Wireless, Mobile and Application Layer Security Vulnerability Workshop

(ATIS2014-School Flyer in PDF)


 November 26 (Wednesday), 2014
 
09:00-16:00
 ATIS-School (I): Wireless and Mobile Network Layer Security Vulnerabilities
 
 Location: T1.06
 Note: Separate Registration and confirmation are needed for ATIS-School.
 November 27 (Thursday), 2014
 
09:00-16:00
 ATIS-School (II): Application Layer Security Vulnerabilities

 Location: T1.06
 Note: Separate Registration and confirmation are needed for ATIS-School.

Background


These two workshops to be held on Wednesday 26 and Thursday 27 November are designed to address network and application layer security vulnerabilities and to provide hands-on experience with tools used in intrusion analysis. In particular they will provide participants with experience in the use of network cybersecurity tools and techniques which can be used to evaluate security vulnerabilities such as data leakage from Android and Bluetooth wireless networks. NFC/RFID Smartcard security experiments involve key search attacks, cloning and data modification on smartcards. Within the area of application security there are three sets of practical experiments. These involve interception and capture of CCTV video data using IP cameras, client/user interaction with a bank to demonstrate the recent Heartbleed attack and the Mallory Man-In-The-Middle attack to demonstrate ta range of SSL interception attacks as well as examining the use of DNSSEC to protect against such attacks. In all cases the intention is to provide participants with hands-on experience with tools and techniques used in cybersecurity penetration analysis.   


Wireless and Mobile Network Layer Security Vulnerabilities:
Android, Bluetooth, NFC/RFID Smartcards
Wednesday 26 November 9am – 4pm

This workshop will examine the security vulnerability characteristics of a variety of wireless and mobile personal, local and wide area networks, including Android, Bluetooth and NFC/RFID Smartcards. The manner in which these networks can be compromised by attacks (such as, sniffing, spoofing, hijacking, man-in-the-middle , traffic injection, brute force, or denial of service) as well as host-based attacks such as spyware and buffer overflow will be evaluated in this practical environment.

LIMITED TO 12 PEOPLE.  A small registration fee will be required to cover lunch which is from 12 to 1pm.

Android Attacks and Data Leakage


Attacks against an Android device will be used to demonstrate how private information can be extracted by a number of means, including: various exploits, Android file and folder stealing attacks, malware attacks via App Stores and why spamming still occurs in mobile networks. 

The following tools will be used to carry out this set of practical vulnerability demonstrations for this workshop:

  • airmon-ng – a tool that can help set a wireless adapter into monitor mode (rfmon)
  • airodump-ng – a tool for capturing packets from an Access Point
  • aireplay-ng – a tool for forging ARP requests
  • aircrack-ng – a tool for decrypting keys
  • iwconfig / ifconfig  – tools for configuring wireless adapters in monitor mode
  • Ettercap for ARP spoofing
  • Wireshark – a tool for passive collection and analysis of packets

Wireless Personal Area Network Vulnerabilities – Bluetooth


As with the Android workshop above, attacks against Bluetooth devices will be used to demonstrate how private information can be extracted through means such as: exploits, file and folder stealing attacks, taking remote control of a Bluetooth devices function set and phonebook, SMS and photo extraction.

The following tools will be used to carry out this set of practical vulnerability demonstrations for this workshop:

  • A computer running Backtrack
  • hciconfig – a tool for configuring the Bluetooth adapter
  • hcitool – a tool to configure Bluetooth connections and send special commands to the Bluetooth adapter
  • l2ping – sends a L2CAP echo request to the Bluetooth MAC address
  • sdptool – provides an interface for performing queries on Bluetooth devices e.g. browse for available services and open channels
  • btobex – is a tool for the BlueSnarf attack which allows unauthorised access of information from a wireless device through a Bluetooth connection
  • bluebugger – is a tool for taking control of  mobile devices by creating a serial connection

Smartcard Attacks and Vulnerabilities


Smartcard technology is used widely in ticketing systems such as Oyster, Octopus, Snapper, Metro, Myki and others. It is also used for “Tap and Go” smartcards which authorises contactless payment as well as for access to toll roads in many countries. They are also present in other forms such as photocopy cards, student ID's, building access controls and passports.

libnfc is a software library used in this workshop as is the mechanism for communication with ISO14443 RFID tags. In this workshop this library will be run out of a Backtrack Virtual Machine. In addition, a set of python scripts will be used for carry out basic functions on a smartcard such as reading, writing and cracking. libnfc works with NXP chipsets, which feature USB connectivity, giving rise to their use in smartcard devices such as the Snapper USB Feeder. This device - to be used in this workshop - is used as the hardware interface between the smartcard and the Backtrack Virtual Machine.

In particular, in this workshop Mifare Smartcards will be key-cracked, read from and written to, cloned, copied and have stored dollar amounts changed. Much of this workshop centres on understand how the access bits control the 16 sectors and how the “a” and “b” keys operate. Further, techniques for controlling access conditions (read, write, decrement, transfer and restore) will be experimented with. Additional tools such the Mifare Byte calculator and a Hex-ASCII converter will be used in this workshop.



Application Layer Security Vulnerabilities: 
Video Forensics, SSL Heartbleed, SSL Interception 
Thursday 27 November 9am – 4pm

A variety of tools can be used for network penetration, and many for intrusion detection/prevention; some tools can be used for both purposes. This workshop utilises some of the key, commonly used, open source tools, and demonstrates the steps of (i) discovery, (ii) exploitation resulting from (i), and (iii) detection of intrusions. The work involves scope testing, reconnaissance of visible services, fingerprinting of endpoints, and triage results to determine key focus areas by targeting a combination of high probability or high-impact weaknesses. 

This workshop is designed to provide foundational knowledge on application layer security – and in particular – application of theory to practice. It directly addresses the mechanisms necessary to circumvent or defend against attacks by evaluating the security protocols and standards in common use. Further, the workshop will give participants an opportunity to examine and experiment with important vulnerabilities in applications including voice and video data leakage, SSL interception (Internet banking in particular) and SSL leakage (Heartbleed) vulnerability.

LIMITED TO 12 PEOPLE.  A small registration fee will be required to cover lunch which is from 12 to 1pm.

Video Forensics


This part of the workshop is an extension of the wireless and mobile security workshop run the previous day and involves the use of IP cameras typically used in CCTV surveillance. It requires setting up  systems to capture still images, video streams and accompanying audio streams as they pass through a network (including both wired and wireless) and then to forensically analyse and recreate the images and motion video again using tools such as mplayer and other media players in Backtrack. Thus this wireless TCP/IP traffic from IP cameras will be captured and analysed with no reference to the destination server.

SSL Data Leakage - Heartbleed


The recently discovered (April 2014) SSL data leakage vulnerability (Heartbleed) has been incorporated into a workshop and configured in exactly the same way in which a client, firewall and a bank’s configuration occurs in practice. The tools and techniques used to extract critical personal information will be experimented with in this workshop – not so much from the point of view of just breaking in but to gain understanding as to why and how such vulnerabilities exist in modern current business and Government systems.

SSL Interception - Man-In-The-Middle Vulnerabilities


Such a practical implementation requires the use of a variety of firewall and routing equipment. Delegates will build the network, implement and test the security policy and gain experience in the practical implementation of client-server application processes such as those commonly used in mobile Internet banking. Thus the firewall and interconnected network configurations will closely represent those found in practice. The Internet banking scenario will be constructed with the use of mobiles which will interact with a bank server through a firewall. Man-in-the-Middle attacks will then be configured to obtain multiple SSL connections and subsequent extraction of user identification credentials.


Cancellations forfeit the registration cost; please let us know in advance if you have to cancel as we will keep a waiting list and someone else can take your place.

Ċ
Shaowu Liu,
Sep 8, 2014, 8:21 PM