MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
-
Upload
lacoon-mobile-security -
Category
Technology
-
view
338 -
download
2
description
Transcript of MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
![Page 1: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/1.jpg)
Anatomy of a Targeted Attack against MDM Solutions (and What Can You Do About It) Michael Shaulov, CEO [email protected] Twitter: @LacoonSecurity
![Page 2: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/2.jpg)
Collapse The collapse of the corporate perimeter
Targeted devices Why mobile devices are targeted
Demo How mobile malware bypasses current security solutions
Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
Agenda
![Page 3: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/3.jpg)
• Protecting organizations from mobile threats
• Industry leading behavioral protection and mitigation solution
• Protecting tier-1 financial, manufacturing, legal and defense organizations
• Cutting edge mobile security research team
About Lacoon Mobile Security
![Page 4: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/4.jpg)
The Collapse Of The Corporate Perimeter
> 2011
![Page 5: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/5.jpg)
The Collapse Of The Corporate Perimeter
“More than
60% of organizations enable BYOD” Gartner, Inc. October 2012
![Page 6: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/6.jpg)
TARGETED MOBILE THREATS
![Page 7: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/7.jpg)
Mobile Devices: Attractive Attack Target
Eavesdropping
Extracting contact lists, call &text logs
Tracking location
Infiltrating internal LANs
Snooping on corporate emails and application data
![Page 8: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/8.jpg)
The Mobile Threatscape B
usin
ess
Impa
ct
Complexity
Consumer-oriented. Mass. Financially motivated, e.g.: Premium SMS Fraudulent charges Botnets
Targeted: Personal Organization Cyber espionage
Mobile Malware Apps
mRATs / Spyphones
![Page 9: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/9.jpg)
The Mobile Threatscape
mRATs / Spyphones
High End: Government / Military grade Mid Range: Cybercrime toolkits Low End: Commercial surveillance toolkits
![Page 10: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/10.jpg)
Recent High-Profiled Examples
![Page 11: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/11.jpg)
Commercial mobile surveillance tools
![Page 12: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/12.jpg)
Data sample • 1 GB traffic sample of spyphone targeted traffic,
collected over a 2-day period
• Collected from a channel serving ~650K subscribers
• Traffic constrained to communications to selected malicious IP address
Survey: Cellular Network 2M Subscribers Sampling: 650K
![Page 13: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/13.jpg)
Infection rates:
June 2013:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 650K
![Page 14: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/14.jpg)
Survey: Cellular Network 2M Subscribers Sampling: 650K
![Page 15: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/15.jpg)
Mobile Device Management
(MDM) & Secure
Containers
![Page 16: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/16.jpg)
MDMs and Secure Containers
3 features:
l Encrypt business data l Encrypt communications to the
business l Detect Jailbreak/ Rooting of
devices
![Page 17: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/17.jpg)
HOW ATTACKERS BYPASS
MDM SOLUTIONS
![Page 18: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/18.jpg)
DEMO
Let’s Test…
![Page 19: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/19.jpg)
Overview
Infect the Device
Install Backdoor
Bypass Containerization
Exfiltrate Information
![Page 20: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/20.jpg)
Step 1: Infect the device
![Page 21: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/21.jpg)
Step 2: Install a Backdoor / aka Rooting
Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS
Vulnerability Each Android device had/ has a public vulnerability
Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
![Page 22: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/22.jpg)
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Storage
![Page 23: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/23.jpg)
Jo, yjod od sm r,so;
Storage
Step 3: Bypass Containerization
![Page 24: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/24.jpg)
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Step 3: Bypass Containerization
![Page 25: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/25.jpg)
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Exfiltrate information
Step 3: Bypass Containerization
![Page 26: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/26.jpg)
MITIGATION TECHNIQUES
![Page 27: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/27.jpg)
Current Solutions: FAIL to Protect
![Page 28: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/28.jpg)
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
![Page 29: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/29.jpg)
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
![Page 30: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/30.jpg)
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
![Page 31: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/31.jpg)
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
![Page 32: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/32.jpg)
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
![Page 33: MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)](https://reader034.fdocuments.net/reader034/viewer/2022051514/549c1115b47959b0318b4624/html5/thumbnails/33.jpg)
Lacoon Mobile Security