Mobile Privacy: Tor On The IPhone And Other Unusual Devices

Mobile Privacy: Tor On TheiPhone And Other UnusualDevicesMarco Bonetti - CutAway s.r.l.

whoamiMarco BonettiSecurity Consultant @ CutAway s.r.l.mbonetti@cutaway.ithttp://www.cutaway.it/Tor user & researcher @ re.it/http://twitter.com/ sid77/

OutlineMobile Phones (In)SecurityTor On Mobile Phones And Other StrangeDevicesTor On The Chumby OneTor On Maemo And The Nokia N900Orbot: Tor On AndroidMobile Tor: Tor On The iPhone

Mobile Phones (In)Security

Mobile Phones GrowthComputational powerHigh speed data networks“Real” operating system

Phones Are PersonalRaise hand who does not own a mobilephoneWe take them everywhere we goNever leave the house without it ;-)

Phones Are CriticalCall logsDocumentsAddress bookCalendar eventsE-mailCalendar tasksSMSBrowser historyGPS dataBrowser cache

Too Much TrustUsers trust their phonePhones trust the operatorOperators trust themselvesUsers trust operators as well

Too Much Trust

Too Much HeterogeneityClosed communication protocolsHeterogeneous networksFragmented hardware landscapeMany different operating systems

Architectural IssuesMade for chattingand textingKeyboards adoptedto the modelDifficult passwordsare. difficult!

Architectural IssuesPhones are mobiledevicesScreen size islimitedChecking importantstuff is nearlyimpossible!

Who Own The Device?Manufacturer / vendor“Apple iPhone banned for ministers” (CBS, 2010)“Exercising Our Remote Application Removal Feature”(android-developers, 2010)Carrier operator“BlackBerry update bursting with spyware” (The register,2009)Application developer“iPhone Privacy” (BlackHat DC, 2010)End userWe're here!

Data (In)SecurityData is stored in cleartextBlackberry and Nokia allows some sort ofencryptionData access is an “all or nothing” approachNeed permissions fine tuning

Communication (In)SecurityGSM has been brokenUMTS is not feeling very wellSMS has been abusedMMS remote exploit for Windows Mobile,iPhone and many more

Communication (In)SecurityBluetooth is dangerousWiFi offers a plethora of attacksNFC has already been worm-edOperator injected HTTP headersSSL/WTSL heavy on lower end phones

To recapMobile phones are everywhereMobile phones are primary designed formaking calls and sending text messagesStored data can not be easily protectedCommunications need to be secured

Tor On Mobile Phones And Other StrangeDevices

Tor Crash Course

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

Problems to addressAvailable hardwareHosting operating system and code rewriteInstallation processGraphical user interface

Tor On The Chumby One

Chumby OneHackable LinuxdeviceARM CPU64MB of RAMMade by bunnie ofbunnie:studios andJacob Appelbaum

Install: the hard wayInstall Chumby cross-toolchainCheckout sourcesmakeUnzip build on usb keyReboot Chumby with usb key inserted

Install: the easy wayUnzip build on usb keyReboot Chumby with usb key inserted

Running TorSwap file neededConfigured as a bridgeListening on TCP 443Low consumption of resourcesNo upgrade mechanismUnofficial support for 3G dongles

AchievementsRunning Tor on limited resourcesEasy install method

Tor On Maemo And The Nokia N900

Nokia N900Powerful ARM CPU256MB RAMTor in Maemocommunity

InstallEnable extras-develReported as dangerous!Look for Tor in the package managerDone!

Running TorJust toggle it!

AchievementsEasy installEasy upgradeFirst graphical controller application

Orbot: Tor On Android

AndroidLinux basedoperating systemMany differentdevicesOrbot built by TheGuardian Project

InstallScan the QR code!Not yet in theAndroid Market

Running TorJust toggle it!Easily configurableRuns astransparent proxyfor rooted devices

AchievementsEasy installationHighly configurableTransparent proxy

Mobile Tor: Tor On The iPhone

iPhone / iPod TouchHackable Darwin(iPhone OS)devicesPowerful ARM CPU256MB RAM

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

The Original PortMade by cjacker huangBuilt for iPhone OS 1.1.1Tor sources patched to overcome firmwarelimitationsShipped with a copy of PrivoxyShipped with iTor.app controller

The Original Portcjacker huang disappearediTor.app disappeared with its authorTor patches were still available in the mainTor source tree

Bringing Back Tor On TheiPhoneOpen source toolchainSDK target: iPhone OS 3.1.2Cross-compiling from Slackware 13.1

Bringing Back Tor On TheiPhoneBuilt following Jay Freeman's conventionsfor Cydia packagesSources are an overlay for /

The New PortMade by me :-PBuilt for iPhone OS 3.1.2Old patches no longer neededShipped with a copy of PolipoShipped with an SBSettings plugin

Running TorAdd my repositoryInstall Tor ToggleJust toggle it!

Running TorClientRelayHidden ServicesBoth via wirelessand cellular datanetworkiPhone OS shoulddo transparentproxy

iPhone OS LimitationsNo support for SOCKS proxiesRun Polipo!No HTTP proxies for cellular datanetworksVPN trick!No Tor-secure browser

Tor LimitationsCryptographically intenseHeavy on battery drainCellular data networks aren't very TorfriendlyRapidly changing IP addressesSpot coverage

DevelopmentStill too much fiddling with CLINeed for a graphical controller, VidaliastyleNeed for a secure browser

Some Crazy IdeasArm is working.somehowOnionCat lookspromisingSome work onttdnsdDo you have aspare iPad?

Questions?

Released under Creative CommonsAttribution Share-Alike 3.0 3.0/http://sid77.slackware.it/http://twitter.com/ sid77/

Tor On Maemo And The Nokia N900 Orbot: Tor On Android Mobile Tor: Tor On The iPhone. Mobile Phones (In)Security. Mobile Phones Growth Computational power High speed data networks “Real” operating system. Phones Are Personal Raise hand who