Presentation is loading. Please wait.

Presentation is loading. Please wait.

Где моя извозка, сударь? Глеб Чербов Ведущий аудитор Digital Security.

Published byAlfred Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Где моя извозка, сударь? Глеб Чербов Ведущий аудитор Digital Security."— Presentation transcript:

1 Где моя извозка, сударь? Глеб Чербов Ведущий аудитор Digital Security

2 Где моя извозка, сударь? © 2002—2013, Digital Security 2

3 Где моя извозка, сударь? © 2002—2013, Digital Security 3

4 Где моя извозка, сударь? So what? GSM channel GPS Server side Device Fake BTS Jammers ? © 2002—2013, Digital Security 4

5 Где моя извозка, сударь? 5 Tracker © 2002—2013, Digital Security 5

6 Где моя извозка, сударь? Attack: Inf. disclosure © 2002—2013, Digital Security 6

7 Где моя извозка, сударь? Attack: XSS © 2002—2013, Digital Security 7

8 Где моя извозка, сударь? 8 Attack: SQLinj © 2002—2013, Digital Security 8

9 Где моя извозка, сударь? PROFIT? All your cars prisoners children are belong to us… © 2002—2013, Digital Security 9

10 Где моя извозка, сударь? Too simple… © 2002—2013, Digital Security 10

11 Где моя извозка, сударь? So what? GSM channel GPS Server side Device Fake BTS Jammers OWASP top 9000 ? © 2002—2013, Digital Security 11

12 Где моя извозка, сударь? GSM/GPRS GPS Power/peripheral RS-232 Mic/speaker SIM ARM GPS ant. © 2002—2013, Digital Security 12

13 Где моя извозка, сударь? How to interact with it? RS-232 –configuration, firmware update SMS –configuration, data exchange GPRS –data exchange, configuration, firmware update Voice call –just for voice calling =) © 2002—2013, Digital Security 13

14 Где моя извозка, сударь? SMS configuration requires authentication… …but who uses it? © 2002—2013, Digital Security 14

15 Где моя извозка, сударь? …In numbers © 2002—2013, Digital Security 15

16 Где моя извозка, сударь? MitM setparam 3245 setparam 3246 change any sent parameter: coordinates speed fuel level © 2002—2013, Digital Security 16

17 Где моя извозка, сударь? 17 DEMO © 2002—2013, Digital Security 17

18 Где моя извозка, сударь? Firmware update through SMS Just send SMS: BOOT …and device tries to load ip:port\filename and update its firmware Without any authentication! © 2002—2013, Digital Security 18

19 Где моя извозка, сударь? DoS through SMS Just send SMS: BOOT …and device will be rebooted in an infinite update loop © 2002—2013, Digital Security 19

20 Digital Security в Москве: (495) 223-07-86 Digital Security в Санкт-Петербурге: (812) 703-15-47 Questions?

Download ppt "Где моя извозка, сударь? Глеб Чербов Ведущий аудитор Digital Security."

Similar presentations

VEHICLE TRACKING SYSTEM 007B

VEHICLE TRACKING SYSTEM 007B
Location Based Mobile Speed Dating Service. Contents Description Main Applications Location Based Service Mobile Positioning How MPS Works Dating Application.

Location Based Mobile Speed Dating Service. Contents Description Main Applications Location Based Service Mobile Positioning How MPS Works Dating Application.
First Year Ph.D. Presentation Daniel Fitton Exploring the Design and Use of Messaging and Context Sharing with Situated Displays.

First Year Ph.D. Presentation Daniel Fitton Exploring the Design and Use of Messaging and Context Sharing with Situated Displays.
Global Security USG-251 GPS Mobile Personal Tracking Kit.

Global Security USG-251 GPS Mobile Personal Tracking Kit.
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Vehicle Tracking Systems Accurate Tracking Updates  High Position Accuracy (< 2.5 meters)  Smart Position updates feature: Accurate, “on the road” positions.

Vehicle Tracking Systems Accurate Tracking Updates  High Position Accuracy (< 2.5 meters)  Smart Position updates feature: Accurate, “on the road” positions.
© GPRShelp 2004 An Introduction To GPRS. © GPRShelp 2004 Contents What is GPRS? GPRS Applications GPRS Myths GPRS Services Email – the killer application.

© GPRShelp 2004 An Introduction To GPRS. © GPRShelp 2004 Contents What is GPRS? GPRS Applications GPRS Myths GPRS Services – the killer application.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.
GPS DESIGNER CORP What’s FreeTracker? What are the benefits of using FreeTracker Hardware Description How to set up FreeTracker.

GPS DESIGNER CORP What’s FreeTracker? What are the benefits of using FreeTracker Hardware Description How to set up FreeTracker.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.

General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.
Baby Hunters Bill Liao Eugene Wang Richard Wang. Status Update The aim of this project is to set parent's minds at ease regarding the whereabouts of their.

Baby Hunters Bill Liao Eugene Wang Richard Wang. Status Update The aim of this project is to set parent's minds at ease regarding the whereabouts of their.
A. Application Procedure: 1. Filing of the Application for Accreditation 2. Approval of the Accreditation Panel 3. Confirmation of the Chairman.

A. Application Procedure: 1. Filing of the Application for Accreditation 2. Approval of the Accreditation Panel 3. Confirmation of the Chairman.
1 Automatic Meter Reading in Electronic Power Measurement Proposal based on AMR 2000.

1 Automatic Meter Reading in Electronic Power Measurement Proposal based on AMR 2000.
AlwaysFind Fleet Management AVL System and Personal Security GPS Tracker (Tracking.Gilsson.com) © 2006, Gilsson Technologies, All rights reserved. (version.

AlwaysFind Fleet Management AVL System and Personal Security GPS Tracker (Tracking.Gilsson.com) © 2006, Gilsson Technologies, All rights reserved. (version.
By Uniguard Technology Limited www.uniguardgps.com.

By Uniguard Technology Limited
What is Influx InfoTech ?. About Influx InfoTech IT products & services company Delivering technology driven business solutions Hi-end infrastructure,

What is Influx InfoTech ?. About Influx InfoTech IT products & services company Delivering technology driven business solutions Hi-end infrastructure,
Bonrix Track & Trace System A GPS Based Vehicle Tracing System (SMS, GPRS/3G, Offline) Bonrix Software Systems Ahmedabad (INDIA) Website:

Bonrix Track & Trace System A GPS Based Vehicle Tracing System (SMS, GPRS/3G, Offline) Bonrix Software Systems Ahmedabad (INDIA) Website:
Location Tracker management system ensures substantial productivity, gains including greater efficiency of fleet operations,higher field workforce productivity,

Location Tracker management system ensures substantial productivity, gains including greater efficiency of fleet operations,higher field workforce productivity,

Similar presentations

Ads by Google