Protecting Android Mobile Devices from Known ThreatsAndroid OS – A Popular Target for Hacks

Common Android Vulnerabilities

Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected.

Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, and do not necessarily reflect a flaw in Android’s design and implemen-tation.

BETTERat work.

Contact us

BETTER Mobile Security110 Fifth AvenueNew York, NY 10023

+1 877-710-5636info@better.mobi

In the tech industry, it’s a truism that hackers focus their attention on af-flicting the largest number of targets possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target.According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access.

Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.

All trademarks and registered trademarks contained herein are property of their respective holders. Rather than identifying a trademark by symbol with every occurrence, names and logos are used in an editorial fashion, with no intention of infringement of the respective owner’s property.

www.BETTER.mobi

White Paper

Zero Trust Mobile Security

An Introduction to the

BETTER Mobile Security Platform

Executive Summary The increasing threats to mobile security.

The cumulative number of mobile threats is expected to double from the previous

year–reaching over 8 million–spread across devices and applications1. While analysts

have identified the need for real-time, self-aware and self-protecting endpoints, MDM/

EMM and MAM solutions that do not address real time threats still dominate the market.

A zero trust approach for protecting today’s mobile user.

Zero trust is an approach to security that follows the mantra of “never trust, always

verify.” It views every entity, including networks and apps, as hostile and that a breach

is inevitable. Operating from that perspective sets a mandate for a more complete

security solution as opposed to traditional perimeter-based approaches. When applied

to mobile security, a zero trust approach continuously monitors and verifies exactly what

is happening on the network, the mobile device itself, the apps installed on the device,

and actively detects and prevents threats in real time.

In order for a zero trust mobile security solution to be effective, it has to operate based

on the following principles:

• You cannot trust the network

• You cannot trust the device

• You cannot trust the apps

• You cannot trust the user

In this white paper, the following will be covered:

• The current mobile threat landscape and how there is an immediate need

for a zero trust mobile security solution

• An explanation of zero trust

• How to apply a zero trust model to mobile security

• How a zero trust solution for mobile devices needs to operate under the

principles of secure and verify

• How BETTER Mobile Security provides the only comprehensive zero trust

mobile security solution that is able to secure and verify mobile devices,

apps, users and the network in real time

BETTER’s zero trust mobile security solution operates under the assumption that an

attack on a mobile device will happen, and that the network, device, apps, and user

can be hostile. Our solution provides both the security to prevent such attacks as well

as the measures necessary to protect if a breach should occur.

2

A zero trust approach

follows the mantra of

never trust, always verify.

According to cyber

security research, the

vulnerabilities in mobile

devices and apps will

become even greater

risks in 2015.1

The Mobile Threat Landscape

Attacks on mobile devices are rapidly evolving.

The mobile threat landscape is changing rapidly. Mobile attackers are taking traditional

methods from the wired world and adapting them to the mobile one, as well as coming

up with new, never before seen tactics that take advantage of the new avenues mobile

devices offer into an organization’s network. Mobile devices are constantly switched

on and they bounce from one connection to another, allowing a hacker to have multiple

attempts to gain access to a device.

A new end-point of corporate risk.

Mobile threats can wreak havoc on both mobile devices and the corporate network.

Once a trusted device has been compromised, an attacker may have priviledged access

to the corporate network. Depending on the type of attack, they will be able to decrypt

secure communications, intercept traffic to and from the device, install apps or

keyloggers, take screen captures, access any information stored on the device or within

apps, including passwords, email, and text messages. These attacks can go as far as to

give themselves root privileges, jailbreak the device, or leverage the device as part of a

mobile botnet to mount DDoS attacks.

Connected by design, vulnerable as a result.

Our research indicates that mobile devices connect to upwards of ten times more

networks than other end-points. The tools required to intercept, modify, and push

network data are relatively inexpensive, readily available, and their uses are becoming

more sophisticated and nefarious. Man-in-the-Middle (MitM) attacks can perform

active eavesdropping, intercept, and alter traffic between a mobile device and a

remote server. The user believes they are interacting with a known and trusted entity

but, in fact, they are being rerouted through an attacker controlled device. Once

connected to the attacker’s device, all communication going to and from the victim’s

mobile device is seen by the attacker, regardless of encryption such as SSL.

Malicious apps and their means of entry.

Malicious apps can come from anywhere and wreak all kinds of havoc. With no means

of protection, the recommendation to users has always been to not download apps from

unknown sources. This is not a viable approach, because it requires device users to know

what is a trusted source and what is not. Another problem with this approach is that today’s

3

Kapersky Labs reported

that attacks on mobile

devices have increased by

over 400% in the last year.

Mobile devices connect

to upwards of 10x more

networks than other

end-point devices.

Forrester Research

reported that over 61%

of enterprises stated

that app security is

their greatest mobile

security challenge.

attackers are adept at convincing users to trust that an app is genuine and beneficial to

their needs. Malicious apps can steal passwords, email, text messages and corporate data.

They can also log keystrokes and screen scrape. Malicious apps can even be side-loaded

onto an iOS device through the use of stolen or illegally-acquired enterprise or developer

certificates. This gives the attacker the ability to gain access to encrypted data, bypass VPN

tunneling, and break the OS’ sandbox, providing access to containerized apps. This access

enables the attacker to view the contents of secure containers and wrapped apps, thus

nullifying those attempts to protect sensitive data.

WireLurker: the advent of iOS threats.

An iOS malware example, named Wirelurker, uses a stolen enterprise certificate and

a vulnerability in how the trust of the bundle identifier works to install a malicious app

onto a mobile device. Wirelurker was first brought to light by Palo Alto Networks2. It

bypasses the security features on iOS devices and installs malicious apps onto it, without

the need of first jailbreaking the device. The WireLurker Trojan installs itself on an OS X

machine, rooting itself into the operating system, and then waits until an iOS device

connects to the computer. It then abuses the trusted pairing relationship between the

devices to read the mobile device’s serial number, phone number, iTunes store identifier,

plus a host of other sensitive information. This data is all sent to the attacker’s remote

server. It then installs a series of malicious, though benign looking, apps onto the mobile

device. The Wirelurker threat shows how vulnerable iOS devices are to attacks and that

the path to infection can come from anywhere.

Masque attacks: appearances can be deceiving.

Masque attacks get users to install malicious apps on their devices through refined

social engineering techniques such as phishing emails or messages from trusted sources.

These apps take the form of updates to existing apps and are therefore not detectable

by traditional MDM and EMM solutions. Once on the device, they have access to all

data stored within the app. Since these apps are by all appearances genuine and have

the same bundle ID, they go undetected by MDM and EMM solutions, so it is virtually

impossible to know if your data has been compromised.

What can be done to protect my mobile device?

Today, MDM/EMM mobile security solutions offer little to no protection against these

attacks. Hackers play a numbers game with the general public, since all they need is for

just one person to slip up one time to gain access to a corporate network. These attacks

4

The introduction of

WireLurker and Masque

attacks formally marked

the beginning of a new

era of iOS vulnerability.

Today’s malicious apps

appear and behave just like

the authentic versions.

BYOD Explosion:

Gartner has stated that

the number of employee-

owned devices used for

work will be greater than

corporate-owned by 2018.

happen fast, compromising devices, apps, or communications in the blink of an eye,

without being detected. To fully secure mobile devices from threats, the network,

users, apps and the device itself all need to be viewed as potentially hostile. The

solution must operate on the assumption that eventually the device will get into the

wrong hands, apps will be compromised, and communications will be intercepted.

BETTER Mobile Security provides enterprises with the only comprehensive zero trust

mobile security platform on the market. With a “trust no one, verify everything”

approach as our focus, BETTER is able to provide complete protection for mobile

devices in real time. Our solution is end-point based, residing on the device itself, and

continuously monitors the device, apps and connections for any behavioral abnormalities.

When coupled with the BETTER App Shield, the resulting solution has the ability to

provide comprehensive real-time threat detection and prevention. It is this “trust no one,

verify everything” approach that makes BETTER’s mobile security solution truly complete.

Mobile Security Requirements - Comparison Chart (iOS)

MDM/EMM Mobile AV Container Wrapper BETTER

Can Detect Zero-Day Malicious Apps

Can Detect Known/Signature Malicious Apps

Can Detect Exploits

Can Detect MitM Attacks

Can Detect Malicious Profiles

Can Detect Threats in Real-Time

Can Detect Unknown Threats

Real-time Device Monitoring

Continuously Monitors Apps

Continuously Monitors Network

Can Prevent Threats in Real-Time

Can Prevent Unknown Threats

Provides Device Visibility

Provides Device Controls

Secures Mobile Devices

Secures Mobile Apps

Segregates Data

Can Detect a Jailbroken Device

Prevents Lateral Movement of Data

Operates Under Zero Trust

* During enrollment and intermittently.

5

In order for enterprise

to fully protect iOS and

Android devices, they must

adopt a zero trust approach

to mobile security.

* *

BETTER Active Shield

The new generation

of iOS and Android

advanced threats

has demonstrated

that mobile device

management is not

the same as mobile

device security.

BETTER Zero Trust Mobile Security Solution

The comprehensive mobile security platform

for enterprise.

BETTER provides enterprises with a zero trust comprehensive mobile endpoint visibility,

security, and control with real time, self-protecting advanced mobile threat detection

and prevention, that follows the tenant of secure and verify. With BETTER, CSOs and

Security Administrators gain mobile application visibility and risk-based intelligence

and can add security controls to any app outside of an MDM container to satisfy existing

security infrastructure requirements. BETTER does this quickly and seamlessly without

coding or wrapping.

BETTER promotes trust in BYOD deployments. Employees can use their own mobile

devices for business anytime and anywhere in a fully secure way while protecting their

personal privacy and without limiting their freedom of use or control of their own device.

BETTER’s zero trust solution provides self-protecting advanced mobile threat detection

and prevention, protecting all of the data on the device at all times. From simple security

to complete lockdown, BETTER can secure any iOS or Android device and verify that is

safe when it matters, before and after an attack occurs.

BETTER enables mobile employees to harness the full power of corporate mobility

while providing enterprise with complete administrator visibility, risk-based mobile

app intelligence, third party app security, and real time, self-protecting advanced

mobile threat detection and prevention. BETTER’s Advanced Mobile Threat Detection

and Prevention Solution provides iOS and Android devices with a real time self-

protecting solution against advanced mobile threats and targeted attacks. Only BETTER

can identify suspicious activity and secure devices from Man-in-the-Middle attacks,

malicious apps, and any other mobile security threats, known and unknown.

6

According to the 2014

Cyber Threat Defense

Report, more than 60%

of organizations fell

victim to one or more

successful cyberattacks

in 2013.

When is comes to

protecting iOS and

Android mobile devices,

99% secure is the same

as 100% vulnerable.

BETTER Mobile Security Architecture

BETTER’s app virtualization secures any mobile app without making security and usability

tradeoffs. BETTER is the only solution that does not modify iOS and Android apps with

app-wrapping or require the use of an SDK, and adds the zero trust framework of network

security, app security and device integrity. BETTER’s app virtualization technology for

iOS and Android is key to BYOD security because it respects user privacy and choice,

limiting IT visibility and control to the enterprise container and giving workers a native

user experience on their personal device of choice. Network threats of man-in-the-middle

attacks and malware is eliminated because BETTER prevents personal apps from accessing

enterprise resources.

Zero Trust Mobile Security

7

The primary objective is to

minimize the attack surface,

so when a breach occurs

the damage is negligible

Network Security

App Analysis & Testing

Device Integrity

App

Adaptive Virtual App Perimeter

Original App in its Sandbox

App Virtualization

BETTER Product Modules

The BETTER Mobile Security Platform includes four product modules.

BETTER Mobile App Analyzer

The Mobile App Analyzer automatically conducts a complete behavioral analysis of any

mobile app, on demand, and generates a risk-based assessment of the app’s behavior

and vulnerabilities for administrator visibility and evaluation prior to deployment.

BETTER Mobile AppShield

The Mobile AppShield turns any mobile app into a self-aware and self-protecting app,

including all homegrown and third party apps, without wrapping or coding, which

is then easily secured by determined enterprise security controls and policies.

BETTER Mobile Device Configuration Control

The Mobile Device Configuration Control provides enterprise administrators with the

ability to determine, set and enforce policy on any mobile device, including which native

and third party applications can be used and if settings may be changed, and provides

real time visibility of attempts to use unauthorized apps, change settings, make baseline

deviations, as well as advanced mobile threats and targeted attacks.

BETTER Real Time Mobile Threat

Detection and Prevention

Our Real Time Mobile Threat Prevention detects and prevents any advanced mobile

threat, targeted attack or other hostile behavior on the device as it occurs in real time.

BETTER also provides security administrators with real time alerts of targeted attacks,

suspicious device behaviors and baseline deviations, giving them a clear overview and

the ability to take immediate action.

References1. The Invisible Becomes Visible: Trend Micro Security Predictions for 2015 and Beyond.

Trend Micro, 2015.

2. Wirelurker: A New Era in iOS and OS X Malware. Palo Alto Networks, 2014.

3. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security.

Forrester Research, 2014.

8

BETTER Mobile App Analyzer

BETTER Mobile AppShield

BETTER Mobile DeviceConfiguration Control

BETTER Real Time Mobile ThreatDetection and Prevention