Customized: determines exploit on the fly, based on user’s OS, browser, etc
Easy to use: management console provides stats on infection rates
Customer care toolkit can be purchased with one-year support contract!
Proxy intercepts request and adds fields
Bank sends login page needed to log in
When user submits information, also sent to attacker
Credit: Zulfikar Ramzan
Estonia: network attack
Jaak Aaviksoo, Minister of Defence
Steal cars with a laptop
NEW YORK - Security technology created to protect luxury vehicles may now make it easier for tech-savy thieves to drive away with them.
In April ‘07, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months.
… Beckham's BMW X5s were stolen by thieves who hacked into the codes for the vehicles' RFID chips …
iPhone attack (summer 2007)
iPhone Safari downloads malicious web page
Arbitrary code is run with administrative privileges
Can read SMS log, address book, call history, other data
Can perform physical actions on the phone.
system sound and vibrate the phone for a second
could dial phone numbers, send text messages, or record
audio (as a bugging device)
Transmit collected data over network to attacker
iPhone security measures
“Reduced attack surface”
Stripped down and customized version of Mac OS X
does not have common binaries such as bash, ssh, or even ls.
MobileSafari - many features of Safari have been removed
No Flash plug-in, many file types cannot be downloaded
Some internal protection
If USB syncing with iTunes, file system cannot be mounted
File system accessible to iTunes is chroot’ed
Weak security architecture
All processes of interest run with administrative privileges
iPhone does not utilize some widely accepted practices
Each time a process runs, the stack, heap, and executable code located at precisely the same spot in memory
Buffer overflow on heap can write executable instructions
Extract and statically analyze binaries
Using jailbreak and iPhoneInterface,
Audit related open-source code
MobileSafari and MobileMail applications are based on the open source WebKit project