hackers pub per thorsheim jan 31, 2011
DESCRIPTION
Min presentasjon fra DND Hackers Pub i Bergen, mandag 31. januar 2011.TRANSCRIPT
![Page 1: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/1.jpg)
Kan noen høre deg?
Per ThorsheimCISA, CISM, CISSP-ISSAPSikkerhetskoordinator
![Page 2: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/2.jpg)
Bakgrunn
• Chaos Computer Club, kongress Desember 2009– GSM : SRSLY? (Chris Paget, Karsten Nohl)
• A practical-time attack on the A5/3 cryptosystem used in third generation GSM telephony (Dunkelman, Keller, Shamir), januar 2010
• Blackhat 2010• Paranoia 2010 : 15$ + tid og programvare = SMS (Frank Stevenson)• Chaos Computer Club, kongress Desember 2010
![Page 3: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/3.jpg)
Kilde: digi.no
![Page 4: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/4.jpg)
www.finnsenderen.no
![Page 5: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/5.jpg)
www.finnsenderen.no
![Page 6: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/6.jpg)
![Page 7: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/7.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 7
Dumme, smarte telefoner?
(Gartner, Q3, 2010)
![Page 8: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/8.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 8
Brute-force angrep
![Page 9: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/9.jpg)
http://reflextor.com/trac/a51
![Page 10: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/10.jpg)
Man-in-the-Middle angrep
• Du kan velge nettoperatør (Telenor, Netcom…)• Men du kan ikke velge basestasjon• Jeg lager en basetasjon• Min basestasjon gir best signalstyrke• Du kobler deg automatisk til• Via Internett kobler jeg deg videre dit du skal
![Page 11: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/11.jpg)
![Page 12: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/12.jpg)
Glemmer vi noe her?
![Page 13: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/13.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 13
Spørsmål:
Har du avlyttet en GSM/3G telefonsamtale?
Har du noen gang ”sniklyttet” til noen som prater i mobiltelefon?
Har du noen gang ”sniklyttet” til noen som prater i telefon?
Bruker du høyttaler funksjon når du er i telefonmøter?
![Page 14: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/14.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 14
Prater du kryptert?
http://security.osmocom.org/trac/wiki/WillMyPhoneShowAnUnencryptetConnection
![Page 15: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/15.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 15
Soundminer (video)
![Page 16: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/16.jpg)
![Page 17: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/17.jpg)
![Page 18: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/18.jpg)
![Page 19: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/19.jpg)
![Page 20: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/20.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 20
i/P/ad/od/hone• AES Hardware Device
Encryption• ”Encrypt backup” flag on
device
• Global encryption requirement?
• Password policy for encryption?
Screenshots from Elcomsoft APPB, opening an iPodBackup and exploring its keychain for interesting data.
![Page 21: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/21.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 21
Science fiction? (video av DIY Laser eavesdropping)
![Page 22: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/22.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 22
Alternativer?
![Page 23: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/23.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 23
Software VoIP på mobiltelefon
• Både gratis og kommersielle produkter tilgjengelig– Skype (ulike plattformer)– Android: RedPhone, TextSecure
In an interview Kurt Sauer, the Chief Security Officer of Skype, he said, "We provide a safe communication option. I will not tell you whether we can listen or not."
![Page 24: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/24.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 24
Hardware:
• ”Spesialtelefoner” med hardware kryptering over datanett
![Page 25: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/25.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 25
#DLD
![Page 26: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/26.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 26
Oppsummert – for g33k5…• 2G er ikke bra.• 3G er bra. I dag.• 4G (LTE) ?
• Bare bruk 3G• Bruk VoIP• Bruk SMS
kryptering• Ikke la andre
bruke din telefon
![Page 27: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/27.jpg)
DND Hackers Pub 31. januar 2011 – Per Thorsheim 27
Oppsummert
• Mobiltelefoni er like åpent (eller lukket) som Internett• Brukeropplæring er enda viktigere enn før• Mer teknologi – flere utfordringer
![Page 28: Hackers Pub Per Thorsheim Jan 31, 2011](https://reader033.vdocument.in/reader033/viewer/2022061114/545cef83af7959b90e8b4969/html5/thumbnails/28.jpg)