Upload
jimmy-shah
View
205
Download
1
Embed Size (px)
Citation preview
BYOD is now BYOT Current Trends in Mobile APT
Jimmy Shah, Senior Director of Research
All rights reserved to Zimperium, INC.
Who AM I?
Jimmy Shah
• Sr. Director of Reseach at ZIMPERIUM - Enterprise Mobile Security
• Antivirus Researcher(Symantec, McAfee, AVG) • Involved with Mobile Malware and threats
since SymbOS/Cabir(ca. 2004)
Blog: MOBILE MALWARE DETECTION Email: [email protected] Twitter: @shah_jim
All rights reserved to Zimperium, INC.
Agenda
• Introduction to Advanced Persistent Threats(APT)
• The Real Mobile Threat Landscape
• How is it switching over to Mobile?
• Examples
• Bypassing Mitigations/Security
• Summary
April 24th, 2014
Introduction to Advanced Persistent Threats(APT)
All rights reserved to Zimperium, INC.
Introduction to Advanced Persistent Threats(APT)
All rights reserved to Zimperium, INC.
APT friendly Exploits & Vulnerabilities (PC)
Client Side
Server side: MS08-067 (Conficker), Shellshock, Netbios, SMB, Heartbleed, etc.
April 24th, 2014
The Real Mobile Threat Landscape
All rights reserved to Zimperium, INC.
Next-generation attacks Attackers are targeting mobile devices.
The Changing Threat Landscape
4.3M+ Sensors Reporting daily
All rights reserved to Zimperium, INC.
• Most devices are running outdated OS• Lots of vulnerabilities
• We carry them with us everywhere • Always connected• Contain sensitive data
• Lack of effective security solutions!
The Low Hanging Fruit
April 24th, 2014
How is it switching over to Mobile?
All rights reserved to Zimperium, INC.
APT Friendly Exploits in Mobile
• Widespread
• + Kernel/Root Exploit
• Targeted
• | | + Kernel/Root Exploit, MITM,Push-SMS, etc.
• Cellular Network Attack Vectors • Location Tracking, Call Forwarding, etc
April 24th, 2014
Examples
All rights reserved to Zimperium INC.
Widespread - App Surveillance
All rights reserved to Zimperium, INC.
Targeted - Airport/Hotel Scenario
Intercept Traffic
Scan (IPv4/IPv6)
Target discovery
MITM
Rogue AP
Rogue FemtoCell / Basestation
Modify Traffic
SSL Strip
Browser Attack
Code Injection
Elevation of Privileges
OS / Kernel Exploit
Infected
All rights reserved to Zimperium, INC.
Targeted Attack - Spear-Phishing Scenario
April 24th, 2014
Infection Points
All rights reserved to Zimperium, INC.
Spreading in the Mobile Era
• Rogue AP
• SMS
• Using stolen Email client’s credentials
• Plug & Prey
• Juice Jacking
• Airdrop?
April 24th, 2014
Payloads
All rights reserved to Zimperium, INC.
Payloads
• Two types of payloads observed:• Apps
• Easier to detect
• Processes • Harder to detect
VS
April 24th, 2014
Bypassing Mitigations/Security
All rights reserved to Zimperium, INC.
Methods used in the wild
• Mobile Anti-Virus • Cloud Sandboxing • Sandbox restrictions • MDM / MAM Containers
April 24th, 2014
How to detect?
All rights reserved to Zimperium, INC.
• Persistent filesystem modifications
• Disabling security restrictions
• Spying on other sandboxes: Email App, Facebook, Whatsapp and others
• Spying on information: SMS, Call log
• Active Spying: Camera, Pictures, Call Recording
April 24th, 2014
Summary
All rights reserved to Zimperium, INC.
Mobile
!=PC
Credit: Flickr user - intelfreepress/
All rights reserved to Zimperium, INC.
• Mobile attacks becomes more sophisticated and powerful and can cause a real damage to the corporation’s assets.
• Protecting mobile in BYOD world from various types of attack vectors requires:• Correlation of security events • Anomaly detection techniques • Mobile expert knowledge
• BYOD devices are fragmented to different versions of OS; A true solution must work on all common devices.
ZIMPERIUM’s z9 engine was developed from the ground up for mobile to combat the unique challenges of protecting iOS and Android devices in the organization. Contact us to request a demo
Summary
All rights reserved to Zimperium, INC.
Questions?
Thank you!
All rights reserved to Zimperium LTD.