Mobile Privacy: Tor On The IPhone And Other Unusual Devices

1y ago
25 Views
1 Downloads
732.51 KB
53 Pages
Last View : 5d ago
Last Download : 2m ago
Upload by : Karl Gosselin
Transcription

Mobile Privacy: Tor On TheiPhone And Other UnusualDevicesMarco Bonetti - CutAway s.r.l.

whoamiMarco BonettiSecurity Consultant @ CutAway s.r.l.mbonetti@cutaway.ithttp://www.cutaway.it/Tor user & researcher @ re.it/http://twitter.com/ sid77/

OutlineMobile Phones (In)SecurityTor On Mobile Phones And Other StrangeDevicesTor On The Chumby OneTor On Maemo And The Nokia N900Orbot: Tor On AndroidMobile Tor: Tor On The iPhone

Mobile Phones (In)Security

Mobile Phones GrowthComputational powerHigh speed data networks“Real” operating system

Phones Are PersonalRaise hand who does not own a mobilephoneWe take them everywhere we goNever leave the house without it ;-)

Phones Are CriticalCall logsDocumentsAddress bookCalendar eventsE-mailCalendar tasksSMSBrowser historyGPS dataBrowser cache

Too Much TrustUsers trust their phonePhones trust the operatorOperators trust themselvesUsers trust operators as well

Too Much Trust

Too Much HeterogeneityClosed communication protocolsHeterogeneous networksFragmented hardware landscapeMany different operating systems

Architectural IssuesMade for chattingand textingKeyboards adoptedto the modelDifficult passwordsare. difficult!

Architectural IssuesPhones are mobiledevicesScreen size islimitedChecking importantstuff is nearlyimpossible!

Who Own The Device?Manufacturer / vendor“Apple iPhone banned for ministers” (CBS, 2010)“Exercising Our Remote Application Removal Feature”(android-developers, 2010)Carrier operator“BlackBerry update bursting with spyware” (The register,2009)Application developer“iPhone Privacy” (BlackHat DC, 2010)End userWe're here!

Data (In)SecurityData is stored in cleartextBlackberry and Nokia allows some sort ofencryptionData access is an “all or nothing” approachNeed permissions fine tuning

Communication (In)SecurityGSM has been brokenUMTS is not feeling very wellSMS has been abusedMMS remote exploit for Windows Mobile,iPhone and many more

Communication (In)SecurityBluetooth is dangerousWiFi offers a plethora of attacksNFC has already been worm-edOperator injected HTTP headersSSL/WTSL heavy on lower end phones

To recapMobile phones are everywhereMobile phones are primary designed formaking calls and sending text messagesStored data can not be easily protectedCommunications need to be secured

Tor On Mobile Phones And Other StrangeDevices

Tor Crash Course

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

Problems to addressAvailable hardwareHosting operating system and code rewriteInstallation processGraphical user interface

Tor On The Chumby One

Chumby OneHackable LinuxdeviceARM CPU64MB of RAMMade by bunnie ofbunnie:studios andJacob Appelbaum

Install: the hard wayInstall Chumby cross-toolchainCheckout sourcesmakeUnzip build on usb keyReboot Chumby with usb key inserted

Install: the easy wayUnzip build on usb keyReboot Chumby with usb key inserted

Running TorSwap file neededConfigured as a bridgeListening on TCP 443Low consumption of resourcesNo upgrade mechanismUnofficial support for 3G dongles

AchievementsRunning Tor on limited resourcesEasy install method

Tor On Maemo And The Nokia N900

Nokia N900Powerful ARM CPU256MB RAMTor in Maemocommunity

InstallEnable extras-develReported as dangerous!Look for Tor in the package managerDone!

Running TorJust toggle it!

AchievementsEasy installEasy upgradeFirst graphical controller application

Orbot: Tor On Android

AndroidLinux basedoperating systemMany differentdevicesOrbot built by TheGuardian Project

InstallScan the QR code!Not yet in theAndroid Market

Running TorJust toggle it!Easily configurableRuns astransparent proxyfor rooted devices

AchievementsEasy installationHighly configurableTransparent proxy

Mobile Tor: Tor On The iPhone

iPhone / iPod TouchHackable Darwin(iPhone OS)devicesPowerful ARM CPU256MB RAM

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

The Original PortMade by cjacker huangBuilt for iPhone OS 1.1.1Tor sources patched to overcome firmwarelimitationsShipped with a copy of PrivoxyShipped with iTor.app controller

The Original Portcjacker huang disappearediTor.app disappeared with its authorTor patches were still available in the mainTor source tree

Bringing Back Tor On TheiPhoneOpen source toolchainSDK target: iPhone OS 3.1.2Cross-compiling from Slackware 13.1

Bringing Back Tor On TheiPhoneBuilt following Jay Freeman's conventionsfor Cydia packagesSources are an overlay for /

The New PortMade by me :-PBuilt for iPhone OS 3.1.2Old patches no longer neededShipped with a copy of PolipoShipped with an SBSettings plugin

Running TorAdd my repositoryInstall Tor ToggleJust toggle it!

Running TorClientRelayHidden ServicesBoth via wirelessand cellular datanetworkiPhone OS shoulddo transparentproxy

iPhone OS LimitationsNo support for SOCKS proxiesRun Polipo!No HTTP proxies for cellular datanetworksVPN trick!No Tor-secure browser

Tor LimitationsCryptographically intenseHeavy on battery drainCellular data networks aren't very TorfriendlyRapidly changing IP addressesSpot coverage

DevelopmentStill too much fiddling with CLINeed for a graphical controller, VidaliastyleNeed for a secure browser

Some Crazy IdeasArm is working.somehowOnionCat lookspromisingSome work onttdnsdDo you have aspare iPad?

Questions?

Released under Creative CommonsAttribution Share-Alike 3.0 3.0/http://sid77.slackware.it/http://twitter.com/ sid77/

Tor On Maemo And The Nokia N900 Orbot: Tor On Android Mobile Tor: Tor On The iPhone. Mobile Phones (In)Security. Mobile Phones Growth Computational power High speed data networks “Real” operating system. Phones Are Personal Raise hand who

Related Documents:

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được

Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.

Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. 3 Crawford M., Marsh D. The driving force : food in human evolution and the future.

MARCH 1973/FIFTY CENTS o 1 u ar CC,, tonics INCLUDING Electronics World UNDERSTANDING NEW FM TUNER SPECS CRYSTALS FOR CB BUILD: 1;: .Á Low Cóst Digital Clock ','Thé Light.Probé *Stage Lighting for thé Amateur s. Po ROCK\ MUSIC AND NOISE POLLUTION HOW WE HEAR THE WAY WE DO TEST REPORTS: - Dynacó FM -51 . ti Whárfedale W60E Speaker System' .

Glossary of Social Security Terms (Vietnamese) Term. Thuật ngữ. Giải thích. Application for a Social Security Card. Đơn xin cấp Thẻ Social Security. Mẫu đơn quý vị cần điền để xin số Social Security hoặc thẻ thay thế. Baptismal Certificate. Giấy chứng nhận rửa tội

More than words-extreme You send me flying -amy winehouse Weather with you -crowded house Moving on and getting over- john mayer Something got me started . Uptown funk-bruno mars Here comes thé sun-the beatles The long And winding road .

Phần II: Văn học phục hưng- Văn học Tây Âu thế kỷ 14- 15-16 Chương I: Khái quát Thời đại phục hưng và phong trào văn hoá phục hưng Trong hai thế kỉ XV và XVI, châu Âu dấy lên cuộc vận động tư tưởng và văn hoá mới rấ

Food outlets which focused on food quality, Service quality, environment and price factors, are thè valuable factors for food outlets to increase thè satisfaction level of customers and it will create a positive impact through word ofmouth. Keyword : Customer satisfaction, food quality, Service quality, physical environment off ood outlets .

Table of Contents Preface Is Tor Safe in 2015? Tor Risks Exit Nodes Intelligence Agencies Quantum and FoxAcid System Tor Step-by-Step Guide Tor Installation . Xbox users long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.

Atas dasar pemikiran di atas, maka diperulah sebuah panduan dalam penyusunan TOR yang diharapkan menjadi rujuan setiap komponen Universitas Jember dalam menyusun usulan kegiatan atau TOR. 1.2 Tujuan Tujuan disusunnya buku Pedoman Penyusunan TOR ini adalah sebagai berikut. 1. Memberik

Python Scrapers for Scraping Cryptomarkets on Tor 249 Firefox is the best option for connecting to Tor since Tor browser is modified from Firefox. Firefox is more friendly for Linux than Windows OS. Therefore we implement the Python scrapers in Ubuntu OS. Python Scr

Scrudini Hand Drive Screws X Camo Marksman Pro X DeckFast Cap-Tor xd/HeadCote Cap-Tor xd X X X X X DeckFast Cap-Tor xd/HeadCote Cap-Tor xd Collated (for Muro CH7390 Driver) X X X X Screw Products C-Deck Exterior Star Drive Composite Deck Screw X X X Phillips II Plus Pozisquare X X X

The R-AXIS IV main body includes the detec tor, vac uum pump, sam ple axis (referred to as the φ -axis), and crystal- to-detec tor dis tance stage (referred to as the stage; either 2 θ or non-2 θ). The R-AXIS IV con trol ler manipu lates the detec tor and φ-axis and regu

The DHS Privacy Office Guide to Implementing Privacy 4 The mission of the DHS Privacy Office is to preserve and enhance privacy protections for

U.S. Department of the Interior PRIVACY IMPACT ASSESSMENT Introduction The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of privacy information, and consider privacy

marketplace activities and some prominent examples of consumer backlash. Based on knowledge-testing and attitudinal survey work, we suggest that Westin’s approach actually segments two recognizable privacy groups: the “privacy resilient” and the “privacy vulnerable.” We then trace the contours of a more usable

Jun 14, 2013 · Consumer privacy issues are a Red Herring. You have zero privacy anyway, so get over it! Scott McNealy, CEO Sun Microsystems (Wired Magazine Jan 1999) 2 Consumer privacy issues are a Red Herring. You have zero privacy anyway, so get over it! Scot

Peter Norvig Prentice Hall, 2003 This is the book that ties in most closely with the module Artificial Intelligence (2nd ed.) Elaine Rich & Kevin Knight McGraw Hill, 1991 Quite old now, but still a good second book Artificial Intelligence: A New Synthesis Nils Nilsson Morgan Kaufmann, 1998 A good modern book Artificial Intelligence (3rd ed.) Patrick Winston Addison Wesley, 1992 A classic, but .