Policy 101A 0 (user prompted), 1 ( ) Password Required Policy 1023 0 (required), others ( ) 9/17

Rootkit architecture 10/17

Rootkit Implementation Possibilities and choice for Injection: Remote exploitation of a vulnerability WAP Push message, Ex : Blackberry 2009 - Etisalat Bootloader Injection Smartphone access 11/17

Protection: Rootkit Implementation Auto-booting using Register Key Avoid unsigned-application notification Hide rootkit from running process list Hide files used by the rootkit using API hooking Hide the fact that the installation of the rootkit has occured 12/17

Rootkit Implementation Backdoor: Connection «User to Server» require a detection of connection TCP/IP SMS protocol definition, compression, encryption 13/17

Rootkit Provided Services Types of Services : Real-time Saved on device (GPS) Activation/Deactivation by attacker Gathering of PIM information: Contacts, SMS, Email, Call History 14/17

Limitations New release of WM : 7.5 (2011) Windows Mobile less and less used: Ventes mondiales de smartphones par systèmes d'exploitation Unités Evolution Parts de vendus T3 annuelle marché T3 2011 (en des parts de 2011 millions) marché Android 60,49 52,5% +27,2 points Symbian 19,5 16,9% -18,4 points ios 17,3 15% -1,6 point RIM 12,7 11% -4,4 points Bada 2,48 2,2% +1,1 point Microsoft 1,7 1,5% -1,2 point Autres 1,02 0,9% -1,6 point Total 115,19 100% 100% 15/17

Conclusion WM6 very permissive Permit gathering lots of information Undetected by antivirus : Airscanner, BitDefender Mobile Security, BullGard Mobile Antivirus 16/17

References www.journaldunet.com esec-lab.sogeti.com/dotclear/public/publications/10-ssticwm6_article.pdf 17/17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information