DL
Uploaded bydrewz lin
PPTX, PDF1,264 views

Appsec2013 presentation

This document summarizes Bruno Gonçalves de Oliveira's talk on hacking web file servers for iOS. It introduces Bruno and his background in offensive security and discusses how iOS devices store a lot of information and mobile applications are often poorly designed and vulnerable. It provides examples of vulnerable file storage apps, outlines features and vulnerabilities like lack of encryption, authentication, XSS issues, and path traversal flaws. The document demonstrates exploits like unauthorized access to file systems on jailbroken devices and how to find vulnerable systems through mDNS queries. It concludes that mobile apps are the future but designers still do not prioritize security and there are too many apps for users to vet carefully.

Download to read offline
Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs
About Me #whoami • Bruno Gonçalves de Oliveira • Senior Security Consultant @ Trustwave’s SpiderLabs • MSc Candidate • Computer Engineer • Offensive Security • Talks: Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC. Hosted by OWASP & the NYC Chapter
INTRO • Smartphones – A LOT OF information – iPhone is VERY popular • Mobile Applications – (MOST) Poorly designed • Old fashion vulnerabilities Hosted by OWASP & the NYC Chapter
What are those apps? • Designed to provide a storage system to iOS devices. • Data can be transferred utilizing bluetooth, iTunes and FTP. • Easiest way: HTTP protocol. • They are very popular.
Examples
Features • Manage/Storage files • Create Albums, etc. • Share Data
VULNERABILITIES
• No encryption (SSL):
• No authentication (by default):
• (Reflected) XSS
• (Persistent) XSS
• (Persistent) XSS http://www.vulnerability-lab.com/get_content.php?id=932
• Vulnerability-Lab Advisories: http://www.vulnerability-lab.com/show.php?cat=mobile
Disclaimer • Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
• Path Traversal • WiFi HD Free Path Traversal (CVE-2013-3923) • FTPDrive Path Traversal (CVE-2013-3922) • Easy File Manager Path Traversal (CVE-20133921) You probably want to test the app that you use.
• Path Traversal (DEMO)
• Easy File Manager • Unauthorized Access to File System (CVE2013-3960)
• Unauthorized Access to File System (CVE2013-3960)
• Getting worst with a jailbroken device.
• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
• iOS 7 Security Improvement
How to find vulnerable systems mDNS Queries <= mDNS Watch for iOS
• Conclusions • Mobile Apps (already) are the future. • Mobile Apps designers still don’t care too much about security. • Too many apps, we have to take care. • Old fashion vulnerabilities still rock.

More Related Content

PPT
Remo presentatie v1
byOnno Hansen-Staszyński
 
PDF
Trial by Fire: Security @ DEF CON 21
byLookout
 
PPTX
The (almost) paperless office thomas vellacott v2
byWWF Switzerland
 
PDF
Blackhat USA Mobile Security Panel 2011
byTyler Shields
 
PPTX
Im260 computer hacking powerpoint
bycarlyxxjo55
 
PDF
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
byAsociación de Ejecutivos de Cooperativas de Puerto Rico
 
PDF
1. Mobile Application (In)security
bySam Bowne
 
PPTX
Making Secure Choices
bycharlesgarrett
 
Remo presentatie v1
byOnno Hansen-Staszyński
 
Trial by Fire: Security @ DEF CON 21
byLookout
 
The (almost) paperless office thomas vellacott v2
byWWF Switzerland
 
Blackhat USA Mobile Security Panel 2011
byTyler Shields
 
Im260 computer hacking powerpoint
bycarlyxxjo55
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
byAsociación de Ejecutivos de Cooperativas de Puerto Rico
 
1. Mobile Application (In)security
bySam Bowne
 
Making Secure Choices
bycharlesgarrett
 

What's hot

PPT
Mobile phone Data Hacking
byMd Abu Syeem Dipu
 
PPTX
Cyber crime
byNiraj Solanke
 
PDF
Information Security Professional
byAmmar WK
 
PPTX
So you want to be a wireless hacker
byCasey Dunham
 
PDF
Internet security
byAntony Mathew
 
PPTX
Ethical hacking demo
byTendai Marengereke
 
PPT
Computer Security
byGreater Noida Institute Of Technology
 
PPTX
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
byAndrew Schwabe
 
PPTX
Webinar On Ethical Hacking & Cybersecurity - Day2
byMohammed Adam
 
PPTX
Internet security
byReisn Felicite
 
PPTX
Ethical Hacking
byLalit Kumar
 
PPTX
The State Department and Net Freedom: A year of great challenges & opportunities
byFreedom House
 
PPTX
Baking Security into the Company Culture (2017)
byMike Kleviansky
 
PPTX
​Understanding the Internet of Things
byDavid Strom
 
PPTX
Cyber Safety 101
byJeff Niebaum, M.A
 
PPTX
Dark web by Pranesh Kulkarni
byPraneshKulkarni22
 
PPTX
Seven Simple Steps to Online Security
byConn Ó Muíneacháin
 
PPTX
Dark web
bySafwan Hashmi
 
PDF
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
PPTX
Android Hacking + Pentesting
bySina Manavi
 
Mobile phone Data Hacking
byMd Abu Syeem Dipu
 
Cyber crime
byNiraj Solanke
 
Information Security Professional
byAmmar WK
 
So you want to be a wireless hacker
byCasey Dunham
 
Internet security
byAntony Mathew
 
Ethical hacking demo
byTendai Marengereke
 
Computer Security
byGreater Noida Institute Of Technology
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
byAndrew Schwabe
 
Webinar On Ethical Hacking & Cybersecurity - Day2
byMohammed Adam
 
Internet security
byReisn Felicite
 
Ethical Hacking
byLalit Kumar
 
The State Department and Net Freedom: A year of great challenges & opportunities
byFreedom House
 
Baking Security into the Company Culture (2017)
byMike Kleviansky
 
​Understanding the Internet of Things
byDavid Strom
 
Cyber Safety 101
byJeff Niebaum, M.A
 
Dark web by Pranesh Kulkarni
byPraneshKulkarni22
 
Seven Simple Steps to Online Security
byConn Ó Muíneacháin
 
Dark web
bySafwan Hashmi
 
BugBounty Roadmap with Mohammed Adam
byMohammed Adam
 
Android Hacking + Pentesting
bySina Manavi
 

Viewers also liked

PDF
T4 淘宝私有云
bydrewz lin
 
PDF
Agile2012 rev4.pptx
bydrewz lin
 
PDF
Appsec usa2013 js_libinsecurity_stefanodipaola
bydrewz lin
 
PDF
淘宝软件基础设施构建实践
bydrewz lin
 
PDF
基于虚拟化技术的分布式软件测试框架
bydrewz lin
 
PDF
云存储系统设计
bydrewz lin
 
PDF
Hadoop在反作弊中的应用 林述民
bydrewz lin
 
PDF
Top100summit 支付宝-贺三元-支付宝无线快捷支付的抉择
bydrewz lin
 
PDF
Top100summit 腾讯-周健-服务化与体系化解决大量定制小项目开发困境
bydrewz lin
 
PPTX
人人网服务化与架构变迁V3
bydrewz lin
 
PDF
Agile 2012 the 0-page agile test plan - paul carvalho
bydrewz lin
 
PDF
Automated tests workshop
bydrewz lin
 
PDF
Top100summit用友 池建强-构建企业级应用开发平台
bydrewz lin
 
PPT
Mobile app security
bydrewz lin
 
PPTX
Phu appsec13
bydrewz lin
 
PDF
Via forensics appsecusa-nov-2013
bydrewz lin
 
PDF
阿里云技术实践
bydrewz lin
 
T4 淘宝私有云
bydrewz lin
 
Agile2012 rev4.pptx
bydrewz lin
 
Appsec usa2013 js_libinsecurity_stefanodipaola
bydrewz lin
 
淘宝软件基础设施构建实践
bydrewz lin
 
基于虚拟化技术的分布式软件测试框架
bydrewz lin
 
云存储系统设计
bydrewz lin
 
Hadoop在反作弊中的应用 林述民
bydrewz lin
 
Top100summit 支付宝-贺三元-支付宝无线快捷支付的抉择
bydrewz lin
 
Top100summit 腾讯-周健-服务化与体系化解决大量定制小项目开发困境
bydrewz lin
 
人人网服务化与架构变迁V3
bydrewz lin
 
Agile 2012 the 0-page agile test plan - paul carvalho
bydrewz lin
 
Automated tests workshop
bydrewz lin
 
Top100summit用友 池建强-构建企业级应用开发平台
bydrewz lin
 
Mobile app security
bydrewz lin
 
Phu appsec13
bydrewz lin
 
Via forensics appsecusa-nov-2013
bydrewz lin
 
阿里云技术实践
bydrewz lin
 

Similar to Appsec2013 presentation

PDF
Toorcon 2010: IPhone Rootkits? There's an App for That
byEric Monti
 
PPTX
Hacking mobile apps
bykunwaratul hax0r
 
PDF
CNIT 128 Ch 3: iOS
bySam Bowne
 
PPT
Mobile Security Assessment: 101
bywireharbor
 
PPTX
iOS-Application-Security-iAmPr3m
byPrem Kumar (OSCP)
 
PPTX
128-ch3.pptx
byDeepakPanchal65
 
PPTX
Mobile security part 2
byRomansh Yadav
 
PDF
A tale of mobile threats
byVincenzo Iozzo
 
PPTX
Pentesting iPhone applications
bySatish b
 
PDF
PGDAY EU 2016 workshop - privacy and security
bySteve Gill
 
PPTX
Pentesting iOS Applications
byjasonhaddix
 
PDF
Pentesting iOS Apps
byHerman Duarte
 
PPTX
Hands-On iOS Application Penetraion Testing.pptx
byAkashKatare9
 
PDF
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
PDF
Attacking and Defending Apple iOS Devices
byTom Eston
 
PDF
2a Analyzing iOS Apps Part 1
bySam Bowne
 
PDF
AITP Security SIG April 2011
byJustinNemeth
 
PDF
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
byiphonepentest
 
PPTX
Beyond the 'cript practical i os reverse engineering lascon
byNino Ho
 
PDF
CactusCon - Practical iOS App Attack and Defense
bySeth Law
 
Toorcon 2010: IPhone Rootkits? There's an App for That
byEric Monti
 
Hacking mobile apps
bykunwaratul hax0r
 
CNIT 128 Ch 3: iOS
bySam Bowne
 
Mobile Security Assessment: 101
bywireharbor
 
iOS-Application-Security-iAmPr3m
byPrem Kumar (OSCP)
 
128-ch3.pptx
byDeepakPanchal65
 
Mobile security part 2
byRomansh Yadav
 
A tale of mobile threats
byVincenzo Iozzo
 
Pentesting iPhone applications
bySatish b
 
PGDAY EU 2016 workshop - privacy and security
bySteve Gill
 
Pentesting iOS Applications
byjasonhaddix
 
Pentesting iOS Apps
byHerman Duarte
 
Hands-On iOS Application Penetraion Testing.pptx
byAkashKatare9
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
Attacking and Defending Apple iOS Devices
byTom Eston
 
2a Analyzing iOS Apps Part 1
bySam Bowne
 
AITP Security SIG April 2011
byJustinNemeth
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
byiphonepentest
 
Beyond the 'cript practical i os reverse engineering lascon
byNino Ho
 
CactusCon - Practical iOS App Attack and Defense
bySeth Law
 

More from drewz lin

PPTX
Web security-–-everything-we-know-is-wrong-eoin-keary
bydrewz lin
 
PPTX
Owasp2013 johannesullrich
bydrewz lin
 
PDF
Owasp advanced mobile-application-code-review-techniques-v0.2
bydrewz lin
 
PPTX
I mas appsecusa-nov13-v2
bydrewz lin
 
PDF
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
bydrewz lin
 
ODP
Csrf not-all-defenses-are-created-equal
bydrewz lin
 
PPTX
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
bydrewz lin
 
PPTX
Appsec usa roberthansen
bydrewz lin
 
PPT
Appsec2013 presentation-dickson final-with_all_final_edits
bydrewz lin
 
PPTX
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
bydrewz lin
 
PPTX
Appsec2013 assurance tagging-robert martin
bydrewz lin
 
PPTX
Amol scadaowasp
bydrewz lin
 
PPTX
Agile sdlc-v1.1-owasp-app sec-usa
bydrewz lin
 
PPTX
Vulnex app secusa2013
bydrewz lin
 
PPTX
新浪微博稳定性经验谈
bydrewz lin
 
PPTX
无线App的性能分析和监控实践 rickyqiu
bydrewz lin
 
PPT
网易移动自动化测试实践(孔庆云)
bydrewz lin
 
PDF
天猫后端技术架构优化实践
bydrewz lin
 
PPTX
天猫大促性能测试实践 耿电
bydrewz lin
 
PDF
互联网海量运维 20130807
bydrewz lin
 
Web security-–-everything-we-know-is-wrong-eoin-keary
bydrewz lin
 
Owasp2013 johannesullrich
bydrewz lin
 
Owasp advanced mobile-application-code-review-techniques-v0.2
bydrewz lin
 
I mas appsecusa-nov13-v2
bydrewz lin
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
bydrewz lin
 
Csrf not-all-defenses-are-created-equal
bydrewz lin
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
bydrewz lin
 
Appsec usa roberthansen
bydrewz lin
 
Appsec2013 presentation-dickson final-with_all_final_edits
bydrewz lin
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
bydrewz lin
 
Appsec2013 assurance tagging-robert martin
bydrewz lin
 
Amol scadaowasp
bydrewz lin
 
Agile sdlc-v1.1-owasp-app sec-usa
bydrewz lin
 
Vulnex app secusa2013
bydrewz lin
 
新浪微博稳定性经验谈
bydrewz lin
 
无线App的性能分析和监控实践 rickyqiu
bydrewz lin
 
网易移动自动化测试实践(孔庆云)
bydrewz lin
 
天猫后端技术架构优化实践
bydrewz lin
 
天猫大促性能测试实践 耿电
bydrewz lin
 
互联网海量运维 20130807
bydrewz lin
 

Appsec2013 presentation

Editor's Notes

  • #10 Well, vulnerabilities to compromise data shared/stored
  • #13 Explain
  • #14 Take a look on the date
  • #16 Old vulnerabilities,ios 7, etcetc
  • #17 After changed the password, the hashes will be stored at /etc/master.passwd and no longer access to the mobile user.
  • #19 It works utilizing public IP as well.
  • #22 The path traversal also won’t work on ios7