byom: bring your own malware - · pdf filebyom: bring your own malware ... android id, android...
TRANSCRIPT
![Page 1: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/1.jpg)
FIREEYE ADVANCED THREAT PROTECTION
BYOM: Bring Your Own Malware Matthew WONG - Consulting Engineer of FireEye
Hong Kong and Macau
![Page 2: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/2.jpg)
Numbers Show a Harsh Reality
2/3 of U.S. firms
report that
they have been the
victim of cybersecurity
40% ALL IT executives expect a major cybersecurity incident
115% CAGR unique malware
since 2009 9,000+
00.01 Every second 14 adults become a victim of cyber crime
6.5x Number of cyber attacks since 2006 95
new vulnerabilities discovered each week
HKCERT Cyber Incident
![Page 3: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/3.jpg)
Mobile Blooming Statistics
• Smartphones adoption - 10x faster than PC revolution in 1980s - 2x faster than the 1990s Internet boom - 3x faster than even today’s social networks • Average of 52% of workers use their personal mobile device
for work, 69% in Asia Pacific • Mobile Malware growth 614% in 2012-2013 • 2/3 of mobile application in Google play store had at least one
vulnerability
![Page 4: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/4.jpg)
Mobile Cyber Security become daily life
![Page 5: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/5.jpg)
Cyber Crime is focus on Mobile
![Page 6: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/6.jpg)
Further incident after mobile hacked
![Page 7: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/7.jpg)
Cybercrime is focus on Mobile
![Page 8: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/8.jpg)
Fake Banking App
![Page 9: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/9.jpg)
Other Security Concerns
Use Android Smart Lock Use Android Encryption DO NOT USE FINGERPRINT AUTH
![Page 10: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/10.jpg)
Hacker become Creative
![Page 11: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/11.jpg)
Step into the future hacking
![Page 12: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/12.jpg)
Imagine the Mobile Future
![Page 13: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/13.jpg)
Traditional AV are failing
![Page 14: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/14.jpg)
Mobile Security News – Political Hack
![Page 15: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/15.jpg)
Mobile Security News – Financial Gain
![Page 16: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/16.jpg)
Reusable App Libraries Outsourced app Malicious Building Blocks
App Development
![Page 17: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/17.jpg)
10AM Meeting about Company Acquisition
Anatomy of a Mobile Threat
Callback Server
Exfiltration
Battlefield Enterprise IP Tracking executive
location
1 2 Calendar Access Microphone Access 3 Exfiltration 4 The tip of the iceberg
Transparent SMS
Call Records
Video Surveillance
Root Access Fine Grained GPS
Location
History & Bookmarks
Lateral exploit spread
Exfiltration of contacts
Hidden Malicious Behavior
Benign
![Page 18: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/18.jpg)
Malware
Vulnerable apps
Adware
Apps with undesired/unintended Security Consequences
Mobile App Threat Categories
![Page 19: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/19.jpg)
MisoSMS - Malware
Interesting stuff: http://84udjhtg
SMS phishing
UploadingSMS
360.cn mail service
Server hosting malicious apk
(attacker's server or app store)
Download MisoSMS
![Page 20: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/20.jpg)
First Mobile Botnet Takedown
• Worked with 360.cn to ban attackers’ email accounts for collecting stolen SMS messages
• From network measurements: almost 200,000 SMS messages were stolen
![Page 21: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/21.jpg)
● Fake AV apps
● “Anti-Hacker”
– 50,000 downloads
– Less than 800
lines of code
Fake Anti-virus / Scam-ware on Google Play
![Page 22: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/22.jpg)
Adware on App Markets
0.00%
2.00%
4.00%
6.00%
8.00%
10.00%
12.00%
14.00%
lenovo nduo opera anzhi pdassi mumayi appchina slideme hiapk appsapk
Adware
Malware
• 6.7% adware in APKs crawled from Google Play in 8 months
![Page 23: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/23.jpg)
Ad Library Prevalent on Google Play: Main Method for Monetization
Ad Library Usage Count Percentage
Admob 51176 36.60%
Flurry 15289 10.93%
Millennial Media 7949 5.68%
Chartboost 7517 5.38%
Inmobi 7307 5.23%
Tapjoy 6740 4.82%
Izp 5917 4.23%
Applift 5187 3.71%
Mopub 4209 3.01%
Revmob 2253 1.61%
Data collected on Google Play apps with 100K+ downloads
![Page 24: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/24.jpg)
Common Ad Lib Sensitive Behaviors
• Collect personal information – Name, address, age, gender, email address, etc
• Collect device information – IMEI, MAC, Android ID, Android version, list of installed apps
• Modify bookmark history, calendar, and contacts
• Push ads to the notification tray of the phone even when the app is not running
• Send premium SMS as a form of payment
• Intercept incoming SMS and check for messages from certain phone numbers
![Page 25: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/25.jpg)
Vulnerable Apps - Incorrect use of SSL/TLS
Vulnerabilities – Applications use trust managers that trust all certificates and
open themselves to MITM attacks – Applications replace hostname verifiers with versions that do
not check the hostname of the server the application is connecting to
– Applications that embed web pages ignore SSL errors by doing nothing in onReceiveSslErrors.
Consequences – MITM attacks!
![Page 26: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/26.jpg)
SSL/TLS vulnerabilities
0%
20%
40%
60%
80%
100%
Trust managers thatdo not check server
certificates
Hostname verifiersthat do not verify
hostnames
Applications thatignore SSL errors in
WebKit
Safe
Unsafe
Dataset: The 1000 most downloaded applications from google play
611/1000use SSL
![Page 27: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/27.jpg)
Uploading contacts in bulk
Truecaller - Caller ID & Block 10,000,000+ downloads “See who the unknown caller is, block unwanted calls and SMS, and manage your contacts for FREE. …NEVER uploads your phonebook to make it searchable or public.”
TeenPatti: Indian Poker 500,000+ downloads
“Teen Patti is the fastest and the most exciting Indian card game, similar to poker.”
Uploads entire contacts list, uploads incoming SMS sender without user interaction
Uploads entire contacts list
Apps with undesired/unintended Security Consequences
![Page 28: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/28.jpg)
Risk Type Top AV Vendors Latest Solution
Malware
Adware
Vulnerabilities
Undesired security consequences
Latest Solution Covering All App Threat Categories
Latest Solution detects previously unknown malware with
signature-less detection, unlike AV
Latest Solution detects double number of ad libraries for adware detection than traditional AV
Latest Solution provides the most comprehensive detection of different classes of vulnerabilities in apps
Latest Solution provides the most comprehensive detection of sensitive/undesired behaviors in apps
![Page 29: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/29.jpg)
Live Demo on how latest mobile security solution
• 100% detect base on cloud infrastructure, free up CPU and memory on the phone
• Non-signature based solution which help to detect latest attacks
• Can detail analysis about mobile threat behavior and action taken
![Page 30: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/30.jpg)
Uncovering the Threat
Contextual Correlation
2 What kind of behavior
does the app exhibit?
1 Does the app
violate security policies? 3 Is the app malicious?
Security Policy
Information
File System
Exploit
Network
Behavior
![Page 31: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/31.jpg)
IOS 8.3 Vulnerability
Discover by FireEye
![Page 32: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/32.jpg)
Secure without extra load on Mobile Devices
1M download
10K download 10M Download
LEAVE A NAME CARD on FIREEYE BOOTH AND We will have a DEMO After the Session
![Page 33: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/33.jpg)
THANK YOU!
Questions and Answers
![Page 34: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/34.jpg)
![Page 35: BYOM: Bring Your Own Malware - · PDF fileBYOM: Bring Your Own Malware ... Android ID, Android version, list of ... Indian Poker 500,000+ downloads ^Teen Patti is the fastest and the](https://reader034.vdocument.in/reader034/viewer/2022052515/5a70d56f7f8b9aa7538c601e/html5/thumbnails/35.jpg)