44
Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 2014-APR-17 Imagesource: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

Protecting against Mobile Attacks

  • Upload
    lyanh

  • View
    215

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Protecting against Mobile Attacks

Protecting

against Mobile

Attacks Frankie Wong

Security Analyst, HKCERT

1

2014-APR-17

Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

Page 2: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Agenda

Attacks moving to mobile

Birthday to mobile malware

Mobile malware trend

Protect your devices

HKCERT Supports

Q & A

2

Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

Page 3: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

3

Image source: http://universalmobileinterface.wordpress.com/

Page 4: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

4

Why?

Page 5: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

1. Mobile devices are connection-enabled

2. Valuable data

3. Valuable resource

4. High penetration

5. Smart OS eco-system

5

Page 6: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

1. Mobile devices are connection-enabled

3G/LTE

Wi-Fi

Bluetooth

NFC

Camera – QR Code

GSM – SMS

6

Image source: http://www.hightech-edge.com/wireless-communications/14037/

Page 7: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile 2. Valuable data

Phone information IMEI, Phone number, SMS history, etc.

Contact list Social engineering, Spam database

Geo-location information Spy, Track history

Images/Camera Spy, Surrounding environment

Documents *.doc; *.pdf

7

Image source: http://blogs.gartner.com/svetlana-sicular/data-scientist-mystified/

Page 8: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

3. Valuable resource

High speed CPU

Powerful computing

Always-On Internet connection

8

Image source: http://www.digitaltrends.com/mobile/mobile-phone-world-population-2014/

Page 9: Protecting against Mobile Attacks

Protecting against Mobile Attacks

9

Page 10: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

4. High penetration

10

Image source: http://www.slideshare.net/wearesocialsg/social-digital-mobile-around-the-world-january-2014

Page 11: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Attacks moving to mobile

5. Smart OS eco-system

App store market

Easy access

Simple install

Awareness

Permission review

Security tools

PC threats in mobile: email, links, browsers,

flash, etc.

11

Page 12: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Birthday to mobile

malware

12

Image source: http://www.cultofmac.com/102888/happy-birthday-iphone-eat-your-way-through-four-years-of-iphone-birthday-cakes-gallery/

Page 13: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Birthday to mobile malware

13

How old? 10 Years

Page 14: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Birthday to mobile malware

14

Image source: https://blog.fortinet.com/10-Years-of-Mobile-Malware/

Page 15: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Birthday to mobile malware

Propagation via Bluetooth

Propagation mix with MMS

Premium SMS

Mobile botnet

Banking Trojan

PC-mobile cross infection

Ransomware

15

2014

2004

Page 16: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trend

16

Image source: http://autoblog.johnhughes.com.au/wp-content/uploads/2012/04/Mobile-Trend.jpg

Page 17: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

17

Image source: http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q4-2013.pdf

Page 18: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Premium SMS

Mobile botnet

Cross platform infection

Ransomware

CryptoCurrency Miner

18

Page 19: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Premium SMS

19

Image source: https://blog.lookout.com/blog/2012/10/03/avoid-premium-sms-scams/

Page 20: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

(2009) SMS attacks on iPhones

(2011) DroidDream compromised Android

(2012) Zitmo (Zeus-in-the-mobile) targeted

Blackberry and Android

20

Image source: http://www.pcworld.com/article/2048199/botnet-likely-caused-spike-in-number-of-tor-clients.html

Page 21: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

(2014) iDroidbot

targets phones running iOS 7.1 and earlier

as well as Android 2.2 and later

Support web administration

Support TOR (anonymous) / proxy connection

Tap mobile wallets

Visa QIWI Wallet

WebMoney Keeper Mobile

Yandex

21

Image source: http://blogs.mcafee.com/mcafee-labs/idroid-bot-for-sale-taps-into-mobile-wallets

Page 22: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

22

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Page 23: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Cross platform infection

Android malware infects Windows (2013)

Auto-Run attack

Windows malware infects Android devices

(2014)

adb (Android debug bridge) push

23

Image source: http://www.wpcentral.com/asus-still-bets-androidwindows-8-hybrid-introduces-td300-ces-2014

Page 24: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

Ransomware

Blackmail: Fake Anti-virus on Android (2013)

Fraud: Fake Anti-virus “Virus Shield” on

Android (2014)

24

Image source: http://ictpost.com/2013/11/12/mobile-malware-crosses-one-million-mark-says-trend-micro/

Page 25: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Mobile malware trends

CryptoCurrency Miner

BitCoin / LiteCoin / DogeCoin

[2014-Mar] CryptoCurrency mining malware

found in Play Store

25

Image source: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/03/dogecoinfigure5.png

Image source: http://b-i.forbesimg.com/robertwood/files/2013/05/22.jpg

Page 26: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

26

Image source: http://blog.mobpartner.com/2012/10/19/android-mobile-threats/

Page 27: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

27

How? What?

Page 28: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Things to protect

Information

Device information

Personal information

Resource

Network resource

CPU resource

28

Image source: http://chicagoagentmagazine.com/3-awesome-apps-for-protecting-your-smartphone/

Page 29: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

used by ad libraries to geo-target ads.

for spyware, it provides location data

data helps botnets keep track of their bots.

29

Image source: http://www.mcafee.com/hk/resources/reports/rp-mobile-security-consumer-trends.pdf

Page 30: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Identify the enemy

1. Phishing

2. Malware

3. Vulnerability

30

Image source: http://www.thetechherald.com/articles/Syrian-activists-targeted-by-Phishing-campaigns-and-malware/16429/

Page 31: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Phishing

1. Against Phishing

Shorten URL / Long Domain

Email / SMS / IM message

(e.g. WhatsApp, LINE, WeChat, etc.)

Social networking website (e.g. Facebook)

Advertisements

QR-Code / NFC

Wi-Fi / Bluetooth connection

31

AWARE

Page 32: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Phishing

[2014-Apr] Apple ID Phishing Scam

32

Image source: http://www.redmondpie.com/new-apple-id-phishing-scam-looks-plausible-enough-to-fool-anyone/

Page 33: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Malware

2. Against Malware

Don’t install untrusted apps

Don’t download from the 3rd party markets

33

Page 34: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Malware

34

Re-package the

legitimate app with

additional permissions

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Page 35: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Malware

35

Malware in Play Store

~ 0.1%

Install apps only from

the official store

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Page 36: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Malware

Disable installation from “Unknown sources”

36

Image source: http://www.androidguys.com/2014/04/05/install-amazon-app-store-android/

Page 37: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Malware

Install mobile security tools

37

Image source: http://www.av-test.org/en/tests/mobile-devices/android/

Page 38: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

3. Against Vulnerability

Keep your System up-to-date

Always update your Apps

38

Page 39: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

[2013-Jul] Vulnerability in WhatsApp for

Android

“Priyanka” worm spreading

39

Image source: http://www.theandroidsoul.com/remove-priyanka-whatsapp-virus/

Page 40: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

[2014-Feb] iOS flaw allows malicious apps

to record touch screen presses

40

Image source: http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html

Page 41: Protecting against Mobile Attacks

Protecting against Mobile Attacks

Protect your devices

Conclusion

Beware of phishing message

Install apps from official store

Review permissions before apps installation

Keep your System/Apps up-to-date

Install mobile security tools

41

Image source: http://www.smallbiztechnology.com/archive/2013/05/12-mobile-security-tips-all-small-businesses-must-be-aware-of.html/

Page 42: Protecting against Mobile Attacks

Protecting against Mobile Attacks

HKCERT Supports

HK Google Play Store’s Apps Security Risk

Report (https://www.hkcert.org/play-store-srr)

Monthly report, 1st released in Jul-2013

HKCERT + NINIS in China

Detect malicious/suspicious behaviors apps

in Hong Kong Google Play Store

42

Page 43: Protecting against Mobile Attacks

Protecting against Mobile Attacks

HKCERT Supports

Guidelines on Mobile

Guideline of Mobile Security

BYOD Security Guidelines

NFC Security Guidelines

43

Page 44: Protecting against Mobile Attacks

Q&A Thank you

Website: www.hkcert.org

Hotline: 8105-6060

44