Post on 09-Jun-2015
description
Practical Attacks against Mobile
Device Management Solutions
About: Daniel
•
From PC to Mobile
•
Developing an App Analysis framework for spyphones, mobile malware and exploits
About: Michael
•
•
Agenda
•
•
•
•
TARGETED
MOBILE THREATS
The Mobile Threatscape
Mobile Remote Access Trojans (aka Spyphones)
Recent High-Profiled Examples
Varying Costs, Similar Results
Commercial Surveillance Software
Survey: Cellular Network 2M Subscribers Sampling: 650K
Survey: Cellular Network 2M Subscribers Sampling: 650K
June 2013:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 650K
Survey: Cellular Network 2M Subscribers Sampling: 650K
MDM and SECURE
CONTAINERS
101
Mobile Device Management
•
•
•
MDM: Penetration in the Market
Gartner, Inc. October 2012
MDM Key Capabilities
•
•
•
•
Secure Containers
Behind the Scenes: Secure Containers
MDMs and Secure Containers
MDMs and Secure Containers
BYPASSING
MOBILE DEVICE
MANAGEMENT
(MDM) SOLUTIONS
Overview
ANDROID
Step 1: Infect the Device
Step 1: Technical Details
Step 2: Install a Backdoor (i.e. Rooting)
Step 2: Install a Backdoor (i.e. Rooting)
Step 2: Technical Details
Step 3: Bypass Containerization
Step 3: Bypass Containerization
Step 3: Bypass Containerization
Step 3: Technical Details
Step 4: Exfiltrate Information
Step 4: Technical Details
•
•
•
•
Who Needs Root If you Have System
IOS
Step 1: Infect the device
Step 2: Install a Backdoor (i.e. Jailbreaking)
Step 2: Technical Details
Step 3: Bypass Containerization
MITIGATION
TECHNIQUES
MDM
Key Issues
•
•
•
Layered Approach (Defense-In-Depth)
•
•
•
Adaptive multi-layer approach
•
•
•
Thank You.