appsec2013 presentation
Post on 14-May-2015
852 Views
Preview:
TRANSCRIPT
Hacking Web File Servers for iOS
Bruno Gonçalves de Oliveira
Senior Security Consultant – Trustwave’s SpiderLabs
About Me
#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs
• MSc Candidate• Computer Engineer• Offensive Security• Talks:
Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.
Hosted by OWASP & the NYC Chapter
INTRO• Smartphones
– A LOT OF information– iPhone is VERY popular
• Mobile Applications– (MOST) Poorly designed
• Old fashion vulnerabilities
Hosted by OWASP & the NYC Chapter
What are those apps?
• Designed to provide a storage system to iOS devices.
• Data can be transferred utilizing bluetooth, iTunes and FTP.
• Easiest way: HTTP protocol.
• They are very popular.
Examples
Features
• Manage/Storage files
• Create Albums, etc.
• Share Data
VULNERABILITIES
• No encryption (SSL):
• No authentication (by default):
• (Reflected) XSS
• (Persistent) XSS
• (Persistent) XSS
http://www.vulnerability-lab.com/get_content.php?id=932
• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile
Disclaimer
• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
• Path Traversal
• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-
3921)
You probably want to test the app that you use.
• Path Traversal (DEMO)
• Easy File Manager
• Unauthorized Access to File System (CVE-2013-3960)
• Unauthorized Access to File System (CVE-2013-3960)
• Getting worst with a jailbroken device.
• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
• iOS 7 Security Improvement
How to find vulnerable systems
<= mDNS Watch for iOS
mDNS Queries
• Conclusions
• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too
much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.
top related