Ch 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated

Similar documents
Mobile Hacking & Security. Ir. Arthur Donkers & Ralph Moonen, ITSX

droidcon Greece Thessaloniki September 2015


PROTECTION SERVICE FOR BUSINESS. Datasheet

PrinterOn Mobile App MDM/MAM. Basic Integration Guide

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Pulse Workspace Appliance. Administration Guide

Securing Office 365 with MobileIron

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

When providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS

1 Introduction Requirements Architecture Feature List... 3

Coordinated Disclosure of Vulnerabilities in AVG Antivirus Free Android

Coordinated Disclosure of Vulnerabilities in McAfee Security Android

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.


The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

IBM Case Manager Mobile Version SDK for ios Developers' Guide IBM SC

Tale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Introspy Security Profiling for Blackbox ios and Android. Marc Blanchou Alban Diquet

Citrix XenMobile and Windows 10

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Salesforce1 Mobile Security White Paper. Revised: April 2014

VMware AirWatch and Office 365 Application Data Loss Prevention Policies

Willis Mobile Device Access Security Policy. Date: July-2014 Version: 2.0 FINAL

Application / Document Management. MaaS360 e-learning Portal Course 3

2016 BITGLASS, INC. mobile. solution brief

AirWatch for Android Devices for AirWatch InBox

Administering Jive Mobile Apps for ios and Android

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Purchase Intentions Spring 2013 EMEA

MOBILE THREAT PREVENTION

AirWatch for Android Devices for Skype for Business

Managing Windows 8.1 Devices with XenMobile

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

SECURE, CENTRALIZED, SIMPLE

MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents

OWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101

Bring Your Own Device (BYOD) Best Practices & Technologies

ipad in Business Mobile Device Management

Breaking and Securing Mobile Apps

HPE Intelligent Management Center

Securing Today s Mobile Workforce

The Android security jungle: pitfalls, threats and survival tips. Scott

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe


Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Mobile Security using IBM Endpoint Manager Mobile Device Management

Sophos Mobile Control Technical guide

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Mobilize with Enterprise Security and a Productive User Experience

AirWatch Container. VMware Workspace ONE UEM

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Salesforce Mobile App Security Guide

ForeScout Extended Module for VMware AirWatch MDM

THE POWER AND RISK OF MOBILE. White paper


CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS


Securing BYOD With Network Access Control, a Case Study

The Future of Mobile Device Management

CHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS

C1: Define Security Requirements

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

BIG-IP Access Policy Manager and F5 Access for Android. Version 3.0.4

Intune Deployment at UHN Frequently Asked Questions Updated: December Overview

IBM Future of Work Forum

INTACTPHONE USER GUIDE

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

Mobility Manager 9.5. Users Guide

VMware AirWatch - Mobile Application Management and Developer Tools

How NOT To Get Hacked

ENTERPRISE MOBILITY USER GUIDE

Lecture 9. PSiOS: Bring Your Own Privacy & Security to ios Devices. Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz

C and C++ Secure Coding 4-day course. Syllabus

ClearPass and MaaS360 Integration Guide. MaaS360. Integration Guide. ClearPass. ClearPass and MaaS360 - Integration Guide 1

Salesforce Mobile App Security Guide

McAfee Enterprise Mobility Management 12.0 Software

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

BlackBerry Dynamics Security White Paper. Version 1.6

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Integrating Cisco Identity Services Engine with NotifyMDM

Deploy and Enjoy: Tableau Mobile at Enterprise Scale

VMware AirWatch Mobile Application Management Guide Enable access to public and enterprise apps

Mobile Devices prioritize User Experience

PERSPECTIVE. Enterprise mobile management a need or an option? Payal Patel, Jagdish Vasishtha (Jags)

Mobile devices boon or curse

Security for Mobile Instant Messaging

Administering Jive Mobile Apps

Securing Enterprise or User Brought mobile devices

CSWAE Certified Secure Web Application Engineer

ipad in Business Security Overview

MaaS360 Secure Productivity Suite

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Android Enterprise Device Management with ZENworks 2017 Update 2

Vodafone Secure Device Manager Administration User Guide

IP Protection in Java Based Software

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Symantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018

10 FOCUS AREAS FOR BREACH PREVENTION

Transcription:

Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17

What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers Provide these functions remotely: Monitoring Control Manage

MDM Frameworks Policies and features that administrators can control and enforce ios, Android and BlackBerry Each provide their own MDM frameworks MDM solutions from third parties MobileIron AirWatch BlackBerry Enterprise

MDM Frameworks Policies and features that administrators can control and enforce ios, Android and BlackBerry Each provide their own MDM frameworks Third-party vendors develop products that use the frameworks

Top Five MDM Solutions (2015) 1. MobileIron 2. AirWatch 3. Citrix (XenMobile) 4. IBM (MaaS360) 5. Good Technology Provides MDM without leveraging platform framework and support Link Ch 7a

Project: MaaS360 from IBM

Project: MaaS360 from IBM

Project: MaaS360 from IBM

Project: MaaS360 from IBM

Project : MaaS360 from IBM

Categories of MDM Frameworks

Device-Centric Model Leverages platform capabilities and feature sets To configure, secure, and harden the mobile device Uses underlying framework to detect changes in device security and configuration Includes: MobileIron, AirWatch, and Tangoe

Data-Centric Model Focuses on securing data/content of interest Not on controlling or securing the whole device Ensures security and integrity of data Without relying on platform capabilities Relies on a custom mobile app Example: Good for Enterprise

Hybrid Model Combines platform MDM framework with solution-specific features Protects data and provides device management

Common Features

Device Provisioning Deploy and enforce policies and restrictions on mobile devices Provide access to resources controlled by the MDM server Often use MDM client apps

Device Provisioning

Provisioning Profile Installed on the device by the MDM client An XML or text file Specifies configuration and provisioning information for the mobile device May be Plan-text Signed Encrypted & signed

Policy Enforcement 1. Device receives a provisioning profile; it's verified and decrypted, then parsed 2. Mobile platform populates system files with the configuration information required to enforce policies from the provisioning profile 3. System files are parsed by system services and implement the configuration settings

ios MDM server sends provisioning profiles through Apple's Mail client (ActiveSync) or the MDM app installed on the device Mobile device stores the profiles at /private/var/mobile/library/ ConfigurationProfiles Stored as XML files (plists) with.stub file extensions

Example Provisioning Profile Plist files with.stub extensions

Sample of ios Provisioning Profile

Sample of ios Provisioning Profile

Provisioning Process Verify and store provisioning profile in.stub files Profile installation Parsing the profile Updating appropriate system files to enforce policies

System Files Populated in ios EffectiveUserSettings.plist and Truth.plist System files that determine an ios device's security posture Truth.plist contains PIN/passcode policies, device restrictions, device timeout, etc.

Truth.plist

Truth.plist

Provisioning Status Once the system files repopulated Profile is considered installed Status updated to the MDM server Server grants access to protected resources

Android MDM for Android works the same way Files are different in details

Bypassing MDM

Modifying MDM Policy Files On a jailbroken or rooted device Any user with sudo or root permission can modify system files Can modify Truth.Plist To change passcode restrictions Mitigation Proprietary jailbreak detection capabilities

Enabling Simple Numerical Passcode Set allowsimple to true Set requirealphanumeric to false

Enabling No Passcode Set forcepin to false

Increase Number of Failed PIN Attempts Set maxfailedattempts to a higher value

Set Inactivity and Lock Grace Period If a device locks due to inactivity, it can be unlocked without a passcode if it's within the grace period

Detecting MDM Bypass End-user can modify the provisioning profiles and system files Administrators need to detect those changes MDM client apps poll mobile devices to monitor their security posture (Check-In) If a device is out of compliance, MDM server can Remote wipe, remote lock, remote locate, etc.

Weak MDM Bypass Detection Some leading MDM solutions only monitored provisioning files Changes made to system files were undetected by the back-end servers Even though the devices were sending data indicating noncompliance This was patched

MDM Server-Client Interaction

App Patching and Modification Attacks APK file can be decompiled to Smali code and modified Android accepts self-signed certificates Attacker can execute the PackageManager command at a Linux shell to install or uninstall packages silently

Smali Code for Authentication

ios Modification (on Jailbroken Devices) Code can be injected into running processes with MobileSubstrate Allows runtime patching of system functions Captain Hook and Logo are widely used frameworks that use MobileSubstrate

XCon Prevents MDMs from detecting jailbroken devices Patched these functions to fool GOOD

Decompiling and Debugging Apps

Android Reverse Engineering APK files can be converted to Smali or even Java code with apktool dex2jar JAD

Android Code Obfuscation ProGuard changes some filenames to provide weak protection DashO is much more powerful All obfuscation is of limited utility A determined attacker can still modify code

ios Reverse Engineering Apps written in Objective-C Compiled into low-level machine language Reverse-engineering tools: Class-dump Class-dump-x Class-dump-z Scan binary ios apps to extract interface names

ios Class Dump from an MDM App

ios Anti-Decompilation Tips Move critical logic to low-level Simula-style programming languages such as C++ that don't use message passing Ensure more generic naming conventions for publicly exposed interfaces and declarations Strip symbols when deploying in XCode Use dynamic UI components for handling sensitive data and user input, not global variables (to avoid swizzling attacks)

Swizzling Attacks A way to log all uses of a class Works on global objects Link Ch 7c

ios Anti-Decompilation Tips Put all sensitive app logic in private methods, protocols, or anonymous methods To avoid swizzling attacks Anti-tamper techniques and solutions that inject guards and protections in the app Such as EnsureIT by Arxan

Detecting Jailbreaks

Jailbreak Detection ios 4.2 can detect jailbreaks in the OS itself Other mobile platforms don't MDM solutions use local apps to detect jailbreaks Methods and effectiveness varies widely May just detect presence of Cydia

Jailbreak Detection Bypass Look for Cydia Try writing files with fopen() to look for specific files, and/or look for su Bypass: 1. Scan app binaries for interface names such as isdevicejailbroken and checkdevicesecurity 2. Dynamically patch those methods with MobileSubstrate

Jailbreak Detection Bypass Don't install Cydia MDMs responded by detecting su, apt-get, or file-write permissions Those detections still use method calls and platform features that can be circumvented by skilled attackers

Jailbreak Detection Bypass Countermeasures Perform multiple checks at different locations in the app code Move jailbreak detection logic to C++ Perform compensatory controls and actions on the server rather than ondevice logic Implement anti-debugging and/or code obfuscation tools/techniques like Arxan

Remote Wipe and Lock

Mobile Wipe and Lock Two of the most widely used features in MDM solutions Response to a security incident Device lost Device breached Device out of compliance with security policy

Ways to Prevent Remote Wipe and Lock Put device in Airplane Mode Patch MDM app so it won't perform remote wipe or lock And send false responses back to the server Most MDM solutions are susceptible to patching But modern MDMs can use client-side logic to wipe or lock devices without communicating with the server

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback