behind enemy lines 2012
TRANSCRIPT
![Page 1: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/1.jpg)
Behind Enemy Lines - AppSecDC 2012Practical & Triage Approaches to Mobile Security Abroad
![Page 2: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/2.jpg)
Presentation Objectives‣ Highlight the threats posed by
traveling abroad with mobile devices
‣ Discuss lessons learned from real world experiences
‣ Provide practical recommendations for reducing these threats
‣ Do it all in 50 mins or less
![Page 3: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/3.jpg)
About me
‣ Justin Morehouse (@mascasa)
‣ Founder & Principal @ GuidePoint Security
‣ Security Operations and Consulting
‣ Co-author ‘Securing the Smart Grid’
‣ OWASP Tampa Chapter Founder & Leader
‣ Presented at DEF CON, ShmooCon, OWASP, and more...
![Page 4: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/4.jpg)
‣ Since 2008 I’ve used and subsequently voided the warranties of the following:
‣ BlackBerry Bold 9700 & 8820
‣ HTC Nexus One (Android 2.3)
‣ iPhone, 3G, 3GS, 4, 4s (All iOS versions)
‣ Motorola Droid (Android 2.1, 2.2, 2.3)
‣ Samsung Galaxy S (Android 2.1)
‣ T-Mobile (HTC) Dash (Windows Mobile 6.5)
My addiction to smartphones
![Page 5: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/5.jpg)
Stratum Security
Why mobile security?
![Page 6: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/6.jpg)
Everyone uses them...
![Page 7: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/7.jpg)
Stratum Security
Why international mobile security?
![Page 8: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/8.jpg)
Video Conferencing
My TripIt profile page
![Page 9: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/9.jpg)
Is INTL mobile security a real issue?
![Page 10: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/10.jpg)
Domestic issues...
![Page 11: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/11.jpg)
“Unique” international issues...
![Page 12: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/12.jpg)
Example #1
![Page 13: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/13.jpg)
Example #2
![Page 14: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/14.jpg)
personal skepticism
![Page 15: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/15.jpg)
Wikileaks Spy Files
![Page 16: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/16.jpg)
Ability Computers & Software Industries (Israel)
![Page 17: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/17.jpg)
VASTech (South Africa)
![Page 18: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/18.jpg)
Elaman (Germany)
![Page 19: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/19.jpg)
ELTA (Israel Aerospace Industries)
![Page 20: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/20.jpg)
Spy Files Continued...
![Page 21: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/21.jpg)
How you are targeted by threat agents
![Page 22: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/22.jpg)
...phishing
![Page 23: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/23.jpg)
evil maid attack
![Page 24: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/24.jpg)
...and drive-by downloads
![Page 25: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/25.jpg)
Not all threats are created equal...
![Page 26: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/26.jpg)
Advanced Threats
![Page 27: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/27.jpg)
MinimalThreats
![Page 28: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/28.jpg)
Moderate Threats
![Page 29: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/29.jpg)
Practical mitigation steps
![Page 30: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/30.jpg)
Have a plan...
![Page 31: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/31.jpg)
Make yourself anonymous
(as possible)
![Page 32: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/32.jpg)
the beauty of prepaid...
![Page 33: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/33.jpg)
old school & low tech...
![Page 34: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/34.jpg)
what about data?
![Page 35: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/35.jpg)
Case Study
![Page 36: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/36.jpg)
Client Overview
‣ Well-known multi-national organization w/ US HQ
‣ Executives traveling to hostile countries with moderate threats
‣ Loss of IP would be harmful to organization if obtained by competition
![Page 37: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/37.jpg)
Proposed Solution
‣ Utilize factory unlocked iPhone 4s ‘burner’ phones
‣ Preconfigure with VPN, encryption, PIN, remote wipe
‣ Purchase local SIM (with cash) upon arrival
‣ Perform forensics on phone upon return
![Page 38: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/38.jpg)
Solution Issues
‣ Executives often forgot to enable VPN before using data services
‣ Local SIM purchase required detailed information (passport)
‣ Executives used public wireless networks on several occasions
![Page 39: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/39.jpg)
Lessons Learned‣ Utilize configuration utilities to enforce policies on
devices (No WiFi, VPN, etc.)
‣ Purchase local SIM cards in advance using anonymous(ish) means (BitCoin)
‣ Disable local syncing in favor of web-based solutions
‣ Require two-factor authentication for all web-based solutions
‣ Setup local # that forwards to US
‣ Tunnel your tunnels (VPN & SSL)
![Page 40: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/40.jpg)
Effective mobile security triage
![Page 41: Behind Enemy Lines 2012](https://reader034.vdocument.in/reader034/viewer/2022042701/55a193a61a28aba50e8b45e8/html5/thumbnails/41.jpg)
Plan for the Worst
‣ Knowledge is key (DO’s and DON’Ts cheat-sheet)
‣ Rule of 32 (w/ prepaid [anon] SIM)
‣ Remote deployment solutions (Wipe & rebuild required)
‣ Overnight INTL shipping