mobilecon 2013 – attacks aginst mdm solutions (and what you can do about it)
DESCRIPTION
TRANSCRIPT
Anatomy of a Targeted Attack against MDM Solutions (and What Can You Do About It) Michael Shaulov, CEO [email protected] Twitter: @LacoonSecurity
Collapse The collapse of the corporate perimeter
Targeted devices Why mobile devices are targeted
Demo How mobile malware bypasses current security solutions
Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
Agenda
• Protecting organizations from mobile threats
• Industry leading behavioral protection and mitigation solution
• Protecting tier-1 financial, manufacturing, legal and defense organizations
• Cutting edge mobile security research team
About Lacoon Mobile Security
The Collapse Of The Corporate Perimeter
> 2011
The Collapse Of The Corporate Perimeter
“More than
60% of organizations enable BYOD” Gartner, Inc. October 2012
TARGETED MOBILE THREATS
Mobile Devices: Attractive Attack Target
Eavesdropping
Extracting contact lists, call &text logs
Tracking location
Infiltrating internal LANs
Snooping on corporate emails and application data
The Mobile Threatscape B
usin
ess
Impa
ct
Complexity
Consumer-oriented. Mass. Financially motivated, e.g.: Premium SMS Fraudulent charges Botnets
Targeted: Personal Organization Cyber espionage
Mobile Malware Apps
mRATs / Spyphones
The Mobile Threatscape
mRATs / Spyphones
High End: Government / Military grade Mid Range: Cybercrime toolkits Low End: Commercial surveillance toolkits
Recent High-Profiled Examples
Commercial mobile surveillance tools
Data sample • 1 GB traffic sample of spyphone targeted traffic,
collected over a 2-day period
• Collected from a channel serving ~650K subscribers
• Traffic constrained to communications to selected malicious IP address
Survey: Cellular Network 2M Subscribers Sampling: 650K
Infection rates:
June 2013:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 650K
Survey: Cellular Network 2M Subscribers Sampling: 650K
Mobile Device Management
(MDM) & Secure
Containers
MDMs and Secure Containers
3 features:
l Encrypt business data l Encrypt communications to the
business l Detect Jailbreak/ Rooting of
devices
HOW ATTACKERS BYPASS
MDM SOLUTIONS
DEMO
Let’s Test…
Overview
Infect the Device
Install Backdoor
Bypass Containerization
Exfiltrate Information
Step 1: Infect the device
Step 2: Install a Backdoor / aka Rooting
Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS
Vulnerability Each Android device had/ has a public vulnerability
Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Storage
Jo, yjod od sm r,so;
Storage
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Exfiltrate information
Step 3: Bypass Containerization
MITIGATION TECHNIQUES
Current Solutions: FAIL to Protect
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
Mitigation: Current Controls
Mobile Device Management (MDM)
Multi-Persona
Wrapper
Active Sync
NAC
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
Detection: Adding Behavior-based Risk
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Vulnerability Assessment
Lacoon Mobile Security
Thank You.
Stop by: Booth 940 Email me: [email protected] Twitter: @LacoonSecurity