Search This Blog

Monday, April 28, 2008

Smart Sniffing on Windows Mobile

Peace be upon you

how are you Guys? sorry for the long absence, today I am getting a very "Evil" thing, actually I will not use it in evil, I will just demonstrate how this thing works and how it can be harmful, What I am talking about is something I named "Smart Sniffing",

What does "Smart Sniffing" means?
It means when the "Hacker" or "Intruder" sniff s/he will not sniff everything, why s/he would do that, for many reason, in our case, the Intruder will need to have just a few pieces of information, not all of it, let us have more details, our sample will be on windows mobile.

First of all you will need to have some tools to start in this operation,
  1. WinPCap for Windows CE.
  2. Windows mobile device to start your development and tests.
  3. Hotmail account.
Let us see what we have now, WinPcap is a free library that is use to capture network packets, well now you have all what is going in and out, for Windows CE version it is little tough but it is not impossible, then you will start watching what is going on, packets going out and packets coming in, now after you have accomplish your first step, let us move to the next step.

You will start looking in the packets for anything related to the password and user name, in the requests that go out from the device to certain server, there is Post requests, that what you are going to rip, if this trick didn't work for many reason on of them, the site uses some kind of SSL (Secure Socket Layer) so you can do something better than ripping the User name and password, you can rip the Session ID, there is too many ways to get what you want, after you have done with this step, the intruder notification step comes.

After you have done extracting the data you want from the packets and it is ready to be used by the Intruder, it will be sent simply and smooth by many ways, it can be sent through SMS, why I said that because may be the user uses some kind of "Firewall" and it will be easily to detect the what the application trying to send,of course the user will know that mobile sent SMS from the bill but the issue here is that the intruder get the piece of information as fast as possible, you can try to dig more and send what you want in sneaky way, like forcing the Internet Explorer to send it as encoded Query String.

What I have just said may seem to be evil but it is just Proof of concept that what ever "Smart Guys"say about mobile and its security, you have to be careful for the application you install on your device, also you have to be careful and try to notice everything on your screen, because there is always eye on you, may be you can't see it but be sure that this eye exist,all you have to do just be careful and try to keep your data as much as you can.

I have seen that before that some kind of Trojan was installed in X company PCs, the Trojan was working like virus, it wasn't detected by the anti-virus, the Trojan was so simple it was just graping the file names and send it to some e-mail Address, of course the Administrator was useless he didn't do anything to protect his company, anyways, don't rely that someone will protect you from any kind of attacks, also rememebr you may ask the wrong person for help so you have to do "Security" related things by your self.

Message to Developers, as you can see nothing is protected by default you have to protect your client as much as you can, it is your client, it is the reason of you raising, so try to keep your client safe, even after your death your work should be protected as much as possible, so you have to read about Encryption, Secure Systems, have certificate, learn the penetration test requirement and do it your self, read about secure code, ... etc
this topic is endless, all you have to do is just sake and be honest because such thing is really need very deep honesty, I am saying that because some how I am client and I hope to be protected.

I forgot to put some links :)
writing secure code
Secure Socket Layer
MSDN Writing Secure Code
WinPcap for Windows CE

I am sorry for the long post, may be I am over reacting but in the matter of fact and as I can see everything a round us is threated and we should be careful, that's all what I meant by this post, I put the idea, it is very simple but it can be used, also similar ideas used to have PC before and for sure there is people working on it now, as long as there is evil we should take care of our selves,

Thanks for your time.

Ahmed Essam