BSidesSF 103 Whos Breaking into Your Garden iOS and OS X Malware You May or May Not Know Claud Xiao

Just another WordPress site

BSidesSF 103 Whos Breaking into Your Garden iOS and OS X Malware You May or May Not Know Claud Xiao

at been jailbroken so please give a warm welcome to our next bigger club thank you guys actually this is the first time for me to make a presentation here United States so Kingdom nervous my name is Claudia and I’m currently working at mr. pallazzo networks 00 maintain of the graduated working on the anti viruses you are firstly to of course in windows and then when the Android malware became problem and Butch I enjoyed and the most recent one half years I worked on oil I always and always an issue so our vehicle is about the malware but just about one or two years ago people always saw Oscar the problems like Lisa thought I always mail will actually exist or bank are you donating a harmful mail will always turn so some media isn’t of media you will say that’s also an expert but if you really act Oscar it in a Cora or some other plane influence expert will answer you said oh never man genno no problem at all so I got that statistic that has here of course so every security windows has own standard to classify a new family so this is our only reflect dollars than not through this chart you can see that over the past two years so there is a huge increase so werewe smell well it’s visually that you previously they are pretty mini of approval concept our problems are sorry proven concept of malware that is a Josefa research launched a spread in the world but in the past two years there are more and more trillions and spirals in the world and you never say a pog anymore so always 10 is similar data you’ll find that in the past of four years there are huge increase overcharging and will spare well a decision and there are lots of pukey potentially unwanted program and you can you can fund LT in the you know CEO there are also some exploit being used by mail well in the world so if you is this is that this is statistical about the new families if you are count about that our absolute malware samples unico samples the number your phone leader bob is still increasing months payments so today we are talking about these one by one I’ll introduce lots of actual hype and problems as cases with you and I think that as far as I know till now this should be the first representation area they’re talking about iOS malware issue so let’s begin first one is about problems in non jailbroken devices this is a very simple workflow there’s a domani by almost designed and normally and now is act will produce than the release the developer green is the nap and so media tribal I’m a will perform code review and the insane ending our published Bible stall so that Ava customers could download it to the devices so this is a very simple body is important the importance is that hosts security design and lots of security bulletins or assumptions will realize these procedures yeah it’s not a technical procedures it’s just a human design the procedures so if you find any way to buy passage basically you win I win there are lots of cases the first one is the most popular that the enterprise distribution so this program is also designed by able the user in this case that if a company developed the highways I’ve that owning use the interning which means he to no need to be published for public with an OD also some companies organizations like the FB what of the day is what may not want to HiPo take a look at the code then they were also using this one so through this program any company should apply a force ODB k and then our wretched hag and then sang independence elves no code review no submission no distribution anymore and note that they are into any restriction they’re into any technical description are restrictions on sale which devices could install it or usage their own in

legal restrictions said are you should always use it into an awning but that’s not a real word so in order to use this program what you need to do is get a count of four enterprise developer that costs about three hundred bucks a year and you need to some legal documents the most hardest winter tu a nice number I don’t know what size I just copied from Post website anyway okay but if you are not a good guy what will you do of course you can know provide that one oh sorry i cannot provide that yellow-eyed man so you can buy actually by the front underground market if you want to buy a whole account that you’re Odin will be only used by yourself you can call it x 800 bucks or if you just want to distribute some LOL said you can you can just apply so it’s that you will sign it for you and you you will not go to job so do you get yourself but you will purchase validate cause code signing i called that as a signing as a service so it is SAS that’s sweet bucks a cup of coffee so which are this this method actually has been abused has it you’re very long history then I remembering about five or six years ago there are a lot there begins you have lots of a ritual game emulators are begins you use this way to teach tribute the in sales in the world are the other harmful but they welded the copyright license so they will never get any chance to be least in the apple store and so this is a list is that I remember the first case that being abused is the chief I for GPA or something like that anyway so later our South jailbreaking tools that is something that can cool also other one so we’ll also use these for the first in the early stage that if you want with jailbreaking are you iphone are in the process in the first stage it will install an IPA into a devices that IPA sometimes saying also sandbag are underpriced certificate so there are also some pirated apps abused the enterprise certificate to distributors through the body i bestow an example is a rischio we share our existed you know I think peaking in two years ago and it provided the services to at least eight countries even sound mad clips are children you animate the squirrel know how to usage also this is actually I may be a security flaw that you can bypass having a controlled airways virgins through the enterprise certificate so my friend opened it apparently control disallow his sound player to install games tribal store but one day he found that those they also extra games occurred in the in the devices have no idea in it so from about one half year ago since the well local the male will begin to abuse this way to distribute and we have see more and more so this is a single most popular method another kind of developer account all sales certificate is so personal certificate previously you will need about 100 bucks a year oh sorry I’m wrong 99 bucks a year chew okay a personal developer account but since the last of the year I were released another new program that you can or if you only want to sign that tasted in your devices you can get a certificate free so when the program announced that there are already many mediums and the people in the community taught you that say whether this program will build views that you distribute pirated apps but however this program your order to in order to use it you have to open your Xcode and then come have a new app and then using Xcode to apply for the certificate then you are the Xcode we all signed for you and push it through that to the devices of your of yours so what will we thought is that so it will be abused about likely will not be widely abused automatically abuse the

partial Z so this sword was so was a product by a newest discovered Mel well that we discovered in last week the name is a cig helper take Helvar actually implemented lots of protocols that use the Bible for example one of the protocol that you have implemented is that in reverse that the Xcode clans and then make art it made clear that how Xcode negotiate with the I was sober and to kill death certificate down and how its end apps and you stood out the most interesting body that is really planted all these inside them how is I have clenched which means yourself as a normal app he could apply a certificate by your body and the inside and in storage every sink it down Gonzales devices no did Xcode anymore don’t need a mac or a pc anymore are sorry no need a mega anymore nope you see another interesting seeing that this malware himself as a parody the apple stores clenched successfully landed I post or landed oh fasho apple store I have no comment is another Kendall pro be accepted for the enterprise that you get another probably that a serial what abilities then name the Moscow this one videos was disclosed by the researchers in fair I and the reported tripod ends up in the past eight years and then till now has already been fixed so these vulnerabilities occurred when though is a collision Oh bundle ID in the iOS system so these include you feed some high post bundle ID or VPN plug-in stand 0 ID open ID that is crippling the manifesto extensions then if there was a collision the default policy however the default policies that were made may have security flaws for example if they are to do a new install the app has a exactly the same pando ID which exists in the one it can overwrite it and get all the data belong to that hack so why this problems you can see is learned how to abuse it this is what has said that if this is what has said that I whole design the many of security features rely on the procedure cuz you know you know you really good ward that everybody should submit lab tribal store and then hypo can control there won’t be any encouraging however if you use the underpricing and distributed in the world the bypass the ipod store then nobody can control it nobody can ensure that they are going to be collision as single azizam this is a main reason that this kind of wall BTW has been altered and being used actually won over the first one so i bought my bundle idea collision BTW has been abused in the world the pictures see here is a example that this you can see a panel show you come the bundle ID is a facebook messenger so of course it’s not is of course no to the orange in a while and you can see the contents and embedded a toad mobile provision fell which means it’s 10 band and the price certificate also it contains those of code that come from the heck engines Nick the data we don’t know whether this symbol is made by kicking or someone else about this one occurred after the leaking and you can see it well trying to read lots of our childhood story from different kind of all I am apps of course of these repair jailbroken so but this is a successfully abusing the one village another kind of problem is a private api so private APM insights they are documented in surah visualize DK in the South they are pretty privileged also just as what has said i hope i hope so that you should always the meter to our art wipe off a code review and the code review vot solo you are using these private api so i guess maybe by this reason than to sound priority is to know the restricted very

well in the system by sandbox so um if you’re using our enterprise certificate then buy parts of the code review you can use this so for example I give some examples that through the mobile installation framework you could evoke some API that could be used to install or uninstall iOS apps on site and through the Supreme border services UK you can get a list of all installed apps Sun and the song or through the court in phony you could get some privacy data like this Oh a real case is expected that we found it last year so this this malware are to know repair jailbroken and it spread through multiple ways sound within are pretty interesting for example we found that it shows through a usual spreads through the internet traffic hijacking so these hijackings are not launching about third party but by the ISPs itself actually so what has been playing form so that I XPS could inject the heisman to the station to the HDD deviation however is peace to know I think they may note so curly about what kind of content you will be shown ended with Heisman so this malware actually are injected though aiji-ma services protocols data choose these advertisements are session and then the normal areas user will fund a dialogue occurred to say whether you want to install a new frenching apps also it will also supreme using some worms that you windows platform I will explain later oh but this was sent by underpriced certificate or the name is a Beijing JimBob or technology company this is also the creator of this malware so through abusing the private apic could do really harmful behaviors install our include includes install some apps salva saying are you are hidden here mean sense you can now see the logo you can all see the name your Airways phones because this is a body you know as soon before iOS 8 point 8 point 3 0 8.4 and if the coast i’ll collect some of your privacy data it could remotely install apps to your phone in further and it could replace you could teach the abs or trying to hijack a Zacks lunch because through private area it could monetary which app is running in the front and then promote a new interface in front of them so this is a hot shoe at all non jailbroken but another now the more important the problem is that the ankle store yourself so this way he’s not bypass the code review but change is not too bad pass code we use up I avoided but just goes through the code review and london eye by are done deny post or the first look case I think maybe Sam will you have already hear about AC so xcode goes so you see the compiler merwell the tonga successfully created a serum versions included thousand twelve ounce of the Xcode HDR Xcode compiler itself infected changed it and then this ad hoc actually of existed in more than six months half years that nobody discovered it maybe I’ll explain later and it finally success for their effect avoiding for thousands of apps the apple store and designs accumulated hundreds of millions of installations in total and open to the users around the world so this is isaac provisions in that previously we have a top free apps and top free games and top eight games top goals in games and finally i will have already created another list of the top affected apps this here are children in the background please so the idea of compiler Mel well came from actually computing screw contention that when he bought the turning a world he make a presentation to show his tricks to ebay today back door in the c compiler that he created so that he can log in everyone’s computer halloween contempt ssin doing

this hex is pretty complex you need to posit so you need to pause this see our syntax our generation hands in generates uncle in george to identify whether it’s a back doors law whether it’s a removal organization however authors 30 years how easy can you create a compiler mel well the answer is a single name so in modern systems include the linux unix or instant many many herbs herbs or system configurations was through the texture fell so the rocket successfully from that he he only the only thing you need to do is change one line of configuration of xcode so that can force our little AV apps compelled by this xcode affected the mail malicious code so this way is I think maybe everyone could could recreate it of the Alpha coded information so another problem is that why developers were using third-party infected Xcode to compel your product and chewiness it the answer is complex first of all I also global city on has some issues that if you downloaded from bin and channel you make a trip out to sing our leads the two days at the most maybe two weeks to download it a new copy of Xcode this is first one so that developers will sharing next are xcode installers through the cloud services hence the attacker trying to make the infected Xcode and separated is through internet to developers forms and even try to make some acos to help his distribution so these futures is are captured in the first day that I was investigating this malware that I tried to search Xcode downloading of course it by Chinese through google that would have found in the first two pages if you say that for the first one result is that these are high post all others all other 39 results are malicious this is very successful SEO also another the not the problem is that lots of developers will disable the kill Kiba that merge edition is used to install their to the app you download either use Orangina is so is not modified but lots of developers has this hobby to disable it actually even even me well well disable almost every time closer and they develop a lots of apps and you need to use to know the same anymore anyway so people will send hands disabled there is another protein sure one bit yeah but so we cannot you cannot you know prove it happen but so let’s even or any 0 X coal goes the is not only a malware but she’s actually since it are infected up hundreds of millions of users another problem is that it exists availability inside it so this malware will communicate with the civil service rules HTTP the pay loader is encrypted by customers or is unless is a jostle das with their baby rvs a fixed up here it’s a stream visa the first of a bias or stream is so which means you can hide jacket that’s very easy you can educate anyway so sir hi jacket what can you do though is they are sooo the sexual comments you can reach a api called openurl guys this URL this API the open URL is super super important through this API you can actually are launched other apps you can this is the key of the inter app communication or iOS you can use it to invoke some system services even for example you can use it to ask a user to fishing user to install another in the price sense underpriced certificates and abs also there are lots of application they were warned p deities will be treated by this API invoking so this is very very powerful joy and so just you two are trying to make some fun visit

with this API for example trying to fund a Nintendo popular always have legitimate ads and the likely you will find an open API and try to control you can do pretty menial since I I personally think this could be classified as a kind of one ability or back door just the basil by the peasant in health so back wrong so this is a pretty dangerous issue it’s not an end to the story to node n actually Oh off the next code goes that we form data for example tiny v and to help also infected by by the mail well so which means there are pretty many of the samples that infected by two male wells of sweet and it’s hard for may be hard for some antivirus vendors to detail it correctly some more prevention or talk included as you to know to really need to distribute the 5 gigabytes exco the installer and you to know that really need to ask people to install you can simple it locally modified note that Xcode is installed you ain’t no mob but you have fixed and the normal position you can modify it without the ending privilege without the ending Ruth autumn is true the privilege also there are lots of advil ever I will ever show it later there are lots of advil distributed in the world you can just using any kind of advil or using painting candle bulb if you just look modified that’s all another issue is that is the similar problem could beat you in our free Android SDK yes some guys have already tested and then what still pretty easy but now the another problem is that xcode goes xcode is the compiler can you can you try to infect the song HD case or all the developers resources yeah you can and this happened Excalibur Joe Hart has already he infected song installers of the unity 3d and distribute about you see it’s not so successful then only a very few of all of developers downloaded it so talking about the soul body SDK this is a this is a problem that maybe some people to know realize that SDK is usually our especially when so the heisman sdk that usually available owning in the binary form which means there is normal developer there is no code review or he cannot know what you can see is the inside it but you will always use it embedded into your app so these SDKs will share your context include they will show they were running in the same process they will you can access all your privacy data so will this be a problem the answer is yes till now we’ve already discovered three different days settle are separating the world the contents of harmful or malicious or suspicious code the first one is not so we alone it’s a name is Joshua and the behavior is that you can connect to your contacts and the collective information and then to ensure the messages to your context all sounds pretty likely to find out the call the first hour is a postal Muriel so you do not use any advanced techniques you judge to invoke to the official normal ap is so it was a very fast that it is called by the developers cause your phone to your normal app will ask her for reader context so later they are yummy and at this age they use the private api along with the encryptions so that they could also some more harmful behaviors and this is the case really of affected always thousands of apps in apple store i have to say that or how these SDKs are from China and so now it’s a faq ten or many people ask me that so first of all why so confrontational signal why we need to curl care about these kind of questions so oh I think the main reason is that all the ecosystem is not so perfect in China then people still are could trying to sell users privacy and users yo

stable sound primary job Jerry Vincent’s so this our target has motivation to do something agrees oh why it matters for us the problem is that first of all many of them many of the SDKs or other problems will affect around the world for example ex-colleague Asda actually because of lots of lots of popular utilities or other apps were developer by local budge Chinese developers that shows they’ve also affected another problem is that malware others are trying to learn more and more techniques ah example is actually in the hallways 10 last year there was sum1 abilities they always turn being disclosed that could locally kilojoule privilege so well then of the been disclosed of the fam days on always turn and real quickly updated to a new version and use this one day what ability exploited to cater judge Jesus even an advil these these platforms will quickly adopted any progress in the field and seeing this is the main reason that we need to care about everything so talking about private api you may you may think that I just said I vote to know to know any I’m in apple store that you abuse it or use it in any way but a reasonable academia research showed that there are about seven percent so wax the apple store actually usage know that you actually was using some than any loading a reflection to invoke it and then the streams of data use it for your reflection was in cribbage so it just a dynamically your voltage that’s all you can no I think okay okay I don’t know how my notice so John also provides in cable stories I chief the malicious app all in targeted a kind of a specific kind of data which means either to note contains traditionally or normal generika suspicious behaviors it’s super hard to find it for example the effect for their installation installation they would be in the top one yeah I post or a tree or Oscar you two are imported instant green our Instagram account and password and to provide some French in functionality to you but he trio in background uploaded account to the other silver you don’t know what they are doing but this is the only malicious we have also appear or harmful behaviors in half which means when traditional where is almost no way to fund it to automatically identify this behavior before you know it so a mostly reason how our issue isyncr in this direction so is the Twitter bot let’s say popular so the body trader clenched and people has already discovered each will it will send back is a traitor cessation to the twin soul and silver and then people fund abnormal login through some other sources so this is a single candle protein so all previous the actual hands-on techniques hyosung is not other ones that’s all about to still hang some texts but not the one I don’t think there is any technical the Sega helpers either those are discovering not a week used a very simple way I stick that to you n children can’t stand it that if you if you open this app in any region or any countries in the world except for channel you will get I have that teach you how to how to learn English but if you open it in China hit your ps2 forever store that’s a cig however also this mail well trying to self-updating through the dynamically loading are dynamically loading Lua script so you’re using Louis cribbage we reflect objectivity measure through this way it could upgrade some new functionalities are without going on review of apple store again this is another chain icing in noble one months ago some researchers disclosed another and also for the SDKs that is called a chair JS patch that one provided functionality 20 iOS apps that

you can use JavaScript code to upload or catch your abs so all these pythons the sound waves restrictions that you to know detaining kind of a dynamic load code loading and then single will be announced the new method that smell well bill adopted as a as a standard so another questions are the people of some of you Malcolm is that how we discover this one actually very simple this one are hard-coded and plain text it to note obfuscator in creditor any of the suspicious behaviors so you can identify through the painting kind of standard signatures for example these two one is used at two installs are so the party apps why is the usage you are logging into the itunes yeah Nancy so which me also means I I think maybe I most a legal analyst checking on the ipod review proceed use is not so good though note note so well for the security checking anyway it’s a top secret and I have no idea the next problem is that you talked to the talk oh yeah yeah pretty meaning of Melville has already been used in the targeted attacks our other ones that’s all they are not and this is a list from in the past two years but there are some more in previous oh those are melt those malware has already used the many interesting way to supreme are the most popular is fishing through email just like other apts in the in the windows platform or even using 20 toxin industry control system also universe say that is the name is your name the name is our X sacr it was say they’d also use the words have messengers but I cannot I cannot confirm that also using son SP installation so the newest erosional hosts use the watering hole painting is also fun the Sun which you are trying to develop some more at once the spare wheel for iOS and this is a pupil screenshoot that they send an email to an hour is expert to say can you help us to develop a new one and actually if you search by google you can find more and more hours farewell those are commercials farewell so everyone knows says they are illegal I just say they are they are not good scene and you can you can fund it they are even 12 list so when children is this the interesting things that’s the first one here currently it could attract no jailbroken devices I think what they were here about that but the actual answer is that it requires you to our input iCloud password that’s that’s your ipod you hypo ID Oh another problem is a cross-platform this is not about what we normally say if we say cross-platform it’s normally said a malware that can be wrong in different platform by the same code but this is not about that kind of cross-platform it’s about to say thanks to the road hog is those owning a Ășnica plan for the first programs that have no idea how many okay so know that you can install and find pc or mac to your own ways if you’re a repaired it once in the first time so further than you plug in your iphone to a laptop it will say you need to perish after that if you piss your mega compliment Mel could automatically in background no use interaction install malware into it without user confirmation so this is what this is what has already been demonstrated in the black hat in a in a two years ago and then well looka are learning the french and retargeting know in the end of 2014 another problem is or what we call back stop the idea is very simple vultures the result is this pretty was so similarly speaking zedge

by default totally by default when you connect your iPhone to your mac or your windows and windows will automatically by God Oh of your data noticed all of your data through the pc or mac without encryption to a fix the position so if you are malware or pc or mac what will you do really posit steal it that’s all maybe since tom so we did some investigation on this potential problem and we actually found six different families has this behavior since six years ago but nobody noticed it this is exterminate endures because everything include your I’ve Association include you or your email you contact your photos already been here that’s a problem another another problem is the inspector are this is not kind of cross-platform inspector well with the way it’s spreading through the streusel are warm than name the Dean doin lyndonville wrong in the windows pc and hide utilization of the tension as i am message name the cube each will hijack association and give you the talkin so through the token it will access cute group chatting saw a p.m. and trying to upload summary shows HTML to our to the group charting so everyone else in the group relocated notifications said so you uploaded a new HTML file and you and you use this entire house and porn wards to attract you cleavage so if you click it through different plan for different mobile will be a downloaded to your two devices and four hours this is a specter another example maybe oh yes still not well done example is what we found from you about two or three months ago from else total that ain micromolar macro malware is so it’s a malware they abuse their future in the office documents so this is pretty popular in last a century but I have no idea why from last year it became popular again so normally this kind of malware at heart with notes but this demo is pretty interesting than the it will also talk Mac you can see there is a function in the mac shell so it will teach for me the system if it smack it will evoke libel script I was scribbled in open a thousand code the pension code will build a backdoor connection to the sitters over that’s a functionality and chill chill we discovered our made it here now nobody did agree oh well with the window detected suspicious without any other knowledge so what yeah the nozzle problem oh no problems also found that yea indeed there are able some windows malware went into I was taught can you believe that and the UN say all that so for one dollar you can go to windows are whoa and for two dollars you can get a JavaScript up Mel well let’s have no idea I have yeah you just peed Ebola anyway the nozzle problem is that the advertisement and I poor IDs other word has my car this is what I see in the web prepare with these slides so 2 times I don’t know how many people make this situation before but my colleague is always medleys that if you’re browsing the internet you will our virtual you search by google and concern result to open it you will usually being redirected to a website likely send your adobe flash player or media player being out of date updated ridiculous i uninstalled my flash player thousand a year ago so anyway this is a this is a major ways that con joyce turn and we have been spreading the scale you cheating you oarfish you anyway it’s not it’s not in use come on somebody you n so this is a new malware is actually note so you always turn the most popular problems in the know say here are all advil those annual were made by in the in the in the north or two years and if you if you download it is something that has screen has a big one like this and then is the

installer the most of cases they are just the one with the aerial families that already know and those andrea already use the some techniques to auntie reverse engineer or try and avoid being detected for example using a packs of false panels and even for example not owning the backhoe of packers also javascript obfuscator this piece of tyson code is also being up for speeding and it’s also using those of difference crib analogous to implement the main functionalities so that you will you are not funded cause the script are much more easy to obfuscate it to avoid the statical magnets so the also using encryptions or project with language this code and also adopted on TV m and antibonding so advertisement is uh i think is a is a huge industry that Oh Mel will also would actual gets gain some money from these are another kind of ad hoc you can save very well an old kind of a child we found is that Mel well is trying to earn money from the advertisement through stolen the developers created so I’m see if it’s a it’s a very know of Mel well then you know that in two hours if if you are developers that you develop a free apps that you will get a unique ID from each other at hansman platform you invented a new app and then you can get money from the whatever has been provided so that idea cause they know that use your ID displayed this has so I the see if we set your broken malware you know is that it will be uses a mobile substrate to replace the of this ID to our replaced the truth huggles unique ID so that hungers other than the original developers will kill money from the advancement platforms so there are already been thousands of advertisement platform being hijackings through the swing and i bought a data when i went found it i get hit data from one of the advertisement platform to getting some statistic about how many users being effective he’s huge also this trick also known by some others no chance there is a log they were free in the mud morning repository that also known for it did exactly the same thing so i think they’re from different others because of okay future oldham at how Scooby’s but anyway just know that mud movies the default repository in this idea which means all jailbroken devices will hands can found this app before it’s been removed so i just said oh sorry how you been oh that’s for I have no idea what to do should be excellent about Xcode goes the bots but I have no idea why she disappeared here anyway oh actually the Xcode ghost is oh I noticed it’s in August about a about eight months before we published a report but I missed it the reason i missed it is i should because the key read also in fact he also invented by X color goes and there’s a main behavior of Xcode go so you can say before the open URL API the main behavior is all bloated these are users privacy data to the silver that’s all why the people created a so huge project makes so so many efforts only in collectors so few user privacy so finally I have a have a high single a possibility I cannot comfort that by the possibility that it’s the same the Xcode goes the outer also trying to steal the advertisement promotion sofy from the original developer cuz thats through the IDF resolve the I promotion he consistent using this ID and all this data trying to attract that which are priests or promoted about who and then give some money to that promoter so this is a hypothesis but I cannot prove it because a kernel can point because the original orders to others had already been arrested so another issue type ID I’m what is super important nowadays that we to connect with your our privacy iCloud you can be used to control your devices send messages or pay money and user to

either download from being hands or trying to promote the free absolute hopeless it could also be suited to gain some development certificate so this is another thing that malware authors will actual game so that happened in about two years ago and for these I always mel well that only have one function that using mobile substrate hooks up communication between the am post-dose clan to handle sewer hi Jared HTTPS traffic and the k2 the data inside it so just some what you need her as a conclusion I think that first of all there are new families and then Don geo broke and a post or has already been compromised the Tokyo talk and the probe and on limited in the single platform and people will also make a huge profit through the advertisements through the ipid sense HR so one more scene also an post plan for know so perfectly safe you I sing cause they’ve already make great day for especially on help of people to project their own privacy inside most recently even icing up so from this point I suppose I’m here even I said many oppa not good messages for them thank you that’s all