21

Click here to load reader

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

Embed Size (px)

DESCRIPTION

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

Citation preview

Page 1: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Mobile Security, Mobile Malware & Countermeasure

IGN Mantra, Chairman Email: [email protected], URL: acad-csirt.or.id

Honeynet Seminar 2013

Page 2: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

MOBILE TRENDS

Page 3: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Why the mobile phone BOOM

Page 4: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

The complex picture of the mobile phone market But mobile phone market share doesn’t tell the full story

Source: VisionMobile

Page 5: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Smartphones reached 30% market share in 2011 483M units shipped worldwide

Smartphone shipments as a % of total handset shipments

Source: VisionMobile

Page 6: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Smartphone sales vary greatly by region Q2 2011 are the majority of handset sales in North America (63%) and Europe (51%)

Market share

Source: VisionMobile

Page 7: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Android became dominant smartphone OS Samsung and HTC benefited the most from Android success (Q4 2011)

Smartphone market share by OEM and platform (H2 2011)

Source: VisionMobile

Page 8: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Android turned the tables on handset makers Samsung and HTC benefited, Nokia, Motorola, Sony were challenged

Beneficiaries: fast-moving challengers Efficient cost structure plus ability to differentiate

in software, hardware or both

low cost assemblers Cost structure optimised for razor-thin margins

Android is a long-term opportunity for global reach

Under pressure: ‘old guard’ OEMs Cost structure requiring high-margins

Commoditising effect of Android makes high-margins unattainable for OEM without own ecosystem or meaningful differentiation

No Name source: VisionMobile

Page 9: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

MOBILE MALWARE

Page 10: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

10 Malware Types 2013 source : boston.com

Droid KungFu

Geinimi

Plankton Droid Dream

Android. Pjapps

Ikee

Zitmo

Hong TouTou

Timifonica

SymbOS. Skull

Page 11: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Mobile Malware Statistic 2013 Source : Kaspersky Lab

Page 12: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Mobile Malware

Malware is software with malicious purpose. It may be

designed to disable your phone, remotely control your phone, or

steal valueable your information.

Mobile malware uses the same techniques as a PC malware to

infect mobile devices.

app

pc

Page 13: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

The Growth

Page 14: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Malware Samples Library Source : http://rogunix.com/docs/Android/Malware/

Page 15: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

The Real Dangers of Mobile Malware

Bank account password are

stolen.

Private information is captured.

Phone data is deleted.

Device is “bricked” and need replacing

The phone is forced to send the

sms premium numbers. (sedot

pulsa).

Malware infected devices can be used by botnet owners to launch attacks on

digital targets.

Page 16: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

How they get you

PHISING

A fake version of real site gathers your log-in ad other private informations

SPYWARE

Silently collects information from users and sends it to eavesdroppers

EXPLOITING

Some malware will exploit mobile platform vulnerabilities to gain control of the device

WORM

A program tha replicates itself spreading throughout a network

MAN IN THE MIDDLE

The attackers becomes a middle man in a communication stream and logs all information relayed between the communicating parties

DIRECT ATTACK

Comes from files or viruses sent right to your cell phone.

Page 17: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

PROTECT MOBILE DEVICE

Page 18: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

Mobile Malware & Awareness

Of users say that they are unaware of

security software for smartphones

Of mobile users bank from a phone, yet most

don’t have security measures in place

53%

24%

Page 19: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

What should You Do and Don’t

DO • Make sure the OS and sowftware are

up to date at all times • Download apps from reputable sites

and closely review app permission requests.

• Make sure to check the feedback from other users before installing the program from an app store

• User strong password • User personal firewall • Turn off bluetooth and other

connections when not in use •  Install a mobile security application.

DON’T • Download apps from third

party app repositories •  Jailbreak your phone •  Leave your “wifi ad hoc

mode on” • Accessing banking or

shopping sites over a public WIFI connection

•  Leave your mobile device unattended in public places.

Page 20: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

References

•  A window into Mobile device security –  http://www.symantec.com/content/en/us/about/media/pdfs/

symc_mobile_device_security_june2011.pdf •  http://www.continuitycentral.com/feature0919.html •  http://www.usatoday.com/tech/news/story/2012-03-22/

lost-phones/53707448/1] •  US-CERT Resource: Paul Ruggiero and Jon Foote,

“Cyber Threats to Mobile Phones”, http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf)

•  Top 10 android Security Riskshttp://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm

Page 21: I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

#ACAD-­‐CSIRT  

TERIMA KASIH

IGN MANTRA Email : [email protected], [email protected]