Embed Size (px)
DESCRIPTION
Citation preview
Anatomy of a Targeted Attack against Mobile Device Management (MDM) Solutions
Ohad Bobrov, CTO and co-founder [email protected]
Collapse The collapse of the corporate perimeter
Targeted devices Why mobile devices are targeted
Demo How mobile malware bypasses current security solutions
Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
Agenda
• Protecting organizations from mobile threats
• Protecting tier-1 financial, manufacturing, legal and defense organizations
• Cutting edge mobile security research team
About Lacoon Mobile Security
The Collapse Of The Corporate Perimeter
> 2011
The Collapse Of The Corporate Perimeter
“More than
60% of organizations enable BYOD” Gartner, Inc. October 2012
TARGETED MOBILE THREATS
Mobile Devices: Attractive Attack Target
Eavesdropping
Extracting contact lists, call &text logs
Tracking location
Infiltrating internal LANs
Snooping on corporate emails and application data
Recent High-Profiled Examples
Commercial mobile surveillance tools
Data sample • 1 GB traffic sample of spyphone targeted traffic,
collected over a 2-day period
• Collected from a channel serving ~650K subscribers
• Traffic constrained to communications to selected malicious IP address
Survey: Cellular Network 2M Subscribers Sampling: 650K
Infection rates:
June 2013:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 650K
Survey: Cellular Network 2M Subscribers Sampling: 650K
Mobile Device Management
(MDM) & Secure
Containers
MDMs and Secure Containers
3 features:
l Encrypt business data l Encrypt communications to the
business l Detect Jailbreak/ Rooting of
devices
HOW ATTACKERS BYPASS
MDM SOLUTIONS
DEMO
Let’s Test…
Overview
Infect the Device
Install Backdoor
Bypass Containerization
Exfiltrate Information
Step 1: Infect the device
Step 2: Install a Backdoor / aka Rooting
Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS
Vulnerability Each Android device had/ has a public vulnerability
Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Storage
Jo, yjod od sm r,so;
Storage
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Exfiltrate information
Step 3: Bypass Containerization
CURRENT SECURITY SOLUTIONS
Current Solutions: FAIL to Protect
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
Lacoon Mobile Security
