Hacking Web File Servers for iOS

Bruno Gonçalves de Oliveira

Senior Security Consultant – Trustwave’s SpiderLabs

About Me

#whoami• Bruno Gonçalves de Oliveira• Senior Security Consultant @ Trustwave’s SpiderLabs

• MSc Candidate• Computer Engineer• Offensive Security• Talks:

Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC.

Hosted by OWASP & the NYC Chapter

INTRO• Smartphones

– A LOT OF information– iPhone is VERY popular

• Mobile Applications– (MOST) Poorly designed

• Old fashion vulnerabilities

Hosted by OWASP & the NYC Chapter

What are those apps?

• Designed to provide a storage system to iOS devices.

• Data can be transferred utilizing bluetooth, iTunes and FTP.

• Easiest way: HTTP protocol.

• They are very popular.

Examples

Features

• Manage/Storage files

• Create Albums, etc.

• Share Data

VULNERABILITIES

• No encryption (SSL):

• No authentication (by default):

• (Reflected) XSS

• (Persistent) XSS

• (Persistent) XSS

http://www.vulnerability-lab.com/get_content.php?id=932

• Vulnerability-Lab Advisories:http://www.vulnerability-lab.com/show.php?cat=mobile

Disclaimer

• Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.

• Path Traversal

• WiFi HD Free Path Traversal (CVE-2013-3923)• FTPDrive Path Traversal (CVE-2013-3922)• Easy File Manager Path Traversal (CVE-2013-

3921)

You probably want to test the app that you use.

• Path Traversal (DEMO)

• Easy File Manager

• Unauthorized Access to File System (CVE-2013-3960)

• Unauthorized Access to File System (CVE-2013-3960)

• Getting worst with a jailbroken device.

• Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device

• iOS 7 Security Improvement

How to find vulnerable systems

<= mDNS Watch for iOS

mDNS Queries

• Conclusions

• Mobile Apps (already) are the future.• Mobile Apps designers still don’t care too

much about security.• Too many apps, we have to take care.• Old fashion vulnerabilities still rock.