Analysis of Russian Apps for TSPU-Related Risks

193350-Thumbnail Image.png
Description
The landscape of internet freedom and surveillance is constantly evolving, with various countries employing technical measures to control online information and monitor citizens. Russia's internet ecosystem presents a unique case study, with the recent establishment of a domestic Trusted Root

The landscape of internet freedom and surveillance is constantly evolving, with various countries employing technical measures to control online information and monitor citizens. Russia's internet ecosystem presents a unique case study, with the recent establishment of a domestic Trusted Root Certificate Authority (CA) and the ongoing utilization of the "Technical Measures to Combat Threats" (TSPU) devices with government-mandated deployment by internet service providers. This thesis investigates the potential risks associated with these developments, focusing on the vulnerability of Russian Android applications to targeted JavaScript attacks compromising the privacy and security of their users.This analysis of Russian Android applications reveals the existence of the Russian CA certificate embedded into the application packages, enabling the Russian government to intercept and manipulate encrypted TLS traffic. Simulating TSPU behavior with mitmproxy demonstrates the susceptibility of all tested applications to JavaScript injection attacks, allowing targeted government surveillance. This thesis proposes several mitigation strategies and highlights the need for a systemic solution to address the security risks associated with government-controlled CAs in applications, considering Google Play Market restrictions on such certificate inclusion. This thesis contributes to the evolving discussion on internet freedom and cybersecurity in Russia by exposing the unique vulnerabilities faced by users within the Russian digital ecosystem.
Date Created
2024
Agent

Preparing an Educational Module on File Pointer Exploitation in C

187663-Thumbnail Image.png
Description
As computing evolves and libraries are produced for developers to create efficientsoftware at a faster rate, the security of a modern program is an area of great concern because complex software breeds vulnerabilities. Due to the criticality of computer systems security, cybersecurity

As computing evolves and libraries are produced for developers to create efficientsoftware at a faster rate, the security of a modern program is an area of great concern because complex software breeds vulnerabilities. Due to the criticality of computer systems security, cybersecurity education must maintain pace with the rapidly evolving technology industry. An example of growth in cybersecurity education can be seen in Pwn.college – a publicly available resource composed of modules that teach computer systems security. In reaction to the demand for the expansion of cybersecurity education, the pwn.college developers designed a new set of modules for a course at Arizona State University and offered the same modules for public use. One of these modules, the “babyfile” module, was intended to focus on the exploitation of FILE structures in the C programming language. FILE structures allow for fast and efficient file operations. Unfortunately, FILE structures have severe vulnerabilities which can be exploited to attain elevated privileges for reading data, writing data, and executing instructions. By researching the applications of FILE structure vulnerabilities, the babyfile module was designed with twenty challenges that teach pwn.college users how to exploit programs by misusing FILE structures. These challenges are sorted by increasing difficulty and the intended solutions utilize all the vulnerabilities discussed in this paper. In addition to introducing users to exploits against FILE structures, babyfile also showcases a novel attack against the virtual function table, which is located at the end of a FILE structure.
Date Created
2023
Agent