MiTM Attacks Against Mobile Devices

Normally when one thinks of MiTM (Man In The Middle) attacks over wireless802.11 protocols, thoughts of ARP Poisoning and Wifi-Pineapples come to mind. Traditionally these attacks were conducted against laptops using embedded wireless functionality. Now that most mobile phones and tablet devices have Wifi capabilities in addition to access to their cellular networks, they have added themselves to the list of potential victims.

Wifi only devices, such as Google Android tablets and Apple Ipads, are particularly at risk to these kinds of attacks, especially in public environments such as airports.

If you use an Android or iOS device to connect to a Microsoft Exchange server over WiFi, security researcher Peter Hannay a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia has taken readily available security tools and prepared a rather damaging MiTM attack targeting mobile devices over WiFi.

The purpose of this attack is to impersonate an application the mobile device is attempting to connect to (MS Exchange Server in this case). Once the connection is established, the bogus Exchange Serve sends provisioning commands back to the device. Among commands that can be sent is the option to remotely wipe the device of its data.

How it works:

The attacker would enable their wifi-pineapple or similar platform to perform DNS spoofing and offer up a self-signed SSL certificate to clients that connect to i. This would prompt the connecting victim to accept this bogus certificate and make the connection. Unfortunately most end users aren’t particularly security savvy, click through the warning message, and are then subjected to what the attacker has in store for them. In this case, possibly the issuance of a command to remotely wipe the device.

The future does not look particularly bright for mobile device owners. Pending research is attempting to add the implementation of an open source software protocol library with the objectives of emulating the ActiceSync protocol and serving as a translation layer between mobile MS Exchange clients and other types of servers. This could ultimately provide such nefarious activities as retrieving data from the mobile device such as address books, contacts, emails, calendar entries and similar data using remote backup facilities or pushing policy to the phone and change configuration options such as what server the device wants to communicate with by default. There are, however, mobile hacking and security training classes available to help people learn countering techniques (and other attack techniques).

This attack is not viewed as a flaw in MS Exchange Server or the client software, according to Microsoft, but a flaw in the implementation of the aforementioned client in the Google Android and Apple iOS mobile operating systems. One has to at least question the trust model that is in place. The server component goes through great measures to ensure that a trusted client and end user is connecting while the client doesn’t follow suit. Microsoft Windows Phones are not vulnerable to this attack.

About the Author

Anthony Williams is the founder of IT security consulting firm, IRON::Guard Security, LLC. Anthony is an active member of the hacking and forensics community, he teaches advanced hacking courses for an international training leader (TrainACE) and is a noted speaker and contributor to major security publications.


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...