640 likes | 729 Views
BSYOD: Bring and Secure Your Own Device Hardening your Mobile Devices to Participate in the Wireless World. Nebraska University Center for Information Assurance. Timeline. Part 1: NUICA, Who are we?. Part 4: Audience Questions and Suggestions. Part 2: Security concerns.
E N D
BSYOD: Bring and Secure Your Own DeviceHardening your Mobile Devices to Participate in the Wireless World Nebraska University Center for Information Assurance
Timeline Part 1: NUICA, Who are we? Part 4: Audience Questions and Suggestions Part 2: Security concerns Part 3: Some Solutions 11:15 12:00 12:15
NUCIA Nebraska University Center for Information Assurance http://nucia.unomaha.edu/
The UNO NUCIA Team Connie Jones Bill Mahoney Ken Dick Robin Gandhi Dwight Haworth Steve Nugen Abhishek Parakh Charles Spence Leah Pietron
Information Assurance IA research and education is supported across the college of IS&T and the Graduate college NSA designated National Center of Academic Excellence in Information Assurance Education (CAE IAE) Degrees include BS in IA; MS in IA (starting Fall 2012)NEW, IA concentrations with CS and MIS Non-degree programs and activities include MIS IA certificate, International Cyber Defense Workshop Special programs for High School teachers and students
Student Accomplishment (1) UCSB iCTF 2010: 72 teams (900 students!) from 16 countries competed in a game of hacking, challenge-solving, and state-sponsored warfare. (26 US Universities)
Student Accomplishment (2) Placed 7th among all US Undergraduate teams
Student Accomplishment (3) • IFSF CTF Quals hostedfrom Tunisia • 4th among US teams • 21st among 236 teamsWorldwide
State of the Art IA Labs STEAL-1 STEAL-2 STEAL-4 STEAL-3 7 pods; 5 hosts ea 9 pods; 5 hosts ea Virtual Machines Student Research New SCADATestbed New hosts: Quad;16 GB; dual NICS 6 VM Servers; 4 NICS each DesktopWorkstations Each host can support multiple VMs; Networking optionsinclude host-only; STEAL domain; and Internet (via VPN) Networks:STEAL Only(Isolated)UNO Internet;Private Internet Able to carve out subsets to simulate different domains,cross-domain architectures, hardened systems, targets, and attackers. Supports teaching and research
802.11 Networks • 802.11: A family of IEEE specifications for WLANs operating in 2.4 GHz RF spectrum • 2.4 GHz Frequency, Unlicensed • Divided into 14 channels • Infrastructure mode is most commonly used PC-1 PC-2 Gateway Internet AP
Inherent Security Issues • Nodes in the physical vicinity of each other can monitor all network traffic • Open hotspots do not encrypt any traffic between the mobile node and the access point • Mobile applications may use insecure protocols to exchange sensitive information
NIST Guidance • Guidelines for Securing Wireless Local Area Networks (WLANs) • NIST SP 800-153 • http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf
Worrisome Scenarios • Capturing Wireless traffic • Rouge Access Points • Sniffing • Session high jacking • Insecure Apps • IPhone Southwest App • Privacy issues • Malicious QR codes • Wireless Encryption Cracking • WEP and WPA attacks
Rouge Access Points • Advertise open access points in public places with similar names to legitimate ones • E.g. attwifi, boingo, linksys, NETGEAR PC-1 PC-2 Sniffer Gateway Internet AP HUB
Sniffing • Passive monitoring of wireless traffic • The RF monitor mode allows every frame appearing on a channel to be copied into the scanning node • Hardware easily available for purchase • Wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames • ~ $ 30
Sniffing Alfa wardriving card Kismac Macbook Air
Session Highjacking http://codebutler.com/firesheep
Insecure Apps • Some applications have inherent flaws that can be exploited on public networks • Case: Southwest Airlines iPhone App
Southwest Airlines iPhone App • Use a remote network proxy to examine HTTP traffic
Southwest Airlines iPhone App • The app assigns a Device ID to uniquely identify the device
Southwest Airlines iPhone App • The registration data is sent out in the clear!
Southwest Airlines iPhone App • … and any subsequent login information
Privacy violations • Universal Device Identifiers • iPhone UUID, ANDROID_ID • Several application use UUID to perform some sort of tracking • A user does not have control over this the use of this information by apps • The UUID may be transmitted in the clear over unprotected WiFi networks
Security and Privacy Hall of shame • http://blog.afewguyscoding.com/2011/12/survey-mobile-device-security-threats-vulnerabilities-defenses/ • http://www.msnbc.msn.com/id/46856168/ns/technology_and_science-security/t/cracks-appear-face-apples-ios-security/
Malicious QR Codes • QR codes can be used to launch malicious websites that infect or root mobile devices • Malicious QR codes can be pasted on legitimate advertisements and fliers • Disable automatic launching of applications upon scanning of QR codes
WEP and WPA Cracking • WEP-based passwords are very easy to crack. • WPA/PSK is relatively easy to crack given a short password length. • WPS pin bruteforce also weakens WPA/WPA2 protected networks
WEP and WPA Cracking • Tools: • Aircrack-ng suite • Kismet – wireless sniffing tool • A wireless adapter that supports monitor mode for wireless sniffing • Linux operating system • Alternative (Kismac + wireless adapter + Mac)
Best Practices • Center for Internet Security (CIS) Mobile Security Benchmarks • iPhone 5.0.1 security benchmark • Google Android 2.3 (Gingerbread) • http://benchmarks.cisecurity.org/ • http://benchmarks.cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.mobile
Monitor Device Operation • iOS Apps for this include • System Status • Functionality includes displaying the system log • http://itunes.apple.com/us/app/system-status-device-activity/id401457165 • SYS Activity Manager • http://itunes.apple.com/us/app/sys-activity-manager-plus/id440654325
Monitor your environment • iOS Network/Port Scanners continued • IT Tools • http://itunes.apple.com/us/app/it-tools/id324054954 • IP Network Scanner • http://itunes.apple.com/us/app/ip-network-scanner/id335517657 • LanScan HD • http://itunes.apple.com/us/app/lanscan-hd/id461551081 41
Monitor your environment • iOS Network/Port Scanners include: • Scanny • http://itunes.apple.com/us/app/scany-network-port-scanner/id328077901 • iNetPro • http://itunes.apple.com/us/app/inet-pro-network-scanner/id305242949 • Deep Whois • http://itunes.apple.com/us/app/deep-whois-lookup-ips-domains/id328895000
Screen Locks • Physical security is important for mobile devices • Store large amounts of personal data • Easier to steal • Easier to misplace • Maximize security by: • Set up passcodes for device access • Auto-locking feature • Automatic data erasure after failed attempts
Screen Locks • Be careful with pattern locks. • Sometimes the pattern lock path is shown on the screen as it is used (depends upon the device). • Your pattern may be left behind by smudge marks. • Consider if someone might be watching your screen.
Hardware Encryption • iPhone Support • iPhone 3GS and later • Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode • Third-party applications can use the data protection APIs
Hardware Encryption • Android Support • Android 2.3 (Gingerbread) • All Motorola Devices • Some HTC Devices • Android 3.0+ • All Honeycomb Devices • All Ice Cream Sandwich Devices
Hardware Encryption • Screen locks provide a good start, but do not encrypt the SD card or phone data. • Android provides additional settings • But, built-in encryption module have often been rendered useless
Hardware Encryption • iPhone • 3GS, Encryption declared ‘useless’ by hackers, 2009 • http://www.wired.com/gadgetlab/2009/07/iphone-encryption • iOS 4, Encryption broken by ElcomSoft, 2011 • http://www.extremetech.com/mobile/84150-how-ios-4-encryption-was-cracked-and-how-to-protect-your-iphone • Alternative encryption methods may be available through apps
Hardware Encryption • iPhone • Also remember to encrypt device backups • Examples • Device location tracking • http://www.geek.com/articles/apple/how-to-deal-with-your-iphone-tracking-you-20110420/ • Facebook login data • http://www.cultofmac.com/159169/facebook-ios-security-flaw-highlights-security-risk-in-ios-backups/ • User enabled, or enforced through configuration profiles 49
Virtual Private Networks • VPNs build an encrypted tunnel from a mobile device to a trusted endpoint • Prevents eavesdropping on untrusted networks • iPhone, iPad and Android support the following • Cisco IPSec, L2TP/IPSec PSK, and PPTP virtual private network protocols. • Android additionally supports L2TP/IPsec CRT