Cupfighter.net

Steve Jobs for Fortune magazine a cc nc nd image from tsevis's Flick stream

By Jean-Baptiste Bédrune and Jean Sigwald

Slides on the HitB Materials page.

This talk is about data security and the iPhone. Almost all iPhone like deices (excluding the iPad2 for the moment) can book usigned code when they are in recovery mode. It is also possible to create acustom ram disk, thee are techniques used by jailbreakers and phone forensics people.

Data in the iPhone is encrypted with either the UID (unique iPhone key) or GID (key unique to each model).

In the iPhone (iOS < 4) the UID key was only used  to facilitate fast wipe (change key, cannot read flash anymore), it did not provide data security. The iPhone 4 was designed with data security in mind. Jean and Jean demonstrate the tools they wrote to get around the data protection of iOS 4

Because the unlock code is used for data security data can be set to be only available when:

• The Phone is unlocked
• After the phone is unlocked for the first time
• Always

In iOS 4 there is an escrow key which allows MobileMe and iTunes to access the phone for backup or passcode reset without unlocking the phone.

The first tool that they developed and demonstrated was the keyChainViewer which can be used to view the contents of keyChain, but not the keys.

Using the built in iOS functions (that use the passwcode) you can actually bruto force the passcode of the phone with a small application on the phone. If you boot the phone from a ram disc you can do this without knowing the passcode. Using the brute forced passcode the keyChain can be read and decrypted.

Next tools where demoed to browse the encrypted filesystem and to decrypt iTunes backup files.

Conclusion of the researchers:

• iOS4 offers far better protection then iOS3
• Mail files (with the exception of exchange) are protected by the passcode this offers additional protection, but it can be obtained if you have the phone

Tools are available on http://code.google.com/p/iphone-dataprotection/

About Jean-Baptiste Bédrune

Jean-Baptiste works at the Software security R&D team at Sogeti for 4 years. His domains of research include code (un)protection, audit of DRM solutions, applied cryptography, reverse engineering on embedded devices and distributed computing. Jean joined Sogeti in early 2010. His research topics include reverse engineering, embedded devices and smartphones security.

About Jean Sigwald

Jean Sigwald is a security researcher working at Sogeti ESEC R&D lab. His research is mainly focused on smartphones security and the services offered by the network operators.

This is the talk that I blogged about earlier about owning the iPhone through SMS. The work Charlie and Collin did was actually amazing.

In their presentation they first looked at SMS.  SMS is a building block of the phone system and essential to the working of the modern network because it is used for all kinds of stuff. Why is it good to attack? No firewall, processed by all phones, no user interaction and you only need a phone number to send an SMS.

Read more…

Charlies Miller’s and Collin Mulliners talk “Fuzzing the Phone in your Phone” today revealed full details that could make the first iPhone virus infection at the Blackhat security conference in Las Vegas.

Large SMS messages are cut up in smaller SMS messages, this means that the SMS messages need to be parsed by the phone to put it back together and thus can be used as an attack vector to breach the phone. By using a technique known as fuzzing, Miller and Mulliner where able to find exploitable conditions that could be turned into an attack and an iPhone virus. The attack takes a total of 519 SMS messages, but will work without any user interaction.

Read more…

As seen on Macrumors.com, a Dutch company Layer (yeah Netherlands!) has the first augmented reality browser working on a mobile phone!

“A new augmented reality app called Layar is making the rounds on the web as an example of what can be done with Augmented Reality. Layer  is described as the world’s first mobile augmented reality browser.

Layar shows you what is around you by displaying realtime digital information on top of reality through the camera of the mobile phone. Just flip through the directory of layers and find ATM’s, bars, houses for sale, hotels and other cool stuff around you. The app accomplishes this through the use of the Compass, camera and GPS embedded within the phone…

The app is first available for the Android devices but they are working hard on porting it to other platforms “with a prime focus on the iPhone 3G S.”