The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices,...
Transcript of The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices,...
![Page 1: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/1.jpg)
The Mobile Malware Problem
Eddy WillemsSecurity Evangelist – G Data Security Labs
Director Security Industry Relationships - EICAR
![Page 2: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/2.jpg)
• Security Evangelist at G Data:
Privately owned - Established 1985 in Germany (Bochum) – First Atari AV software
Security solutions for end users and companies
• Personally Involved in the industry since 1989
Introduction
• Worked as Senior Consultant/Anti-Virus Expert for several CERT-organisations
and commercial enterprises like Kaspersky Lab, Westcon(Noxs), etc
• Co-founder of EICAR
• Press officer at AMTSO
![Page 3: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/3.jpg)
Some History:
The old days !
![Page 4: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/4.jpg)
Some years ago
Virus
Spam
Worm
Trojan
![Page 5: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/5.jpg)
Current threats...
![Page 6: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/6.jpg)
The Number Game
About 70.000 new threats per day => +70.000.000 Threats/Malware
Under the Radar = Money is involved
![Page 7: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/7.jpg)
Today’s Networks Lack
Boundaries
ContractorsContractorsContractorsContractors
TelecommutersTelecommutersTelecommutersTelecommuters• Internal/External network
• Individual Users connect from multiple
locations
• Managed/Unmanaged devices
Internet
ContractorsContractorsContractorsContractors
Mobile Mobile Mobile Mobile
UsersUsersUsersUsers
Network
WirelessWirelessWirelessWireless
UsersUsersUsersUsers
• Managed/Unmanaged devices
• Individual devices operate both inside the
network, and on public networks
• New Devices on the Network eg.
Netbooks, Mobile devices, etc
• Question: Who has an Android phone?
iPhone? Symbian? BlackBerry? Other?
![Page 8: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/8.jpg)
• The first incidents:
• Liberty Horse Trojan Sept 2000
• Telefonica SMS Mailer Dec 2000
• 911 DoS SMS Mailer in Japan April 2001
• Flooder sending not wanted SMS Aug 2001
Mobile threats...
Going back to the roots
• Flooder sending not wanted SMS Aug 2001
• Phage destroys files on Palm Sept 2001
• Vapor Trojan Horse hides applications Oct 2001
• GPRS hack into 2.5G US network devices Nov 2002
• Nokia 6210 V-card Exploit Feb 25, 2003
• Siemens “%String” Exploit March 2, 2003
• AT&T SMS Trojan May 5, 2003
• First Symbian based Trojan Sept 2003
![Page 9: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/9.jpg)
Cabir Phone worm
(2003)
• Only works on Series 60 mobile devices,
– Eg. Nokia 3650, 6600, N-Gage.
– Siemens, Samsung, Sendo en Panasonic
• UsesBluetooth too spread each 15-20 seconds
• You must accept the transmission
• You must accept the installation …
• Long term: battery drain
![Page 10: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/10.jpg)
• Total: 27 families (f), 170 modificaties (m)
• Symbian: Flexispy, Comwarrior,…
• Windows Mobile: Brador and Duts
• Java 2 Micro Edition: RedBrowser
Some known malware (2006)
• Java 2 Micro Edition: RedBrowser
• => Not many mobile malware…
![Page 11: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/11.jpg)
Spyware the other wave
eg. Flexispy
![Page 12: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/12.jpg)
Huike 3D anti-terrorist
Story
![Page 13: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/13.jpg)
40%
50%
60%
70%
SymbianiPhoneBlackberry
Global Market Share of Mobile OSpercentage for smartphones - 2007 to 2012 (e = expected)
Source: Gartner
0%
10%
20%
30%
2007 2008 2009 2010 2011e 2012e
BlackberryWin MobileAndroid
![Page 14: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/14.jpg)
Fakeplayer
• Beginning of 2010
• SMS Trojan
• „Pornplayer“
• SMS are send 3x (mostly)
• 8+ variants• 8+ variants
– Different names/icon
– Different premium numbers
http://skamv.wordpress.com/2010/11/02/kiss/
![Page 15: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/15.jpg)
• Android trojan
• Infected hundreds of thousands of
„Geimini“ Attack in
China
• Infected hundreds of thousands ofchinese Android smartphones
• Sended mobile data to servers
• Remote controlled as a botnet forcalls and text messages
![Page 16: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/16.jpg)
DroidDream
• Steals information
• Drops more malware
• Download code from the internet • Download code from the internet
• Misuses 2 vulnerabilities in the Android OS ( patched already)
• Download updates
• Apps released under the names “Kingmall2010″,
“we20090202″ and “Myournet” with DroidDream attached >
Removed from the official Android Market, More than 50
Apps affected…
![Page 17: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/17.jpg)
DroidDream Google’s
removal tool
Which is the real
tool?
![Page 18: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/18.jpg)
ZITMO
Zeus In The Mobile
– Steals mTANs
– Target = Spanish (online) banks
– Replication via PC by Zeus botnet– Replication via PC by Zeus botnet
![Page 19: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/19.jpg)
The Update Problem
![Page 20: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/20.jpg)
Mobile MalwareSituation ...
End of the year ... > 800% increase = Android Malware
![Page 21: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/21.jpg)
• The higher the marketshare the more interesting it becomes for the cybercriminal > money
• How easier the distribution of the malware the more interesting it becomes for the cybercriminal > via several channels, not only via official online Apps Markets/Shops
• Uncontrolled=better/attractive …. Android=Windows?
The Real Problem with Android
• Uncontrolled=better/attractive …. Android=Windows?
• The Permission problem
• Use of exploits are easy because updates of Android are not always easy to install…
• More possibilities in the future: more entrance/backdoor possibilities to spread other malware into businesses and corporates
![Page 22: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/22.jpg)
THE FUTURETHE FUTURE
• Exponential rise of Malicious Apps => Mobile Malware• Mobile malware targetting Social Media / Mobile Payments(NFC) / Banking• Targetted attacks via Mobile Malware • Under the radar of the public ...
![Page 23: The Mobile Malware Problem - ECP · • New Devices on the Network eg. Netbooks, Mobile devices, etc • Question: Who has an Android phone? iPhone? Symbian? BlackBerry? Other? •](https://reader033.fdocuments.net/reader033/viewer/2022050519/5fa2cc3f05bbe92fc6525d50/html5/thumbnails/23.jpg)
Another Secure Solution …:-)
Thank you! Questions?
Twitter: @EddyWillems