On our fear and apathy towards smartphone attacks

Video in TIB AV-Portal: On our fear and apathy towards smartphone attacks

Formal Metadata

On our fear and apathy towards smartphone attacks
Title of Series
Number of Parts
CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
Crowdsourcing mobile network security assessments.
Neumann boundary condition Presentation of a group Software Multiplication sign Data acquisition Smartphone Information security System call
Web page Authentication Computer program Mobile app Email Divisor Information Data storage device Plastikkarte Computer network Measurement Digital photography Arithmetic mean Point cloud Figurate number Information security Hacker (term) Simulation Information security
Email Android (robot) Touchscreen Personal identification number Numerical digit Authentication Password Maxima and minima Data storage device Revision control Information Traffic reporting Fingerprint Point cloud Personal identification number Pattern recognition Graph (mathematics) Touchscreen Digitizing Token ring Computer network Bit System call Social engineering (security) Hand fan Word Pattern language Summierbarkeit Energy level Information security Address space
Videoconferencing Address space Asynchronous Transfer Mode Neuroinformatik Mach's principle
Point (geometry) Personal identification number Asynchronous Transfer Mode Email Personal identification number Numerical digit Ultraviolet photoelectron spectroscopy Coma Berenices 2 (number) Number Mechanism design Mathematics Radio-frequency identification Term (mathematics) Password Smartphone Website Amenable group Asynchronous Transfer Mode
Personal identification number CAN bus Presentation of a group Mathematics Personal identification number Electronic mailing list Limit (category theory) Leak Force
Personal identification number Code Real number Multiplication sign 1 (number) Set (mathematics) Limit (category theory) Estimator Hacker (term) Robotics Personal identification number Default (computer science) Digitizing Projective plane Electronic mailing list Maxima and minima Leak Type theory Message passing Computer configuration Password Hill differential equation Right angle Videoconferencing Force
Personal identification number Standard deviation Slide rule Asynchronous Transfer Mode Standard deviation Personal identification number Numerical digit Code Digitizing Forcing (mathematics) 1 (number) Limit (category theory) Number Goodness of fit Computer configuration Password Videoconferencing Force
Personal identification number Surface Slide rule Personal identification number Code Multiplication sign Computer-generated imagery Authentication Password Process capability index Control flow Shareware Digital photography Password Touch typing Pattern language Right angle Pattern language Smoothing Information security Information security Theory of everything Fingerprint Fingerprint
Airfoil Email Multiplication sign Computer-generated imagery Sound effect Digital photography Digital photography Goodness of fit Algebraic closure Video game Pattern language Contrast (vision) Information security Fingerprint Fingerprint
Arithmetic mean Fluid Different (Kate Ryan album) Moment (mathematics) Fingerprint
Digital photography Slide rule Digital photography Computer-generated imagery Authentication Process capability index Video game Bit Information security Fingerprint Shareware Fingerprint
Presentation of a group Greatest element Personal identification number Inheritance (object-oriented programming) Multiplication sign Virtual machine Password Plastikkarte Computer network Bit Limit (category theory) Number Password Videoconferencing Backup Logic gate Information security Point cloud
Personal identification number Touchscreen Game controller Functional (mathematics) Real number Password Maxima and minima Database transaction Line (geometry) Control flow Shareware Number Information Absolute value Message passing
Touchscreen Message passing Personal digital assistant Digitizing Multiplication sign Password Computer file Physical law Series (mathematics) Shareware
Slide rule Neumann boundary condition Digital photography Software maintenance Twitter
Logical constant Information Database transaction Online help Entire function Social engineering (security) Number Message passing Internetworking Message passing Family Identity management Address space
Touchscreen Random number Presentation of a group Email Personal identification number Proxy server Code Password Set (mathematics) Bit Control flow Flow separation Shareware Twitter Telecommunication Paderborn Institute for Scientific Computation Password Touch typing Pattern language Information Remote procedure call Message passing Information security Proxy server
Type theory Neumann boundary condition Functional (mathematics) Software Open source Smartphone Theory Physical system Form (programming) Number
Computer program Pay television Service (economics) Dependent and independent variables Spyware Number Derivation (linguistics) Estimator Internetworking Message passing Form (programming) Pay television Service (economics) Server (computing) Operator (mathematics) Internet service provider Computer network Cartesian coordinate system Leak Message passing Process (computing) Software Basis <Mathematik> Remote procedure call Freeware Bounded variation
Authentication Authentication Moment (mathematics) Electronic mailing list Code Heat transfer Database transaction Trojanisches Pferd <Informatik> Heat transfer Telebanking Cartesian coordinate system Neuroinformatik Connected space Different (Kate Ryan album) Password Information security Block (periodic table) Bounded variation Metropolitan area network
Authentication Service (economics) Code Authentication Content (media) Sheaf (mathematics) Code Heat transfer Database transaction Trojanisches Pferd <Informatik> Telebanking Cartesian coordinate system Neuroinformatik Number Term (mathematics) Electronic visual display Website Smartphone Information security Block (periodic table) Information security Form (programming)
Point (geometry) Android (robot) Presentation of a group Group action Mobile app System call Pay television Service (economics) Open source Length Supercomputer Twitter Number Degrees of freedom (physics and chemistry) Type theory Internetworking Operator (mathematics) Business model Encryption Information security Vulnerability (computing) Identity management Key (cryptography) Information Closed set Moment (mathematics) Operator (mathematics) Computer network Bit Database transaction Line (geometry) Group action Cartesian coordinate system System call Type theory Word Uniform resource locator Software Ring (mathematics) Website Encryption Intercept theorem
Mapping Multiplication sign Software developer Mathematical analysis Sound effect Computer network Perspective (visual) Rule of inference Dimensional analysis Mathematics Software Hausdorff dimension Configuration space Information security Intercept theorem Information security
Arm Mapping Instant Messaging Computer network Likelihood-ratio test Average Invertible matrix Type theory Software Encryption Hausdorff dimension Information Information security Information security Traffic reporting Identity management
Presentation of a group Mobile app User interface Observational study Coroutine Estimator Software Smartphone Software testing Endliche Modelltheorie Information security Traffic reporting Form (programming) Information Mapping Weight Projective plane Data storage device Computer network Bit Database transaction Cartesian coordinate system System call Measurement Neumann boundary condition Googol Software Quicksort
Android (robot) Computer file Moment (mathematics) Sound effect Cartesian coordinate system Neumann boundary condition Bit rate Different (Kate Ryan album) Term (mathematics) Endliche Modelltheorie Wireless LAN Computing platform Social class
Personal identification number Revision control Android (robot) Different (Kate Ryan album) Multiplication sign Density of states Design by contract Set (mathematics) Drum memory Information security Writing Asynchronous Transfer Mode
Web page Computer program Android (robot) Group action Multiplication sign Computer network Neumann boundary condition Computer configuration Software Computer hardware Smartphone Asynchronous Transfer Mode Modem
Point (geometry) Term (mathematics) Order (biology) Encryption Smartphone Figurate number
Point (geometry) Presentation of a group Email Key (cryptography) Information Multiplication sign Projective plane Set (mathematics) Bit Rule of inference Number Revision control Radical (chemistry) Malware Different (Kate Ryan album) Semiconductor memory Personal digital assistant Term (mathematics) Computer hardware Encryption Self-organization Smartphone Fiber bundle Information security
Beta function Image resolution Phase transition 1 (number) Letterpress printing Information privacy
Metre Digital photography Image resolution Flash memory Instance (computer science)
Email Computer configuration Archaeological field survey Reduction of order Line (geometry) Open set Thermal conductivity Social engineering (security)
Sine Multiplication sign Data acquisition Musical ensemble Booting
and it
and not
morning thank you all for coming few as the title of of the presentation suggests that it was in English is the challenge for me and none of them was the you of course we don't have get in here for this presentation during our work in the mobile network and mobile phone security some where you engage in all this research and develop all these complicated attacks and threats scenarios and talk about them all the time and then you get a call from your mother at nite and she says well nice but how can I
protect myself and you you you just realize it able to answer the question so we thought about the
measures that users can take to protect themselves against at least the most prominent but the threat scenarios and we want introduce those and show you how you can protect yourself alright and um today today were um going to be talking 1st about attacks on lost and stolen phones and as the title of the talk mentions this is above the it not only here but also apathy so 1st I wanna convince you to not be so apathetic and about about that the security of the data on your phones and and I but I also do under relieves some unfounded fears the and so 1st let's think about what kind of data is actually stored on my iPhone for example this is just 1 page I'm of apps and it's and has a on there that if if if he had access to them I would give him immediate access to all of my e-mail all of my messaging accounts might be cloud storage and ii I use Dropbox and my photos my photos also contain geotagging information so they could see where those photos were taken and and figure out where where I live work or where even a and my my secret girlfriend lives and because it took photos of her house as well and my calendar my my social networks all my friends all my contacts their birthdates locally stored documents on the phone and that's just immediate access the phone also gives a potential attacker the means to to escalate his privileges so he can have an S and S sent to the phone that will allow him to gain access to other online accounts that he that he realizes that have by looking at the phone but it has uh I have I have an aunt that authentication token uh program on there that will give him the 2nd factor that he needs to get into other accounts and he also of course has my SIM card so you can send SMS and receive SMS and also make
make phone calls and and uh creates huge social engineering attacks and which I'll try to demonstrate that in an old minute and so the even though we have all of this on our phones it turns out
that most users don't protect the fans at all but most people don't have a pin and this this graph was made from data from June 2013 by Consumer Reports that usually do a good job of like getting data but it is sum of course biased towards the U. S. crowd I hope this this audience does have a an already but if this were an American audience there would be a 64 per cent chance that you don't have a pen there's a 23 per cent chance that you have a 4 digit PIN I although going to that in a little bit more detail in a minute and there's only 13 per cent of you that have something other than a so for a lot of Android users that's the US this white pattern that you see on the screen on some versions of Android have face recognition and newer phones have have fingerprint and so back in this data and uh was collected there word many fingerprint funds in the US but the and less and so I'll show you 1st what can happen to you the
64 per cent of you that that don't have any protection at all and so this is that there a short video that I made and last last October I when I found a kind of a loophole in the in the and the new I'll ask that had just come out that allowed an attacker to even get around and even get around the protection that is supposed to have have by by sending out of all all white commands your from so
the attacker is already in the phone but there's a white command on it of
see and there's a wide command on it you can see it's an airplane mode it just goes in and sees the e-mail address that the phone is registered to then on his computer and he goes to I forgot that
apple . com and has a password reset e-mails sent to the owner of the account but because he has the phone he can just connected to Wi-Fi for just a 2nd and wait until he hears a upping in amenity um you would European if there were 1 the attacker here's a pain and terms of Wi-Fi the pain means that the password reset token just arrived he goes into the e-mail account how to reset your Apple ID and password here we go so there's a white command on the phone and the owner who lost the phone on the subway or was marked and had it still immediately sent a white command but it doesn't matter is turned on airplane mode of or took the card out or did any other in any number of other things to keep the wife command from coming but e-mail gets retrieved 1st so we just wait a couple of seconds so point being even the protection mechanisms that are in place aren't enough unless you protect data now let's
talk about four-digit pins this is the the responsible about 23 per cent compared to the 64 per cent that have nothing four-digit pins were invented to protect 10 pound ATM withdrawals in the sixties that 10 pounds back in the sixties was a lot of money But the pins were truly random they weren't chosen by the users they were limited to 3 attempts and and you weren't allowed to you weren't allowed to change that happens at the site to the change depends and to make it that's a 1 2 3 4 which is of course on the top of everyone's mind as the most obvious and and all the password
leaks agree 1 2 3 4 is the most common can in fact it's 11 per cent roughly about 1 in 10 of you if you were American or a Korean our whoever had their their data would have the pin 1 2 3 4 does anyone have that
now if you see your opinion on this list of change it now this is this this presentation you
can kind of play along and you can change things as we go along hopefully and and feel a lot more secure when you when you leave the of but also more conscious that there are and a few dangers out there and so the top 10
10 is the top 10 represents 17 per cent so this that this data comes from Justin anglers of projects he he put together other peoples and make various data is on the right he put together a bunch of data from all over the place real password leaks and then I can artificially stolen intends but it's it's a pretty realistic estimate compared to to previous and estimates of what the most common things now we see on their 0 0 0 0 is a very common 1 As are repeated individual digits and but then there's some seemingly random ones so for example 2 5 8 0 if you look at the keypad becomes pretty obvious that people are lazy about 2 5 8 0 straight down the middle now 5 6 8 3 that once truly random why is it that in the top 10 well if you ever watch the movie hackers from 1992 starring Angelina Jolie love is the most common passwords and that spells L O V E on the keypad in Korea and idea 1 0 0 4 is the most common or 1 of the most common pens because of Chung son heading was the korean means angel and it also sounds like 1 thousand 4 now so 4 digit PIN I should give give an attacker as 0 so air 10 typing intent and should give an attacker 0 . 1 per cent chance of I'm not here from turns out he has about a 1 in 5 chance now nine-digit and should give an attacker in about a 1 in 10 to the 6 chance the top 10 sorry the top 10 should give an attacker 1 in 10 to the 6 it ends up giving him 45 % because people are lazy right so 1 2 3 4 5 6 7 8 9 is not a 9 digit pass code it's not it's the 1st gas anyone would make so only along truly random opinions can make your device secure and before you think that brute forcing a pan is is something that no 1 would ever do you think about the time it would take on it would take me on a maximum of a maximum of 6 hours with default settings if you have an of 4 in 5 chance so if I have a hundred phones all get into 80 of them within 6 hours and I can do that using a
handy 3 D printable robot released last year just kind by just a name it's called R to be 2 and this is what it does it goes through the list from top to bottom because that's the most efficient way this you see a bear that is not going 1 2 3 4 it's actually going through the probability list the 2 at the ego the 5th most common so I a four-digit PIN if
it's if it's 1 of the the ones that are more likely is not good protection at all and but also for y 4 digits you can you saw on the previous slide but the iPhone
if you have a simple passcode gives away that you have a 4 digit PIN why don't why why does
anyone need to know that you have 4 digit PIN it could just say enter past code and you could enter whatever you like but it gives a way that you have for digit and so the brute force is know exactly what to
do 4 digits is completely arbitrary the
inventor of 18 and pin has said that his wife told him that she thought 4 digits would be of a good number for ATM pins back in the sixties so that became the world standard and is somehow set in our mind is what it's supposed to be now doesn't that was the the 23 per cent of pretty responsible people what about the 13 that that think they're tricking the systems or think
they're they're doing something out of the ordinary well non password are also not necessarily scare the newest version of Android basically says as much so a slide it is just so it doesn't lock in your pocket there's no security at all a pattern is what you see on some in the middle right here and that's that's those patterns that you swipe on the phone and it turns out you put in your pockets Jacob I got you can still see this white on the phone this white out they're easy to forget as well so the backed up by a pin so the even even if I even if you couldn't break that the slide you can break the pin through brought brute-forcing and people are lazy about pins so does matter now fingerprints fingerprints are pretty interesting and some of you might recall last last September when the Chaos Computer Club here in Berlin and starboard I'm broke into you Apple's Touch ID Touch ID had a bounty on it I think it was some 10 10 thousand dollars and porn book in a bottle of whiskey in all kinds of stuff it was prices that everyone really wanted as so there is a lot of campus competition and sadly Starbuck actually beat me to it and and and got into Touch ID and but the reason the reason why fingerprints answers secure and the way that the Chaos Computer Club and I can get into the phones and anyone who follows my hand the instruction manual later and is because your fingerprint are left all over the place even on the phones they protect but also you can get rid of your finger print as easily as you can the pin 1 2 3 4 you can only do that 10 times and then you have to start using your toes and then it's done I've changed my password hundreds of times and I still have as many left as I could ever need on and also even even on the news devices are that that try to do better they're backed up by Penta past code anyway because maybe the sensor will fail so I've mentioned
my handy dandy instruction manual of Linus can you and my cameraman for a minute In this world with this works if you have way this is great and and the so
command FOR here and there very dying so it is treated you have 1 of these things change it now thanks
and carry the in the thank further security this can work yes magic alright so now and this is a film and so the the way that you can you can spoof fingerprint 1st get a fingerprint or may be difficult to see but with the right lighting the this with the right light and you can find it here and then you take a photo is take a photo of the fingerprint and the um last last year I did it with my iPhone 4 s since upgraded to the phone then I have hacked and then you have camera review of this idea that then you edit the photo you may get black and white increase the contrast and printed out on 1 of these overhead projector foils for specifically and Canada's milky white a paper then you put it on a PCB and this this new stuff fingerprints on it before I I exposed and developed and text this PCB you know with the fingerprints then you go to the hardware store and vise and graphite lubrication friend what the let it dry don't e-mail who we're going to the the the it's not legal closure goods there around and then the the and then they magically just like in any good cooking show so it drives patterns and what's fall through effect called in in some in English you're the native speaker i have the thing is this usually works this is we're gonna times and now we're going to try life on stage so that would probably won't work against away and you turned into warm up 1st cold mornings would glue would blue
is a um non-Newtonian fluid for anyone who's interested but does that mean
it means that I'm like like silly party can actually crack the difference even though it should kind of the flexible maintain the kill it off alright at the moment of truth took the fingerprint others phone in seeing the owner can get on with his with his finger monitors here you go was that the little that I and so
I I believe I believe that the world's
1st I believe that the world's 1st that the life of a completely live demonstration this yeah absolutely no cheating that even a camera cut brilliant just a bit of preparation that alright so this can work they work again and so here's the recipes for anyone who wants their quickly take
it take a photo of it and for anyone who's a fingerprint aficionado yes this is starbucks fingerprint I I just went through the entire recipe with you so all I have to go to the next slide
so I am so
hopefully I've made you a little bit afraid so hopefully have instilled a little bit of fear about being apathetic and now what can you do to fix these these security problems that everyone faces but so for 1 thing you can limit the number of times that a thief can even even try him brute-forcing doesn't work on an ATM because it's limited to 3 tries and then the machine eats a card and it's over so this is this is my brute-forcing it doesn't work on limited limit your parents you a set number of times and ideally have the phony race all of the data and destroy it you try you have a backup anyway right and depending on who you work for you might have a Microsoft Exchange account or something else my phone has an exchange account which is why the the fo the bottom down there under a race data is a little bit hazy I can't even turn that feature off and another feature is fine my iPhone in the video earlier the thief was able to get around fine my iPhone and get get around the remote white teacher by by sending a password reset the himself and then was able to actually along the phone he was actually he would have been able to sell it and but it's still a nice bag of the are also stupid so basically not just not just a cell phone users but also cell phone thieves are lazy and stupid and so here for iPhone users we have the exact instructions this is only for iPhones because we figure that anyone who uses Android already knows how to use being um
so another thing that you can do is turn on command and control no no that's very turn off the preview function in the um control notifications so and you just saw a pin and actually attended transaction number arrive on my phone this is a real transaction number and and by playing around with that I really got my account like I thank you have but
a line as mentions mentions an attack later on where you can use a transaction number 2 basically steal any amount of money you
like from an account that you've taken over otherwise I I think spot has here in Germany has a 5 digit password and which need and in the and that's your that's that's long enough and but combined with this is definitely not 1 and so turn off this message previews next time you're at your mother-in-law's house and you get an embarrassing of some embarrassing message and that you don't want your mother in law the sea is also nice feature turn off these previews notice setting sinification center messages and turn off show preview now there are another feature that a lot of people are very aware of and I think there was a high
highs article yesterday on on on series and that kind of exposed um these these virtual assistants the voice dissent but
see if I can do that pardon the within a year ago school photograph you now following me turn off these previews and
so you can see is a slide unlike and there's
no way that I could get into this because you can't even guess what maintenance again cancel so what do I do I'm a thief I find this phone on the subway whose my girlfriend yeah it and
will the
nowadays so use the contact information for a fake girlfriend that you know that come out of the send a message to my girlfriend PD I need help send me 1 thousand dollars by Western Union and send me the transaction number come on the internet and worked continental but it could OK I did that from a locked phone I can do that to my mom to my brother to everyone it doesn't need to be my voice and anyone can do this on my phone you can the article yesterday and it's those that by by making a an unclear requests are not whose my girlfriend but do doctors enough year allows which 1 of these doctors and then you have trust other and you get into the entire address book with all of their birth dates all of their addresses all of the information and all the tools you need to know how to do this kind of social engineering attacks and
carry back into the presentation patterns so
running at I so the
way deactivate this is don't settings pass code or touch IDN Pasco on I as an answer on iPhone 5 S and just deactivate everything that's there and and don't let your Tweets show up in front of an audience of hundreds of people the and so a few things
that you can do and will drastically increase your protection from this kind of attack 1st activate the screen like at all even 1 1 1 1 is a little bit may be better than nothing on but use a long random 10 or better yet the passcode using of alphanumeric I'm come doesn't America carrot characters thank you that's the word and deactivate the bypass possibilities so that was that was URI just now and mosey again deactivate the bypass that possibility just talked about and keep a password reset account off of your phone so it does you if you lose your phone you don't want the thief to have the exact same e-mail account that you do now so keep a separate e-mail account for your password resets ideally and after that that's that's hopefully relieving some of your fears giving you some tools that you can use to to feel better about fun security and I'll pass it on to Linus um for remote attacks thanks a lot a
few so remote attacks are of course the 1 thing that you know everybody thinks about when they talk about smart phones because you this
this neat little device that has so many sensors and so many functionalities and an open source operating system a lot of people that want to Donald software for it so you really really want to infect such a form of when you're an attacker and consequently of course people are very afraid that that may happen to them and they have all kinds of theories of how the fall was hacked and how you know what's strange things happen to them and yes they need you know some the crashed in there was something else on the screen and I believe somebody you know I I think they're after me and so what we want to show here is the kind of my with that is actually built for smart phones from and that we actually see out there in the wild and of course in the end give yearly some hints on how to avoid these type of types of infections the number 1 type of my way of
both surprisingly on is targeting money yet again as you as attackers usually do so this is a piece of my where that sends premium SMS you may know the service oftentimes at the price for the nation's you know you send send an SMS with uh I love all children knowledge through to donate 10 10 dollars to the children Protection Foundation and anybody can register such a number the and attackers can do to so what you do is you just build a little piece of my where put it out there in the wild and advertise it as a you know cracked application which is quite easy for our and what applications and so build in job derivative so you can actually merge infections into existing programs with just a reasonable effort and then you just distribute this correct application to to users or oftentimes is also found in these kind of useful tools easy-to-program stuff that defined on markets like look at my little flashlight have isn't that a great idea you can use your cell phone as a flashlight download this knowledge free and so you hide this in their people willfully install your your software and then what you do is you have this piece of my where connect to the Internet to find out where it's supposed to send premium SMS to and it says the system as without alerting the user know these premium SMS and then conveniently built to your phone bill and if you just keep it low and you don't get too greedy or you get you satisfy you agree by infecting a lot of phones instead of sending hundreds of messages from 1 form chances are you you go unnoticed for quite a while so a dollar or 5 from 1 the call on like see nobody will notice and so this is 1 thing we see quite a lot of what their recently there was a little variation of this where the attackers did not actually do this to get the money themselves but to just save the money so they were sending and they were paying for other services so paid content services on the internet that we're targeting adults that were paper these SMS and you needed to send an SMS there and then you receive the token back that would give you access and they were aiming for these tokens the so the Mao was also stealing estimates from the user another thing
we see not as much as I thought we would see it but still it's out there it's by my so that's what people are afraid of freight so you folders infected by somebody that then you know and intercepts you short messages keeps you call AUC went on you know may turn on the microphone remotely doubles kind of scary attacks that that people do when you it turns out it doesn't seem to be the government that doesn't it seems like it's a boyfriend that doesn't so people infect other people's phones with my where that is available as a service on the internet and this my where that feed of all these attacks completely takes over the phone and leaks all the data to a service and the clout where then the attacker can conveniently log in and see what the what the target was doing and so not only is the data lead to 2 you know 1 of your closest friends it was able to infect you for why they had their hands on it it's also lead to this this statuses that they're using unfortunately these guys don't have a remote infection service so again everything that Ben just told you helps you to defend against this attack 1 more thing
this is really like this is a beautiful 1 I have to admit of when online bank started moving from you know these catalysts that people just in like anymore because they were losing them or they would just scanning
them and storing them to you come to the computer and they move from from those so that from these 10 lists to SMS authentication so not only do I need to have the password to log in to my online banking application I also need to possess my phone to receive the authentication told that the bank sense to me when I want to the wire transfer money somewhere so that of course the kind of ruined the the whole thing for attackers that wanted to you know that use of Trojans on computers to just sniff the banking credentials and then cut off the connection in the moment you typing in the 10 to steal the 10 and then make and make their own transaction war different variations of this attack in a man in the middle session full-length move from sending SMS to the user that say you want to transfer this amount to the
following account number and this is the authentication told so this section increase in security because the authentication token is then limited limited to this single transactions and all the attackers that build my where choose this online banking not only to to also moved to the fold so what they did was they added something to them I where that displays warning to the warnings to the user and says your computer's file you secure but we worry about your smart phone the why don't you download this little security edition from this website that we have here for you to make sure that you for a secure as well the user does that and have an SMS trojan on this form that enables the attacker to selectively hide messages and that the phone receives and instead forward them to the attacker so the tech as infected the for the computer has the banking credentials then tells the phone to listen there be an SMS please don't display that to the user just forward the contents to my service so I can finish my banking transactions so there's a few ways around it some as usual try not to get your phone infected if you can live with some less convenience you may want ob for 1 of those flicker code readers but of course you can tell that they definitely a drawback in terms of on in terms of security so what do you wanna do against those the remote
text try to stay away from pirated applications you know and install e what you actually need on your phone and I don't trust security advice you didn't ask for unless it came from us so I
wanna finish this presentation with just a few words on the stuff that we that we usually do with that our team usually on and
also the weaknesses of mobile network so these are the things that on where Europe degrees of freedom of protection are quite limited so I also wanna talk a little bit about these other we generally
categorized 3 types of attacks that of mole 1 that would facilitate the 1st and most obvious 1 is tracking of few location the more network needs to know where you are so that it can make your phone ring it's impossible for all more 1 that works all around the world to send the signal hey there's a call for line is at this moment all over the world so the mole when that would know was roughly where I am which is fine and it's needed for the more when it was operations unfortunately from 1 networks tend to disclose this information to other parties in what is called the S S 7 network which is where more when networks interconnect with other more networks the and this has led some people to create business models where they offer tracking services sold their websites on the Internet where you can type in a phone number and it will tell you where this person is at the moment they're not work network operators that don't support the services and you probably well off to choose 1 of those if you wanna be protected from those type before text intercept is of course the most famous attack on mobile phones demonstrated I guess by no oftentimes it often enough by that's people of our team and people of other security teams so that you read and other people's SMS and was sniffing them from all over the years so there's nothing you have this just an antenna nothing anybody can detect just sniff the transaction and cryptid the and I think a very convenient way in the cool way in the sense around this is to use and trend encryption applications there are a lot out there I'm not going to tell you which 1 to buy on them but preferred sperm Android or I Spy was market that you want to know that you want to opt for some and I guess when you get to this point in this is where security often becomes um uh well what people all there um overestimate how how important security or how secure security needs to be so oftentimes the the but they will but this is a closed source application and I can trust the people at issues and and this is using a cypher key length of only 128 bit and that the NSA only needs 10 years on on a supercomputer to crack at and I don't trust is that the point is you're probably better off using 1 of these the applications then you're off if you're not using 1 so I definitely encourage the use of these kind of apps and a special phones for also for just calling you mom and telling her how to secure phone also of course you may want to opt for networks that have better types of encryption running on 1 last attack Ben already talked a bit about it is the impersonation attacks used to you and other users identity and then perform actions on their behalf for example sending premium SMS no I talked a lot about how you should choose a network that you know is more secure than the other and of course if I if I tell you to do that I probably also need to tell you how you can do it so this is why we
operate a little website called G is a map where we measure and assess the security of mobile networks all around the world so what you see here are some countries in Germany and the colour indicates how whole secure the networks are in this country in general and then if you look at the country you can see on how the networks in that country perform so we're doing quite OK you're by may say and
this for example is the intercept protection In on Germany needless to say we've covered I think more were far more than 50 countries but now I forgot to quantum again alone we do with the risk analysis in the 3 dimensions that I just explained the and we know recently added a longitudinal perspective where you can see how when that work security developed from back in 2011 when we started to our doing this so this is the development in Germany so you see some networks don't don't really change the configuration over time some other networks and 1 interesting effect base I see here is that at the end of last year but there was a sudden peak for at least 3 of the German networks that then are made from on some configuration changes rule must
say that this has something to do with this young of lady in the picture but I have to admit that on that but I know that it's a naught that mean that this is the temporal coincidence but well coincidence this is a coincidence on it takes much longer to prepare these upgrades then just a few on just a few months or weeks so so mobile networks in Germany are currently rolling all the more secure ciphering no and you can read all about it in
our arms detailed country reports that we have created for more than I think 27 countries on the map where we give a lot of bad wrong on hollow these attacks work how you defend against them and what the security measures each network in in a given country has taken to protect you the now of course the big question is how do we get all the data on and this is where way I think about what I'm a bit proud of we are we don't do it all
by ourselves because that would be you know a bit too expensive to fly to every country and then to the measurements was just created an app and so there is an android app that you can download to your phone which has the future to you know to locate you and detector network and inform you about the security of the network you currently in and also has the opportunity of the gives you the opportunity to contribute data so you you go through a little testing routine with the form makes a couple of test calls since a couple of test estimators has some incoming transactions and locks all this information and then submitted to reduce some of the AUC weight will then end up in reports like these and nice comments and charge on each on all on the application is available for Android bound for technical reasons it's limited to the Galaxy S 2 and S 3 models which I have to defend myself were among the most common forms that we find out there so that's why we support them it's available on the Google Play store or at all so sort is out of study for all of you who want to you know downloading compare themselves the and I'd be glad if you would on CC opportunity to to contribute to this nifty little project that's about the end of the presentation i hope that you are now have some ideas on how to protect your smart phone and that you be a bit called more cautious when installing applications to it and of course I'd be happy if you know take the chance to contribute some data to G is a map or maybe not from Berlin because we live here so that's why we tend to contribute a lot of data from yourself thanks a lot thank
you with for that of course taking questions that's where we finished and the and this anyone have any questions about
anything we've talked about I think there's a microphone hi now in English and you were talking about now
where in act is there a difference and between cuyo and rate but there is a difference it shows different this mostly caused by the the way Apple tries to protect their business
interests so the apple platform is generally more locking in in terms of you know you not even able to install pirated applications that make it quite hard for you to to jailbreak the phone while makes it much easier and you know has always open spirit behind it and its height effect of these you know protection of commercial interests of apple is said that we find less common less model for wireless devices with which is also which is also good PR for them it's also good PR for them but I like for example this by my with that I just showed showed is available file US BlackBerry and Android the the other classes and back you I and II use an Android device at the moment and I've always used and red
devices for quite some time a but I don't understand why it's not possible to lock the um distaste mood or the download mode for your phone where you can't wipe the cash reset the phone and reloaded I'm sorry I didn't understand the beginning of the question you and I uses Android he's not sure why you can't look to download mold lock the download I I'm I'm just sitting there and I'll have user and I have my in my
experience every phone is different every every manufacturer has a different version of Android on there and it depends on what accounts and you have on the phone so I know for example that if you tired Google account the phone a lot of security settings are improved so instead of unlimited pins for example 0 you uh delete your phone and you enter a Google account on the download but I don't I don't know what you're talking about I did idea use the Galaxy Nexus and I run of the mill and write on it and when you press all the T buttons when your phone is off you come to this DOS DOS-like mode where you can reuse wide all the security that you've uploaded before and just restart you form like brand new so as soon as you lost your phone and someone who knows how to wipe it it's gone you contract anymore OK well I think other
and and I have written to Google a couple of times on the group last page and the just say it's not possible but don't give any reasons why it's not possible to not that mode and I think that you just need at that there's a Q-switched foreign these modems and 1 another programmer I so
you're from now you can your concern is that if the pH is then able to keep your device and that's the that of course about cancer and these these devices sulfur
you've 600 euros and so they're they're expensive but and that's that's the least of our concerns on is that you lose a piece of hardware because they can be replaced and the fact that you the fact that you can add and delete a phone I'm actually I'm actually surprised that Android doesn't have some option to to completely kill the device they're thinking about it thought of generally speaking I
I tend to agree with then I'm quite happy as long as you know the so the figure at the and if they fees my phone I just want them
to say you know have a phone on because they're probably you care more about the data that the phone so my main concern is that people get access to the stuff that's on my phone the at some things follow you great talk from but I think you missed 2 points here at the point 1 hand and you
would not talk about smart phone encryptions and this was an order of possibilities to introduce smart and then when somebody finds useful smartphone in terms of often it's blocked so I think this is a great future only and the 2nd pond and is not that close related to smartphones but a thing it's a very important point of it's the security in
um in an open Wi-Fi and organs different man-in-the-middle attacks so all of whom I
knew I would be to that of the hearer something from you next time when you talk about this about this points and um I've got to run 1 question that I get reliable information about the smart phone mail radicals all information I get is from the term security measures some manufacturers like unto rules manufacturers and I don't trust numbers of or the 1st some hardware or full-disk encryption smartphones is a great idea is just insert this presentation because it's a bit more complicated to set up in very specific to the device also also 1 of the settings that that recommended the the white features that actually automatically bundles in encryption on on the newest version of i so wiping in this case is not done by deleting all 64 gigabytes of memory but it's just like stretching the encryption key on all all rice lots of presentations on those against the and my which transparency there are no quite some projects out there that bottle malware that was found for for this is where we get most of the samples from that we analyzed and there are also projects like all transparency projects operated by different users to create my with transparency
on and I'm not sure whether the ones I know was still in the private data phase already in the public beta phase I tell them I I tell you later on in the the the
what about the thing up and lack of the PCP PCP etching step can be replaced by 3 D printing ieee don't know I I've never seen a 3 D printer that has some I think I think the iPhone has a sensor that reads 500 dpi and I know that that resolution is
required because of an iPhone 4 S photo taken from a meter away probably doesn't have that resolution but that'll do and a good 3 D printers should be able to do it are there there are definitely other methods this is your this was invented by members of or all member of of the CCC and they of course have and etching solution lying around and I recently found something called a flash from the user to make stamps and that also gives you an immediate like instance from 3 D beveled surface so that that that step can definitely be made easier I think there 3 D printer poses of 3 main challenges
1st this usually they're just not that find so you have to spend a lot of money to get a
3 D printer that is able to create such fine lines also there's a reason that amen is using this stuff because it has some on physical features of the regarding the conduct tiveness of of the material he was just talking about them the mold enough not yeah I guess the PC is definitely the cheaper auction yes definitely definitely the cheaper option among
the right reduction from hi I heat-shock 1 hour world of pretty sophisticated data thefts and options do you have any data of any surveys from all these stolen phones in some way how often the thief even tries to social engineer with the open e-mail or US massless URI I'm so high that the thing is the thieves don't like giving the data to scientists usually so
I I don't know I'm we we we don't know but I do know that if I found a a cell phone and with no prior knowledge of the device I I would try a few things to get in on and I if I needed money then I would also be able to do it easily with without any advanced and computer skills as as you saw I used would glue and not is the and the reason that that the PCB the PCB that you can actually um outsourced you can order it online the could OK that so yeah I I don't I don't know any but we Linus was the no I was just trying
to save your as saying that he would only access the phone to see room belongs to so that you can form the
personal so if I were a criminal might decide that sins 0
OK I'm alright so we've just been given given the boots and the Austin
music is in a stop playing so I would like to thank you all again for coming this early in the morning thanks for all of Europe the questions and please contact us and if you'd like to know more have any more comments thanks very much time
on his back