latest threats against mobile devices dave jevans founder, chairman and cto
TRANSCRIPT
![Page 1: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/1.jpg)
Latest Threats Against Mobile Devices
Dave Jevans
Founder, Chairman and CTO
![Page 2: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/2.jpg)
2
CyberCrime: Threats Against Mobile Devices
October 2012
“User-owned computers and smart phones are more than twice as likely to be infected with malware”
![Page 3: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/3.jpg)
3
Advanced Persistent Threats
• APTs typically involve compromises of users’ devices or credentials
• 45% of enterprises see increase in spear phishing attacks targeting employees
![Page 4: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/4.jpg)
4
9 Critical Threats Against Mobile Workers
1. Malware, Trojans, Zero-day Attacks2. Key loggers3. Compromised Wi-Fi Hotpots4. Poisoned DNS5. Malicious & Privacy Leaking Apps6. Jail broken & Rooted Devices7. Un-patched OS Versions8. Spear Phishing9. Advanced Persistent Threats
![Page 5: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/5.jpg)
5
Bring Your Own Device = New Threats
• Multiple users per device, with many
apps and websites visited
• Users connect to 10+ networks a month
• Attacks against end-users give access to corporate networks, data, and cloud services
• Cyber-criminals know this
![Page 6: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/6.jpg)
![Page 7: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/7.jpg)
7
Phishing Continues To Explode
• Phishing and Spear-Phishing is At Record Levels
![Page 8: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/8.jpg)
8
Spear-Phishing
• Spear-phishing is the #1 way that APTs are instigated
• Use DNS blacklisting to prevent access to phishing sites
![Page 9: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/9.jpg)
9
![Page 10: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/10.jpg)
10
![Page 11: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/11.jpg)
11
Email Service ProvidersAre An Important Attack Vector
![Page 12: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/12.jpg)
12
• RSA Security breached
• Targeted spear phishing infected several employees’ computers
• Seeds and serial numbers for tens of millions of SecureID tokens stolen
• Key customers attacked after this
![Page 13: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/13.jpg)
13
13
![Page 14: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/14.jpg)
14
![Page 15: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/15.jpg)
15
Android Fragmentation
![Page 16: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/16.jpg)
16
Exponential Growth in Mobile Malware
Source: Kaspersky Labs, March 2013
![Page 17: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/17.jpg)
17
• Sites infected with bad iFrame
• Checks User-Agent
• Update.apk sent to browser
• Installed if device allows apps from unknown sources
• com.Security.Update
![Page 18: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/18.jpg)
18
Hacked Apps Posted to Markets
![Page 19: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/19.jpg)
19
Example: Fake Instagram
![Page 20: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/20.jpg)
20
Example: Fake Authentication Apps
![Page 21: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/21.jpg)
21
Example: Battery Monitor Trojan
![Page 22: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/22.jpg)
22
Compromised WiFi Hotpots
• WiFi hotspots can intercept and redirect traffic
• Evil-Twin attacks, DNS attacks, network snooping, session hijacking & sidejacking
• You need a VPN service for all users, on every WiFi
![Page 23: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/23.jpg)
23
Sidejacking on Public WiFi
![Page 24: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/24.jpg)
24
Poisoned DNS
• DNS poisoning takes remote employees to criminal sites
• Can be poisoned upstream at the ISP, not just at the WiFi hotspot
• Apps are particularly vulnerable due to poor implementations of certificate validation
![Page 25: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/25.jpg)
25
DNS attacks recently reported
![Page 26: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/26.jpg)
26
Privacy Leaking Apps
• Legitimate apps may upload your corporate directory to a service in the cloud
• That service may be hacked or resold, exposing all of your employees to spear-phishing attacks
• You should deploy a cloud service to scan and analyze apps for malicious behavior and privacy violations
![Page 27: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/27.jpg)
27
Jail-broken & Rooted Devices
• You should prevent access from jail-broken iPhones and rooted Android devices
• Jail-broken/rooted devices have almost zero security protections
![Page 28: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/28.jpg)
28
Unpatched OS Versions
• Unpatched OS and plug-ins are the main attack vector of criminals against your users
![Page 29: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/29.jpg)
29
Live Example
• This example is a live example of taking over the iTunes app on an iPad
• Click twice and enter your device password. You’re owned.
![Page 30: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/30.jpg)
30
Phishing or Spear-Phishing Lure
![Page 31: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/31.jpg)
31
iOS Allows Unsigned and Unverified Profiles
![Page 32: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/32.jpg)
32
Click “Install Now”
![Page 33: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/33.jpg)
33
Enter Your Device Password(if you have set one)
![Page 34: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/34.jpg)
34
iTunes App Removed, Fake iTunes Installed
![Page 35: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/35.jpg)
35
Use Fake iTunes To Steal Passwords, etc
![Page 36: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/36.jpg)
36
Things That A Profile Can Change
• Safari security settings can be disabled
• Javascript settings
• Local app settings
• Allow untrusted TLS connections
• Device settings
• Install X.509 certificates
![Page 37: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/37.jpg)
37
Even Worse: Hostile MDM Profile
• Expands the scope of malicious capabilities to include‒ App replacement and installation
‒ OS replacement
‒ Delete data
‒ Route all traffic to Man-In-The-Middle sites
![Page 38: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/38.jpg)
38
Architecture
App Feeds
Marble App
Reputation Database
Marble App Analysis
Instrumented Marble Access
NetworksWiFisDNS reportsApp reportsDevice fingerprints
MarbleThreat
Database
Marble Threat Reports
Marble Control
Marble Threat LabNetwork Feeds
Marble Access
![Page 39: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/39.jpg)
39
App Analysis Architecture
3rd Party Feeds
Marble App Reputation DB
Rate by newness, behaviour, publisher, spread rates
Download from various app stores & sideloading sites
Use Android Grinder and other tools for analysis
Incident Response & Analysts Team
![Page 40: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/40.jpg)
40
Marble’s Dynamic App Security ArchitectureGoogle Play
Marble Access Mobile Device Client
User Interface
Alerts & Reports
Analytics Engine
Rules
Controller/Scheduler
App Crawler
Risk Engine
Correlation Engine
Marble Security
Lab
Jammer Scanner
Database
Database
Real-time user interface
simulation
DNS lookups, network threat
correlation engine
Network Information
Network Threat
Database
Data Feeds
Stored Apps
Customer’s Security Admin
Marble Security Analysts
Marble Control Service
App Queue
Analyzer
Apple App Store
Other App Stores
Dynamic App Analysis Engine
![Page 41: Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO](https://reader035.vdocument.in/reader035/viewer/2022081515/56649ccf5503460f9499aee1/html5/thumbnails/41.jpg)