Upload
lyanh
View
215
Download
0
Embed Size (px)
Citation preview
Protecting
against Mobile
Attacks Frankie Wong
Security Analyst, HKCERT
1
2014-APR-17
Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537
Protecting against Mobile Attacks
Agenda
Attacks moving to mobile
Birthday to mobile malware
Mobile malware trend
Protect your devices
HKCERT Supports
Q & A
2
Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537
Protecting against Mobile Attacks
Attacks moving to mobile
3
Image source: http://universalmobileinterface.wordpress.com/
Protecting against Mobile Attacks
Attacks moving to mobile
4
Why?
Protecting against Mobile Attacks
Attacks moving to mobile
1. Mobile devices are connection-enabled
2. Valuable data
3. Valuable resource
4. High penetration
5. Smart OS eco-system
5
Protecting against Mobile Attacks
Attacks moving to mobile
1. Mobile devices are connection-enabled
3G/LTE
Wi-Fi
Bluetooth
NFC
Camera – QR Code
GSM – SMS
6
Image source: http://www.hightech-edge.com/wireless-communications/14037/
Protecting against Mobile Attacks
Attacks moving to mobile 2. Valuable data
Phone information IMEI, Phone number, SMS history, etc.
Contact list Social engineering, Spam database
Geo-location information Spy, Track history
Images/Camera Spy, Surrounding environment
Documents *.doc; *.pdf
7
Image source: http://blogs.gartner.com/svetlana-sicular/data-scientist-mystified/
Protecting against Mobile Attacks
Attacks moving to mobile
3. Valuable resource
High speed CPU
Powerful computing
Always-On Internet connection
8
Image source: http://www.digitaltrends.com/mobile/mobile-phone-world-population-2014/
Protecting against Mobile Attacks
9
Protecting against Mobile Attacks
Attacks moving to mobile
4. High penetration
10
Image source: http://www.slideshare.net/wearesocialsg/social-digital-mobile-around-the-world-january-2014
Protecting against Mobile Attacks
Attacks moving to mobile
5. Smart OS eco-system
App store market
Easy access
Simple install
Awareness
Permission review
Security tools
PC threats in mobile: email, links, browsers,
flash, etc.
11
Protecting against Mobile Attacks
Birthday to mobile
malware
12
Image source: http://www.cultofmac.com/102888/happy-birthday-iphone-eat-your-way-through-four-years-of-iphone-birthday-cakes-gallery/
Protecting against Mobile Attacks
Birthday to mobile malware
13
How old? 10 Years
Protecting against Mobile Attacks
Birthday to mobile malware
14
Image source: https://blog.fortinet.com/10-Years-of-Mobile-Malware/
Protecting against Mobile Attacks
Birthday to mobile malware
Propagation via Bluetooth
Propagation mix with MMS
Premium SMS
Mobile botnet
Banking Trojan
PC-mobile cross infection
Ransomware
15
2014
2004
Protecting against Mobile Attacks
Mobile malware trend
16
Image source: http://autoblog.johnhughes.com.au/wp-content/uploads/2012/04/Mobile-Trend.jpg
Protecting against Mobile Attacks
Mobile malware trends
17
Image source: http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q4-2013.pdf
Protecting against Mobile Attacks
Mobile malware trends
Premium SMS
Mobile botnet
Cross platform infection
Ransomware
CryptoCurrency Miner
18
Protecting against Mobile Attacks
Mobile malware trends
Premium SMS
19
Image source: https://blog.lookout.com/blog/2012/10/03/avoid-premium-sms-scams/
Protecting against Mobile Attacks
Mobile malware trends
Mobile botnet
(2009) SMS attacks on iPhones
(2011) DroidDream compromised Android
(2012) Zitmo (Zeus-in-the-mobile) targeted
Blackberry and Android
20
Image source: http://www.pcworld.com/article/2048199/botnet-likely-caused-spike-in-number-of-tor-clients.html
Protecting against Mobile Attacks
Mobile malware trends
Mobile botnet
(2014) iDroidbot
targets phones running iOS 7.1 and earlier
as well as Android 2.2 and later
Support web administration
Support TOR (anonymous) / proxy connection
Tap mobile wallets
Visa QIWI Wallet
WebMoney Keeper Mobile
Yandex
21
Image source: http://blogs.mcafee.com/mcafee-labs/idroid-bot-for-sale-taps-into-mobile-wallets
Protecting against Mobile Attacks
Mobile malware trends
Mobile botnet
22
Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf
Protecting against Mobile Attacks
Mobile malware trends
Cross platform infection
Android malware infects Windows (2013)
Auto-Run attack
Windows malware infects Android devices
(2014)
adb (Android debug bridge) push
23
Image source: http://www.wpcentral.com/asus-still-bets-androidwindows-8-hybrid-introduces-td300-ces-2014
Protecting against Mobile Attacks
Mobile malware trends
Ransomware
Blackmail: Fake Anti-virus on Android (2013)
Fraud: Fake Anti-virus “Virus Shield” on
Android (2014)
24
Image source: http://ictpost.com/2013/11/12/mobile-malware-crosses-one-million-mark-says-trend-micro/
Protecting against Mobile Attacks
Mobile malware trends
CryptoCurrency Miner
BitCoin / LiteCoin / DogeCoin
[2014-Mar] CryptoCurrency mining malware
found in Play Store
25
Image source: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/03/dogecoinfigure5.png
Image source: http://b-i.forbesimg.com/robertwood/files/2013/05/22.jpg
Protecting against Mobile Attacks
Protect your devices
26
Image source: http://blog.mobpartner.com/2012/10/19/android-mobile-threats/
Protecting against Mobile Attacks
Protect your devices
27
How? What?
Protecting against Mobile Attacks
Protect your devices
Things to protect
Information
Device information
Personal information
Resource
Network resource
CPU resource
28
Image source: http://chicagoagentmagazine.com/3-awesome-apps-for-protecting-your-smartphone/
Protecting against Mobile Attacks
Protect your devices
used by ad libraries to geo-target ads.
for spyware, it provides location data
data helps botnets keep track of their bots.
29
Image source: http://www.mcafee.com/hk/resources/reports/rp-mobile-security-consumer-trends.pdf
Protecting against Mobile Attacks
Protect your devices
Identify the enemy
1. Phishing
2. Malware
3. Vulnerability
30
Image source: http://www.thetechherald.com/articles/Syrian-activists-targeted-by-Phishing-campaigns-and-malware/16429/
Protecting against Mobile Attacks
Protect your devices
Against Phishing
1. Against Phishing
Shorten URL / Long Domain
Email / SMS / IM message
(e.g. WhatsApp, LINE, WeChat, etc.)
Social networking website (e.g. Facebook)
Advertisements
QR-Code / NFC
Wi-Fi / Bluetooth connection
31
AWARE
Protecting against Mobile Attacks
Protect your devices
Against Phishing
[2014-Apr] Apple ID Phishing Scam
32
Image source: http://www.redmondpie.com/new-apple-id-phishing-scam-looks-plausible-enough-to-fool-anyone/
Protecting against Mobile Attacks
Protect your devices
Against Malware
2. Against Malware
Don’t install untrusted apps
Don’t download from the 3rd party markets
33
Protecting against Mobile Attacks
Protect your devices
Against Malware
34
Re-package the
legitimate app with
additional permissions
Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf
Protecting against Mobile Attacks
Protect your devices
Against Malware
35
Malware in Play Store
~ 0.1%
Install apps only from
the official store
Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf
Protecting against Mobile Attacks
Protect your devices
Against Malware
Disable installation from “Unknown sources”
36
Image source: http://www.androidguys.com/2014/04/05/install-amazon-app-store-android/
Protecting against Mobile Attacks
Protect your devices
Against Malware
Install mobile security tools
37
Image source: http://www.av-test.org/en/tests/mobile-devices/android/
Protecting against Mobile Attacks
Protect your devices
Against Vulnerability
3. Against Vulnerability
Keep your System up-to-date
Always update your Apps
38
Protecting against Mobile Attacks
Protect your devices
Against Vulnerability
[2013-Jul] Vulnerability in WhatsApp for
Android
“Priyanka” worm spreading
39
Image source: http://www.theandroidsoul.com/remove-priyanka-whatsapp-virus/
Protecting against Mobile Attacks
Protect your devices
Against Vulnerability
[2014-Feb] iOS flaw allows malicious apps
to record touch screen presses
40
Image source: http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html
Protecting against Mobile Attacks
Protect your devices
Conclusion
Beware of phishing message
Install apps from official store
Review permissions before apps installation
Keep your System/Apps up-to-date
Install mobile security tools
41
Image source: http://www.smallbiztechnology.com/archive/2013/05/12-mobile-security-tips-all-small-businesses-must-be-aware-of.html/
Protecting against Mobile Attacks
HKCERT Supports
HK Google Play Store’s Apps Security Risk
Report (https://www.hkcert.org/play-store-srr)
Monthly report, 1st released in Jul-2013
HKCERT + NINIS in China
Detect malicious/suspicious behaviors apps
in Hong Kong Google Play Store
42
Protecting against Mobile Attacks
HKCERT Supports
Guidelines on Mobile
Guideline of Mobile Security
BYOD Security Guidelines
NFC Security Guidelines
43
Q&A Thank you
Website: www.hkcert.org
Hotline: 8105-6060
44