Thread: Maemo 5 as a vulnerability / "hacking" victim
View Single Post
sr00t is offline sr00t
2011-06-15 , 13:36
Posts: 135 | Thanked: 75 times | Joined on Apr 2011 @ Buenos Aires, Argentina
#1
Hi all.
First I want to tell you that I'll assist to this Security Conference and I'll go with my N900.
Let's suppose it has a very difficult root password (uncrackable under normal conditions) and the only service available as an open port would be SSH. Bluetooth will be shut down and 3G too.

Would connecting to WiFi in that conference be dangerous? How do you think the attacker could penetrate N900 (without having physical access to it, of course).
Should I let SSH port be open? If I close it, would another service still running be used as an exploitable gate to gain shell access?

As setup, I have latest CSSU with latest Kernel-Power, and latest Busybox (Busybox-Power).

TL;DR :
I wanna know if N900 is vulnerable to attacks as a target, and share experiences about vulnerabilies found in Maemo 5 and how to prevent them.

Hoping I didn't make silly questions that may irritate you (I'm not an expert, for sure, but I'm not a lammo either), I wait for your answers. Thanks a lot, guys.


Ok, let's compile and summarize some nice advices I've got so far:
Originally Posted by Captwheeto View Post
Turn off SSH if you're not going to use it. Also traffic is being sniffed more than a school girl in Japan. Don't log on to anything, general browsing should be fine as long as nobody does a redirect and exploits you from there.
Originally Posted by petur View Post
Disable IM status and any mail/calendar/contacts syncing . Or make sure they use SSL/....
Originally Posted by stlpaul View Post
As root. Turn off sshd:
Code:
stop sshd
As root. Turn on sshd:
Code:
start sshd
Originally Posted by stlpaul View Post
Use iptables/ip6tables to drop all incoming and outgoing connections over your wifi adapter, only allowing traffic out to your VPN/SSH tunnel server. And use that tunnel for everything.
Otherwise, don't use open wifi, use your 3G internet instead.
Originally Posted by momcilo View Post
There are known exploits for older version of OpenSSH which don't require username/password knowledge.
Basically, since the software running inside N900 is relatively old and therefore very well known to the attackers, you may have additional holes.
Don't accept any new certificates within browser, chat application or mail client.
Originally Posted by jedi View Post
Using passwords sucks big time. To prevent against a scripted password-guessing bot, just disable password login on your N900 and only use keys.
edit (as root) /etc/ssh/sshd_config:
Code:
PasswordAuthentication no
UsePAM no
To use key based authentication: http://www.google.com/search?q=ssh+login+no+password
Last edited by sr00t; 2011-06-15 at 18:38.