1. Playing boogie buggyBogdan ALECU

2. Topics About me The buggy world Where does your data go?Bogdan ALECU 3. About meBogdan ALECU Independent security researcher Sysadmin @ LEVI9 Passionate about security, specially when its related tomobile devices, CISSP, CEH, CISA,CCSP #infosec conferences: DeepSec, DefCamp, EUSecWest Started with NetMonitor, continued with VoIP and finallyGSM networks / mobile phones @msecnet / www.m-sec.net / alecu@m-sec.net 4. The buggy worldBogdan ALECUDevelopersTestersCustomersHow do you test?But is it enough? 5. The buggy worldBogdan ALECUREADY FOR SOMEREAL LIFE EXAMPLES? 6. The buggy worldBogdan ALECU 7. The buggy worldBogdan ALECU 8. The buggy worldBogdan ALECU 9. The buggy worldBogdan ALECU Prisacaru Anatolie 10. The buggy worldBogdan ALECUNEVER trust the users input! 11. The buggy worldBogdan ALECU 12. The buggy worldBogdan ALECUNEVER trust the users input! 13. The buggy worldBogdan ALECU 14. The buggy worldBogdan ALECUNEVER trust the users input! 15. The buggy worldBogdan ALECU 16. The buggy worldBogdan ALECU 20K application Two factor authentication ACL IP User authenticated automatically if coming from the right internal IP 17. The buggy worldBogdan ALECUPLEASE CHECK YOURERS 18. The buggy worldBogdan ALECUHow was the IP address checked? 19. The buggy worldBogdan ALECU X-FORWARDED-FOR HTTP header 20. The buggy worldBogdan ALECU Modify Headers Firefox Extension https://addons.mozilla.org/en-US/firefox/addon/modify-headers/ 21. The buggy worldBogdan ALECU 22. The buggy worldBogdan ALECU Try accessing the website while pretendingto be browsing from your mobile device You would be surprised of the instantaccess you get No luck? Try Googlebot! If your log shows a sensitive access beingmade by GoogleBot, will you worry ? 23. The buggy worldBogdan ALECU Those damn headers DEMO time 24. The buggy worldBogdan ALECU 25. The buggy worldBogdan ALECU Having the right headers (security byobscurity) can open a lot of doors 26. The buggy worldBogdan ALECU Those damn headers AGAIN!Yet another demo 27. The buggy worldBogdan ALECU 28. The buggy worldBogdan ALECU Dont bullshit me: admit your weakness! 29. The buggy worldBogdan ALECUImplementation gone wild How many of you use the Internet onyour mobile device? Do you know what DNS is? 30. The buggy worldBogdan ALECUSetup a VPN server on port 53, UDP (DNSport) and connect to your server pass the traffic to the InternetUNLIMITEDMOBILE DATA TRAFFIC! 31. The buggy worldBogdan ALECU 32. The buggy worldBogdan ALECU The standard itself may have issues 33. The buggy worldBogdan ALECUSIM Toolkit 34. The buggy worldBogdan ALECUSIM Toolkit 35. The buggy worldBogdan ALECU SIM Toolkit Vulnerability discovered in June 2010 Reported on August 26 2010 CVE-2010-3612 36. The buggy worldBogdan ALECU 37. The buggy worldBogdan ALECU 38. The buggy worldBogdan ALECU SIM Toolkit and the demo 39. The buggy worldBogdan ALECU FIX THIS NOW! 40. Where does your data go?Bogdan ALECU 41. Where does your data go?Bogdan ALECUIs the data securely transferred?What info is the app sending?When does it sends the info?Does the app accept any certificate?What is it stored locally? 42. Where does your data go?Bogdan ALECUMallory gatewayhttp://intrepidusgroup.com/insight/2010/12/mallory-and-me-setting-up-a-mobile-mallory-gateway/ 43. Where does your data go?Bogdan ALECU Short demo 44. Where does your data go?Bogdan ALECU 45. Call to actionBogdan ALECU Dont rely on thing that most users have noidea how to check if your app is secure.You might meet someone like me and itwill get ugly Write your code in a secure way Testers: learn how to really tests mobileapps. Its not all about the usageexperience! 46. The end?!?Bogdan ALECUThank you all!Dont forget about feedbackformswww.m-sec.net / @msecnet