cysecure.orgcysecure.org/.../gpr_subinthomas_johnnuccio_anwarca… · web viewa man in the middle...
TRANSCRIPT
![Page 1: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/1.jpg)
Mobile Device Network Security-IASP 470
Capstone Group Project: Mobile Device Network Security
IASP 470 Capstone
Professor: Dr. Yoon
Group Members-
Subin Thomas
John Nuccio
Anwar Campbell
Page | 1
![Page 2: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/2.jpg)
Mobile Device Network Security-IASP 470
Student Name Project Contribution
John Nuccio Introduction to MITM on Mobile Devices, Man in the Middle
attack on mobile devices, Overall steps to reduce risk, MDM
Testing, Topic Conclusion, Project Formatting and Review
Subin Thomas Our Defensive Approach to MITM via MDM, MDM
Implementation & Testing, Initial Configuration- MDM Server,
Administrator Console & Device Configuration, Conclusion,
Project Formatting and Review
Anwar Campbell Preliminary MITM Introduction, Types of MITM Attacks &
Scope of overall threats
Page | 2
![Page 3: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/3.jpg)
Mobile Device Network Security-IASP 470
Abstract
Mobile devices have increased exponentially in popularity in the last few years. Devices
have become more powerful and efficient, as such users are no longer bound to larger desktops
for processing power. With more and more people working remotely, connecting to public Wi-Fi
networks has become essential in order to access data with mobile devices. However, these
public Wi-Fi networks cannot be trusted as they are targeted by hackers looking to exploit/spoof
the victim in order to gain unauthorized data from your device. Once the device has been
compromised, sensitive data from the user’s device is now accessible by the hacker and often the
user does not realize till it’s too late. With free Wi-Fi being accessible all over now within New
York City, restaurants, cafes and basically anywhere where places connect to the Internet. With
this being said Man in the Middle attacks which used to be hard to attempt with limited Wi-Fi
can now be done by the person getting coffee right next to you or someone walking along side
within the city.
Page | 3
![Page 4: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/4.jpg)
Mobile Device Network Security-IASP 470
Table of ContentsAbstract 3Introduction 5
1.1 Preliminary MITM Introduction 51.2 Types of MITM Attacks & Scope of overall threats6
2.1 Man in the Middle attack on mobile devices 8 2.2 Overall steps to reduce risk 103.1 Our Defensive Approach to MITM Via MDM 113.2 MDM Implementation & Testing 12 3.2.1 Initial Configuration- MDM Server 12
3.2.2 Administrator Console & Device Configuration 13
Conclusion 14References 15
Page | 4
![Page 5: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/5.jpg)
Mobile Device Network Security-IASP 470
Introduction
With the growth of mobile devices being used for personal and work uses. The risk of
mobile devices being attacked are extremely high. The most common attacks that we have found
is the Man in the middle attack. A brief summary of what a MiTM attack is that an attacker
intercepts a connection from the server to the user or vice versa. The victims of these attacks do
not always know this attack is happening or what information the attacker has retrieved. Most of
the information that the attackers gain are personal information like credit card information,
emails, contact information or any notes that the user has saved on their phones. This is even
more concerning in a business environment. In a enterprise scenario users have to work off their
phones, and with a compromised device, a attacker can access work emails or even work files.
Within the following paper our team has come up with a solution that we believe is the best way
to help companies prevent MiTM happening on their employee’s mobile devices.
1.1 Preliminary MITM Introduction
A Man in the Middle is one of the most popular types of attack on a network because it is
simple to implement. The goal of the attack is to secretly intercept communications between two
parties to spy on individuals or redirect a user to another location where they can steal
information. During the attack the information can altered or used to gain access to the system in
the future. “Man in the Middle attacks are one of the oldest forms of cyber attacks and
computer scientists have been looking at ways to prevent of tampering or eavesdropping on
communications since the early 1980s” (Swinhoe). These types of attacks are an ever-present
threat to individuals and organizations and we need to take the steps necessary to eliminate it or
reduce the risk.
Page | 5
![Page 6: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/6.jpg)
Mobile Device Network Security-IASP 470
1.2 Types of MITM Attacks & Scope of overall threats
There are several techniques that can be used in a Man in the Middle attack. Attackers
are able to use DNS spoofing, IP spoofing, ARP spoofing, email hijacking and session hijacking.
Email hijacking is the process where the malicious user gains access to the users email account
and monitors their communication. Sometimes they will use the information that they obtain to
begin phishing attacks or sell the information to someone. A man in the browser attack is a form
of attack where the attacker compromises one to the browsers being used to carry out some form
of fraud usually includes finances. The attacker usually takes advantage of the vulnerabilities in
the browser to manipulate the inherent browser functionality to modify its behavior and intercept
the information that they intend to steal.
Two other ways that an attacker can use includes “SSL stripping, where the attacker
establish a secured connection between themselves and the server, but with an unsecured
connection with the user and an Evil Twin attack where he has mirrored a legitimate Wi-Fi
Page | 6
![Page 7: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/7.jpg)
Mobile Device Network Security-IASP 470
Access Point where he can monitor and collect all information the user sends” (Swinhoe).
Although these types of attacks are mainly focused on hardwire and wireless computer networks
it is also possible to conduct these attacks using fake cell towers to steal information from your
mobile device. Starting a Man in the Middle attack can be done with freely available internet
tools like Wireshark, Ettercap and Kane & able.
There are a several steps that you can take to try and protect yourself from becoming a
victim in a Man in the Middle attack. Encryption is a great way to protect yourself and it can be
easily implemented by only accessing secured websites. According to Google, over 90 percent
of traffic in now encrypted in some countries. “Though flaws are sometimes been discovered,
encryption protocols such as TLS are one of the best ways to help protect against Man in the
Middle attacks” (Swinhoe). Another way is to make sure that you only access trusted Wi-Fi
networks or utilize virtual private networks (VPNs) and to never join free or open Wi-Fi because
Page | 7
![Page 8: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/8.jpg)
Mobile Device Network Security-IASP 470
anyone could be capturing your sensitive information being transmitted from your device.
Another option is to make sure that all unused switchports are administratively shutdown.
2.1 Man in the Middle attack on mobile devices
Before we get into the how Man in the middle attacks works on mobile devices, I want to
show a graph from 2017.
This graph shows that more the 7% of all mobile devices in 2017 had a reconnaissance scan
performed on them. This scan allows attackers to see which mobile devices are vulnerable for an
attack. Once the scan has detected the right phone the attack begins.
So, that said Man in the Middle attacks that are performed on mobile devices are setup
just like those that are performed on normal computers. The same rules apply when it comes to
man in the middle attacks on mobile devices. Before in order for a man in the middle attack to
work on a mobile device the victim has to be in the ideal location at the right time. What I mean
Page | 8
![Page 9: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/9.jpg)
Mobile Device Network Security-IASP 470
is that for an attacker to pull off a man in the middle attack the attacker needs to be monitoring a
particular unsecured network that the victim is connected too. Not only does the victim have to
be on a poor network but the victim also needs to have their devices and apps configured wrong
for the attack to work. If the attacker is able to get a victim to meet these conditions the outcome
can be dangerous. Not only can they see what apps you use, emails, contacts or any important
information that you have saved on your phone. But most importantly any credit card
information you have saved on your phone. Especially if you have Apple pay, Google pay or
Samsung pay these are what the attackers will look for. Once they are able to log into your
mobile device all that information is easily accessible and can take you card information. These
types of attacks may not just only be to steel your personal information but the attackers can also
get to your work information. With the growth of free WI-FI being offered in almost every
coffee shop, people are now doing work at their favorite coffee shop. Which allows attacker to
exploit bad apps and devices to steel important work information. The below diagram compares
man in the middle attacks on a computer and those that are exploited by mobile devices and
apps. (Mythbuster: MiTM is the Biggest Mobile Threat, n.d.)
Page | 9
![Page 10: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/10.jpg)
Mobile Device Network Security-IASP 470
This diagram shows that with mobile apps and devices are more impactive then a normal MiTM
attack. It shows when apps and devices are attacked that 43TB of data is exposed to the world
and that 1 thousand apps are affected by the attack. The most shocking is that when apps are
affected by MiTM attacks that 265 years of audio data is recorded which mean that everyone
including business owners and head executives should be more aware of connecting to public
Wi-FI.
2.2 Overall steps to reduce risk
Now that we have went over what a Man in the Middle attacks are and how affective they
are when an attacked is used on a mobile device. Here are some very simple steps that a non tech
savvy person can do to avoid being attacked. One of the easiest ways to avoid these types of
attacks is to never connect to public Wi-Fi. This might be an obvious to most if not all people but
a lot of people still connect to public Wi-Fi. Yes, connecting to the Wi-Fi is better to download
your emails and sending email are faster than being on 4G but using 4G is a lot safer then public
Wi-Fi. It doesn’t take that long for an experience attacker to connect to your device and steel
your information. If you are in a dire need to connect to a network this brings me to my next
solution which is connect using VPN. Using a “VPN encrypt your internet connection on public
hotspots to protect the private data you send and receive while using public Wi-Fi” (employee,
n.d.). Using a VPN is more secure because in order to access the VPN you would need to input a
password which most attackers won’t know or it would take to long to crack. Another easy way
to avoid getting attacked is to make sure when using your mobile device to access websites is to
always make sure that the URL starts with HTTPS. HTTPS means that the Hypertext Transfer
Protocol is more secure and that he commination protocol is encrypted and is harder for people
to attack you through a website. For the more tech savvy people there are apps that you can
Page | 10
![Page 11: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/11.jpg)
Mobile Device Network Security-IASP 470
install to protect yourself from these types of attacks. Most programs that you install on your
computer to prevent attacks are mostly all available for any mobile devices. Some apps like
Norton which helps protect you from attacks and also has a VPN app as well are great but they
do come with a price. The steps that I have mentioned are the easiest ways for non-savvy people
to prevent attacks from happening to them. Not only are they easy but they are free and cost
nothing.
3.1 Our Defensive Approach to MITM Via MDM
Now that an overall depiction of MITM on mobile devices are understood, our approach
to combating these types of attacks is by limiting connections to only trusted Wi-Fi sources
through the use of a mobile device management software. As previously explored, these attacks
can only occur when an end user has an unsecure connection. In our case, we have chosen to
configure a business grade MDM software by Manage Engine in order to test our scenario. This
software agent would then be configured to only connect to a pre-defined Wi-Fi network. In our
approach, we look to establish a test secured wi-fi network with the SSID “carbonX1” (secured
wi-fi; carbonX1, fig. 1) as our predefined network of choice in our MDM software profile.
Having it as
the only
approved network, the end user’s device would only connect to that network when in range and
Page | 11
Fig.1
![Page 12: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/12.jpg)
Mobile Device Network Security-IASP 470
quickly turn down any other connections. This is also the case if the end user was also trying to
connect to a known private network, even with the right authentication credentials, the MDM
software will not allow the new connection. In turn, our approach would limit the connections
the device could have to those only pre-approved by the MDM administrator and thus reduce the
risks of MITM.
3.2 MDM Implementation & Testing
Having conducted a review of all the mobile device management software available, we
chose to implement and test our approach using Mobile Device Manager plus by Manage
Engine. This company is highly used and recommended in corporate environments and have
built their success initially with a workstation management software called Desktop central.
Having this type of experience, the company developed a mobile management console that is
truly flexible and easily configurable to any business size or need. The MDM software also
supports android, IOS and Windows mobile devices. As for our research purpose, Manage
Engine provided a 30-day trial of the software along with free support and a user support
document. Ideally, the software agent should be installed on a server and integrated with active
directory accounts to further enhance the security.
3.2.1 Initial Configuration- MDM Server
In our testing environment, we chose to simply install the software on a local machine
with administrative privileges. From here, we enabled the MDM service to run and then
configured our network connection via port 9383 HTTPS in order for the MDM app and MDM
server to communicate. Since we we’re using a Samsung Galaxy S6(android device) as our test
device, we also enabled port 443 HTTPs for successful connections between the MDM server
Page | 12
![Page 13: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/13.jpg)
Mobile Device Network Security-IASP 470
and FCM (android wake up service which allows commands to execute remotely). In addition,
ports 5228,5229 and 5230 we’re also allowed on our firewall so that the target device could
communicate with the MDM server. Lastly, we also had to allow a list of domains that the MDM
server was allowed to reach in order to fully configure.
3.2.2 Administrator Console & Device Configuration
Now that all the preliminary requirements we’re configured and met, we proceeded to
reach our MDM management console by the set IP address via web browser. For our testing
purposes, we chose to use the default service account credentials rather then active directory as
that was not previously configured. Once in the administrator management portal, we proceeded
to create a test group followed but a test profile. Within this test profile, a variety of parameters
and restrictions can be set accordingly. From requiring simple/complex value password to not
allowing devices the ability to use certain apps or features, ever aspect of the end device can be
managed. In our case, we only set that the pre-defined Wi-Fi network “carbonx1” is the only
approved external source for network connections. We also chose to disable the end user’s Wi-fi
toggle on/off button in order to allow for remote access when with in range. This is useful in a
scenario if the device was stolen, we could execute a remote wipe of the device even if the sim
card was taken out. The device would receive the command when in range of our defined Wi-Fi
network.
Now that the profile and groups we’re set up, we proceeded to download and install the
MDM management app on our Samsung Galaxy device from the play store. Once installed, we
chose the on-premise option and entered our MDM port and user credentials. After verification,
we agreed to the legal disclaimers and accepted the remote management disclosures from the
MDM agent. The device was now enrolled and available on the MDM console. We proceeded to
Page | 13
![Page 14: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/14.jpg)
Mobile Device Network Security-IASP 470
add it to our test group with the applied Wi-Fi restriction profile. In a matter of a few seconds,
the changes we’re applied and the device could no longer toggle Wi-Fi on/off or connect to any
other networks other then our test network. This was also the case when we tried to manually
connect to a new network. Even with the correct credentials, the connection was refused as
MDM serves at the intermediary between the device and network. It only would authenticate the
external connection if it was previously defined in the management profile.
Conclusion
With the rise of mobile communication, everyday users are reliant on network connection
in order to access information. As such, some place convenience over security and will
sometimes connect to unverified Wi-fi sources. When these connections are made, most do not
see the vulnerabilities of a public Wi-Fi network before it’s too late. Attackers can access user
information by man in the middle attacks and the best way to thwart these types of attacks are by
only connecting to trusted secure sources. In our testing, we have found that by implementing a
business grade mobile device management software; mobile device manager plus, we we’re able
to successfully mitigate the risk of connecting unknown Wi-Fi networks by only connecting to a
trusted pre-established network. With our configurations, we developed a plan to only assign a
trusted Wi-Fi source that was predefined in our MDM profile. This strict parameter was executed
successfully by mobile device manager plus as it is the device administrator between the console
and the user. As a result, ultimately our target device was able to only connect to the assigned
secure network and revoked other possible networks which effectively reduced the chance of
MITM. Lastly, we also disabled the Bluetooth functionality of the device through MDM, further
layering our security to the mobile device.
Page | 14
![Page 15: cysecure.orgcysecure.org/.../gpR_subinThomas_johnNuccio_anwarCa… · Web viewA Man in the Middle is one of the most popular types of attack on a network because it is simple to](https://reader036.vdocument.in/reader036/viewer/2022081611/5f0745357e708231d41c279c/html5/thumbnails/15.jpg)
Mobile Device Network Security-IASP 470
ReferencesKing, S. (2017, 5 18). Mobile Device Threat Data – Q1 2017. Retrieved from
https://blog.zimperium.com/mobile-device-threat-data-q1-2017/
Mythbuster: MiTM is the Biggest Mobile Threat. (n.d.). Retrieved from https://www.appthority.com/mobile-threat-center/blog/mythbuster-mitm-biggest-mobile-threat/
Swinhoe, D. (2019, February 13). What is a man-in-the-middle attack? How MitM attacks work and how to prevent them. Retrieved April 25, 2019
Manage Engine. “Setting Up MDM.” ManageEngine Mobile Device Manager Plus:: Help Documentation, www.manageengine.com/mobile-device-management/help/index.html.
ManageEngine, [email protected]. “Knowledge Base - Resources.” ManageEngine, www.manageengine.com/mobile-device-management/knowledge-base.html.
Page | 15