230 likes | 340 Views
Hacking Web File Servers for iOS. Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs. About Me. # whoami Bruno Gonçalves de Oliveira Senior Security Consultant @ Trustwave’s SpiderLabs MSc Candidate Computer Engineer Offensive Security Talks:
E N D
Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’sSpiderLabs
About Me #whoami • Bruno Gonçalves de Oliveira • Senior Security Consultant @ Trustwave’sSpiderLabs • MSc Candidate • Computer Engineer • Offensive Security • Talks: Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC. Hosted by OWASP & the NYC Chapter
INTRO • Smartphones • A LOT OF information • iPhone is VERY popular • Mobile Applications • (MOST) Poorly designed • Old fashion vulnerabilities Hosted by OWASP & the NYC Chapter
What are those apps? • Designed to provide a storage system to iOS devices. • Data can be transferred utilizing bluetooth, iTunes and FTP. • Easiest way: HTTP protocol. • They are very popular.
Features • Manage/Storage files • Create Albums, etc. • Share Data
(Persistent) XSS http://www.vulnerability-lab.com/get_content.php?id=932
Vulnerability-Lab Advisories: http://www.vulnerability-lab.com/show.php?cat=mobile
Disclaimer • Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.
Path Traversal • WiFiHD Free Path Traversal (CVE-2013-3923) • FTPDrive Path Traversal (CVE-2013-3922) • Easy File Manager Path Traversal (CVE-2013-3921) You probably want to test the app that you use.
Easy File Manager • Unauthorized Access to File System (CVE-2013-3960)
Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device
How to find vulnerable systems mDNS Queries <= mDNS Watch for iOS
Conclusions • Mobile Apps (already) are the future. • Mobile Apps designers still don’t care too much about security. • Too many apps, we have to take care. • Old fashion vulnerabilities still rock.