Research Projects
The following is a list of current ongoing MWR research projects..
Windows Phone 7
Researcher: Alex Plaskett
Date Started: Nov 10, 2011
The use of smart phones has become part of daily life for many of us. With everyone essentially carrying a computer in their pocket in the form of a smart phone there is a large amount of sensitive information being stored on a device with a high amount of connectivity. Windows Phone 7 is Microsoft’s offering to the smart phone market which is currently gaining in popularity.
This research project focuses on the security of the Windows Phone 7 ecosystem with the initial focus being on the security of the underlying platform and applications that run on top of it. The aim of the project is to assess the security of Windows Phone 7 devices to determine the level of risk that is exposed by the use of these devices and to offer guidance on how it can be minimised or mitigated.
Attacking with "Smart" Cards
Researcher: Rafael Dominguez Vega
Date Started: Jul 01, 2010
The use of smart cards has become part of our daily routine, when cashing money out from an ATM, accessing buildings, logging in to a computer system or shopping. Often our biggest concern is what the impact will be if we lose our smart card whether it is our credit card, building access card or logon access card. Will we lose our money or it will allow unauthorised access to computer systems or buildings. However, shouldn’t we be more concerned about whether the card itself can be used to attack the software handling the smart card input? After all, why steal one person's money or access rights when someone could steal them all.
This research looks at smart card security from a different perspective, focusing on the identification and exploitation of vulnerabilities in the software handling the smart card input, where attacks are delivered through a malicious smart card.
Linux - Assessing Tux Strength
Researcher: Radoslaw Madej
Date Started: Jun 29, 2010
Over last few years Linux has moved from a developement and educational niche to a cost effective solution across enterprises. It is commonly used for a variety of purposes, from more traditional ones, like Web or Database server to a less obvious ones like gateways or IDS systems. But how secure it actually is and can it withstand attacks using modern exploitation techniques? The research will focus around number of areas within the security of a modern Linux operating system.
Android Security
Researcher: Nils
Date Started: May 01, 2010
Android is a mobile operating systems intended for use in tablets and smartphones. Development of this open source platform is led by Google and started in 2005. In recent years it has emerged as the most popular smartphone operating system, with over 200 million Android devices world-wide.
This research project focuses on the security of the Android platform, devices, ecosystem and applications. The Linux based operating system implements an application sandbox in order to enforce access restrictions on the devices and to separate installed applications. This research project helps MWR to understand the security implications of the platform that led to the discovery of a multitude of vulnerabilities on Android devices, many of which were introduced by the OEM vendors.
Output of this research project includes a comprehensive Android application review methodology and an Android security workshop which is used for training internally and is regularly presented at security conferences and to interested third parties.
Altiris Deployment Solution
Researcher: Luke Jennings
Date Started: Jan 05, 2009
Deployment software is used used to help manage the process of deploying systems, software and configurations from a centralised location. This can allow system administrators to easily control large numbers of systems and maintain consistency among them. However, the very nature of this type of software means that high privileges are required and so any security flaws can potentially put entire networks at risk.
Symantec's Altiris Deployment Solution is a particularly good example of this type of software, offering very powerful functionality, and has been commonly observed in use across different industry sectors by MWR InfoSecurity. This project aims to investigate the security implications of deployment software with a particular focus on Altiris Deployment Solution as a product.
Fun with Plug & 0wn
Researcher: Rafael Dominguez Vega
Date Started: Nov 01, 2008
This research project was instigated to investigate the security implications of USB interfaces on systems. The specific focus was in the discovery and exploitation of vulnerabilities in USB device drivers.
Solaris
Researcher: Matt Hillman
Date Started: Oct 15, 2008
This project is currently focussed on developing a Ruby based debugging component for Solaris to allow process manipulation in a programmatic way. Currently development has centred around manipulating processes using traditional debugging techniques on the SPARC platform, but ultimately it should allow debugging and DTrace based techniques to be used together in a complimentary way with support for both x86 and SPARC.
Fun with RDP
Researcher: Luke Jennings
Date Started: Jul 01, 2008
The Remote Desktop Protocol is implemented by Microsoft's Terminal Services which is commonly used to provide remote GUI or console mode access to a system. Despite this common use, very few tools exist in the public domain for assessing the security of a deployment during a penetration test. This project aims to provide some tools to support these activities.
VMware
Researcher: John Fitzpatrick
Date Started: Feb 01, 2008
Virtualisation technology allows for multiple operating systems and even network devices to run on one physical host. This research is focused on assessing the security of the VMware range of products.
Behind Enemy Lines
Researcher: Rafael Dominguez Vega
Date Started: Dec 01, 2007
This project research discusses the security implications of administrative web applications.
The use of alternative protocols (such as DHCP and 802.11) to perform web based attacks. The different methods available for exploiting these issues in practice, and details how tools can be built to test and exploit them.
Sidebar Gadget Attacks
Researcher: Rafael Dominguez Vega
Date Started: Jul 01, 2007
This project discusses the potential impact of the new Sidebar Gadgets feature of the Microsoft® Windows Vista™ Operating System. It also examines the requirements for its secure rollout and describes in detail different types of attacks:- Gadgets Script Injection Attacks, Gadgets Phishing Attacks, Remote Command Execution, Denial of Service and Persuading users to elevate privileges with the UAC.
IBM WebSphere MQ
Researcher: Martyn Ruks and Alex Plaskett
Date Started: Jan 01, 2007
IBM's WebSphere MQ is a widely used and respected middleware application for handling messaging within an enterprise network. Its popularity and level of adoption arises from its robustness, scalability, functionality and compatibility with a wide range of platforms and applications. Whilst the software has a large number of security features the complexity of the environments within which it operates often results in it being poorly configured. This environmental complexity and the richness of the product's feature set can make it an attractive target to attackers. In an era when "front-end" web applications and "back-end" databases are subject to increasingly intensive security testing the weakest link in an application can now often be found in the middleware.
The project has focused on identifying vulnerabilities in the Queue Manager that can be exploited across a network. Another key objective was to research and document a methodology for testing installations of the software.
Security Implications of Windows Access Tokens
Researcher: Luke Jennings
Date Started: Jan 01, 2007
IBM Networking Protocol
Researcher: Martyn Ruks
Date Started: May 01, 2006
Systems Network Architecture (SNA) protocol may be run by many IBM mainframes, the proprietary IBM networking protocol created more than 30 years ago and commonly used by zSeries (z/OS) computers. Despite the emergence of cheaper alternatives, such systems have been mainstays in corporate data centres for years because of their reliability in running mission-critical finance, inventory and point-of-sale applications.
The project has focused on investigating the methods used to integrate mainframe communications into modern IP based networks and the risks that are exposed because of their use.