Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Tel +41 55 214 41 60 Fax +41 55 214 41 61 [email protected] www.csnc.ch
Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
Welcome to 2nd Beer-Talk
iPhone Security
© Compass Security AG Slide 2 www.csnc.ch
Who am I ?
Riccardo Trombini, B.Sc. FHO in Computer Science
Business ª Working in IT Security since 2000 ª Study Information Technologies at FH in Rapperswil SG ª IT Security Analyst, with Compass since 2009
Private ª In a relationship with … ª Apple follower, always in the !rst row ª iOS Developer ª Social Media enthusiast (fb, twitter,
foursqure, instagram .. )
Tel +41 55 214 41 60 Fax +41 55 214 41 61 [email protected] www.csnc.ch
Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
iPhone Security
© Compass Security AG Slide 4 www.csnc.ch
An Ideal World
Centralized management with a MDM solution, to • Enforce security policies • Monitor status of devices • Real-time incident handling
Synchronization • Encrypted channel • Strong authentication
Fully Protected Device • Access Control • Strong Encryption • Vulnerabilities
Fully Aware Users
© Compass Security AG Slide 5 www.csnc.ch
Sadly there is no such thing
Centralized management with a MDM solution, to • Enforce security policies • Monitor status of devices • Real-time incident handling
Synchronization • Encrypted channel • Strong authentication
Fully Protected Device • Access Control • Strong Encryption • Vulnerabilities
Fully Aware Users
© Compass Security AG Slide 6 www.csnc.ch
What is MDM?
• Mobile Device Management
• Centralized Management of mobile devices
© Compass Security AG Slide 7 www.csnc.ch
Functionality
• OTA „Over The Air“ enrollment and pro!le distribution (con!g)
• Easy synchronisation of Emails, Calendar, Contacts, ...
• Enforce compliance policy
• Monitor device status for inventory and compliance • Device Information (UDID, iOS Version, Modem Version ..) • Network Information (Carrier Settings, Data roaming status ..) • Compliance & Security (Installed pro!les, certi!cates, passcode status ..)
• Remote administration like • Remote wipe • Remote lock • Passcode reset • Locate device
© Compass Security AG Slide 8 www.csnc.ch
MDM != MDM – iOS Integration
Nativ iOS Apps Sandbox Client
© Compass Security AG Slide 9 www.csnc.ch
MDM != MDM – Network Design
NOC (Network Operation Center)
© Compass Security AG Slide 10 www.csnc.ch
MDM != MDM – Network Design
Direct Access to DMZ
Tel +41 55 214 41 60 Fax +41 55 214 41 61 [email protected] www.csnc.ch
Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
Demo #1
Break Passcode Protection Break File Encryption on iPhone
© Compass Security AG Slide 12 www.csnc.ch
iOS Security Controls
• Full Disk Encryption • Since iPhone 3GS • AES CBC 256 bit • does only provide one reason: Rapid device wiping • FDE pretty useless. Kernel transparently decrypts requested !les
• Data Protection API • Introduced with iOS 4 • Additional level of encryption • File encryption can be tied to the Passcode
Encryption
© Compass Security AG Slide 13 www.csnc.ch
iOS Security Controls Encryption - Data Protection API
File Meta Data
File Key Class Key
Device Key
User Passcode Key
© Compass Security AG Slide 14 www.csnc.ch
BootRom-Attack
© Compass Security AG Slide 15 www.csnc.ch
Summary
• User Awareness - Always know where your device is !
• Enforce strong Passcode Policy with MDM! • Length • Alphanumeric • Special characters • C0mpa$$ … don’t ! • Usability?
Tel +41 55 214 41 60 Fax +41 55 214 41 61 [email protected] www.csnc.ch
Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
LiveDemo [Free-WiFi-CertPush-Attack]
© Compass Security AG Slide 17 www.csnc.ch
WiFi-MidM…
Free-WiFi-Cert-Push-Attack
Free-WiFi Yeah! Free-WiFi available…
© Compass Security AG Slide 18 www.csnc.ch
Free-WiFi-Cert-Push-Attack
The Problem with the Certi!cate….
© Compass Security AG Slide 19 www.csnc.ch
Free-WiFi-Cert-Push-Attack
The Solution ;-)
© Compass Security AG Slide 20 www.csnc.ch
Free-WiFi-Cert-Push-Attack
Behavior of the iPhone … www.apple.com/library/test/success.html
HTTP GET request
OK
Hotspot Management
Hotspot Login-Site
Redirect
© Compass Security AG Slide 21 www.csnc.ch
Free-WiFi-Cert-Push-Attack
Cert-Push … www.apple.com/library/test/success.html
HTTP GET request
Attacker Host
Mobile Con!curation
Redirect
© Compass Security AG Slide 22 www.csnc.ch
Free-WiFi-Cert-Push-Attack
Make your own Apple Certi!cate
© Compass Security AG Slide 23 www.csnc.ch
Free-WiFi-Cert-Push-Attack
Result…
© Compass Security AG Slide 24 www.csnc.ch
Free-WiFi-Cert-Push-Attack
MitM with valid Cert
Attacker Host
Free-WiFi
© Compass Security AG Slide 25 www.csnc.ch
Summary
• User Awareness • Think before accepting con!gurations • Be suspicious
• Apple should improve certi!cate validation for mobile con!guration
• Synchronization should be protected with two-way authentication
© Compass Security AG Slide 26 www.csnc.ch
Questions ?
© Compass Security AG Slide 27 www.csnc.ch