mobile malware -past and future · mobile malware -past and future mikkohypponen chief research...
TRANSCRIPT
![Page 1: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/1.jpg)
Protecting the irreplaceable | f-secure.com
Mobile Malware -Past and Future
MikkoHypponen
Chief Research Officer
F-Secure
![Page 2: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/2.jpg)
•15 February, 2010
![Page 3: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/3.jpg)
![Page 4: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/4.jpg)
![Page 5: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/5.jpg)
![Page 6: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/6.jpg)
Smartphone market shares in 2009
Apple
Microsoft
Android
12%
13%
47%
Data source: Canalys
Android
Others
Palm
RIM
Symbian
19%
![Page 7: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/7.jpg)
Mobile Security -Where are we today?
•First mobile malware found in 2004
•Now: 430 viruses, worm
s and trojans for mobile
platform
s
•Targeting the most common platform
s
•No exploit-based malware, yet
•Real problems elsewhere
•Lost, broken or stolen phones
![Page 8: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/8.jpg)
Bluetoothworm
spreadingpatterns
.
•Cabir foundin-the-wild
fromPhilippinesin August 2004
Singapore
UAE
China
HongKong
France
South Africa
China
India
Finland
Vietnam
Turkey
Russia
UK
Italy
USA
Japan
South Africa
Australia
The Netherlands
Egypt
Luxembourg
New Zealand
Switzerland
Germany
…
![Page 9: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/9.jpg)
![Page 10: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/10.jpg)
![Page 11: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/11.jpg)
Skulls.D
Skulls.D
![Page 12: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/12.jpg)
Making Money With Trojans
Some trojanssend SMS messages to premium rate numbers
•When the trojan application is executed it shows some social
engineering text and either sends SM
S messages directly or asks for
user perm
ission
•Case Redbrowser
![Page 13: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/13.jpg)
How did the vendors react?
•Fixing bluetooth
•Building mandatory signing
![Page 14: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/14.jpg)
Mobile Signing / Certification frameworks
Symbian Signed
iPhone App Store
Palm App Catalog
BlackBerry App World
BlackBerry App World
Windows Marketplace for Mobile
Android Marketplace
![Page 15: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/15.jpg)
![Page 16: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/16.jpg)
Flexispy
•Spying tool that monitors:
•Voice calls
•SM
S messages
•Mobile email
•Phone location
•Phone location
•Remote audio
![Page 17: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/17.jpg)
They cheated!
How did Flexispyget signed?
![Page 18: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/18.jpg)
SexyView.A
•First SM
S worm
•Found in February 2009
•Works on Sym
bian Series 60 3rd edition
•The installation file is signed
•The installation file is signed
![Page 19: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/19.jpg)
Links to:
http://www.wwqx-cyw
.com/gam
e
http://www.wwqx-sun.com/gam
e
http://www.wwqx-mot.com/gam
e
![Page 20: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/20.jpg)
SexyView.D
•Found in July 2009
•Uses English SMS messages
•Downloads the message templates from the web
•First mobile botnet
•First mobile botnet
![Page 21: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/21.jpg)
iPhone
![Page 22: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/22.jpg)
iPhone worm
Ikee
•Found on 8th of November 2009
•Written by an Australian hobbyist
•Hits jailbroken iPhones
•Uses a known ssh
password
•Rickrollsthe phone
•Rickrollsthe phone
Ashley Towns
![Page 23: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/23.jpg)
![Page 24: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/24.jpg)
![Page 25: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/25.jpg)
![Page 26: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/26.jpg)
iPhone w
orm
Duh, 22 November 2009
![Page 27: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/27.jpg)
February 2010 iPhone patches
•CoreAudio(CVE-2010-0036)
arbitrary code execution
•ImageIO
(CVE-2009-2285)
arbitrary code execution
•WebKit(CVE-2009-3384)
arbitrary code execution
•WebKit(CVE-2009-2841)
arbitrary code execution
![Page 28: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/28.jpg)
![Page 29: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/29.jpg)
![Page 30: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/30.jpg)
![Page 31: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/31.jpg)
Android Action
![Page 32: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/32.jpg)
Banks targeted by "09droid"
Abbey Bank
Alaska USA FCU
Alliance & Leicester (v. 1.1)
Bank Atlantic
Bank of America
Bank of Queensland
Barclaycard (v. 1.1)
Barclays Bank (v. 1.2)
LloydsTSB
M&I
Mechanics Bank v.1.1
MFFCU v.1.1
Midwest
Nationwide (v. 1.1)
NatWest (v. 1.1)
Navy Federal Credit Union (v. 1.1)
PNC
Barclays Bank (v. 1.2)
BB&T
Chase
City Bank Texas
Commerce Bank
Compass Bank
Deutsche Bank
Fifty Third Bank v.1.1
First Republic Bank v.1.1
Great Florida Bank
PNC
Royal Bank of Canada
RBS v.1.1
SunTrust
TD Bank v.1.1
US Bank v.1.2
USAA v.1.1
Valley Credit Union
Wachovia Corp (v. 1.2)
Wells Fargo (v. 1.1)
![Page 33: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/33.jpg)
33
![Page 34: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/34.jpg)
![Page 35: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/35.jpg)
Future
•More malware
•Mobile botnets
•Drive-by-exploits
•Rogue dialers
•Major outbreaks
•Major outbreaks
•Mobile spam
bots
![Page 36: Mobile Malware -Past and Future · Mobile Malware -Past and Future MikkoHypponen Chief Research Officer F-Secure Protecting the irreplaceable ... broken or stolen phones. ... frameworks](https://reader034.vdocuments.mx/reader034/viewer/2022043004/5f886fff3bea731f4722b79d/html5/thumbnails/36.jpg)
Protecting the irreplaceable | f-secure.com
Mobile Malware -Past and Future
MikkoHypponen
Chief Research Officer
F-Secure