Presented at
Black Hat Asia 2017,
March 31, 2017, 11:45 a.m.
(60 minutes).
Traditionally, organizing trusted computers within a firewall-equipped intranet which is accessible only to the insiders is an ideal way to exclude attackers outside. However, this is not the case in 3G/4G internal network. Due to the openness of the 3G/4G intranets, an attacker is able to join a 3G/4G intranet and conduct scanning over other mobile devices connected to the same intranet using existing tools and techniques like ping sweeps and port scans. This in turn allows the attacker to reach the mobile apps which are listening for inbound network traffic. Therefore, the 3G/4G intranet scanning significantly augments the threat of vulnerable apps. For example, the attacker can exploit the WormHole vulnerability to remotely tamper the contact information, pull local files, and install malware.<br> <br> In this work, we demonstrate the feasibility of the large-scale scanning over the 3G/4G intranet. First, we adapt the Nmap scanner for 3G/4G intranets. We use it to scan more than 16 million mobile users of the three main ISPs in China, including China Mobile, China Telecom and China Unicom. During our scanning, we find that 2% of the scanned devices are installed with apps containing the WormHole vulnerability. We also find a previously-unreported WormHole vulnerability from an app which has accumulated 11 million installs. Second, in order to investigate whether the 3G/4G intranet scanning has been used in the real world, we build up a small honey pot to capture the scanning. Simply deploying 4 devices over two cities, we are able to catch scanning activities. This implies that the 3G/4G intranet has been taken into usage by current security professionals. Overall, our work should raise the awareness of the app developers about this attack vector.
Presenters:
-
Guangdong Bai
- Lecturer, Singapore Institute of Technology
Dr. Bai Guangdong is a faculty member in Singapore Institute of Technology (SIT). He received his PhD degree from National University of Singapore in 2015. His research interest spans across the broad areas of mobile security, web security, and protocol verification. During his previous research, he has worked on analyzing authentication protocol implementation, online payment, and Android security. His research has helped identify and fix serious security vulnerabilities for major websites like Sina Weibo. His work appears in top security conferences, such as NDSS and Black Hat Europe.
-
Zhang Qing
- Senior Researcher,
ZHANG Qing is an independent researcher on Android security. Previously, he was a senior Android security researcher of Vulpecker Team of Qihoo 360 and visiting scholar of Model Checking Lab in National University of Singapore.He currently works as a senior information security engineer of Xiaomi, in charge of account risk control. His interests include Android security, web security and payment security, specializing in reverse engineering and fuzzing. His work has appeared at syscan360 2016. In 2016, he won whole year's first-place prizes in vulnerability detection of some major Chinese companies, such as Huawei, meizu and xiaomi.
Links:
Similar Presentations: