Paper: “Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms”

Title: Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms

Authors: Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone

Abstract
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement.This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices.A two-phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man-in-the-middle attack to gain a vantage point over the client device, whilst Phase2 involves spoofing the server-side ActiveSync responses to initiate the unauthorised policy enforcement.These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to performa remote factory reset upon an Exchange-integrated Smart phone.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “Geo Forensics: Classes of Locational Data Sources for Embedded Devices”

Title: Geo Forensics: Classes of Locational Data Sources for Embedded Devices

Authors: Peter Hannay

Abstract
A number of devices, web services and applications are being released with, or updated to be locationally aware. The use of location data can be used for a wide variety of purposes, including navigation, social networking, data mining and providing localised content. This location data has potential for establishing a locational history for these devices. The sources of this location data exceed the global positioning system (GPS) based data, including pre- and post-incident triangulation of mobile and cell towers, images and network histories. This paper proposes a classification framework ranking the reliability of potential evidence. This ranking is dependent on the intended purpose of the mechanism involved the generation of such. The classification classes proposed are implicit, connectivity based and metadata, each representing a different level of confidence and identifying features.

Files: Full Paper (PDF)

Posted in forensics, gps, paper | Leave a comment

Paper: “Eavesdropping on the Smart Grid”

Title: Eavesdropping on the Smart Grid

Authors: Craig Valli, Andrew Woodward, Clinton Carpene, Peter Hannay, Murray Brand, Reino Karvinen, Chris Holme

Abstract
An in-situ deployment of smart grid technology, from meters through to access points and wider grid connectivity, was examined. The aim of the research was to determine what vulnerabilities were inherent in this deployment, and what other consideration issues may have led to further vulnerability in the system. It was determined that there were numerous vulnerabilities embedded in both hardware and software and that configuration issues further compounded these vulnerabilities. The cyber threat against critical infrastructure has been public knowledge for several years, and with increasing awareness, attention and resource being devoted to protecting critical in the structure, it is concerning that a technology with the potential to create additional attack vectors is apparently insecure.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Title: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Authors: Peter Hannay, Greg Baatard

Abstract
The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services.

Files: Full Paper (PDF)

Posted in gps, paper, security | Leave a comment

Paper: “The 2011 IDN Homograph Attack Mitigation Survey”

Title: The 2011 IDN Homograph Attack Mitigation Survey

Authors: Peter Hannay, Greg Baatard

Abstract
The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successfUl mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifYing areas of weakness that allow for homograph attacks. As well as· examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and requests for locational data access.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “Using traffic analysis to identify The Second Generation Onion Router”

Title: Using traffic analysis to identify The Second Generation Onion Router

Authors: John Barker, Peter Hannay, Patryk Szewczyk

Abstract
Anonymous networks provide security for users by obfuscating messages with encryption and hiding communications amongst cover traffic provided by other network participants. The traditional goal of academic research into these networks has been attacks that aim to uncover the identity of network users. But the success of an anonymous network relies not only on it’s technical capabilities, but on adoption by a large enough user base to provide adequate cover traffic. If anonymous network nodes can be identified, the users can be harassed, discouraging participation. Tor is an example of widely used anonymous network which uses a form of Onion Routing to provide low latency anonymous communications. This paper demonstrates that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Paper: “GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering”

Title: GeoIntelligence: Data Mining Locational Social Media Content for Profiling and Information Gathering

Authors: Peter Hannay, Greg Baatard

Abstract
The current social media landscape has resulted in a situation where people are encouraged to share a greater amount of information about their day-to-day lives than ever before. In this environment a large amount of personal data is disclosed in a public forum with little to no regard for the potential privacy impacts. This paper focuses on the presence of geographic data within images, metadata and individual postings. The GeoIntelligence project aims to aggregate this information to educate users on the possible implications of the utilisation of these services as well as providing service to law enforcement and business. This paper demonstrates the ability to profile users on an individual and group basis from data posted openly to social networking services.

Files: Full Paper (PDF)

Posted in forensics, gps, paper, security | Leave a comment

Paper: “Kindle Forensics: Acquisition & Analysis”

Title: Kindle Forensics: Acquisition & Analysis

Authors: Peter Hannay

Abstract
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.

Files: Full Paper (PDF)

Posted in forensics, paper, security | Leave a comment

Paper: “Backtrack in the Outback – A Preliminary Report on Cyber Security Evaluation of Organisations in Western Australia”

Title: Backtrack in the Outback – A Preliminary Report on Cyber Security Evaluation of Organisations in Western Australia

Authors: Craig Valli, Andrew Woodward, Peter Hannay

Abstract
The authors were involved in extensive vulnerability assessment and penetration testing of over 15 large organisations across various industry sectors in the Perth CBD. The actual live testing involved a team of five people for approximately a four week period, and was black box testing. The scanning consisted of running network and web vulnerability tools, and in a few cases, exploiting vulnerability to establish validity of the tools. The tools were run in aggressive mode with no attempt made to deceive or avoid detection by IDS/IPS or firewalls. The aim of the testing was to determine firstly whether these organisations were able to detect such hostile scanning, and secondly to gauge their response. This paper does not extensively analyse the resultant empirical data from the tests this will be the subject of several other papers.
Of the 15 agencies investigated, only two were able to detect the activity, and only one of these escalated this to authorities. Many had intrusion detection or prevention systems, but these did not appear to detect the scanning which was conducted. Others did not have any form of detection, only logging without active monitoring and some had no persistent logging of anything. Of those who did detect, the lack of a formal incident response and escalation plan hampered their ability to respond and escalate appropriately. Many of these organisations had recently, or very recently undergone penetration testing by external audit or IT companies, and yet there were still numerous vulnerabilities, or their system did not detect the scan. The conclusion is that organisations need to be very specific about what their needs are when engaging external agents to conduct network security testing, as current penetration testing is giving them a false sense of security

Files: Full Paper (PDF)

Posted in paper, security | Leave a comment

Hooray for Reading: Hacking the Kindle

As promised here are the slides & the sample code for the kindle ssh thingy.

Update: The magical key required to identify to amazon can be found at:

/var/local/java/prefs/cookies/Cookie__x-fsn_WITH_DOMAIN__amazon.com.cookie

No more browser trickery required :)

slides modified corkscrew.c current jailbreak & usbnet packages windows usb driver

Posted in security, tutorial | 2 Comments