PowerPoint Presentation
HOW TO PROTECT YOUR ORGANIZATION FROM A DEVASTATING NEW ANDROID
VULNERABILITYBrian Duckering, Head of Product Marketing,
Skycure
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Meet Your SpeakerBrian DuckeringHead of Product
MarketingSkycure
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Quick HousekeepingThere will be time for
Q&A at the endAsk questions using the GTW chat paneThe webinar
is being recordedAll attendees will receive a copy of the
slides/recording
Join the discussion #MobileThreatDefense
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Old Endpoint vs. New Endpoint
IPSIDSFIREWALLUSBSECURITYDLPDATA ENCRYPTIONWIRELESS
SECURITYAPPLICATION CONTROLAV
?
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Mobile Threat Landscape
Physical
Network
Vulnerabilities
Malware
?
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
What is Accessibility Clickjacking?Android Malware &
VulnerabilityDiscovered by Skycure Research LabsMarch
2016Undetectable (other than by Skycure)Invisible to the end
userAffects all except Marshmallow OSCompromises container
solutions
Exploitation methodTricks the user into granting unlimited
rights to view and control the device
95.4% of all Android devices in use today
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#How it worksLeverages 2 otherwise benign
Android features:
Accessibility ServicesDesigned to facilitate interaction with
the device for the vision impairedAccesses ALL textual
information
Graphic OverlayAllows apps to draw over other apps and pass
touches to the lower app
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Consequences of Accessibility
ClickjackingGrants hacker ability to
View/steal ALL textual informationMessage, Mail, Docs,
etc.Container (MAM) data
Gain admin access
Encrypt device and change passcodeRansomware
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Android Version Distribution and
VulnerabilityVersionCodenameAPIDistributionVulnerable to
Accessibility Clickjacking?Android Protection
Measures2.2Froyo80.1%YesNo protection2.3.3
-2.3.7Gingerbread102.6%Yes4.0.3 -4.0.4Ice Cream
Sandwich152.2%Yes4.1.xJelly
Bean167.8%Yes4.2.x1710.5%Yes4.3183.0%Yes4.4KitKat1933.4%Yes5.0Lollipop2116.4%YesRestrict
pass-through clicks for the OK
button5.12219.4%Yes6.0Marshmallow234.6%NoRequire manual activation
of pass-through clicks
Source: Android.com, May 3, 2016Froyo MarshmallowIce Cream
SandwichGingerbreadJelly BeanKitKatLollipop
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Accessibility Clickjacking Live Demo
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Accessibility Clickjacking RemediationUpgrade to the latest
OS
Install apps from reputable storesWe recommend Google PlayTurn
off 3rd party app installationUse a secure app installer
Install a Mobile Threat Defense Solution
TURN THIS OFF
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
VulnerabilitiesMalware Network
Can Traditional Solutions Catch AC?Traditional Mobile Malware
AnalysisServer-side analysis onlySignature/Static/Dynamic
Too Little, Too Late!
Ideal Solution Is Holistic3-layer strategyLeverage MDM
functionsAutomated enforcement
DeviceServerCrowd Wisdom
Physical
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Holistic Defense Against
MalwarePredictReputation analysis what it isApp, Developer,
Store,
DetectBehavior analysis what it doesWhat is the app doing?How is
the app doing it?
ProtectProactive protection how to stop it
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [11]) - Any changes to
the graphics on the previous slide should be reflected here. Be
sure to follow animations to make sure the transitions make
sense.
Skycure Malware Analysis ModulesSource AnalysisPackage
SegmentationGradual Analysis
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Brian Duckering (BCD [13]) - Also an added slide from another
deck like slide 10 and the 2 following this. Any update in the look
should carry through. Beware of lots of animations.Skycure Malware
Analysis ModulesSource AnalysisPackage SegmentationGradual Analysis
Signatures Analysis Static AnalysisDynamic Analysis
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [14]) - Same comments as
previous slide. Make sure Skycure logo doesn't appear.
Skycure Malware Analysis Modules Crowd Wisdom helps to
understand the Entire Attack Flow
Source AnalysisPackage SegmentationGradual Analysis Signatures
Analysis Static AnalysisDynamic AnalysisLegitimate App
ProfilingRepackage DetectionAttacker Profiling
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Brian Duckering (BCD [16]) - Same comments as
previous slide. Make sure Skycure logo doesn't appear.
VulnerabilitiesMalware Network
Skycure Mobile Threat DefenseHolisticDefend against all attack
vectorsDeep, layered analysis
PatentedUnique analytics, detection, remediation
PublicRespects user/corporate privacyFuture proof and
stableMinimal CPU/battery impact
DeviceServerCrowd Wisdom
Physical
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Skycure Solution OverviewPhysical
Network
Vulnerabilities
Malware
24x7 detection and protectionNetwork, device and app
analysisMulti platform
SeamlessexperiencePrivacyMinimalfootprintEnd-User App
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Physical
Network
Vulnerabilities
Malware
Policy enforcementRisk-based managementEnterprise
integrations
Security
Visibility
IT SatisfactionManagement24x7 detection and protectionNetwork,
device and app analysisMulti platform End-User App
SeamlessexperiencePrivacyMinimalfootprint
Skycure Solution Overview
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Skycure Solution OverviewMobile Threat Intelligence Platform
Physical
Network
Vulnerabilities
Malware
Policy enforcementRisk-based managementEnterprise
integrationsVisibility
Security
Visibility
IT SatisfactionManagement24x7 detection and protectionNetwork,
device and app analysisMulti platform
SeamlessexperiencePrivacyMinimalfootprintEnd-User App
1 Million+ Global Threats
Identifiedhttps://maps.skycure.comReal-Time ThreatIntelligence
CrowdWisdom
Millions ofmonthly tests -apps & networks
SkycureResearch
No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut
ThreatAggregator
Dozens of threat feeds from 3rd parties
LegitimateServices
Attackers & Threats
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
Is your organization vulnerable?2 Step Enterprise Trial
ProcessStep 1 Download Skycure Public App (Recommendation: 5-20
devices) Step 2 Review Skycure Assessment Report in 4 weeks
What do we usually find?NUMBER OF DEVICES WITH MALICIOUS APPS
INSTALLEDPERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATSPERCENTAGE
OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES
EVERY ORG with 200+ employees had iOS malwareof
Androiddevices
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#Next Steps
TRIALRequest a FREE 30 day trial!
https://www.skycure.com/trial1-800-650-4821
[email protected]
Title of Presentation DD/MM/YYYY
2016 Skycure Inc.#
![Next Generation Clickjacking - Black Hat Briefings · © Context Information Security Limited / Commercial in Confidence Date[Edit in slide master] Next Generation Clickjacking](https://img.pdfslide.us/doc/110x75/5c97813f09d3f2d8238c3787/next-generation-clickjacking-black-hat-briefings-context-information-security.jpg)
