• Share
  • Email
  • Embed
  • Like
  • Private Content
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
 

Anatomy of a Targeted Attack against Mobile Device Management (MDM)

on

  • 446 views

In this engaging session, we demonstrate a live attack technique aimed at bypassing a popular MDM solution with an email encryption offering. Further, we show how the mobile surveillance software ...

In this engaging session, we demonstrate a live attack technique aimed at bypassing a popular MDM solution with an email encryption offering. Further, we show how the mobile surveillance software effectively renders the encryption feature useless. This demonstration includes a mobile spyware version which directly accesses the MDM’s memory storage, retrieves the plain-text emails and sends them on to a remote server. Finally, we present mitigation techniques to solve against this problem.

Differentiate between mass consumer-oriented mobile attacks and targeted mobile cyber-attacks
Recognise the shortcoming of MDM as a wholesome security solution
Enhance mobile attack mitigation techniques through mobile activity visibility

Statistics

Views

Total Views
446
Views on SlideShare
446
Embed Views
0

Actions

Likes
0
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Anatomy of a Targeted Attack against Mobile Device Management (MDM) Anatomy of a Targeted Attack against Mobile Device Management (MDM) Presentation Transcript

    • Anatomy of a Targeted Attack against Mobile Device Management (MDM)
    • MDM: Penetration in the Market Gartner, Inc. October 2012
    • TARGETED MOBILE THREATS
    • Mobile Remote Access Trojans (aka Spyphones)
    • Recent High-Profiled Examples
    • Commercial mRATS
    • Survey: Cellular Network 2M Subscribers Sampling: 250K October 2012: 1 / 1000devices
    • Survey: Cellular Network 2M Subscribers Sampling: 250K
    • BYPASSING MOBILE DEVICE MANAGEMENT (MDM) SOLUTIONS
    • MDMs and Secure Containers   
    • Demo Let’s Test These Assumptions…
    • Overview
    • Step 1: Infect the device / Android
    • Step 1: Infect the device / iOS
    • Step 2: Install a Backdoor / Android: Rooting
    • Step 2: Install a Backdoor / iOS: Jailbreaking
    • Step 3: Bypass Containerization
    • Step 3: Bypass Containerization
    • Step 3: Bypass Containerization
    • Step 3: Bypass Containerization
    • MITIGATION TECHNIQUES
    • MDM    
    • Mitigation Steps (1)
    • Mitigation Steps (2)
    • Mitigation Steps (3)
    • March 26 2013 → Android Trojan Found in Targeted Attack A combination of e-mail hacking, "spear phishing," and a Trojan built specifically for Android smartphones to spy on Tibetan activists Inside of Mobile Targeted Attack C&C Server View the software installed on the phone to facilitate customer software hijacking / tool to get software such as QQ, Email, MSN password
    • Thank You.