Embed Size (px)
Citation preview
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
iOS-Based Systems Under AttackPopular Corporate Platform Becomes Attractive
New Target of Advanced Dynamic Threats –
How Can you Protect Your Infrastructure?
BETTER Mobile Security’s Advanced Threat Protection for iOS-based corporate deployments continuously monitors, prevents and records all unwanted activity using our endpoint agent for real-time detection and denial of unauthorized apps, network attacks and configuration changes. With seamless AirWatch MDM integration, BETTER helps organizations control change, block the latest advanced threats, secure all device data, and provide complete mobile device visibility.
What are the Current Risks?
iOS Remote Access Trojans (iRATs)
These advanced attacks jailbreak an iOS device, removing all of the built-in security mechanisms, and installs an iRAT surveillance app that gives the attacker the ability to remotely gain access to all data that is stored or flowing through the device.
Attackers can jailbreak a device by obtaining physical access or by propagating the jailbreak code from a compromised computer through a USB cable. How-ever, in some cases the attacker doesn’t need to jailbreak the device themselves – device owners are notorious for their desire to unlock their own mobile phones and tablets. Case in point, in February 2013 a jailbreaking technique Evasi0n enabled nearly seven million hacked devices in just four days by their owners.
Once jailbroken, any iOS app from any app marketplace can be installed on the device – not just those approved by Apple in their proprietary store. A popular alternative app market is Cydia, but many others exist. These markets offer a variety of legitimate apps, however, they also contain hundreds of seemingly innocuous apps that hide malicious functionality. Users downloading these apps can be unknowingly infecting their own devices with iRATs.
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
Currently no mobile AV exists to protect against these threats. The problem is exacerbated by the fact a jailbreak can easily be hidden from Mobile Device Management (MDM) solutions. For example, popular forums, such as xCon, freely provide methods to circumvent MDM detection. What’s needed is a way to accurately detect when a device has been jailbroken and the ability to identify surveillance behavior.
Stolen iOS Enterprise or Developer Certificates
These attacks use distribution certificates to ‘side-load’ an application (with malware), which means it doesn’t have to go through the Apple app store’s validation process and can be downloaded directly onto the device.
Apple provides two different 3rd-party certificate types - developer and enterprise – to try to maintain the integrity of the apps in their store. Developer certificates allow developers to test their apps before they go public in the app store, while enterprise certificates provide organizations the opportunity to establish their own in-house marketplace for dedicated apps. Behind the scenes, iOS validates that each app is signed by a trusted certificate before allowing it.
Problems occur when an attacker is able to obtain – by stealing or buying on the black market – a certificate for their malware. They can then lure the user to download their seemingly harmless app and unknowingly infect their device; because the app is accompanied by the certificate, it is validated and easily installed without any iOS barriers.
This method has already been seen in use. In mid-2013, a rogue Chinese site used an enterprise certificate to distribute pirated iOS-based apps. It has also been revealed the FinFisher iRAT used a developer certificate in its exploitation.
It is simply not possible for Apple to monitor the installation of every developer and enterprise application and certificate, so it comes down to having a solution that can automatically detect and block or remove iOS apps that are using stolen or fraudulent certificates.
Malicious iOS Profiles
These attacks leverage the permissions of a profile to circumvent typical security mechanisms to provide the ability to do virtually anything. The profile is an extremely sensitive optional configuration file that can redefine different system functionality parameters, such as mobile carrier, MDM and network settings.
A user may be tricked into downloading a malicious profile and, by doing so, unknowingly provide the rogue configuration the ability to re-route all traffic from the mobile device to an attacker-controlled server, further install rogue apps, and even decrypt the device communications.
Any changes to a profile need to be flagged and carefully considered, even when
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
seemingly innocuous – at one time LinkedIn introduced an iOS app that made changes to the device’s profile to reroute all email through their servers (They discontinued it three months after introduction due to the controversy over it’s capabilities.) To prevent data exfiltration, a solution needs to be in place that can not only detect rogue or altered profiles, but also block and remove them to eliminate the threat.
WiFi Man in the Middle (MitM)
A MitM attack occurs when a device connects to a rogue WiFi hotspot. Since all communications are passed through the attacker-controlled network device, they can eavesdrop and even alter the network’s communication. MitM attacks have always been a concern for wireless devices, however, the prevalence of smartphones in an individual’s personal and business life has made mobile devices much more attractive targets for this form of attack.
Unfortunately, the typical alert and warning signs that individuals are used to seeing on PCs and laptops are much more subtle in their mobile counterparts. For example, the limited screen size of many mobile devices often hides a portion of the URL from the user, so they do not validate that the browser the URL is pointing to is actually the intended one.
The best way to prevent these types of attacks is through the use of a VPN to encrypt and isolate the communications. Ideally the VPN would be triggered only when rogue hotspots and other risk factors are detected to maximize the user experience.
WebKit Vulnerabilities
WebKits enable web browsers to correctly render web pages for a user in a mobile environment. Attackers will exploit vulnerabilities in a Webkit to execute scripts of their own. They are commonly used by attackers as a springboard for the remote infection of the device.
An example of a WebKit was the popular iOS4 jailbreaking technique, named JailbreakMe. It took advantage of flaws in the Safari browser to enable users to jailbreak their device when they visited a dedicated website.
To prevent malicious WebKit exploits requires a solution that can identify suspicious behavior and correlate activity with events on the device and network and then stop any data being sent to the attacker.
Zero-Day Attacks and Backdoors
Zero-day attacks represent exploits of vulnerabilities that have been uncovered – but not yet released. With vulnerability researchers earning purportedly $500K per vulnerability, the race towards vulnerability exposure is in full throttle.
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
Many times, these vulnerabilities lead to the silent installation of attacks, such as iRATs on a device through a remote exploitation technique. Once on the device, they may enable the attacker to steal passwords, corporate data and emails, as well as capture all keyboard activity (key logging) and screen information (screen scraping). They may also activate the microphone to listen in on conversations and meetings, or act as a botnet to steal contacts, text messages (SMS texts) and more.
AV solutions, which rely strictly on known attack patterns to detect attacks, are unable to provide protection against unknown attacks. Organizations need a solution that can identify any suspicious behavior from an app, a device or the network to find and mitigate the impact of zero-day mobile exploits.
A BETTER Solution for iOS Deployments
Employee mobility has created new points of vulnerability that cannot be addressed by traditional security measures. Now by combining BETTER Mobile Security’s Advanced Threat Protection with your existing AirWatch MDM, you can arm your corporate iOS-based devices like never before with real-time endpoint protection.
Improve Security – Stop Advanced iOS Threats
• Create policies so that only the apps you trust can run on your enterprise systems, workstations, fixed-function machines and servers. BETTER will prevent everything else from running.• Detect advanced threats and backdoor access with BETTER’s real-time sensors and Advanced Threat Indicators.
Demonstrate Ongoing Data Compliance
• Meet app integrity monitoring and control and audit trail rules with continuous, real-time monitoring of apps, configuration profiles and certifcates. BETTER will protect your critical apps and configuration from unauthorized changes.• Enforce your corporate policies whether the device is online or offline.• Focus only on those events that are relevant to your business and lower the cost of obtaining compliance data.
Extend the Life of Your Systems
• BETTER can keep your operating systems in a compliant state after their end- of-life and eliminate: • Financial penalties and brand damage associated with failed audits, data breach, or non-compliance • The need to upgrade to newer operating systems
Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks
Common Android Vulnerabilities
Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.
Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.
BETTERat work.
Contact us
BETTER Mobile Security110 Fifth AvenueNew York, NY 10023
In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.
Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
How Are We BETTER?
It’s simple. BETTER immediately protects your iOS platform from attacks without disrupting day-to-day business or impeding your employees’ freedom.
Prevention: Create policies for apps that you trust to run on your systems while preventing anything else from running.
Advanced Device Control: Block apps such as Settings, iMessage and Email to prevent side loading of malicous apps or configuration profiles.
Complete Audit Trail: Gain real-time intelligence about all of your devices and you can access reports on any asset for an audit, a pre-compliance assessment or security intelligence gathering.
Application Integrity Monitoring: Continuous, real-time app and device monitoring protects your critical configuration files from unauthorized changes from the baseline to meet integrity monitoring and control as well as audit trail rules.
Gain Critical Visiblity: Free your organization from the hassles of not knowing what’s happening on any devices at any time.
All trademarks and registered trademarks contained herein are property of their respective holders. Rather than identifying a trademark by symbol with every occurrence, names and logos are used in an editorial fashion, with no intention of infringement of the respective owner’s property.
![VMware AirWatch Mobile Device Management … · VMware AirWatch Mobile Device Management . Supplemental Administrative Guidance . ... and Syslog Guide [8] VMware AirWatch ... Installation](https://img.pdfslide.us/doc/110x75/5b04e5a37f8b9a2d518e4108/vmware-airwatch-mobile-device-management-airwatch-mobile-device-management-.jpg)
