CanSecWest Day 2 – Smartphones, mobile security, iOS 5 and NFC

Cellular phone tower

Android logoWith the conference in full swing, I bring to you the highlights from the talks on day two at CanSecWest (before the party).

The day began with Scott Kelly from Netflix presenting “Root Proof Smartphones, and Other Myths and Legends”. He began by explaining the desire manufacturers and carriers have to prevent phone users from gaining root (administrative) access to their smartphone devices.

He proceeded to discuss early efforts on the Android platform to lock it down and how researchers and hackers were able to easily bypass the measures employed. Kelly also pointed out how many of the flaws and weaknesses that allow rooting result from a poor understanding or implementation of cryptographic techniques.

He went on to discuss what manufacturers have learned to date and explained their move toward a total trusted boot environment, similar to the controversial announcement about UEFI signed booting of Windows 8 on ARM devices.

Next up was Colin Mulliner whose talk was titled “Probing Mobile Operator Networks”. He conducted his research by finding as many IP network blocks as he could that belong to mobile phone operators in Europe and scanning them to see what he might find.

Public domain photo of a cell towerSome of Mulliner’s findings were surprising. He found a far larger number of non-smartphone devices such as traffic controllers, GPS tracking devices, power system controllers and industrial control devices than he expected.

Unfortunately although many of these embedded type devices are used in very sensitive applications, nearly all of them were accessible without a username or password being entered.

Another interesting result was his scan for iPhones. He found approximately 500,000 iPhones in his scan, and approximately 2,000 were jailbroken. That is only .4% of iPhones that were running SSH, although some may be jailbroken with SSH turned off.

Stefan Esser was up next with his talk “iOS5 – An Exploitation Nigthmare?” where he explained the efforts over the years to jailbreak Apple iOS and the roadblocks Apple has introduced that are increasing the difficulty of accomplishing new jailbreaks.

Esser discussed some of the techniques used by @comex over the years and how those days are over now that he has a job at Apple.

New jailbreaks for iOS not only require mad skills, but the timing of their release is important as well. With a new iOS release like 5.1 just being made available, now is an ideal time for jailbreakers to exploit any remaining vulnerabilities to extend the amount of time it will remain usable.

Google Wallet logoAnother interesting talk was “Intro to Near Field Communications (NFC) Mobile Security” by Corey Benninger and Max Sobiel of Intrepidus. They began by explaining the differences between NFC and other RFID technologies that many of us use regularly, like HID RFID cards for accessing our offices.

While they presented some interesting ideas as to how application insecurities in Blackberry or Android devices could be used to scam users, as well as how rogue NFC tags would be quite trivial to use in a scam, nothing new was really presented. These techniques have been discussed related to QR codes and RFID cards in the past.

They did an excellent job explaining how all of it works for people who haven’t been exposed to NFC technology before, but I think that more research needs to be done to understand this fledgling technology.