Mobile Privacy: Tor On The IPhone And Other Unusual Devices

2y ago
55 Views
2 Downloads
732.51 KB
53 Pages
Last View : 9d ago
Last Download : 4m ago
Upload by : Karl Gosselin
Transcription

Mobile Privacy: Tor On TheiPhone And Other UnusualDevicesMarco Bonetti - CutAway s.r.l.

whoamiMarco BonettiSecurity Consultant @ CutAway s.r.l.mbonetti@cutaway.ithttp://www.cutaway.it/Tor user & researcher @ re.it/http://twitter.com/ sid77/

OutlineMobile Phones (In)SecurityTor On Mobile Phones And Other StrangeDevicesTor On The Chumby OneTor On Maemo And The Nokia N900Orbot: Tor On AndroidMobile Tor: Tor On The iPhone

Mobile Phones (In)Security

Mobile Phones GrowthComputational powerHigh speed data networks“Real” operating system

Phones Are PersonalRaise hand who does not own a mobilephoneWe take them everywhere we goNever leave the house without it ;-)

Phones Are CriticalCall logsDocumentsAddress bookCalendar eventsE-mailCalendar tasksSMSBrowser historyGPS dataBrowser cache

Too Much TrustUsers trust their phonePhones trust the operatorOperators trust themselvesUsers trust operators as well

Too Much Trust

Too Much HeterogeneityClosed communication protocolsHeterogeneous networksFragmented hardware landscapeMany different operating systems

Architectural IssuesMade for chattingand textingKeyboards adoptedto the modelDifficult passwordsare. difficult!

Architectural IssuesPhones are mobiledevicesScreen size islimitedChecking importantstuff is nearlyimpossible!

Who Own The Device?Manufacturer / vendor“Apple iPhone banned for ministers” (CBS, 2010)“Exercising Our Remote Application Removal Feature”(android-developers, 2010)Carrier operator“BlackBerry update bursting with spyware” (The register,2009)Application developer“iPhone Privacy” (BlackHat DC, 2010)End userWe're here!

Data (In)SecurityData is stored in cleartextBlackberry and Nokia allows some sort ofencryptionData access is an “all or nothing” approachNeed permissions fine tuning

Communication (In)SecurityGSM has been brokenUMTS is not feeling very wellSMS has been abusedMMS remote exploit for Windows Mobile,iPhone and many more

Communication (In)SecurityBluetooth is dangerousWiFi offers a plethora of attacksNFC has already been worm-edOperator injected HTTP headersSSL/WTSL heavy on lower end phones

To recapMobile phones are everywhereMobile phones are primary designed formaking calls and sending text messagesStored data can not be easily protectedCommunications need to be secured

Tor On Mobile Phones And Other StrangeDevices

Tor Crash Course

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

Problems to addressAvailable hardwareHosting operating system and code rewriteInstallation processGraphical user interface

Tor On The Chumby One

Chumby OneHackable LinuxdeviceARM CPU64MB of RAMMade by bunnie ofbunnie:studios andJacob Appelbaum

Install: the hard wayInstall Chumby cross-toolchainCheckout sourcesmakeUnzip build on usb keyReboot Chumby with usb key inserted

Install: the easy wayUnzip build on usb keyReboot Chumby with usb key inserted

Running TorSwap file neededConfigured as a bridgeListening on TCP 443Low consumption of resourcesNo upgrade mechanismUnofficial support for 3G dongles

AchievementsRunning Tor on limited resourcesEasy install method

Tor On Maemo And The Nokia N900

Nokia N900Powerful ARM CPU256MB RAMTor in Maemocommunity

InstallEnable extras-develReported as dangerous!Look for Tor in the package managerDone!

Running TorJust toggle it!

AchievementsEasy installEasy upgradeFirst graphical controller application

Orbot: Tor On Android

AndroidLinux basedoperating systemMany differentdevicesOrbot built by TheGuardian Project

InstallScan the QR code!Not yet in theAndroid Market

Running TorJust toggle it!Easily configurableRuns astransparent proxyfor rooted devices

AchievementsEasy installationHighly configurableTransparent proxy

Mobile Tor: Tor On The iPhone

iPhone / iPod TouchHackable Darwin(iPhone OS)devicesPowerful ARM CPU256MB RAM

Tor On Unusual DevicesDecember 2007: iPhoneDecember 2009: Chumby OneFebruary 2010: iPhone, againFebruary 2010: Nokia N900March 2010: Android

The Original PortMade by cjacker huangBuilt for iPhone OS 1.1.1Tor sources patched to overcome firmwarelimitationsShipped with a copy of PrivoxyShipped with iTor.app controller

The Original Portcjacker huang disappearediTor.app disappeared with its authorTor patches were still available in the mainTor source tree

Bringing Back Tor On TheiPhoneOpen source toolchainSDK target: iPhone OS 3.1.2Cross-compiling from Slackware 13.1

Bringing Back Tor On TheiPhoneBuilt following Jay Freeman's conventionsfor Cydia packagesSources are an overlay for /

The New PortMade by me :-PBuilt for iPhone OS 3.1.2Old patches no longer neededShipped with a copy of PolipoShipped with an SBSettings plugin

Running TorAdd my repositoryInstall Tor ToggleJust toggle it!

Running TorClientRelayHidden ServicesBoth via wirelessand cellular datanetworkiPhone OS shoulddo transparentproxy

iPhone OS LimitationsNo support for SOCKS proxiesRun Polipo!No HTTP proxies for cellular datanetworksVPN trick!No Tor-secure browser

Tor LimitationsCryptographically intenseHeavy on battery drainCellular data networks aren't very TorfriendlyRapidly changing IP addressesSpot coverage

DevelopmentStill too much fiddling with CLINeed for a graphical controller, VidaliastyleNeed for a secure browser

Some Crazy IdeasArm is working.somehowOnionCat lookspromisingSome work onttdnsdDo you have aspare iPad?

Questions?

Released under Creative CommonsAttribution Share-Alike 3.0 3.0/http://sid77.slackware.it/http://twitter.com/ sid77/

Tor On Maemo And The Nokia N900 Orbot: Tor On Android Mobile Tor: Tor On The iPhone. Mobile Phones (In)Security. Mobile Phones Growth Computational power High speed data networks “Real” operating system. Phones Are Personal Raise hand who

Related Documents:

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions

Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have

Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được

Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.

The American Petroleum Institute Manual of Petroleum Measurement Standards (API MPMS) Chapter 19 details equations for estimating the average annual evaporation loss from storage tanks. These equations are based on test tank and field tank data and have been revised since initial publication for more accurate estimations. WHAT IS EVAPORATION? Evaporation is when a substance changes from the .