I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

  • Published on

  • View

  • Download


I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure


<ul><li>1.#ACAD-CSIRT Mobile Security, MobileMalware &amp; CountermeasureIGN Mantra, ChairmanEmail: mantra@acad-csirt.or.id, URL: acad-csirt.or.idHoneynet Seminar 2013</li></ul> <p>2. #ACAD-CSIRT MOBILE TRENDS 3. #ACAD-CSIRT Why the mobile phone BOOM 4. #ACAD-CSIRT The complex picture of the mobile phone marketBut mobile phone market share doesnt tell the full storySource: VisionMobile 5. #ACAD-CSIRT Smartphones reached 30% market share in 2011483M units shipped worldwideSmartphone shipments as a % of total handset shipmentsSource: VisionMobile 6. #ACAD-CSIRT Smartphone sales vary greatly by region Q2 2011are the majority of handset sales in North America (63%) and Europe (51%)Market shareSource: VisionMobile 7. #ACAD-CSIRT Android became dominant smartphone OSSamsung and HTC benefited the most from Android success (Q4 2011)Smartphone market share by OEM and platform (H2 2011)Source: VisionMobile 8. #ACAD-CSIRT Android turned the tables on handset makersSamsung and HTC benefited, Nokia, Motorola, Sony were challengedBeneficiaries:fast-moving challengersEfficient cost structure plus ability to differentiatein software, hardware or bothlow cost assemblersCost structure optimised for razor-thin marginsAndroid is a long-term opportunity for global reachUnder pressure:old guard OEMsCost structure requiring high-marginsCommoditising effect of Android makes high-margins unattainable for OEM without ownecosystem or meaningful differentiationNo Name source: VisionMobile 9. #ACAD-CSIRT MOBILE MALWARE 10. #ACAD-CSIRT 10 Malware Types 2013source : boston.comDroidKungFuGeinimiPlankton DroidDreamAndroid.PjappsIkeeZitmoHongTouTouTimifonicaSymbOS.Skull 11. #ACAD-CSIRT Mobile Malware Statistic 2013Source : Kaspersky Lab 12. #ACAD-CSIRT Mobile MalwareMalware is software withmalicious purpose. It may bedesigned to disable your phone,remotely control your phone, orsteal valueable your information.Mobile malware uses the sametechniques as a PC malware toinfect mobile devices.apppc 13. #ACAD-CSIRT The Growth 14. #ACAD-CSIRT Malware Samples LibrarySource : http://rogunix.com/docs/Android/Malware/ 15. #ACAD-CSIRT The Real Dangers of Mobile MalwareBank accountpassword arestolen.Private informationis captured.Phone data isdeleted.Device is brickedand need replacingThe phone isforced to send thesms premiumnumbers. (sedotpulsa).Malware infecteddevices can be usedby botnet owners tolaunch attacks ondigital targets. 16. #ACAD-CSIRT How they get youPHISINGA fake version of real sitegathers your log-in ad otherprivate informationsSPYWARESilently collects informationfrom users and sends it toeavesdroppersEXPLOITINGSome malware will exploitmobile platform vulnerabilities togain control of the deviceWORMA program tha replicates itselfspreading throughout a networkMAN IN THE MIDDLEThe attackers becomes amiddle man in a communicationstream and logs all informationrelayed between thecommunicating partiesDIRECT ATTACKComes from files or viruses sentright to your cell phone. 17. #ACAD-CSIRT PROTECT MOBILE DEVICE 18. #ACAD-CSIRT Mobile Malware &amp; AwarenessOf users say that theyare unaware ofsecurity software forsmartphonesOf mobile users bankfrom a phone, yet mostdont have securitymeasures in place53%24% 19. #ACAD-CSIRT What should You Do and DontDO Make sure the OS and sowftware areup to date at all times Download apps from reputable sitesand closely review app permissionrequests. Make sure to check the feedbackfrom other users before installing theprogram from an app store User strong password User personal firewall Turn off bluetooth and otherconnections when not in use Install a mobile security application.DONT Download apps from thirdparty app repositories Jailbreak your phone Leave your wifi ad hocmode on Accessing banking orshopping sites over a publicWIFI connection Leave your mobile deviceunattended in public places. 20. #ACAD-CSIRT References A window into Mobile device security http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf http://www.continuitycentral.com/feature0919.html http://www.usatoday.com/tech/news/story/2012-03-22/lost-phones/53707448/1] US-CERT Resource: Paul Ruggiero and Jon Foote,Cyber Threats to Mobile Phones, http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf) Top 10 android Security Riskshttp://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm 21. #ACAD-CSIRT TERIMA KASIHIGN MANTRAEmail : incident@acad-csirt.or.id, info@acad-csirt.or.id </p>


View more >