No Packets where injured in the making of this talk. All research results and analysis was done from the safety of my lab with my own equipment and my own packets and most importantly my own permission. No packets were obtained by War Walking, War Dining or Stroll Trolling from unauthorized networks without permission. Knowledge is a tool that can help or hinder society. Please wield it responsibly. Caution: Just because we can apply a moral and ethical filter doesn’t mean everyone else will. Get informed then make decisions! Change Smart Phone Perceptions Wi-Fi computer with phone capabilities vs. Phone with “ apps”. Utilize No Cost High Availability Framework Discuss and use free non-commercial tools from Google Play and the Internet. Introduce Terms and Techniques that help facilitate discussions and awareness of mobile threats. War Walking War Dining Wi-Fi Phaking Stroll Trolling Discuss and demonstrate remediation and mitigation techniques Enterprise and personal best practices discussed. A Smart Device - Android /Iphone Popular Rooting Programs A jail broke Apple I-phone will also do the trick Wi-Fi tablets are also an effective attack vector Some phones may not be “root-able”…yet. Android 2.2 – Unrevoked Android 2.3 – Revolutionary Android 2.4 – Eris and More to Come Iphone – Jailbreak.me Remember your roots! Rooting your device is accomplished by exploiting a vulnerability and dropping a payload that allows the capability to escalate privileges when requested. *http://jon.oberheide.org/files/bsides11-dontrootrobots.pdf Pros ▪ Increased Functionality and Control Pen-test / Packet Acquisition tool Wi-Fi Tethering Enhanced File Management Screen Capture ▪ Free or Almost Free ▪ No/Little cost for apps and programs ▪ Freedom ▪ Install other Operating Systems and Custom ROMS (Ex. BackTrack Linux) Cons ▪ Support ▪ You may void your warranty and support ▪ Cost ▪ You may brick the device Data Gathering and Analysis Packer Sniffer – Mobile Device • Used to record packets on a network Wi-Fi Hotspot – Mobile Device • Mobile internet capable gateway Data Aggregation Tool – Home Analysis • Used to find information in a capture file ▪ Time reported in early 2012, 46% of Americans own a smart phone. ▪ Most modern data plans have data limits. ▪ Open network are highly available in public. ▪ Smart phones send packets like computers. Shark for Root Free from Google Play a.k.a. Marketplace Used to passively sniff packets using a smart device. Gives network and security professionals the ability to analyze data to and from a target device. Gives criminals the ability to gather and exploit sensitive data of the uninformed for profit. Pirni for IPhone Free on the internet – See references for link Step 1) Turn on the Wi-Fi Functionality. Step 2) Tell your phone to inform you of open connections. Difficult To Detect No backpacks or antennas No sitting in a parked car for hours No aircraft circling No hot air balloon hovering Passive sniffing so no network anomalies or IDS detection The act of lingering or loitering in a geographical area for the purpose of gathering packets without prior authorized over a public wireless network using a smart phone or tablet. ▪Scenarios ▪Walking a dog or playing with a kid at a park ▪Hanging out at a mall ▪Reading on a park bench ▪Watching a movie – War Watching ▪ Eating a meal – War Dining The unauthorized act of gathering packets over a public wireless network with a smart phone or tablet while congregating in a Wi-Fi enabled establishment with the intent to eat or drink. In Walks Arpspoof! *https://github.com/robquad/Arpspoof/Arpspoof.apk/qr_code ▪ ArpSpoof is freely available on the Internet but was pulled from Google Play earlier this year. ▪ It creates a MITM session by wait for it….spoofing arp. ▪ It passes packets first to the device and then to the public Wi-Fi hotspot. ▪ Packets become readable because they pass through the phone first and then the Shark for Root capture before being passed to the public Wi-Fi access point. Want to take a Peek with Piik? ▪ Piik can be purchased from Google Play for $1.99 ▪ Allows images of captured and displayed from your smart phone ▪ Easy way to confirm data is being captured after Arpspoof is initialized. Packet captures (.pcap’s) need analysis NetWitness® Investigator 9.6 is the awardwinning interactive threat analysis software Free – non commercial Effortlessly discovers and categorizes sensitive data Download and install Netwitness on Win Machine Start, register, and activate the free software Email App – Leaked AD Permissions in clear text. Pcap analysis found that mail synch was allowed with http and https. Network credential where synching many times a minute in clear text! Misconfiguration was identified and corrected by this analysis. Many Apps will login in using http without users knowledge Angry Birds Season is phoning home A Recipe for Trouble 1 Part – Bad Guy/Girl with Rooted/Jailbroke Phone 1 Part – Wi-Fi Tethering App 1 Part – Social Engineering _________________________________ = “Wi-Fi Phaking” The act of configuring a smart phone as a Wi-Fi hotspot using a socially engineered naming convention like “Free Internet” with the sole purpose of luring devices and individuals to join the network with the intent of capturing and exploiting personal/confidential data. The act of lingering or loitering in a specific geographical location usually densely populated using a “Phaked” Wi-Fi connection with the intent of enticing unsuspecting individuals and devices into joining that network with the intent of capturing and exploiting clear text data leaked from the device. • Name Mobile Wi-Fi Hotspot “Lions Free Wi-Fi” at the Detroit game. • Name Mobile Wi-Fi Hotspot “Free Internet” at the Mall or crowded area. • Name Mobile Wi-Fi Hotspot “GM Free Internet” when in the Renaissance Center. So now that we know what can be done, how do we fix it? Three categories of corrective action: 1) (Good) Personal - Free 2) (Better) Personal - Low Cost 3) (Best) Enterprise Level – Higher Cost 1) Policy/Behavioral Change: Turn off Wi-Fi when in public areas if not needed. On Off This stops your device from auto-connecting to open available Hot Spots. 2) Use https vs http whenever possible if you are going to use a open Wi-Fi. However, not the best solution because data is still leaked. Ex. DNS and Apps are still clear text 3) Paradigm shift - Treat a open connection as a public terminal. Do not perform sensitive searches and perform private confidential tasks like banking while joined to an open Wi-Fi connection unless absolutely necessary. Assume all actions are being watched and monitored. Use your mobile Wi-Fi hotspot with WPA2 and > 10 character password for you tablet or laptop to join instead of the joining an available public hotspot when in public.** **This may quickly exhaust your data plan. • Use and inexpensive VPN service with your mobile devices which encrypts data from a public Wi-Fi hotspots. • VPN services as low as $3 dollars a month. Ex. IBVPN – Around $37 a year. • Cheaper than purchasing extra data from your mobile provider. • Encrypts all data to and from the public hotspot once active once active including DNS and App data. • Easy to configure the Encrypted Tunnel • Renders War Walking, War Dining, and Stroll Trolling ineffective once VPN is active. • Free VPN management applications available in the App Store and Google Play. (Ex. 5VPN) • Same account can be shared by any of your mobile devices including laptops, tablets, and phones. Some Mobile Device Attack Vectors • BYOD • • • Malware - Infections MITM - War Walking, War Dining Remote Access to Resources • • MITM - War Walking, War Dining, Stroll Trolling Theft/Forgery – Stolen/Lost phone Categorization and Management of Smart Devices • Smart phones are mini computers with phone capabilities. • Should be place firmly in the Remote Access Domain and be treated like work issue laptops and tablets. • This means SSL, Certificates and Corporate VPN solutions should be administered for all interactions with corporate resources. • If possible segregate the Mobile Wi-Fi Network from the rest of the corporate network • Funnels all data back inside corporate walls which means that it can be analyzed for data leakage and compliance. • Allows ACLs, Group Policy and Proxies to be applied on some level to enrich security and compliance on these devices. Remember: We have a computer in our pocket that can make phone calls instead of a phone with applications installed. Public Wi-Fi points can be dangerous if one does not understand what is at stake. Armed with just a little knowledge and technology one can practice safe surfing when using these public connections. Ask everyone you know if they have heard the following terms and explain to them what they mean. This helps the less technologically savvy friends and family to understand the threats associated with using Public Wi-Fi access points: • War Walking • War Dining • Wi-Fi Phaking • Stroll Trolling Thank You! RabidSecurity@gmail.com Twitter Handle: RabidSecurity If you tried to join the Phaked access point during this conference…what data would your device leaked in clear text. How much and what sensitive data does your device leak? Are you taking precautions to safeguard your data? Do you run a VPN solution on Public Wi-Fi? Revolutionary: S-OFF & Recovery Tool. (2012). Retrieved Feb 10,2012 from http://revolutionary.io- rooting software for android usually for Android 2.3 phones Unrevoked – set your phone free. (2012). Retrieved Feb 10,2012 from http://unrevoked.com/ - rooting software for android usually for Android 2.2 phones Shark for Root. (2012) Retrieved Feb 11, 2012 from http://market.android.com/details?id=lv.n3o.shark&hl=en – Used to passively sniff and record packets from an android device Pirni for IPhone. (2012) Retrieved March 5, 2012 from http://apt.thebigboss.org/repofiles/cydia/debs2.0/pirni_1.1.1.deb – Used to passively sniff and record packets from a Jail broke IPhone Time Business - Nearly 50% of Americans Own Smartphones; Android, iPhone Dominate (3-1-2012). Retrieved on March 5, 2012 from http://business.time.com/2012/03/01/nearly-50-of-americans-ownsmartphones-android-iphone-dominate/ Netwitness Investigator (2012)- Retrieved March 13, 2012 from http://netwitness.com/products-services/investigator-freeware Invisible Browsing VPN(2012)- Retrieved March 27, 2012 from http://www.ibvpn.com/ Android Robot Blender Model - Retrieved January, 1 2012 from http://www.blendswap.com/blends/author/darmau5/