Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPwn your iPhone – WiFi edition Fun with with

Published byDavid McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "IPwn your iPhone – WiFi edition Fun with with"— Presentation transcript:

1 iPwn your iPhone – WiFi edition Fun with with CVE-2011-0228 @hubert3 hubert@pentest.com

2 Agenda Brief intro to SSL certs The CVE-2011-0228 vulnerability iSniff Demo

3 SSL certificate chains

4

5

6

7 Patch…

8 Man-in-the-middle setup Linux VM (Debian 6) Netgear WG111v2 USB WiFi stick R8187 driver from aircrack-ng airbase-ng dhcpd iSniff.py

9 sslsniff 0.8 AuthorityCertificateManager.cpp

10 iSniff.py

11 iSniff Demo

12 After patch…

13

14 Resources https://github.com/hubert3/iSniff Airbase-ng wifi setup: http://adaywithtape.blogspot.com/2009/10/fake-ap-using-airbase-ng.html Advisories: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt http://blog.recurity-labs.com/archives/2011/07/26/cve-2011- 0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/in dex.html http://blog.recurity-labs.com/archives/2011/07/26/cve-2011- 0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/in dex.html

Download ppt "IPwn your iPhone – WiFi edition Fun with with"

Similar presentations

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran
Wifi Penetration Wireless Communication and Computer/Network Forensics.

Wifi Penetration Wireless Communication and Computer/Network Forensics.
V2012.13. 2 Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 7 Topics: Tech Talks Field Trip Complete VirtualBox/Ubuntu.

V Avon High School Tech Crew Agenda Old Business –Delete Files New Business –Week 7 Topics: Tech Talks Field Trip Complete VirtualBox/Ubuntu.
Team 07 – The Caffeinators Site Survey Wifi Tag. Project Recap Site surveys are time consuming and tedious Xirrus requested a small deployable tag that.

Team 07 – The Caffeinators Site Survey Wifi Tag. Project Recap Site surveys are time consuming and tedious Xirrus requested a small deployable tag that.
Wireless setup utility for Portable Printer P-20.

Wireless setup utility for Portable Printer P-20.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Epass 2003 Token Driver Installation Guide ***************************************

Epass 2003 Token Driver Installation Guide ***************************************
Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs.

Hacking Web File Servers for iOS Bruno Gonçalves de Oliveira Senior Security Consultant – Trustwave’s SpiderLabs.
w3wp.exe node.exe TCP libuv HTTP application TCP HTTP.SYS IIS iisnode named pipes libuv HTTP application.

w3wp.exe node.exe TCP libuv HTTP application TCP HTTP.SYS IIS iisnode named pipes libuv HTTP application.
Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.
Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.

Mobile Application Development with ANDROID. Agenda Mobile Application Development (MAD) Intro to Android platform Platform architecture Application building.
Breathing New Life Into An Old Laptop. Give an Old Laptop New Life with Cheap (or Free) Projects Picture frame Wireless Bridge File Server Printer server.

Breathing New Life Into An Old Laptop. Give an Old Laptop New Life with Cheap (or Free) Projects Picture frame Wireless Bridge File Server Printer server.
How to Publish Your App Aarti Kumar & Shay Casey AppExchange Partner Enablement Part 1 – Becoming certified Part 2 – Building your listing.

How to Publish Your App Aarti Kumar & Shay Casey AppExchange Partner Enablement Part 1 – Becoming certified Part 2 – Building your listing.
1 Nokia N900 – Debian in your pocket Presentation by Eric Halmans - Jan 2010 Nokia N900.

1 Nokia N900 – Debian in your pocket Presentation by Eric Halmans - Jan 2010 Nokia N900.
Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference 2007 21 - 24 May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.

Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.
PREVIOUS GNEWS. 6 Patches – 1 Critical – 22 CVEs Affected – IE. Kernel, Print, Office MS13-047 - Cumulative Security Update for Internet Explorer MS13-048.

PREVIOUS GNEWS. 6 Patches – 1 Critical – 22 CVEs Affected – IE. Kernel, Print, Office MS Cumulative Security Update for Internet Explorer MS
DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO 1.

DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO 1.
Wi-Fi Setup. Wi-Fi has quickly become one of the most pervasive wireless technologies, but users have told us they want it to be easier to set up and.

Wi-Fi Setup. "Wi-Fi has quickly become one of the most pervasive wireless technologies, but users have told us they want it to be easier to set up and.
Security Services Agenda Overview of HEAnet security services HEAnet CERT (Computer Emergency Response) Anti-Spam RBL (Real time blacklist service) HEAnet.

Security Services Agenda Overview of HEAnet security services HEAnet CERT (Computer Emergency Response) Anti-Spam RBL (Real time blacklist service) HEAnet.
SIG Leader: Mike Smith Host of the Mike Tech Show podcast

SIG Leader: Mike Smith Host of the Mike Tech Show podcast

Similar presentations

Ads by Google