Anatomy of a Targeted Attack against Mobile Device Management (MDM)
-
Upload
lacoon-mobile-security -
Category
Technology
-
view
422 -
download
2
description
Transcript of Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack
against Mobile Device
Management (MDM)
MDM: Penetration in the Market
Gartner, Inc. October 2012
TARGETED
MOBILE THREATS
Mobile Remote Access Trojans (aka Spyphones)
Recent High-Profiled Examples
Commercial mRATS
Survey: Cellular Network 2M Subscribers Sampling: 250K
October 2012:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 250K
BYPASSING
MOBILE DEVICE
MANAGEMENT
(MDM) SOLUTIONS
MDMs and Secure Containers
Demo
Let’s Test These Assumptions…
Overview
Step 1: Infect the device / Android
Step 1: Infect the device / iOS
Step 2: Install a Backdoor / Android: Rooting
Step 2: Install a Backdoor / iOS: Jailbreaking
Step 3: Bypass Containerization
Step 3: Bypass Containerization
Step 3: Bypass Containerization
Step 3: Bypass Containerization
MITIGATION
TECHNIQUES
MDM
Mitigation Steps (1)
Mitigation Steps (2)
Mitigation Steps (3)
March 26 2013 → Android Trojan Found in Targeted Attack
A combination of e-mail hacking, "spear phishing," and a Trojan built specifically for Android smartphones to spy on Tibetan activists
Inside of Mobile Targeted Attack
C&C Server
View the software installed on the phone to facilitate customer software hijacking / tool to get software such as QQ, Email, MSN password
Thank You.