Download - Espia WhatsApp - NcN 2k12
![Page 1: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/1.jpg)
WhoamI
Espía WhatsApp
Pablo San Emeterio López
2k12
2 y 3 de Noviembre
Barcelona
![Page 2: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/2.jpg)
WhoamI
Ingeniero Informatico
Master en A&S
CISA, OCA
R&D en Optenet
![Page 3: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/3.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 4: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/4.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 5: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/5.jpg)
![Page 6: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/6.jpg)
XMPP Personalizado → FunXMPP
Imagen, audio y video → Servidor HTTP
![Page 7: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/7.jpg)
![Page 8: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/8.jpg)
WhatsApp Authentication
JID && password
Android JID: Nº Movil passwd: IMEI (*#06#)
IOS JID: Nº Movil passwd: MAC
![Page 9: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/9.jpg)
WhatsApp Authentication
![Page 10: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/10.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 11: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/11.jpg)
WhatsAPIs
![Page 12: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/12.jpg)
WhatsAPIs + Loggin
![Page 13: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/13.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 14: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/14.jpg)
Sniffar tráfico en una red Wi-Fi
MITM
QUÉ NO SON ESTOS ATAQUES
![Page 15: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/15.jpg)
Ataques
Spam
Flood
Suplantación
Espía
![Page 16: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/16.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 17: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/17.jpg)
Ataques en positivo
![Page 18: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/18.jpg)
No todo es malo
Espía→Control Parental(logger/filtro)
Spam → RSS, recordatorios
Flood → Despertador / Alertas
Suplantación → X
![Page 19: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/19.jpg)
Agenda
1.WhatsApp
2.WhatsAPIs
3.Ataques
4.Ataques en positivo
5.Conclusiones
![Page 20: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/20.jpg)
Conclusiones
Loggin deficiente de WhatsApp
No modificable por el usuario
Asociado a elementos físicos del dispositivo movil
Fácilmente obtenibles
Un password configurable por el usuario bastaría para evitar este ataque
Cuidado con lo que se ”WhatsAppea”
![Page 21: Espia WhatsApp - NcN 2k12](https://reader034.vdocumento.com/reader034/viewer/2022052217/559435691a28ab961a8b476a/html5/thumbnails/21.jpg)
Preguntas