1 / 23

Hacking Web File Servers for iOS

Hacking Web File Servers for iOS. Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs. About Me. # whoami Bruno Gonçalves de Oliveira Senior Security Consultant @ Trustwave’s SpiderLabs MSc Candidate Computer Engineer Offensive Security Talks:

qabil
Download Presentation

Hacking Web File Servers for iOS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’sSpiderLabs

  2. About Me #whoami • Bruno Gonçalves de Oliveira • Senior Security Consultant @ Trustwave’sSpiderLabs • MSc Candidate • Computer Engineer • Offensive Security • Talks: Silver Bullet, THOTCON, SOURCE Boston, Black Hat DC, SOURCE Barcelona, DEF CON, Hack In The Box Malaysia, Toorcon, YSTS e H2HC. Hosted by OWASP & the NYC Chapter

  3. INTRO • Smartphones • A LOT OF information • iPhone is VERY popular • Mobile Applications • (MOST) Poorly designed • Old fashion vulnerabilities Hosted by OWASP & the NYC Chapter

  4. What are those apps? • Designed to provide a storage system to iOS devices. • Data can be transferred utilizing bluetooth, iTunes and FTP. • Easiest way: HTTP protocol. • They are very popular.

  5. Examples

  6. Features • Manage/Storage files • Create Albums, etc. • Share Data

  7. VULNERABILITIES

  8. No encryption (SSL):

  9. No authentication (by default):

  10. (Reflected) XSS

  11. (Persistent) XSS

  12. (Persistent) XSS http://www.vulnerability-lab.com/get_content.php?id=932

  13. Vulnerability-Lab Advisories: http://www.vulnerability-lab.com/show.php?cat=mobile

  14. Disclaimer • Trustwave (me) did this research on March/13 and just now we are disclosing these advisories.

  15. Path Traversal • WiFiHD Free Path Traversal (CVE-2013-3923) • FTPDrive Path Traversal (CVE-2013-3922) • Easy File Manager Path Traversal (CVE-2013-3921) You probably want to test the app that you use.

  16. Path Traversal (DEMO)

  17. Easy File Manager • Unauthorized Access to File System (CVE-2013-3960)

  18. Unauthorized Access to File System (CVE-2013-3960)

  19. Getting worst with a jailbroken device.

  20. Remote Command Execution: Unauthorized Access to File System (CVE-2013-3960) – Jailbroken Device

  21. iOS 7 Security Improvement

  22. How to find vulnerable systems mDNS Queries <= mDNS Watch for iOS

  23. Conclusions • Mobile Apps (already) are the future. • Mobile Apps designers still don’t care too much about security. • Too many apps, we have to take care. • Old fashion vulnerabilities still rock.

More Related