Scribd Logo
Upload

Welcome to Scribd!

  • 0 views

    Yury Chemerkin Athcon 2013

    Uploaded by

    Yury Chemerkin
    This document is a presentation by Yury Chemerkin for the AthCon 2013 conference. It explores how integration features impact sandbox environments, with a focus on reverse engineering, mobile security, and compliance. The presentation provides insights into the challenges and solutions related to sandboxing in cybersecurity, emphasizing the importance of transparency and secure integration practices.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Yury Chemerkin Athcon 2013

    Uploaded by

    Yury Chemerkin
    0 views18 pages
    This document is a presentation by Yury Chemerkin for the AthCon 2013 conference. It explores how integration features impact sandbox environments, with a focus on reverse engineering, mobile security, and compliance. The presentation provides insights into the challenges and solutions related to sandboxing in cybersecurity, emphasizing the importance of transparency and secure integration practices.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document is a presentation by Yury Chemerkin for the AthCon 2013 conference. It explores how integration features impact sandbox environments, with a focus on reverse engineering, mobile security, and compliance. The presentation provides insights into the challenges and solutions related to sandboxing in cybersecurity, emphasizing the importance of transparency and secure integration practices.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    0 views18 pages

    Yury Chemerkin Athcon 2013

    Uploaded by

    Yury Chemerkin
    This document is a presentation by Yury Chemerkin for the AthCon 2013 conference. It explores how integration features impact sandbox environments, with a focus on reverse engineering, mobile security, and compliance. The presentation provides insights into the challenges and solutions related to sandboxing in cybersecurity, emphasizing the importance of transparency and secure integration practices.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 18

    THE SANDBOX DIFFERENCES OR HOW AN

    INTEGRATION FEATURES AFFECT THE SANDBOX


    INDEPENDENT SECURITY RESEARCHER / PhD.
    YURY CHEMERKIN
    AthCon‘2013
    [ Yury Chemerkin ]
    www.linkedin.com/in/yurychemerkin http://sto-strategy.com yury.chemerkin@gmail.com

     Experienced in :
     Reverse Engineering & AV
     Software Programming & Documentation
     Mobile Security and MDM
     Cyber Security & Cloud Security
     Compliance & Transparency
     and Security Writing
     Hakin9 Magazine, PenTest Magazine, eForensics Magazine,
     Groteck Business Media
     Participation at conferences
     InfoSecurityRussia, NullCon, CONFidence, PHDays
     CYBERCRIME FORUM, Cyber Intelligence Europe/Intelligence-Sec
     ICITST, CyberTimes, ITA, I-Society
    BLACKBERRY SECURITY ENVIRONMENT
    BLACKBERRY EVALUATESEVERY REQUEST THAT AN APPLICATION MAKES TO ACCESS A CAPABILITY

    BLACKBERRY ENTERPRISE SERVICE HELPS MANAGE AND PROTECT BLACKBERRY, IOS, AND ANDROID DEVICES.

    UNIFIED COMMUNICATION AND COLLABORATION SOFTWARE

    DESIGNED TO HELP PROTECT DATA THAT IS IN TRANSIT AT ALL POINTS AS WELL IS IN MEMORY AND STORAGE

    ENHANCED BY A CONTROL OF THE BEHAVIOR OF THE DEVICE

    PROTECTION OF APPLICATION DATA USING SANDBOXING

    MANAGEMENT OF PERMISSIONS TO ACCESS CAPABILITIES

    BB EVALUATES EVERY REQUEST THAT APP MAKES – BUT LEAD AWAY FROM ANY DETAILS AND APIs
    KNOWN ISSUES
    MALWARE BOUNDSBECOME UNCLEAR… COMPLIANCE BRINGS USELESS RECOMMENDATIONS

     BLACKBERRY HANDLES SEVERAL TECHNOLOGIES  USER-MODE MALWARE


     NATIVE  SPYWARE
     BLACKBERRY 10, BLACKBERY PLAYBOOK  ROOTKITS
     OLD BLACKBERRY DEVICES  EXPLOTS & ATTACKS
     THIRD PARTY  REVERSING NETWORK LAYER
     ADOBE AIR FOR NEW BB DEVICES  PARTIALLY RECOVERING DATA VS. SANBOX
     ANDROID APPLICATIONS & DEVICES  MDM vs. COMPLIANCE
     IOS DEVICES  A FEW RECOMMENDATIONS
     EVERY CONTROLLED LIMITED BY  SET IS LESSER THAN SET OF MDM FEATURES
     SANDBOX  YOUNG STANDARDS
     PERMISSIONS  FIRST REVISIONS
     SECURITY FEATURES ON DEVICEs & MDMs  DRAFT REVISIONS
    BLACKBERRY CAPABILITES - ANDROID
    CONTROLLEDFOUR GROUPSONLY by BlackBerry CONTROLLED 74 OUT 200 APIs ONLY by Android

     CAMERA AND VIDEO  LIMIT PASSWORD AGE


     HIDE THE DEFAULT CAMERA APPLICATION  LIMIT PASSWORD HISTORY
     PASSWORD  RESTRICT PASSWORD LENGTH
     DEFINE PASSWORD PROPERTIES  MINIMUM LENGTH FOR THE DEVICE
     REQUIRE LETTERS (incl. case) PASSWORD THAT IS ALLOWED
     REQUIRE NUMBERS  ENCRYPTION
     REQUIRE SPECIAL CHARACTERS  APPLY ENCRYPTION RULES
     DELETE DATA AND APPLICATIONS FROM THE  ENCRYPT INTERNAL DEVICE STORAGE
    DEVICE AFTER  TOUCHDOWN SUPPORT
     INCORRECT PASSWORD ATTEMPTS  MICROSOFT EXCHANGE SYNCHRONIZATION
     DEVICE PASSWORD  EMAIL PROFILES
     ENABLE AUTO-LOCK  ACTIVESYNC
    BLACKBERRY CAPABILITES - iOS
    CONTROLLED16 GROUPS ONLY by BlackBerry that‘s QUITE SIMLIAR to APPLE MDM SOLUTIONS

     BROWSER  MESSAGING (DEFAULT APP)


     DEFAULT APP,  BACKUP / DOCUMENT PICTURE / SHARING
     AUTOFILL, COOKIES, JAVASCRIPT, POPUPS  ONLINE STORE
     CAMERA, VIDEO, VIDEO CONF  ONLINE STORES , PURCHASES, PASSWORD
     OUTPUT, SCREEN CAPTURE, DEFAULT APP  DEFAULT STORE / BOOK / MUSIC APP
     CERTIFICATES (UNTRUSTED CERTs)  MESSAGING (DEFAULT APP)
     CLOUD SERVICES  PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)
     BACKUP / DOCUMENT / PICTURE / SHARING  PHONE AND MESSAGING (VOICE DIALING)
     CONNECTIVITY  PROFILE & CERTs (INTERACTIVE INSTALLATION)
     NETWORK, WIRELESS, ROAMING  SOCIAL (DEFAULT APP)
     DATA, VOICE WHEN ROAMING
     SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER
     CONTENT
     DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS
     CONTENT (incl. EXPLICIT)  STORAGE AND BACKUP
     RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
     DEVICE BACKUP AND ENCRYPTION
     DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
     VOICE ASSISTANT (DEFAULT APP)
    BLACKBERRY CAPABILITES – BLACKBERRY (QNX)
    CONTROLLED7 GROUPS ONLY by BlackBerry that‘s NOT ENOUGH TO MANAGE ALL APIs

     GENERAL  NETWORK ACCESS CONTROL FOR WORK APPS


     PERSONAL APPS ACCESS TO WORK CONTACTS
     MOBILE HOTSPOT AND TETHERING
     SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING
     PLANS APP, APPWORLD
     WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS
     PASSWORD (THE SAME WITH ANDROID, iOS)
     EMAIL PROFILES
     BES MANAGEMENT (SMARTPHONES, TABLETS)
     CERTIFICATES & CIPHERS & S/MIME
     SOFTWARE  HASH & ENCRYPTION ALGS AND KEY PARAMS
     OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER  TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC
     TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE  WI-FI PROFILES
     BBM VIDEO ACCESS TO WORK NETWORK
     ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS
     VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK
     PROXY PASSWORD/PORT/SERVER/SUBNET MASK
     SECURITY
     VPN PROFILES
     WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
     PROXY, SCEP, AUTH PROFILE PARAMS
     VOICE CONTROL & DICTATION IN WORK & USER APPS
     TOKENS, IKE, IPSEC OTHER PARAMS
     BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
     PROXY PORTS, USERNAME, OTHER PARAMS
     PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
     PERSONAL SPACE DATA ENCRYPTION
    BLACKBERRY CAPABILITES – BLACKBERRY (OLD)
    INCREDIBLE AMOUNT OF GROUPS, UNITS AND PERMISSIONS ARE CONTROLELD BY MDM AND DEVICE

     THERE 55 GROUPS CONTROLLED IN ALL


     EACH GROUP CONTAINS FROM 10 TO 30 UNITS ARE CONTROLLED TOO
     EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs INSTEAD OF A WAY ‘DISABLE/ENABLED & HIDE/UNHIDE’
     EACH EVENT IS
     CONTROLLED BY CERTAIN PERMISSION
     ALLOWED TO CONTROL BY SIMILAR PERMISSIONS TO BE MORE FLEXIBLE
     DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME MORE THAN OTHER DOCUMENTS
     EACH UNIT CAN’T CONTROL ACTIVITY UNDER ITSELF
     ‘CREATE, READ, WRITE/SAVE, SEND, DELETE’ ACTIONS IN REGARDS TO MESSAGES LEAD TO SPOOFING
    BY REQUESTING A ‘MESSAGE’ PERMISSION ONLY
     SOME PERMISSIONS AREN’T REQUIRED (TO DELETE ANY OTHER APP)
     SOME PERMISSIONS ARE RELATED TO APP, WHICH 3RD PARTY PLUGIN WAS EMBEDDED IN, INSTEAD OF
    THAT PLUGIN
    ISSUES : USELESS SOLUTIONS - I
    USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE

     OLD BB: MERGING PERMISSION UNITS AND GROUPS


     ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (PREVIOUS BB)
     ‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (LATEST BB)
     QNX-BB: SCREEN CAPTURE
     IS ALLOWED VIA HARDWARE BUTTONS ONLY
     NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES
     LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS
     OLD BB: NO SANBOX HAS NEVER BEEN ANNOUNCED
     ALL DATA ACCESSIBLE EXCEPT APP & SYSTEM DATA DUE TO GENERAL PERMISSION
     QNX-BB: OFFICIALLY ANNOUNCED SANBOX
     MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF BLACKBERRY’s SECURITY
     SANDBOX PROTECTS ONLY APP DATA, WHILE USER DATA STORED IN SHARED FOLDERS
    ISSUES : USELESS SOLUTIONS - II
    USERFULL IDEASAT FIRST GLANCE BUT INSTEADMAKE NO SENSE

     OLD BB: SECURE & INSECURE IM CHATS IN THE SAME TIME


     HAS ENCRYPTED COMMUNICATION SESSIONS
     STORE CHAT COVERSATION IN PLAIN TEXT WITHOUT ENCRYPTION (EVEN BBM)
     INACCESSIBLE FROM THE DEVICE BECAUSE OF UNKNOWN FILE TYPE (.CSV)
     UPGRADE FEATURE AFFECT EVERYTHING
     UPDATE APP THAT CALLS THIS API – USE GENERAL API
     REMOVE APP THAT CALLS THIS APPS – USE GENERAL API
     REMOVE ANY OTHER APP UNDER THE SAME API WITHOUT NOTIFICATION
     HANDLE WITH PC TOOLS ON OLD BB DEVICES WITHOUT DEBUG / DEVELOPMENT MODE
     OLD BB: CLIPBOARD (HAS NEVER EXISTED ANYWHERE AND MIGHT HAVE EVER)
     REVEAL THE DATA IN REAL TIME BY ONE API CALL
     NATIVE WALLETS PROTECTS BY RETURNING NJULL
     WHILE THE ON TOP || JUST MINIMIZE OR CLOSE IT TO GET FULL ACCESS
     EVERY USER CASE MUST MINIMIZE APP TO PASTE A PASSWORD
    ISSUES : USELESS SOLUTIONS – III
    THE GUI EXPLOITATION (OLD BB) –NATIVE APPs 3RD PARTY SECURE SOLITUINS RUIN THE SECURITY

     INITIALLY BASED ON AUTHORIZED API COVERED  KASPERSKY MOBILE SECURITY PROVIDES


     ALL PHYSICAL & NAVIGATION BUTTONS  FIREWALL, WIPE, BLOCK, INFO FEATURES
     TYPING TEXTUAL DATA, AFFECT ALL APPs  NO PROTECTION FROM REMOVING.CODs & UNDER
     SECONDARY BASED ON ADDING THE MENU ITEMS SIMULATOR
     INTO THE GLOBAL / “SEND VIA” MENU  EXAMING THE TRAFFIC, BEHAVIOUR
     AFFECT ALL NATIVE APPLICATIONS  JUST SHOULD CHECK API “IS SIMULATOR” ONLY
     NATIVE APPs ARE DEVELOPED BY BLACKBERRY  SMS MANAGEMENT VIA “QUITE” SECRET SMS
     WALLETS, SOCIAL, SETTINGS, IMs,…  PASSWORD IS 4–16 DIGITS,AND MODIFIED IN REAL-TIME
     GUI EXPLOITATION  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94
     REDRAWING THE SCREENS  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT
     GRABBING THE TEXT FROM ANY FIELDs (INCL. PASSWORD  TABLES (VALUEHASH) ARE EASY BUILT
    FIELD)  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY
     ADDING, REMOVING THE FIELD DATA
    NOTIFICATION, BECAUSE KMS DELETE THE SENT MESSAGES
     ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED
     OUTCOMING SMS BLOCK/WIPE THE SAME/ANOTHERDEVICE
     ADDING GUI OBJECTS BUT NOT SHUFFLING
    CONCLUSION - I
    PRIVILEGEDGENERAL PERMISSIONS OWN APPs, NATIVE & 3RD PARTY APPs FEATURES

     DENIAL OF SERVICE  GENERAL PERMISSIONS


     REPLACING/REMOVING EXEC FILES  INSTEAD OF SPECIFIC SUB-PERMISSIONS
     DOS’ing EVENTs, NOISING FIELDS  A FEW NOTIFICATION/EVENT LOGs FOR USER
     GUI INTERCEPT  BUILT PER APPLICATION INSTEAD OF APP SCREENs
     INFORMATION DISCLOSURE  CONCRETE PERMISSIONS
     CLIPBOARD, SCREEN CAPTURE  BUT COMBINED INTO GENERAL PERMISSION
     GUI INTERCEPT  A SCREENSHOT PERMISSION IS PART OF THE
     DUMPING .COD FILES, SHARED FILES CAMERA
     MITM (INTERCEPTION / SPOOFING)  GENERAL PERMISSIONS
     MESSAGES  INSTEAD OF SPECIFIC SUB-PERMISSIONS
     GUI INTERCEPT, THIRD PARTY APPs  A FEW NOTIFICATION/EVENT LOGs FOR USER
     FAKE WINDOW/CLICKJACKING  BUILT PER APPLICATION INSTEAD OF APP SCREENs
    CONCLUSION - II
    THE VENDOR SECURITY VISION HAS NOTHING WITH REALITY AGGRAVATEDBY SIMPLICITY

     SIMPLIFICATION AND REDUCING SECURITY CONTROLS


     MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER
     NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY
     ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL
     A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS
     THE SANDBOX PROTECT ONLY APPLICATION DATA
     USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE
     APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY
     MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY
     THE NATIVE SPOOFING AND INTERCEPTION FEATURES
     BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH
     THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES
     PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST
    Q&A

    You might also like