13
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Embed Size (px)

Citation preview

Page 1: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

MOBILE MALWARETOPIC #5 – INFORMATION ASSURANCE AND

SECURITY

Michael Fine

1

Page 2: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Mobile Malware2

Malware for starters is also known as malicious software, which is software that is designed to sneak into a person’s computer and perform harm on a targeted system without the user’s knowledge of the breach of access.

The computer virus is a flattering remark of malware to identify a variety of unwelcome, intrusive, and annoying software or program code. Malware includes computer viruses, worms, Trojan horses, root-kits, spyware, and adware.

Mobile Malware Cell phones evolved into smart-phones with the capabilities to

download programs from the Internet and share software. Vulnerabilities arise in mobile technology with short range Bluetooth

connections, world-wide multimedia messaging service communication and memory cards.

Page 3: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Greatest Threats3

Text messages Contacts Video Phone transcriptions Call history Documentation Buffer overflows

Page 4: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Text Messages4

Phishing SMS (short message service) A.K.A SMiShing Malware that uses text-messaging APIs to send fake

messages to people on your contact list. This is similar to email spoofing.

This type of phishing has an even higher likelihood of success because of the victims’ lack of awareness.

Page 5: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Contacts5

In a corporate environment, the contact list is one of the most important features of a smart phone.

Theft of corporate contact data could have dire consequences for the employee and the company. Mobile malware can “steal” a contact list. It can send out short messages containing malware or

a link to malware.

An example, which I consider a celebrity testimonial. Paris Hilton – Nokia Sidekick …

Page 6: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Video6

Most mobile phones now have a video and a photo camera.

Mobile malware could take over the phone and use the camera to snap photos with the owners informed consent. Difficult to get a good angle when the malware wants to

use the camera. If the attacker is skilled, he/she could automate the

exploitation using the camera. The security of the photos and video already on the

device is much easier to exploit. Malware could search for all JPG files and send those files

to a malicious third-party via the wireless network

Page 7: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Phone Transcripts7

Your mobile phone can to suddenly turn into a tape recorder. Using the mobile voice-recording application, malware could

indeed change a mobile into a tape recorder.

Limits… nay, nay! Mobile phones have limited storage space, however, so

malware cannot record indefinitely. But, it could send the recorded file to an attacker via Multimedia Message Service. If the attack were combined with the SMS interception technology,

the malware could use SMS to activate the recording function.

Enabling the mobile phone into a tape recorder that could be turned on and off remotely.

Page 8: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Call History8

Call history list can be valuable, and malicious programs can read this information. Users should pay attention to their call

history. Periodically delete unnecessary records to

lessen the severity of an infection.

Page 9: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Documentation9

Many mobile phone users read and store Word, Excel, or PDF files on their mobile phones.

Files with the extensions *.doc *.xls *.pdf

The above extensions are likely to become popular targets for mobile malware thieves.

Page 10: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Buffer Overflows

Plague mobile devices. Slows data connectivity Causes a phone call to get dropped.

Your phone can be experiencing a buffer overflow and you’re not even aware.

10

Page 11: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Prevention11

The best way to protect your mobile device is to keep malware off in the first place. Use the same precautions for your phone as you would for

your Windows laptop computer. Use a combination of both PC-based anti-virus software and

mobile anti-virus software Mobile users should follow the same safe browsing

practices they perform at their computers. Accept only programs that bear digital signatures.

EX. Programs that have passed the Mobile certificate test and are developed by legitimate commercial software vendors.

After your mobile has been infected by malware, removal can be complicated!!

Page 12: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

What we have learned…12

Be careful with Wi-Fi and Bluetooth Backup Frequently Install mobile anti-virus software Do not save business data on your

mobile phone

Page 13: MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1

Final thoughts…13

It is essential to exercise extreme caution. Why? Your phone is your livelihood

There are mobile phones using the Windows Mobile OS. Convenient and are growing in popularity Use the many APIs There is a lack of security awareness from users.

Malware writers will continue to attack with the powerful promise of financial gain. Ex. Pop-up “Earn $5000 a week working from home!”

If we let out guard down then we will run into significant risks from Mobile Malware.