QUESTIONABLE VALUE OF MDM FROM THE BYODS VIEWPOINT

YURY CHEMERKIN
Hackfest 2013

[ YURY CHEMERKIN ]
www.linkedin.com/in/yurychemerkin http://sto-strategy.com [email protected]
MULTISKILLED SECURITY RESEARCHER, WORKS FOR RUSSIAN COMPANY
EXPERIENCED IN : REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST) MOBILE SECURITY, INCL. MDM, MAM, etc. CYBER SECURITY & CLOUD SECURITY COMPLIANCE & FORENSICS ON MOBILE & CLOUD WRITING (STO BLOG, HAKING, PENTEST, eFORENSICS Magazines)

PARTICIPATION AT CONFERENCES:

INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS, DEFCON MOSCOW, HACKERHALTED, HACKTIVITY, HACKFEST CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY

[ MOBILE DEVICE MANAGEMENT]

WHAT DO WORKERS WANT WHAT DO COMPANIES WANT

[ MOBILE DEVICE MANAGEMENT]

WHAT DO THIRD PART Y USUALLY SELLFIRST CASE WHAT DO THIRD PARTY USUALLY SELLSECOND CASE

[ MOBILE DEVICE MANAGEMENT]

WHATS THE REAL DEVICE MANAGEMENT APPROACH INCLUDENOT LESS THAN
MOBILE DEVICE MOBILE DEVICE MANAGEMENT SOLUTION NATIVE / THIRD PARTY SOLUTION MOBILE APPLICATION MANAGEMENT SOLUTION EMBEDDED / NATIVE / THIRD PARTY SOLUTION MOBILE EMAIL MANAGEMENT SOLUTION NETWORK ACCESS CONTROL SOLUTION NOT ENOUGH NEW IDEA, BUT QUITE USEFUL IN CLOUDS ADDITIONAL SOLUTION AV, LOG MANAGEMENT, DLP-BASED SOLUTION, FORENSICS SOLUTION COMPLIANCE GUIDELINES / BEST PRACTICES

[ OPINIONS ]
Blackberry Windows iOS Android
APPLE IS SO SERIOUS TO LET MALWARE BE SPREADED THROUGH THEIR MARKET, EXCEPT Ch. MILLER CASE JAILBREAK,CYDIA,BLACK&OTHER MARKETS MICROSOFT (WINDOWS PHONE) HAS IMPLEMENTED THE SAME IDEA
GOOGLE HAS A WEAK POLICY THAT WHY EVERYONE GOT MALWARE IN OFFICAL MARKET EVEN PLUS 3RD PARTY MARKET PLUS REPACKAGES BLACKBERRY IS THE SAFEST OS BECAUSE THAT'S ABOUT THE SIZE OF IT

[ SECURITY ENVIRONMENT ]
EACH OS EVALUATESEVERY REQUEST THAT APPLICATION S MAKESTO ACCESSTO BUT LEADS AWAY FROM ANY DETAILS AND APIs
MDM HELPS TO PROTECT DATA AND MANAGE BLACKBERRY, iOS, WINDOWS, AND ANDROID DEVICES. MDM ENHANCED BY MANAGING THE BEHAVIOR OF THE DEVICE SECURE BOOTLOADER, SYSTEM SOFTWARE SECURITY (UPDATES), APPLICATION CODE SIGNING RUNTIME PROCESS SECURITY (SANDBOX, APIs) HARDWARE SECURITY FEATURES FILE DATA PROTECTION SSL, TLS, VPN PASSCODE PROTECTION SETTINGS (PERMISSIONS/ RESTRICTIONS, CONFIGURATIONS) REMOTE MAGAGEMENT
MDM REMOTE WIPE

[ KNOWN ISSUES. Examples ]

THREATSBOUNDSBECOME UNCLEAR
BYPASS MDM SOLUTIONS iOS, ANDROID
EXPLOITS, DUMP /MEM TO GET EMAILS BLACKHAT EU13 http://goo.gl/HN829p

COMPLIANCEBRINGS COMMONRECOMMENDATIONS
TIME-FRAME TO FIX 7+ MONTH or WAIT FOR A NEXT UPDATE WAIT FOR A VENDORS INTEREST TO YOU ANALYSIS OF APPS DATA IN THE REST BLACKBERRY, iOS
DATA LEAKAGE REVEAL PASSWORDS, MASTERKEYS, ETC. BLACKHAT EU12 http://goo.gl/STpSll

BLACKBERRY PLAYBOOK
EXPLOITS, MITM, DUMP .ALL FILES SECTO11R, INFILTRATE12, SOURCE BOSTON13 http://goo.gl/KaTtFG

GAIN ROOT ACCESS ANDROID

ANDROID
DATA LEAKAGE WEAKNESS OF CRYPTO ENGINGE PHDAY III 13 http://goo.gl/x1PPGK

APP SIGNATURE EXPLOITATION APP MODIFICATION BLACKHAT USA13 http://goo.gl/p5FhWG

[ KNOWN ISSUES. Examples ]

THREATSBOUNDSBECOME UNCLEAR
PLAYBOOK ARTIFACTS (see the previous slide) BROWSERS HISTORY NETWORKING IDs, FLAGS, MACs VIDEO CALLS DETAILS ACCESS TO INTERNAL NETWORK KERNEL BLACKBERRY Z10 DUMP MICROKERNEL EVEN DEVELOPERS CREDENTIALS (FACEBOOK, MOBILE, EMAILS) BLACKHAT DEFCON MOSCOW http://goo.gl/R74leX

COMPLIANCEBRINGS COMMONRECOMMENDATIONS
GUI FAILS (my results) BLACKBERRY OS DATA LEAKAGE REVEAL PASSWORDS, ANYTHING NO PERMISSIONS REQUESTED BORROW PERMISSIONS OF ANOTHER APP NullCon13, CONFIDENCE13 http://goo.gl/phMey2 Havent yet test on new blackberry devices

[ DEVICE MANAGEMENT ]
APPLICATION LEVEL ATTACKSVECTOR
GOALS - MOBILE RESOURCES / AIM OF ATTACK DEVICE RESOURCES OUTSIDE-OF-DEVICE RESOURCES ATTACKS SET OF ACTIONS UNDER THE THREAT APIs - RESOURCES WIDELY AVAILABLE TO CODERS SECURITY FEATURES KERNEL PROTECTION , NON-APP FEATURES PERMISSIONS - EXPLICITLY CONFIGURED 3RD PARTY AV, FIREWALL, VPN, MDM COMPLIANCE - RULES TO DESIGN A MOBILE SECURITY IN ALIGNMENT WITH COMPLIANCE TO

Goals AV, MDM, DLP, VPN Non-app features

MDM features

Kernel protection

Permissions APIs APIs

Attacks

[ DEVICE MANAGEMENT ]
Concurrencyover native & additional security features
= , , , set of OS permissions, set of device permissions, set of MDM permissions, set of missed permissions (lack of controls), set of rules are explicitly should be applied to gain a compliance = + , set of APIs , set of APIs that interact with sensitive data, set of APIs that do not interact with sensitive data To get a mobile security designed with full granularity the set should be empty set to get instead of , so the matter how is it closer to empty. On another hand it should find out whether assumptions , are true and if it is possible to get .

The situationis very serious

Set of permissions < Set of activities efficiency is typical case < 100%, ability to control each API = 100% More than 1 permission per APIs >100%
lack of knowledge about possible attacks improper granularity
AV, MDM, DLP, VPN
MDM features

Non-app features

Kernel protection Permissions

[ BLACKBERRY. PERMISSIONS ]
BB 10 Cascades SDK Background processing BlackBerry Messenger Calendar, Contacts Camera Device identifying information Email and PIN messages GPS location Internet Location Microphone Narrow swipe up Notebooks Notifications Player Phone Push Shared files Text messages Volume BB 10 AIR SDK + + + + + + + + + + + + + + + PB (NDK/AIR) + via invoke calls + + via invoke calls + + + + + + + +

[ BLACKBERRY. Significant APIs ]

Feature BlackBerry Messenger Calendar Camera Contacts Device identifying info Email & PIN messages Internet Microphone Notebooks Notifications Phone Push Shared files Text messages Account MediaPlayer NFC Radio & SIM Clipboard Q. APIs 77 443 47 316 15 347 161 21 123 32 27 25 78 10 66 66 24 68 6 Q. sign. APIs 70 126 41 150 14 211 145 15 86 24 22 22 70 6 21 63 11 51 4 % (sign .APIs) 90,91 28,44 87,23 47,47 93,33 60,81 90,06 71,43 69,92 75,00 81,48 88,00 89,74 60,00 31,82 95,45 45,83 75,00 66,67 Controlled ? + + + + + + + + + + + + + + -

[ BLACKBERRY. Common activities ]

35 30 25 20 15 10 5 0 6 4 5 7 3 6 8 21 18 17 14 4 4 4 4 34

3 2 1 1 1 2 2

3 2

2 1 1

3 1

2 5 1

Q. of m.+a. activity

Q. of m.+a. permission

[ BLACKBERRY. Derived activities ]

120 100 116 89 59 47 24 6 1 4 3 3 7 1 3 16 1 23 3 2 2 2

80
60 40 20 0

46 11
1

19
3 2 1 1

24 9 8 1

25 2 2 5

27 1

Q. of derived activities

Q. of derived perm

[ BLACKBERRY. Efficiency (%) ]

250.00 200.00 150.00 100.00 50.00 0.00 16.67 19.05 16.67 250.00 3.45 12.50 5.08 60.00 8.70 3.37 6.25 66.67 14.29 66.67 4.26 9.09 25.00 66.67 5.26 250.00

88.89 2.17 50.00

4.17 33.33

8.00 3.70

66.67
11.76

50.00 25.00 25.00

50.00
7.14

5.88 14.29 5.56 16.67

% m+a activity vs perm

% m+a derived activity vs perm

[ iOS. Info.plist(app capabilities) ]

Key auto-focus-camera bluetooth-le camera-flash front-facing-camera gamekit gps location-services microphone peer-peer sms still-camera telephony video-camera wifi Description handle autofocus capabilities in the devices still camera in case of a macro photography or image processing. handle the presence of Bluetooth low-energy hardware on the device. handle a camera flash for taking pictures or shooting video. handle a forward-facing camera such as capturing video from the devices camera. handle a Game Center. handle a GPS (or AGPS) hardware to track a locations in case of need the higher accuracy more than Cellular/Wi-Fi. retrieve the devices current location using the Core Location framework though Cellular/Wi-Fi handle the built-in microphone and its accessories handle peer-to-peer connectivity over a Bluetooth network. handle the presence of the Messages application such as opening URLs with the sms scheme. handle the presence of a camera on the device such as capturing images from the devices still camera. handle the presence of the Phone application such as opening URLs with the telephony scheme. handle the presence of a camera with video capabilities on device such as capturing video from the devices camera. access to the networking features of the device.

[ iOS. Settings ]
Component Restrictions :: Native application Restrictions :: 3rd application Unit subcomponents Privacy :: Location Per each 3rd party app For system services Contacts, Calendar, Reminders, Photos Bluetooth Sharing Twitter, Facebook Disables changes to Mail, Contacts, Calendars, iCloud, and Twitter accounts Find My Friends Volume limit Ratings per country and region Music and podcasts Movies, Books, Apps, TV shows In-app purchases Require Passwords (in-app purchases) Multiplayer Games Adding Friends (Game Center) Installing Apps Removing Apps Unit Safari Camera, FaceTime iTunes Store, iBookstore Siri Manage applications* Manage applications* Explicit Language (Siri) Privacy*, Accounts* Content Type Restrictions*

Privacy :: Private Info

Accounts

Content Type Restrictions

Game Center
Manage applications

[ iOS. Common activities ]

20 18 16 14 12 10 8 6 4 2 0 17 12 0 2 3 8 5 1 3 0 1 3 0 0 2 0 0 2 0 13 0 1 1 10 0 0 6 1 1 10 1 1 2 3 10 3 0 1 4

Q. of m.+a. activity

Q. of m.+a. permission

Q. of m.+a. perm plus parental perm

[ iOS. Derived activities ]

4

82
80 70 60 50 40 30 20 10 0

1
0 0 9 1 2 13 0 0 1 1 0 9 0 1 0 18 12 0 0 1 1 1 0 0 0 25

2 1

20 3

13

10

10

10

Q. of derived activities

Q. of derived perm

Q. of derived perm + plus parental perm

[ iOS. Efficiency (%) ]

100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%

11.11

15.00 7.69

5.56

50.00

10.00 16.67

4.88 8.00 40.00 11.76

25.00 10.00 33.33 0.00

7.69

50.00 16.67 0.00 0.00 0.00 0.00 0.00 50.00 50.00 10.00 16.67 33.33

0.00
0.00 0.00 5.56 0.00 0.00 0.00 0.00 0.00

3.66

20.00

0.00
0.00 0.00

4.00
0.00 0.00 30.00 5.88

0.00 0.00 16.67 0.00 0.00

0.00

7.69

0.00
0.00

% m+a activity vs perm

% m+a derived activity vs perm

Q. of m.+a. perm plus parental perm

Q. of derived perm + plus parental perm

[ Windows. Permissions ]
Permission General use capabilities musicLibrary picturesLibrary videosLibrary removableStorage microphone webcam location proximity internetClient, internetClientServer privateNetworkClientServer enterpriseAuthentication sharedUserCertificates documentsLibrary provides access to the user's Music library, allowing the app to enumerate and access all files w/o user interaction. provides access to the user's Pictures library, allowing to enumerate and access all files w/o user interaction. provides access to the user's Videos library, allowing the app to enumerate and access all w/o user interaction. provides access to files on removable storage, such as USB keys and external hard drives, filtered to the file type provides access to the microphones audio feed, which allows to record audio from connected microphones.. provides access to the webcams video feed, which allows to capture snapshots, movies from a connected webcam. provides access to location functionality like a GPS sensor or derived from available network info. enables multiple devices in close proximity to communicate with one another via possible connection, incl. Bluetooth, WiFi, and the internet. provides outbound (inbound is for server only) access to the Internet, public networks via the firewall. provides inbound and outbound access to home and work networks through the firewall for games or for applications that share data across local devices. Special use capabilities enable a user to log into remote resources using their credentials, and act as if a user provided their user name and password. enables an access to software and hardware certificates like smart card. provides access to the user's Documents library, filtered to the file type associations Description

[ Windows. Significant APIs ]

Feature Notifications Music library Pictures library Videos library Removable storage Microphone Webcam Location Proximity Internet and public networks Home and work networks Enterprise authentication Shared User Certificates Documents library Clipboard Phone SMS Contacts Device Info Q. APIs 68 1300 1157 1300 1045 274 409 37 54 488 488 8 20 1045 132 18 122 97 221 Q. sign. APIs General use capabilities 4 138 133 138 109 33 91 5 19 134 134 Special use capabilities 4 5 126 Non-controlled capabilities 20 6 25 31 30 % (sign. APIs) 5,88 10,62 11,50 10,62 10,43 12,04 22,25 13,51 35,19 27,46 27,46 50,00 25,00 12,06 15,15 33,33 20,49 31,96 13,57 Controlled? + + + + + + + + + + + + + + -

[ Windows. Common Activities ]

14 12 10 14

8
6 4 2 0 1 1 1 1 3 1 1 1 1 1 3 3 5 6 3 1

8 6

4 5
1 2

3 1

4
2 2 2

3 1 0 0 0 0

2 0

Q. of m.+a. activity

Q. of m.+a. permission

[ Windows. Derived Activities ]

25 20 15 10 5 0 1 8 10 8 5 1 2 2 2 1 3 6 3 1 1 2 14 11 7 5 1 2 2 0 0 0 0 0 6 21 16 12 12 8 15 11 8 8

Q. of derived activities

Q. of derived perm

[ Windows. Efficiency (%) ]

120.00 100.00 100.00 100.00 120.00 100.00 100.00 125.00 100.00 100.00 100.00 80.00 60.00 40.00 25.00 25.00 20.00 33.33 20.00

27.27 42.86
33.33 33.33 14.29 31.25 16.67 14.29 9.52

50.00 33.33 16.67 16.6716.67 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

20.00
0.00

% m+a activity vs perm

% m+a derived activity vs perm

[ A droid. Permissions ]
List contains~150 permissions
ACCESS_CHECKIN_PROPERTIES,ACCESS_COARSE_LOCATION,
ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE, ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_ MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT

I have ever seen that on old BlackBerry devices

RD_AUDIO,REORDER_TASKS,RESTART_PACKAGES,SEND_SMS
,SET_ACTIVITY_WATCHER,SET_ALARM,SET_ALWAYS_FINISH, SET_ANIMATION_SCALE,SET_DEBUG_APP,SET_ORIENTATION ,SET_POINTER_SPEED,SET_PREFERRED_APPLICATIONS,SET_P ROCESS_LIMIT,SET_TIME,SET_TIME_ZONE,SET_WALLPAPER,S

OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC
TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_ PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK

TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET
,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTE VIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_ PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY, BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN

GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T
OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_ PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_ OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_ CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_ SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS, READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO

ET_WALLPAPER_HINTS,SIGNAL_PERSISTENT_PROCESSES,STA
TUS_BAR,SUBSCRIBED_FEEDS_READ,SUBSCRIBED_FEEDS_WR ITE,SYSTEM_ALERT_WINDOW,UPDATE_DEVICE_STATS,USE_C REDENTIALS,USE_SIP,VIBRATE,WAKE_LOCK,WRITE_APN_SET TINGS,WRITE_CALENDAR,WRITE_CALL_LOG,WRITE_CONTAC TS,WRITE_EXTERNAL_STORAGE,WRITE_GSERVICES,WRITE_HI STORY_BOOKMARKS,WRITE_PROFILE,WRITE_SECURE_SETTIN GS,WRITE_SETTINGS,WRITE_SMS,WRITE_SOCIAL_STREAM,W RITE_SYNC_SETTINGS,WRITE_USER_DICTIONARY,

[ A droid. Permission Groups ]

But there only 30 permissions groups
ACCOUNTS AFFECTS_BATTERY APP_INFO AUDIO_SETTINGS BLUETOOTH_NETWORK BOOKMARKS CALENDAR CAMERA COST_MONEY DEVELOPMENT_TOOLS DEVICE_ALARMS DISPLAY HARDWARE_CONTROLS LOCATION MESSAGES MICROPHONE NETWORK PERSONAL_INFO PHONE_CALLS SCREENLOCK SOCIAL_INFO STATUS_BAR STORAGE SYNC_SETTINGS SYSTEM_CLOCK SYSTEM_TOOLS

I have ever seen that on old BlackBerry devices too

USER_DICTIONARY VOICEMAIL WALLPAPER WRITE_USER_DICTIONARY

[ A droid. Efficiency (%) ]

50.00 45.00 40.00

35.00
30.00 25.00 20.00 15.00 28.57

33.33

20.00 20.00 15.38 15.38

9.52 0.00 0.00

25.00 20.00 10.71 0.00 2.91 0.00 7.14 4.55 8.33 7.14 10.00 4.00 3.13

10.00
5.00 0.00

2.00

5.88 3.13 0.00

% m+a activity vs perm

% m+a derived activity vs perm

[ Average quantitative indicators ]

100%

102.74
90%

80%
70% 60%

119.31

60.63

8.86

29.26

1.89

2.32

42.04

30.48

48.06

32.79

60.38

435.95

0.64 7.43 17.07 9.68 1.47

9.06 0.69 1.63 54 5.94 20.97

16.99 9.21 22.76

50%
40% 30% 20% 10% 0%

62.37

3.84

58.06

394.86 67.48

9.23

32.48

2.01

2.19

38.4

27.6

38.4

27.6

Q. APIs

Q. sign APIs

Q. of m.+a. activities

Q. of derived activities

Q. of m.+a. permissions

Q. of derived permissions

% m+a activities %m+a derived vs % m+a vs perm vs perm perm enhanced by MDM

% derived vs perm enhanced by MDM

Android

Windows

iOS

BlackBerry

MDM . Extend your device security capabilities

Android
CAMERA AND VIDEO HIDE THE DEFAULT CAMERA APPLICATION PASSWORD DEFINE PASSWORD PROPERTIES REQUIRE LETTERS (incl. case) REQUIRE NUMBERS REQUIRE SPECIAL CHARACTERS DELETE DATA AND APPLICATIONS FROM THE DEVICE AFTER INCORRECT PASSWORD ATTEMPTS DEVICE PASSWORD ENABLE AUTO-LOCK

CONTROLLED FOUR GROUPS ONLY

LIMIT PASSWORD AGE LIMIT PASSWORD HISTORY RESTRICT PASSWORD LENGTH MINIMUM LENGTH FOR THE DEVICE PASSWORD THAT IS ALLOWED ENCRYPTION APPLY ENCRYPTION RULES ENCRYPT INTERNAL DEVICE STORAGE TOUCHDOWN SUPPORT MICROSOFT EXCHANGE SYNCHRONIZATION EMAIL PROFILES ACTIVESYNC

MDM . Extend your device security capabilities

iOS
BROWSER
DEFAULT APP, AUTOFILL, COOKIES, JAVASCRIPT, POPUPS OUTPUT, SCREEN CAPTURE, DEFAULT APP

CONTROLLED 16 GROUPSONLY

MESSAGING (DEFAULT APP)

BACKUP / DOCUMENT PICTURE / SHARING ONLINE STORES , PURCHASES, PASSWORD DEFAULT STORE / BOOK / MUSIC APP ONLINE STORE

CAMERA, VIDEO, VIDEO CONF CERTIFICATES (UNTRUSTED CERTs) CLOUD SERVICES BACKUP / DOCUMENT / PICTURE / SHARING NETWORK, WIRELESS, ROAMING DATA, VOICE WHEN ROAMING CONTENT (incl. EXPLICIT) RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS CONNECTIVITY

MESSAGING (DEFAULT APP) PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES) PHONE AND MESSAGING (VOICE DIALING) PROFILE & CERTs (INTERACTIVE INSTALLATION) SOCIAL (DEFAULT APP) SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS DEVICE BACKUP AND ENCRYPTION

CONTENT

STORAGE AND BACKUP VOICE ASSISTANT (DEFAULT APP)

DIAGNOSTICS AND USAGE (SUBMISSION LOGS)

MDM . Extend your device security capabilities

BlackBerry (new, 10, QNX)
GENERAL
MOBILE HOTSPOT AND TETHERING PLANS APP, APPWORLD

CONTROLLED 7 GROUPSONLY

PASSWORD (THE SAME WITH ANDROID, iOS) BES MANAGEMENT (SMARTPHONES, TABLETS) SOFTWARE OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE BBM VIDEO ACCESS TO WORK NETWORK VIDEO CHAT APP USES ORGANIZATIONS WI-FI/VPN NETWORK WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE VOICE CONTROL & DICTATION IN WORK & USER APPS BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE PC ACCESS TO WORK & PERSONAL SPACE (USB, BT) PERSONAL SPACE DATA ENCRYPTION

NETWORK ACCESS CONTROL FOR WORK APPS PERSONAL APPS ACCESS TO WORK CONTACTS SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS
CERTIFICATES & CIPHERS & S/MIME HASH & ENCRYPTION ALGS AND KEY PARAMS TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS PROXY PASSWORD/PORT/SERVER/SUBNET MASK

EMAIL PROFILES

WI-FI PROFILES

SECURITY

VPN PROFILES

PROXY, SCEP, AUTH PROFILE PARAMS TOKENS, IKE, IPSEC OTHER PARAMS PROXY PORTS, USERNAME, OTHER PARAMS

MDM . Extend your device security capabilities

Blackberry (old)
THERE 55 GROUPS CONTROLLED IN ALL EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY DISABLE/ENABLED & HIDE/UNHIDE EACH EVENT IS CONTROLLED BY CERTAIN PERMISSION ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS

Huge amount of permissions are MDM & device built-in

EACH UNIT CANT CONTROL ACTIVITY UNDER ITSELF CREATE, READ, WRITE/SAVE, SEND, DELETE ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING BY REQUESTING A MESSAGE PERMISSION ONLY SOME PERMISSIONS ARENT REQUIRED (TO DELETE ANY OTHER APP) SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF THAT PLUGIN

10

[ Vulnerabilities of OS and apps ]

Score - iOS Score - Android Score - BB

2004 2005 2007 2007 2007 2008 2008 2008 2008 2008 2009 2009 2009 2009 2009 2009 2009 2009 2009 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2013 2013 2013 2013

[ Vulnerabilities of OS and apps ]

MIN & AVERAGE SCORE
Android Average, 8.2
iOS Average, 6.3 BB-Average, 6.3

BB Min, 2.1

Android Min, 1.9 iOS Min, 1.2

Min & Average Score

[ APPLICATION AUDIT , APP ANALYSIS TOOLS ]

HEYDUDE, WHYIS IT VULNERABLEAGAIN?
HOW MANY THE TOOLS ARE (approximately):
iOS 10 ANDROID 50 WINDOWSPHONE 40 BLACKBERRY - 10

SORRY,BOSS,IHADJUST BEENCOMMITEDA WRONGBRANCH

QUANTITY OF BUGS / SECURITY FLAWS
AVERAGE 50 MIN 20 MAX INFINITY

BUGS TYPE (OBVIOUS | LIKELY)

OBVIOUS BUGS LIKELY BUGS LIKE SQL WARNING BUGS (CHECK IT OUT)

COMPLIANCE AND MDM

CSA Mobile Device Management: Key Components
Device diversity Configuration management Software Distribution Device policy compliance & enforcement Enterprise Activation Logging Security Settings Security Wipe, Lock IAM Make you sure to start managing security under uncertain terms without AI

NIST-124
Refers to NIST-800-53 and other Sometimes missed requirements such as locking device, however it is in NIST-800-53 A bit details than CSA No statements on permission management Make you sure to start managing security under uncertain terms without AI

Severity & Efficiency

Permissions
BlackBerry Windows Android iOS

MDM
BlackBerry (old) iOS BlackBerry (new) Windows

Vulnerabilities
BlackBerry Windows iOS Android

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account country code, phone number Device Hardware Key login / tokens of Twitter & Facebook Calls history Name + internal ID Duration + date and time Address book Quantity of contacts / viber-contacts Full name / Email / phone numbers Messages

FORENSICS EXAMINATION
Conversations Quantity of messages & participants per conversations Additional participant info (full name, phone) Messages Date & Time content of message ID

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account country code, phone number login / tokens Facebook wasnt revealed Buy me for.$$$ Avatars :: [email protected] (jfif) Address book No records of address book were revealed Check log-file and find these records (!) Messages Messages Date & Time

FORENSICS EXAMINATION
content of message ID :: [email protected]

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account Phone number Password, secret code werent revealed Trace app, find the methods use it Repack app and have a fun No masking of data typed Information Amount Full info in history section (incl. info about who receive money)

FORENSICS EXAMINATION
Connected cards Encryption? No Bank cards Masked card number only Qiwi Bank cards Full & masked number Cvv/cvc All other card info

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account ID , email, password Information Loyalty (bonus) of your membership all you ever type Date of birth Passport details Book/order history Routes, Date and time, Bonus earning Full info per each order

FORENSICS EXAMINATION
Connected cards Encryption? AES 256 bit On password anywayanydayanywayanyday Store in plaintext Sizeof(anywayanydayanywayanyday) = 192 bit

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account ID ,bonus card number, password not revealed Other id & tokens Information Date of birth Passport details History (airlines, city, flight number only) Flights tickets, logins credentials Repack app and grab it

FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY
Account ID , password Loyalty (bonus) card number Information Not revealed (tickets, history or else) Repack app

FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
Account ID , email, password Other id & tokens Information Loyalty (bonus) of your membership all you ever type Date of birth Passport details All PASSPORT INFO (not only travel data) Your work data (address, job, etc.) you have never typed! (except preparing member card) Flights tickets Repack app and grab it

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
Account ID , however password is encrypted Information Loyalty (bonus) of your membership, program name 901***** \\ Skymiles Flight confirmations, depart time, flight #:: GCXXXX || 0467 || 2013-11-07T12:40:00+04:00 || DL90 "checkedIn": "false, "seatNumber": "09B", Issued date, ticket # :: "2013-10-26T15:37:00-04:00", 006xxxxxxxxxxx Aeroports :: SVO/ "Sheremetyevo Arpt, JFK/"John F Kennedy International, NYC / "New York-Kennedy

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION

[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAY FORENSICS EXAMINATION
Account ::: PIN , Names, Status "74afbe19","Yury Chemerkin, "*fly*, "@ Holiday Inn (MOSCOW)" Information Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","1382891450014" Transferred files "RemotePin, "Path","ContentType, "image/jpeg, "23436780, "/storage/sdcard0/Android/data/com.skype.raider/cache/photo_1383731771908.jpg Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF Invitations: "Pin","Greeting","Timestamp",LocalPublicKey/PrivateKey","EncryptionKey Messages (Date, Text,) :: "1383060689","Gde","Edu k metro esche, probka tut","Park pobedy,"Aha"," ","Belorusskaja","" Logs Revealing PINs, Email, device information, Applications actions associated with applications modules *.c files, *.so, etc. It helps to analyze .apk in future

ISSUES : USELESS SOLUTIONS

USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE
MERGING PERMISSIONS INTO GROUPS, e.g. SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS SEPARATED (BlackBerry old) SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS MERGED INTO ONE UNIT (BlackBerry new) SCREEN CAPTURE IS ALLOWED VIA HARDWARE BUTTONS ONLY NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS OFFICIALLY ANNOUNCED SANDBOX MALWARE IS STILL A PERSONAL APPLICATION SUBTYPE IN TERMS OF (IN-)SECURITY SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS INABILITY OF BACKUP MAKE DEVELOPERS TO STORE DATA IN SHARED FOLDERS

CONCLUSION
PRIVILEGEDGENERAL PERMISSIONS
DENIAL OF SERVICE REPLACING/REMOVING FILES DOSing EVENTs, GUI INTERCEPT INFORMATION DISCLOSURE CLIPBOARD, SCREEN CAPTURE GUI INTERCEPT SHARED FOLDERS DUMPING .COD/.BAR/APK FILES

OWN APPs, NATIVE & 3RD PARTY APPs FEATURES

MITM (INTERCEPTION / SPOOFING) MESSAGES GUI INTERCEPT, THIRD PARTY APPs FAKE WINDOW/CLICKJACKING GENERAL PERMISSIONS INSTEAD OF SPECIFIC SUB-PERMISSIONS A FEW NOTIFICATION/EVENT LOGs FOR USER BUILT PER APPLICATION INSTEAD OF APP SCREENs

Q&A