Upload
lacoon-mobile-security
View
1.437
Download
1
Embed Size (px)
DESCRIPTION
How does mobile malware bypass secure containers, wrappers and MDM?
Citation preview
How Mobile Malware Bypasses Secure Containers
The Mobile Application Sandbox Security Model
The Mobile Applicaton SandBox Security Model
The Mobile Applicaton SandBox Security Model
Storage
The Mobile Applicaton SandBox Security Model
Memory
The Mobile Applicaton SandBox Security Model
Device Functionalities (GPS,Network, SMS)
The Mobile Applicaton SandBox Security Model
Storage
Memory
Device Functionalities (GPS,Network, SMS)
The Mobile Applicaton SandBox Security Model
Storage
Memory
Device Functionalities (GPS,Network, SMS)
Secure Containers and Wrappers
Secure Containers
Memory
Device Functionalities (GPS,Network, SMS)
Storage
Secure Containers
Memory
Device Functionalities (GPS,Network, SMS)
Storage
Wrappers
Memory
Device Functionalities (GPS,Network, SMS)
Storage
How Mobile Malware Breaks Secure Containers
Attack Overview
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
Attack Overview
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
Attack Overview
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
Attack Overview
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
Step-by-Step
Step 1: Infection of the Device/ Android
Step 1: Infecting the Device with Malware/ iOS
Step 2: Installing a Backdoor Android/“Rooting”
Administrative Every process can run as an administrative (root)
user if it is able to trigger a vulnerability in the OS
Vulnerability Each Android device had/ has a vulnerability Exploit Detection mechanisms don’t look at apps that
exploit the vulnerability
] [ ] [
Step 2: Installing a Backdoor Android/iOS/ “Jailbreaking”
Community
Jailbroken
xCon
] [ ] [
Step 3: Bypassing Containerization
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
Step 3: Bypassing Containerization
Memory
Device Functionalities (GPS,Network, SMS)
Storage
] [ ] [
There’s More... Android
Alternative Keyboards
Alternative Keyboards
HELLO WORLD
Alternative Keyboards
HELLO WORLD
Mitigating the Threat with Lacoon
Mobile Security
Behavioral-Based Malware Detection
Virtual execution
Cloud-based virtual execution of applications and payloads to detect exploits
Behavioral-Based Malware Detection
Virtual execution
Identification
Cloud-based virtual execution of applications and payloads to detect exploits
Identification of malicious behaviors within the applications (such as keyloggers and screencaptures)
Behavioral-Based Malware Detection
Virtual execution
Identification
Detection
Cloud-based virtual execution of applications and payloads to detect exploits
Identification of malicious behaviors within the applications (such as keyloggers and screencaptures)
Detection and blocking of C&C activity when mobile malware attempts to exfiltrate information from the device
Behavioral-Based Malware Detection
Virtual execution
Identification
Detection
Blocking of drive-by attacks
Cloud-based virtual execution of applications and payloads to detect exploits
Identification of malicious behaviors within the applications (such as keyloggers and screencaptures)
Detection and blocking of C&C activity when mobile malware attempts to exfiltrate information from the device
Blocking of drive-by attacks, including exploits of unpatched Web browser vulnerabilities and Jailbreaking attempts