appsec2013 presentation

Hacking Web File Servers for iOS

Bruno Gonçalves de Oliveira

Senior Security Consultant – Trustwave’s SpiderLabs

About Me

#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs

• MSc Candidate• Computer Engineer• Offensive Security• Talks:

Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.

Hosted by OWASP & the NYC Chapter

INTRO• Smartphones

– A LOT OF information– iPhone is VERY popular

• Mobile Applications– (MOST) Poorly designed

• Old fashion vulnerabilities

Hosted by OWASP & the NYC Chapter

What are those apps?

• Designed to provide a storage system to iOS devices.

• Data can be transferred utilizing bluetooth, iTunes and FTP.

• Easiest way: HTTP protocol.

• They are very popular.

Examples

Features

• Manage/Storage files

• Create Albums, etc.

• Share Data

VULNERABILITIES

• No encryption (SSL):

• No authentication (by default):

• (Reflected) XSS

• (Persistent) XSS

http://www.vulnerability-lab.com/get_content.php?id=932

• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile

Disclaimer

• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.

• Path Traversal

• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-

You probably want to test the app that you use.

• Path Traversal (DEMO)

• Easy File Manager

• Unauthorized Access to File System (CVE-2013-3960)

• Getting worst with a jailbroken device.

• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device

• iOS 7 Security Improvement

How to find vulnerable systems

<= mDNS Watch for iOS

mDNS Queries

• Conclusions

• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too

much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.

appsec2013 presentation

file system cve2013

ftpdrive path traversal

path traversal demo

security improvement

storage system

ios bruno gonalves

hacking web file servers

offensive security talks

Documents

production presentation vums presentation

coloursquare presentation corporate presentation

appsec2013 owasp testing guide v4 alpha

crrf presentation final presentation

a presentation on presentation

data presentation techniques. data presentation techniques...

merged presentation kicc presentation

españa presentation spain presentation

appsec2013 assurance tagging-robert martin

efficient presentation design & presentation

4q ’17 earnings presentation · earnings presentation....

presentation title presentation title presentation title

summit presentation main presentation

investor presentation...this presentation

presentation header presentation title placeholder...

pbs presentation - final presentation

presentation educ 285 presentation

3q 2017 investor presentation · investor presentation....

drought presentation presentation

fanatic windsurfing 2017 product presentation · product...