Presentation Title Hijacking Mobile Data Connections: State of the Art
Presentation Abstract
This talk aims to present the current state of the art in the kind of attack that we first discussed one year ago and that goes by the name of “Hijacking Mobile Data Connections”. At the time, we showed how to exploit a standard Over-the-Air provisioning mechanism and some social engineering in order to remotely reconfigure a mobile device in such a way that all data connections originated by the device are under full control of the attacker: this was done by exploiting a rogue DNS server.
Later, a different attack technique, involving the use of a rogue proxy server, was developed to hijack, more flexibly, HTTP traffic. By taking advantage of the so called “HTTPS stripping attack” it is possible to extend the attack, at least in some scenarios, to supposedly secure HTTPS connections.
In the year since out first discussion of this topic, not much has changed in this regard, so the attack is still highly effective; despite this, it is limited, in its original form, to devices equipped with a standard OMA provisioning client. This impacts the vast majority of devices sold worldwide; most of the recent smartphone platforms, however, were not affected by it.
In this talk we will show how it is possible to extend the attack surface to the iPhone and Android-based devices; specifically, we will show how to use the iPhone native configuration mechanism and APIs exposed by the Android OS to accomplish similar results. This extends the attack to devices that are responsible for generating the most significant part of the overall mobile data traffic, as shown by recent reports. A demo of the attack will be shown at the end of the talk.
About Roberto G.
Roberto Gassirà started his career as Security Analyst performing penetration test and vulnerability assessment. Speaker at BlackHat and DeepSec conferences, he is working on Mobile Security as Security Researcher for Mobile Security Lab focusing on analysis and security assessment of embedded devices based on ARM architecture and mobile applications by means of reverse engineering techniques.
About Roberto P.
Roberto Piccirillo is currently working as a Security Researcher for Mobile Security Lab. He graduated in Computer Science with the thesis “Graphical Representation and Animation for Cryptography Education”. He mainly deals with Mobile Applications, Protocol Security and penetration testing on Web Application but he’s also interested in binaries reverse engineering and development of mobile applications. Spekear at BlackHat and DeepSec conferences.