DeepSec 2020 Talk: Security Model Of Endpoint Devices – Martin Kacer
Have you ever asked these questions? You are using the latest mobile and using your laptop with the latest and patched OS, running antivirus: Do you need to worry about security? Isn’t there still something broken in the entire security and permission model? Why can the desktop application, that is not an internet browser, access and communicate by using any IP address? Why can the application access your whole filesystem and collect the files from there? Why can an android app with internet permission communicate using any arbitrary IP, even a private one? Why can the app communicate by using different domains? Isn’t the app market ecosystem creating a friendly environment for botnets? This talk will shed some light on these issues and propose some mitigation strategy.
We have asked Martin a few more questions about his talk.
Please tell us the top 5 facts about your talk.
I will try to cover the following area in the talk:
- Discuss what assets can be valuable on the endpoints; Define glossary; Explain that by malicious applications here should be also understood any legitimate app, which was exploited by any attack vector.
- Cover desktop security models. Consider what malicious desktop applications can achieve without exploiting any vulnerability or violating any security policy.
- Cover smartphone / Android security model. Cover what malicious Android applications can achieve with common permissions.
- Focus mainly on android and resulting security risks. And cover also private network compromise scenarios.
- Outline possible mitigation strategies.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I was working in the security area, performing penetration tests and also red-team exercises. Gaining root sounds like the goal for security researchers, however this can be often far away from what common users consider valuable or what the real assets are on the device.
Why do you think this is an important topic?
Too much focus is put on certain vulnerabilities. For sure many are discovered and excellently exploited and could create real harm. However in the end, they just get a CVE ID and are often addressed by a security patch or by a new software release. However, the issue that an application running under given user can collect any files, which are readable by that user, and fully control socket and communicate towards any IP, has been overlooked for many years. And now with the smartphone ecosystem and easy application installation through various markets, the issue is even more significant.
Is there something you want everybody to know – some good advice for our readers maybe?
Do not consider your private networks private, if they are accessed by any endpoints. If you care about your security, do not store sensitive content on your smartphone and reduce the number of app installed there. Regularly backup the data and erase what is not needed any more. For laptops also store only what is required on the filesystem. And you can harden your machine in various ways. For example, on GNU/Linux you can create a dedicated user which has access to the internet and open your web browser from there. However, this user should have limited rights and limited access to your file system. And you have another normal user without internet access which is used for normal work. The iptables or ufw can work just well here. Or you can use virtualization to create a similar isolation.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
The permissions models on smartphones should become more granular, strict and more transparent. It would be good to control the destination domains which are used for the communication, not to see just permission INTERNET. Or SDCARD ACCESS permission or access to internal storage. It should be clearly defined which folders will be accessed. Similar permission models should be adopted also for desktops (like snap on GNU/Linux).
Martin Kacer is a Security Researcher, dedicated to telecom security. He made key contributions to GSMA security guidelines documents related to interconnect signalling security for 2G, 3G, 4G and 5G networks. Regarding open source work, Martin is author of open source Signalling firewall and was speaker at the BlackHat USA conference. Additionally he contributed to the wireshark project and published a few tools.