Amphion Forum 2013: What to Do About Attacks Against MDMs
-
Upload
lacoon-mobile-security -
Category
Technology
-
view
907 -
download
0
Transcript of Amphion Forum 2013: What to Do About Attacks Against MDMs
![Page 1: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/1.jpg)
Amphion Forum 2013 Practical Attacks Against Popular MDM Solutions (and What Can We Do About It)
Michael Shaulov CEO, Co-Founder
![Page 2: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/2.jpg)
Agenda
l About Lacoon
l Your Data
l Exploits to target enterprise data on mobile devices
l Your Information
l Point & click mobile remote access Trojans
l Your Life
l Mobile device Trojans as a service (M-TaaS)
l Hacking iOS devices?
![Page 3: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/3.jpg)
Lacoon Mobile Security
l Founded by mobile security experts from the Defense and
Security industries
l Serving the Fortune-1000
l Cutting edge research team
l Partnerships with leading mobile operators
l Well-funded and backed by security industry veterans and
Index Ventures
![Page 5: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/5.jpg)
BYOD and Corporate Mobility
“More than
60% of organizations enable BYOD”
Gartner, Inc. October 2012
![Page 6: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/6.jpg)
Mobile Devices: Attractive Attack Target
Eavesdropping
Extracting contact lists, call &text logs
Tracking location
Infiltrating internal LANs
Snooping on corporate emails and application data
![Page 8: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/8.jpg)
Enterprise Security & Data Protection Solutions
l Mobile Device Management (MDM)
l Secure Containers
l Wrappers
l VDI
![Page 12: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/12.jpg)
MDMs and Secure Containers
3 features:
l Encrypt business data l Encrypt communications to the
business l Detect Jailbreak / Rooting of
devices
![Page 14: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/14.jpg)
![Page 15: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/15.jpg)
12 Hours | 1000 USD
![Page 18: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/18.jpg)
Step 2: Install a Backdoor / aka Rooting
Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS
Vulnerability Each Android device had/ has a public vulnerability
Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
![Page 21: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/21.jpg)
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Step 3: Bypass Containerization
![Page 22: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/22.jpg)
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Exfiltrate information
Step 3: Bypass Containerization
![Page 23: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/23.jpg)
How Many Privilege Escalation Exploits are Out There?
Date Name Affected Devices 12/2012 Exynos Most Samsung
Devices (Galaxy S2/3, Note…)
6/2013 MasterKey 1
All devices
8/2013 MasterKey 2
All devices
11/2013 MasterKey 3 All devices
11/2013 V-Root All devices, bypass SEAndroid…
![Page 24: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/24.jpg)
How Many Privilege Escalation Exploits are Out There?
Date Name Affected Devices 12/2012 Exynos Most Samsung
Devices (Galaxy S2/3, Note…)
6/2013 MasterKey 1
All devices
8/2013 MasterKey 2
All devices
11/2013 MasterKey 3 All devices
11/2013 V-Root All devices, bypass SEAndroid…
![Page 27: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/27.jpg)
![Page 28: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/28.jpg)
Point & Click | Free (0 USD)
![Page 29: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/29.jpg)
AndroRAT – Point & Click mRAT Generator
l Injects polymorphic mobile remote access Trojan to any
Android application
l Released as Open Source on Nov 2012
l https://github.com/DesignativeDave/androrat
l Forked many times
l Available on many dark forums
![Page 32: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/32.jpg)
Mobile Device Trojans as a
Service (M-TaaS)
![Page 33: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/33.jpg)
![Page 34: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/34.jpg)
Read the Manual | 60 USD per Year
![Page 37: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/37.jpg)
Survey: Cellular Network 2M Subscribers Sampling: 650K
Infection rates:
June 2013:
1 / 1000 devices
![Page 41: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/41.jpg)
http://www.lacoon.com/hand-of-thief-hot-moves-its-way-to-android/
Anti Virtual Machine - “the best way to infect the user is by placing the malware on Google Play”
![Page 42: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/42.jpg)
Lacoon MobileFortress – Behavior-based Detection & Mitigation
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Multi-Layer Mitigation
![Page 43: Amphion Forum 2013: What to Do About Attacks Against MDMs](https://reader034.fdocuments.in/reader034/viewer/2022042815/5575e449d8b42af74e8b485a/html5/thumbnails/43.jpg)
Thank You. Contact details: www.lacoon.com [email protected] Twitter: @LacoonSecurity