Droidcon2013 security genes_trendmicro
-
Upload
droidcon-berlin -
Category
Documents
-
view
471 -
download
1
Transcript of Droidcon2013 security genes_trendmicro
Raimund Genes - CTO
Security under Android
Copyright 2013 Trend Micro Inc.
Android has been designed with security in
mind!
Security in Mind?
Android is a privilege-separated operating system. Each application runs through a unique Linux user ID. No application has permission to impact other applications. Applications can‘t access the network without prior consent
Security in Mind?
When installing an application, the
user is requested by the app
package installer to grant
permission(s)
But!
Then, before or while running the application, it is never checked again by the user. If the permission was granted, the app can then use the desired features without prompting the user – forever!
So
With clever social engineering the bad guys convince the users to install a „useful“ application, the user willingly gives permission, and bingo – device could be misused
Industry Trends Malware increasing on “App Stores”
Android Malware
• 10K: Middle of 2012! • 100K: End of 2012!
http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/
Chris Di Bona from Google, November 2011:
”virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.” “The barriers to spreading such a program from phone to phone are large and difficult enough to traverse when you have legitimate access to the phone, but this isn’t independence day, a virus that might work on one device won’t magically spread to the other.” All the major vendors have app markets, and all the major vendors have apps that do bad things, are discovered, and are dropped from the markets.
Industry Trends Google’s Bouncer
Google Bouncer: “Gone to the Gym”
Slide 13 -‐ TREND MICRO CONFIDENTIAL
Extended Network: The App Markets Use Case: Personal data exfiltration via an Android Market
App Market
Infiltration Exfiltration & Exploits
Android Malware
120,000 300,000+
ANDROIDOS_JIGENSHA.A
Impact Scope:
760,000 users' data leaked online in Japan Malicious Behavior: The malware collect User's contact list includes phone number and names, then sends them to a remote server.
Your phone as your wallet
Samsung’s Knox software
Types of Threats
Spying Tools Track user data like GPS and send to a 3rd party
Rooter Hacks phone to take
control
Premium Service Secretly subscribes user to paid services
Data Stealer Steals personal
information
Malicious Downloader
Downloads new apps without user consent
Click Fraud Triggers pay-per-click activity on the device
Viruses for Android
Where’s the problem?
That’s why don‘t we see this under IOS
Mobile App Reputation
• Mobile App Reputation is a cloud-based technology that automatically identifies mobile threats based on app behavior – Crawl & collect huge number of Android apps
from various Android Markets – Identifies existing and brand new mobile
malware – Identifies apps that may abuse privacy / device
resources – World’s first automatic mobile app evaluation
service
• Malware? • Privacy Risk? • High Resource
Consumption?
Mobile App Reputa<on
Apps
No Issues
Issue Iden<fied
Mobile App Reputation
Generates reputation scores and
detailed report
Collects Apps and scans them in the
cloud
1.
Static Analysis: Dissects app code
and private data access.
2.
Correlates web queries with Smart Protection Network
3.
Dynamic Analysis: Activates app to analyze actual
behaviour
4.
Mobile Application Reputation Architecture
Data Bus / Control Bus
MSR (Mobile Sourcing)
MPAFI (Mobile PAFI)
MSA (Mobile StaDc Analyzer)
MDA (Mobile Dynamic
Analyzer)
MSE (Mobile Scoring
Engine)
MDS (Mobile Data
Store)
SPN (Smart Protec<on Network) WRS/FRS Correlate Services
PAFI: Pre-‐Analysis File Interscan
The Service
Appstore submits
new apps
FTP
Crawler
Web Upload
Apps are scanned
Report is provided
HTML
XML
Appstore removes bad apps and adds detailed
info to app listings
Information provided by MARS
MARS Sample Report
Developers! • Ensure what public libraries do, before you use them!
• Corporate customers are very sensitive regarding Data Leakage!
• CPU load and Battery impact plays a bigger and bigger role in App selection!
• Quick and Dirty might not be the way to go for a sustainable business!
• If you write Apps for a 3rd party, expect that the App will be tested not only for functionality but also for potential risks, negative impacts
Mid of May
mars.trendmicro.com to check the rating of your App