[preface]
been talking less and doing more, as the decreased frequency in posting might imply... hopefully i'll have something to share soonish, and will also try to share some good stuff made by other peeps too. before anything, i want to say that there are giants who've come before me, and if i couldn't stand on their shoulders i wouldn't be able to see or accomplish much at all... big ups to those who are working, researching, publishing, talking, sharing, and schooling!
a year or two ago 'mobility' was the buzz word to use if you were a security vendor trying to sell some FUD... solutions seemed lacking... i don't hear as much about mobility today, but it doesn't seem like the threat has diminished...
[chess]
so there's this fable about taking a grain of rice, and doubling it for each square on a chess board... when you get to the second half of the chess board, the numbers just get crazy... someone pointed out that if you look at moore's law, today we're somewhere around the 30th or 31st square on the board...
this post is about the mobile space taken in that general context...
[mobile]
a couple years back i was lucky enough to kick it in some swank vegas suite w/ a bunch of smart peeps... we shared drinks and shot the breeze, and it was a pretty good time. i talked to this cat from berlin who was/is active in the mobile space, and when i asked how long i had until i needed to really worry about my phone, he told me probably 12-18 months...
based on how things have played out since then, it doesn't seem like he was too far off... the mobile sploit space seems to be quite interesting and active. looking at the talks given at past conferences, it seems like there are a lot of ways to do a lot of damage... and what i'm hearing about upcoming cons is that the mobile space is crowded full of people itching to talk about how they can pwn your phone.
[target space]
mobile seems like a great platform to attack for a number of reasons:
- ubiquitous coverage: phones are almost everywhere you go
- limited target platforms: android, iphone, ... umm... ummm... something else?
- reliability: phones are pretty much always on, and always connected
- flexibility: phones can communicate across so many channels... sms, direct tcp/udp over 3g/4g, http, etc....
- ignorance: most ppl have no idea what's going on w/ their desktops, laptops, and servers... visibility into phones is significantly worse
- uncleanable!: not like there are many tools at your disposal to clean your phone... but try this out for fun... back up your contacts and whatever, and then 'factory reset' your device... well, i haven't tried an iphone, but on android... well, you might notice that after the reset your phone *did not* go back to the state it was in after you bought it. all those software updates your provider pushed remained in place even though all the trivial user stuff was reset. this means that the memory that stores that 'good state' is writable. if someone roots your phone, it doesn't seem like anything is preventing them from writing their pwnage there, and thus gaining persistence on your mobile platform... ug!
[so wtf are you talking about?]
just rambling about mobility attack and defense... so here are a few ideas about how you could use mobile platforms in ways not intended by mobile carriers; first some simple ones, and then some that are maybe more complex...
[simple mobile attacks]
- surveillance: i pwn your phone, and now i know a *lot* about you... i can listen w/ your microphone, so i know what you're saying, and who you're screwing. i can take pics n vid w/ your camera(s), and even though that's usually just the inside of your pocket, i can still get a lot of good stuff if i'm persistent or if i use programming to watch for changes before i capture anything... so i know where you go, and what you do, and who you talk to, and all that good stuff....
- blackmail: since i know all that stuff, and since you have plenty of vices and secrets and lies in your life, i can blackmail you pretty easy... well, most of you ;)
- virtual theft: hey lookit, you use your smart-phone for all kinds of things... i can keylog and get all kinds of passwords and such, and abuse you w/ all of that...
- spam: i use your connectivity to send my messages, and since ppl believe and click that shite, i make $$$...
[complex-ish mobile attacks/capabilities]
- research foo: some peeps are talking about using mobile phones as mass detection and reporting platforms... including simple sensors and things like that to enable near-real-time detection and reporting...
- physical/IRL theft/crime: since i can watch and listen and track everything someone does, it makes crime wayyyy easier. looking through your calls and txts let's me konw who you interact with, and who you live with. i can find their numbers and pwn them too. then i can wait until you're all away from the house somewhere far away, and maybe even wait until your neighbors aren't around too (or are sleeping, or are otherwise distracted) and then rob your house
- area surveillance: imaging you're the criminal above, or maybe some type of operator on a secret mission... by monitoring all the phones in a given location, you can get an idea of whether or not anyone heard you break that window, or whether they are calling the police. you can know what the people around you are seeing, hearing, and thinking...
- covert signal piggybacking for anonymous comms: ever see one of those videos demoing how you can spoof a cell phone base-station and intercept the comms of any nearby phone? well in theory it seems like you could do the same thing but be way more passive about it. it seems like you could captivate all local devices and then use a communication protocol that is capable of packetizing a communication stream and splitting it across multiple channels to arrive at the same destination. by sending your signal chopped up across multiple devices, it could be very difficult to trace back who originated the signal... it might not be optimal for two-way communications (although that might be possible), but for a single directional xfer, it should work nicely. one could imagine purpose built devices with a wireless antenna and ethernet jack that allow a person in an environment with an oppressive regime to communicate freely by hitching a ride on the signals of nearby mobile devices... many governments (both oppressive and freedom loving) are investing in reducing the ability of average citizens to communicate anonymously. if a session could be parsed and split across multiple carriers and multiple connections, it seems that would become significantly more difficult to track and suppress....
[solutions]
i haz no great ideas on how to make better software... but as far as i can figure, one potential solution for improving mobile security is for phones to include physical switches/toggles that act as kill switches for given services. flip switches on your handset to activate/deactivate things like 3G, camera, microphone, gps... this simple idea would at least give consumers and phone owners the power to feel relatively confident that phone features aren't being used if they don't want them to be... yes, the idea is pretty simple and lame, and no it will probably never happen...
