Transcript NUCIA

BSYOD:
Bring and Secure Your Own Device
Hardening your Mobile Devices to
Participate in the Wireless World
Nebraska University Center for Information Assurance
Timeline
Part 1: NUICA, Who are we?
Part 2: Security concerns
Part 3: Some Solutions
11:15
Part 4: Audience Questions
and Suggestions
12:00
12:15
NUCIA
Nebraska University Center for Information Assurance
http://nucia.unomaha.edu/
3
The UNO NUCIA Team
Ken Dick
Robin Gandhi
Steve Nugen
Abhishek Parakh
Dwight Haworth
Leah Pietron
Connie Jones
Bill Mahoney
Charles Spence
4
Information Assurance
• IA research and education is supported across the college of
IS&T and the Graduate college
• NSA designated National Center of Academic Excellence
in Information Assurance Education (CAE IAE)
• Degrees include
• BS in IA; MS in IA (starting Fall 2012)NEW,
IA concentrations with CS and MIS
• Non-degree programs and activities include
• MIS IA certificate, International Cyber Defense Workshop
• Special programs for High School teachers and students
5
Student Accomplishment (1)
UCSB iCTF 2010: 72 teams (900 students!) from 16 countries competed in a game of
hacking, challenge-solving, and state-sponsored warfare. (26 US Universities)
Student Accomplishment (2)
Placed 7th among all US Undergraduate teams
Student Accomplishment (3)
• IFSF CTF Quals hosted
from Tunisia
• 4th among US teams
• 21st among 236 teams
Worldwide
8
State of the Art IA Labs
STEAL-1
STEAL-2
STEAL-4
7 pods; 5 hosts ea 9 pods; 5 hosts ea Virtual Machines
New SCADA
Testbed
New hosts: Quad;
16 GB; dual NICS
6 VM Servers;
4 NICS each
Each host can support multiple VMs; Networking options
include host-only; STEAL domain; and Internet (via VPN)
Able to carve out subsets to simulate different domains,
cross-domain architectures, hardened systems,
targets, and attackers. Supports teaching and research
STEAL-3
Student Research
Desktop
Workstations
Networks:
STEAL Only
(Isolated)
UNO Internet;
Private Internet
9
Wireless Security Issues
802.11 Networks
• 802.11: A family of IEEE specifications for
WLANs operating in 2.4 GHz RF spectrum
• 2.4 GHz Frequency, Unlicensed
• Divided into 14 channels
• Infrastructure mode is most commonly used
PC-1
PC-2
AP
Gateway
Internet
11
Inherent Security Issues
• Nodes in the physical vicinity of each other can
monitor all network traffic
• Open hotspots do not encrypt any traffic
between the mobile node and the access point
• Mobile applications may use insecure protocols
to exchange sensitive information
12
NIST Guidance
• Guidelines for Securing Wireless Local Area
Networks (WLANs)
• NIST SP 800-153
• http://csrc.nist.gov/publications/drafts/800-153/Draft-
SP800-153.pdf
4/8/2015
13
Worrisome Scenarios
• Capturing Wireless traffic
• Rouge Access Points
• Sniffing
• Session high jacking
• Insecure Apps
• IPhone Southwest App
• Privacy issues
• Malicious QR codes
• Wireless Encryption Cracking
• WEP and WPA attacks
14
Rouge Access Points
• Advertise open access points in public places
with similar names to legitimate ones
• E.g. attwifi, boingo, linksys, NETGEAR
PC-1
PC-2
Sniffer
AP
HUB
Gateway
Internet
15
Sniffing
• Passive monitoring of wireless traffic
• The RF monitor mode allows every frame appearing
on a channel to be copied into the scanning node
• Hardware easily available for purchase
• Wireless cards whose firmware and corresponding
driver software together permit reading of all raw
802.11 frames
• ~ $ 30
16
Sniffing
Kismac
Macbook Air
Alfa wardriving
card
17
Scanning available networks
18
Network activity
19
Selecting a target
20
Selecting a target
21
Foraging with Wireshark
22
Foraging with Wireshark
23
Foraging with Wireshark
24
Session Highjacking
http://codebutler.com/firesheep
25
Insecure Apps
• Some applications have inherent flaws that can
be exploited on public networks
• Case: Southwest Airlines iPhone App
26
Southwest Airlines iPhone App
• Use a remote network proxy to
examine HTTP traffic
27
Southwest Airlines iPhone App
• The app assigns a Device ID to uniquely
identify the device
28
Southwest Airlines iPhone App
• The
registration
data is sent out
in the clear!
29
Southwest Airlines iPhone App
• … and any
subsequent
login
information
30
Privacy violations
• Universal Device Identifiers
• iPhone UUID, ANDROID_ID
• Several application use UUID to perform some sort of
tracking
• A user does not have control over this the use of this
information by apps
• The UUID may be transmitted in the clear over
unprotected WiFi networks
31
Security and Privacy
Hall of shame
• http://blog.afewguyscoding.com/2011/12/survey-
mobile-device-security-threats-vulnerabilities-defenses/
• http://www.msnbc.msn.com/id/46856168/ns/technolog
y_and_science-security/t/cracks-appear-face-applesios-security/
32
Malicious QR Codes
• QR codes can be used to launch
malicious websites that infect or
root mobile devices
• Malicious QR codes can be
pasted on legitimate
advertisements and fliers
• Disable automatic launching of
applications upon scanning of QR
codes
33
WEP and WPA Cracking
• WEP-based passwords are very easy to crack.
• WPA/PSK is relatively easy to crack given a
short password length.
• WPS pin bruteforce also weakens WPA/WPA2
protected networks
34
WEP and WPA Cracking
• Tools:
• Aircrack-ng suite
• Kismet – wireless sniffing tool
• A wireless adapter that supports monitor
mode for wireless sniffing
• Linux operating system
• Alternative (Kismac + wireless adapter + Mac)
35
WEP and WPA Cracking
(Aircrack-ng)
36
WEP and WPA Cracking
(Kismac)
37
SOME USEFUL APPS AND
BEST PRACTICES
38
Best Practices
• Center for Internet Security (CIS) Mobile
Security Benchmarks
• iPhone 5.0.1 security benchmark
• Google Android 2.3 (Gingerbread)
• http://benchmarks.cisecurity.org/
• http://benchmarks.cisecurity.org/en-
us/?route=downloads.browse.category.benchmarks.mobile
39
Monitor Device Operation
• iOS Apps for this include
• System Status
• Functionality includes displaying the system log
• http://itunes.apple.com/us/app
/system-status-device-activity/id401457165
• SYS Activity Manager
• http://itunes.apple.com/us/app
/sys-activity-manager-plus/id440654325
40
Monitor your environment
• iOS Network/Port Scanners continued
• IT Tools
• http://itunes.apple.com/us/app
/it-tools/id324054954
• IP Network Scanner
• http://itunes.apple.com/us/app
/ip-network-scanner/id335517657
• LanScan HD
• http://itunes.apple.com/us/app
/lanscan-hd/id461551081
41
Monitor your environment
• iOS Network/Port Scanners include:
• Scanny
• http://itunes.apple.com/us/app
/scany-network-port-scanner/id328077901
• iNetPro
• http://itunes.apple.com/us/app
/inet-pro-network-scanner/id305242949
• Deep Whois
• http://itunes.apple.com/us/app
/deep-whois-lookup-ips-domains/id328895000
42
Screen Locks
• Physical security is important for mobile devices
• Store large amounts of personal data
• Easier to steal
• Easier to misplace
• Maximize security by:
• Set up passcodes for device access
• Auto-locking feature
• Automatic data erasure after failed attempts
43
Screen Locks
• Be careful with pattern locks.
• Sometimes the pattern lock path
is shown on the screen as it is
used (depends upon the device).
• Your pattern may be left behind
by smudge marks.
• Consider if someone might be
watching your screen.
44
Hardware Encryption
• iPhone Support
• iPhone 3GS and later
• Data protection enhances the built-in
hardware encryption by protecting
the hardware encryption keys with
your passcode
• Third-party applications can use the
data protection APIs
45
Hardware Encryption
• Android Support
• Android 2.3 (Gingerbread)
• All Motorola Devices
• Some HTC Devices
• Android 3.0+
• All Honeycomb Devices
• All Ice Cream Sandwich Devices
46
Hardware Encryption
• Screen locks provide a
good start, but do not
encrypt the SD card or
phone data.
• Android provides
additional settings
• But, built-in encryption
module have often been
rendered useless
47
Hardware Encryption
• iPhone
• 3GS, Encryption declared ‘useless’ by hackers, 2009
• http://www.wired.com/gadgetlab/2009/07/iphoneencryption
• iOS 4, Encryption broken by ElcomSoft, 2011
• http://www.extremetech.com/mobile/84150-how-ios-4encryption-was-cracked-and-how-to-protect-your-iphone
• Alternative encryption methods may be
available through apps
48
Hardware Encryption
• iPhone
• Also remember to encrypt device backups
• Examples
• Device location tracking
• http://www.geek.com/articles/apple/how-to-deal-withyour-iphone-tracking-you-20110420/
• Facebook login data
• http://www.cultofmac.com/159169/facebook-iossecurity-flaw-highlights-security-risk-in-ios-backups/
• User enabled, or enforced through configuration profiles
49
Virtual Private Networks
• VPNs build an encrypted tunnel from a mobile
device to a trusted endpoint
• Prevents eavesdropping on untrusted networks
• iPhone, iPad and Android support the following
• Cisco IPSec, L2TP/IPSec PSK, and
PPTP virtual private network protocols.
• Android additionally supports L2TP/IPsec CRT
50
Native VPN support
51
3rd Party SSL-VPN
52
Jailbreaking/Rooting
• Pros of a Locked Device
• For most users, obtaining root access to a mobile
device is an unnecessary risk.
• Prevent unauthorized apps installations and
changes.
• The device stays configured the way the
manufacturer intended.
53
Jailbreaking/Rooting
• Cons of a Locked Device
• Manufacturers are not quick to update software.
• Security vulnerabilities may stay unpatched
• The manufacturer may not have secured the
device to meet enterprise-level standards.
• No firewall protection or native VPN solutions.
54
Jailbreaking/Rooting
• Pros of a Unlocked Device
• The device can potentially be flashed with a
more secure ROM/configuration.
• The kernel for Android can be recompiled to
support:
• Firewalls for both IPv4 and IPv6
• IPSEC VPN connections
55
Jailbreaking/Rooting
• Cons of a Unlocked Device
• The user can “brick” the device during configuration
if not careful.
• Root access is easier to leverage for malicious
parties in addition to the user.
• The user must be even more vigilant when
deciding what apps to install.
56
Rooted Android Precautions
• If the device merely needs a configuration
change, temporary rooting may be the best.
• This continues to block unauthorized root access
attempts as designed after configuration.
• This eliminates future user error after
configuration.
57
Rooted Android Precautions
• The Android hacking
community always
suggests the use of a root
access manager.
• It requires approval by the
user for all root access
requests.
• This potentially puts up one
last line of defense.
58
Mobile Device Management
• Security concerns include
• Preventing unauthorized use of the device
• Protecting data while at rest in the device (or in
backups or the cloud) and in-transit
• Security of the applications (e.g., leaking information or
not complying with security settings)
• Mobile devices could
be the weakest link in
information protection
59
Mobile Device Management
• iOS devices can be configured/managed through
• Local settings on the device
• Apple Configuration Utility
• Microsoft Exchange ActiveSync
• Mobile Device Management -- platorm independent
60
Mobile Device Management
• Recommended reading includes
• CIS iOS benchmark
• Apple guidance
• iPhone and iPad in Business Deployment Scenarios
• http://images.apple.com/ipad/business/docs/iOS_Busin
ess.pdf
• iPad in Business: Security Overview
• http://images.apple.com/ipad/business/pdf/iPad_Securit
y_Overview.pdf
• iPhone Enterprise Deployment Guide
• http://manuals.info.apple.com/en_US/Enterprise_Deplo
yment_Guide.pdf
61
Mobile Device Management
• Recommended reading continued
• Apple Configuration Utility (aka Apple Configurator)
• http://www.wired.com/wiredenterprise/2012/03/appleconfigurator/
• http://krypted.com/iphone/managing-ios-devices-with-appleconfigurator/
• http://itunes.apple.com/us/app/appleconfigurator/id434433123
62
Mobile Device Management
• Recommended reading continued
• Mobile Device Management (MDM)
• http://en.wikipedia.org/wiki/Mobile_device_management
• http://www.apple.com/ipad/business/integration/mdm/
• http://images.apple.com/ipad/business/docs/iOS_MDM.
pdf
• http://www.computerworld.com/s/article/9224894/Tips_for_d
eveloping_a_mobile_device_management_strategy
63
DISCUSSIONS
64