SlideShare a Scribd company logo

Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructure (VDI)

Lacoon Mobile Security
Lacoon Mobile Security

This document discusses practical attacks against virtual desktop infrastructure (VDI) solutions. It begins with introductions to the presenters and an overview of mobile VDI. It then outlines four threats: 1) using a remote access Trojan to keylog credentials, 2) directly grabbing credentials from an Android device, 3) screen scraping on Android, and 4) man-in-the-middle session hijacking on iOS. It argues that a layered mobile security approach is needed to protect VDI, including device assessment, reducing attack surfaces, threat detection, and risk mitigation.

Mobile
1 of 49
Download to read offline
Practical Attacks against Virtual Desktop Infrastructure (VDI) Solutions Michael Shaulov, CEO Daniel Brodie, Sr. Security Researcher Lacoon Mobile Security Lacoon Mobile Security 1
About Daniel §  10 years of security research §  From PC to Mobile §  Researcher and developer at Lacoon Mobile Security §  Developing a virtual execution-based app behavioral analysis framework of mRATs and mobile malware §  Analysis of iOS and Android vulnerabilities and exploits §  BH 2013: “A Practical Attack against Mobile Device Management (MDM) Solutions” Lacoon Mobile Security 2
About Michael §  Decade of experience researching and working in the mobile security space §  From feature-phones to smartphones §  Mobile Security Research Team Leader for Defense Contractors §  CEO and co-founder of Lacoon Mobile Security §  BH EU, BH USA, RSA Conf, GovWare … Lacoon Mobile Security 3
Quick Disclaimer This talk is NOT about: §  Dismiss VDI value as an enterprise mobile solution §  Specific vendor implementation This talk is about: §  Quantify risks that can compromise VDI sessions §  Provide a framework to assess and mitigate the risks Lacoon Mobile Security 4
Agenda §  Mobile VDI 101 §  Practical Mobile Threats against VDI §  Augmenting VDI with Defense-in- Depth Mobile Security §  Conclusions Threat 2 Grabbing credentials locally / Android Threat 3 Screen-scraping/ Android Threat 4 MitM Session Hijacking / iOS Lacoon Mobile Security 5 In the Wild mRAT Key-loggers / AndroidThreat 1
Mobile VDI 101 Lacoon Mobile Security 6
Mobile VDI Motivation Key Requirements for BYOD / CYOD §  Enablement §  DLP / Lost Device §  Intrusion Lacoon Mobile Security 7
Enablement Simplify IT support of BYO devices It can meet the increasing demand for BYO initiatives by delivering apps and desktops as an on-demand service. Lacoon Mobile Security 8
DLP / Lost Device X No content is saved on the device On-demand session Lacoon Mobile Security 9
Intrusion “Virtual desktop security to protect sensitive information Centrally secured virtual desktops and apps in the datacenter reduce the risk of data loss or intrusion when delivered to any device. Corporate access remains secure while intellectual property and sensitive private information stays safe.” Good Marketing Lacoon Mobile Security 10
VDI Architecture - Example Lacoon Mobile Security 11
VDI Players 2 major mobile VDI enterprise players: §  Citrix §  VMware Lacoon Mobile Security 12
Threats to Mobile VDI Solutions Lacoon Mobile Security 13
Threat 1 Using an mRAT for its Keylogging Capabilities Lacoon Mobile Security 14
Emails App Data Contact Lists, Call & Text Logs What is a Mobile Remote Access Trojan (mRAT) Key Logger Screen Scrapper Memory Scrapping Files and Photos Microphone and Camera Track Location Lacoon Mobile Security 15
Recent High-Profiled Examples Lacoon Mobile Security 16
mRAT Spectrum $300K-$12M Government -> Terrorists / Activists Free - $300 Cybercriminal -> ? Free - $100 Everyone -> Everyone Surveillance / Monitoring ToolsDarknet mRATsGov / Mil mRATs Lacoon Mobile Security 17
mRAT Spectrum $300K-$12M Government -> Terrorists / Activists Free - $100 Everyone -> Everyone Surveillance / Monitoring ToolsGov / Mil mRATs Lacoon Mobile Security 18 “Hacking Team is really a very basic software with a public payload based on CVE bugs PUBLIC. Not different than any commercial spyware on internet. Even with lower features.” -- Mobile Malware Google Group
19 Lacoon Mobile Security Commercial Surveillance Software
Data sample Mobile devices communicating through corporate WiFi access points, connected to the Checkpoint firewall Traffic from 95 gateways (~90 enterprises) 20 Lacoon Mobile Security Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research
21 Lacoon Mobile Security Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research mRAT Network Signatures CP Threat Cloud
22 Lacoon Mobile Security How common are mobile threats in the Enterprise? % By Country 41.8 6.6 5.3 4.9 4.9 3.9 3.3 US MX NO TM EC FR BR Key Findings: Number of infected Devices •  290 •  Median: 2 infected devices / enterprise mRATS found •  16 used •  Most common: Spy2Mobile, Mspy, Mobile Spy, Bosspy Types of OS •  90% Android •  10% iOS Country infection rates •  Spread across 30 countries
The full report coming soon… Stay tuned @LacoonSecurity. Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research 23 Lacoon Mobile Security
Lacoon Mobile Security 24 Recap §  Looked at the two solutions §  Test servers (citrixcloud, pivot3’s testdrive) §  Vmware is more of a slim VDI while Citrix has additional capabilities §  Very configurable §  Both provide a myriad of clients and logging in capabilities
Lacoon Mobile Security 25 Threat 1 Using a Widely Popular mRAT on an Android-based Device §  Keylogging for data or authentication info §  mSpy §  Lacoon-Checkpoint “mRATs in the Enterprise” survey §  Mostly used in the enterprise §  Detected in 19 countries, such as USA, Britain, and France Cost: >$50
26 Lacoon Mobile Security mSpy
Different Keylogging options §  Repackage keyboard – done on SwiftKey in 2013 §  Used by mRAT’s as a custom keyboard §  MitM on the active input method – grant yourself the BIND_INPUT_METHOD permission §  Pretty complicated and requires elevated privileges §  Input Manager Service is a native process, hooking it at the InputDispatcher- >dispatchOnce will give you access to all input events §  Practically all Android ROMs use default symbol visibility 27 Lacoon Mobile Security
Threat 2 Grabbing Credentials Locally on Android 28 Lacoon Mobile Security
Threat 2 Grabbing Credentials Locally on Android §  Keylogging has it’s own problems §  Target the client itself to grab whatever credentials you need Lacoon Mobile Security 29
Threat 2 Grabbing Credentials Locally on Android 1.  Run a Privilege Elevation vulnerability 1.  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… 2.  Exploit does not leave identifiable root marks 2.  Enable jdwp debugging on all the apps installed on the device 3.  Connect as a debugger to the VDI client 4.  Set a breakpoint on a function that handles the credentials Lacoon Mobile Security 30
31 Lacoon Mobile Security Debugging the Session against the VDI Client
Enabling jdwp debugging on apps §  By ptrace-ing the init process to dynamically change the ro.debugabble property §  Similar to what setpropx does §  By starting the jdwp thread by yourself in the relevant process §  Easily done by calling the dvmJdwpStartup with ptrace 32 Lacoon Mobile Security
Possibilities to hook apps JDWP easy way to simply sit on a specific java function after enabling debugging XPosed / Cydia Substrate Also great way to dynamically hook a function without needing to resort to debugging §  Uses a small jar injected into every process by zygote to initiate hooking, dalvik changes not neccesary Native code hooking Through ptrace debugging or so- injection §  Either by having a relevant native function somewhere in the stack §  Also very useful for hooking ART 33 Lacoon Mobile Security
Threat 3 Screen Scraping against Android 34 Lacoon Mobile Security
Two possible methods §  Leverage the clipboard access support §  Record the screen automatically when the mRAT detects that the VDI client is connected Threat 3 Screen Scraping against Android 35 Lacoon Mobile Security
Screen Scraping using Clipboard Access Support Run a Privilege Escalation vulnerability §  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… §  Exploit does not leave identifiable root marks Monitor the current foreground activity using standard Android APIs getRunningTasks/getForgroundApp Inject keyboard events to cause content to be copied from the file to the clipboard §  Using InputManager’s injectInputEvent (as root/system) we can inject input events §  Specifically Ctrl+A, Ctrl+C will work for most interesting applications 36 Lacoon Mobile Security
37 Lacoon Mobile Security Screen Scraping using Clipboard Access Support Inside the VDI client Data extracted from VDI client
Screen Scraping using Screen Recording 1.  Run a Privilege Escalation vulnerability §  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… §  Exploit does not leave identifiable root marks 2.  Monitor the current foreground activity using standard Android APIs §  getRunningTasks/getForgroundApp 3.  Start recording the screen using one of the recording apis (go into depth) §  4.4 has a nice new screenrecorder – but possible even earlier by accessing framebuffer §  SurfaceView.setSecure would need to be patched on 4.2 and up Lacoon Mobile Security 38
Threat 4 Man-in-the-middle (MITM) 39 Lacoon Mobile Security
User VDI Credentials Authorized List of services & Organizational policy Request for Service A VDI 40 Lacoon Mobile Security VDI Protocol Flow Server User Inserts VDI credsSSL Connections VDI Client Mobile Device
41 Lacoon Mobile Security Malicious Configuration Profiles Proxy/VPN Certificate Authority
42 Lacoon Mobile Security Threat #4: MitM against iOS This is an email with a phishing link to a configuration profile. It will be replaced with a screenshot. VDI Server
More possibilities with MitM attacks §  Duplicating the actual screen/input stream to a separate machine §  VmWare Horizon Viewer uses either a proprietary protocol or RDP §  Citrix Receiver uses a proprietary protocol called ICA – not widely analyzed yet §  Simulate commands to the client and/or server §  Can be used to do implementation specific actions, including gaining VPN credentials, etc… 43 Lacoon Mobile Security
Building the necessary 44 Lacoon Mobile Security mobile security strategy
VDI depends on the integrity of the host system §  Protects the data as long as the device is uncompromised §  If the underlying device is compromised, so is the VDI solution Conclusions 45 Lacoon Mobile Security
A multi-layer approach to mobile security. Detect. Assess. Respond to Mobile Threats. A Layered Mobile Security Approach 46 Lacoon Mobile Security
A Layered Mobile Security Approach 47 Lacoon Mobile Security •  Assess Device, Configurations, Apps •  Reduce attack surface Accurate mitigation and dynamic access control of compromised devices, using a rich toolbox: •  Integration to MDM, NAC and SIEM •  On-device remediation and on-demand network mitigation •  Device, Application, Network anomaly detection •  Mobile AV, advanced app reputation analysis •  Detect and classify advanced threats (Zero-day, APT, malicious applications, etc) Advanced Mobile Threat Detection Mobile Vulnerability Assessment Mobile Risk Mitigation
Thanks to those that helped on the Lacoon-Checkpoint mRATs in the Enterprise Survey! Lacoon §  Pavel Berengoltz §  Shai Yanovski §  Shalom Bublil §  Shayna Tichler §  Amir Kessler §  Noam Modai Checkpoint §  Inna Myslyuk §  Gali Carmel §  Ron Davidson §  Inbar Raz §  Alon Kantor 48 Lacoon Mobile Security
Thank You! Email: contact@lacoon.com Twitter: @LacoonSecurity Lacoon Mobile Security 49

Recommended

BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management SolutionsBlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
Lacoon Mobile Security
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
Lacoon Mobile Security
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
Lacoon Mobile Security
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Forescout Technologies Inc
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
Securing the Enterprise Mobile Perimeter
Securing the Enterprise Mobile PerimeterSecuring the Enterprise Mobile Perimeter
Securing the Enterprise Mobile Perimeter
Brian Gleeson
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
UserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows NetworksUserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows Networks
IS Decisions
 

Recommended

BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management SolutionsBlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
Lacoon Mobile Security
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
Lacoon Mobile Security
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
Lacoon Mobile Security
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Forescout Technologies Inc
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
Securing the Enterprise Mobile Perimeter
Securing the Enterprise Mobile PerimeterSecuring the Enterprise Mobile Perimeter
Securing the Enterprise Mobile Perimeter
Brian Gleeson
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
UserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows NetworksUserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows Networks
IS Decisions
 
Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
Darktrace
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
Amazon Web Services
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
Xavier Mertens
 
Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0
Javier Gonzalez
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
LeMeniz Infotech
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
Network Simulation Tools
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
Samsung knox and android for work
Samsung knox and android for workSamsung knox and android for work
Samsung knox and android for work
Javier Gonzalez
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
Symantec
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
Lookout
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กรการสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
Software Park Thailand
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
Sierraware
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
Petr Dvorak
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
Gurbir Singh
 

More Related Content

What's hot

C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 

What's hot (20)

Darktrace Proof of Value
Darktrace Proof of ValueDarktrace Proof of Value
Darktrace Proof of Value
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0Samsung knox security_solution_v1_10_0
Samsung knox security_solution_v1_10_0
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Samsung knox and android for work
Samsung knox and android for workSamsung knox and android for work
Samsung knox and android for work
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กรการสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 

Similar to Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructure (VDI)

2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
Amazon Web Services
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
Jimmy Saigon
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
Rochester Security Summit
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 

Similar to Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructure (VDI) (20)

Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - Trend
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 
CC_ SECURITY ISSUES by a_khoshnoudi @IUST
CC_ SECURITY ISSUES by a_khoshnoudi @IUST CC_ SECURITY ISSUES by a_khoshnoudi @IUST
CC_ SECURITY ISSUES by a_khoshnoudi @IUST
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPS
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 

More from Lacoon Mobile Security

Mobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under AttackMobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under Attack
Lacoon Mobile Security
 
Amphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMsAmphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMs
Lacoon Mobile Security
 
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM SolutionsIPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
Lacoon Mobile Security
 
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Lacoon Mobile Security
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
Lacoon Mobile Security
 

More from Lacoon Mobile Security (8)

Mobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under AttackMobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under Attack
 
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E..."Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
 
Amphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMsAmphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMs
 
An Overview of mRATs
An Overview of mRATsAn Overview of mRATs
An Overview of mRATs
 
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM SolutionsIPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
 
How Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure ContainersHow Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure Containers
 
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
 
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)
 

Recently uploaded

9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
nishacall1
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Cara Menggugurkan Kandungan 087776558899
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
nishacall1
 

Recently uploaded (6)

Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdf
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 

Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructure (VDI)

  • 1. Practical Attacks against Virtual Desktop Infrastructure (VDI) Solutions Michael Shaulov, CEO Daniel Brodie, Sr. Security Researcher Lacoon Mobile Security Lacoon Mobile Security 1
  • 2. About Daniel §  10 years of security research §  From PC to Mobile §  Researcher and developer at Lacoon Mobile Security §  Developing a virtual execution-based app behavioral analysis framework of mRATs and mobile malware §  Analysis of iOS and Android vulnerabilities and exploits §  BH 2013: “A Practical Attack against Mobile Device Management (MDM) Solutions” Lacoon Mobile Security 2
  • 3. About Michael §  Decade of experience researching and working in the mobile security space §  From feature-phones to smartphones §  Mobile Security Research Team Leader for Defense Contractors §  CEO and co-founder of Lacoon Mobile Security §  BH EU, BH USA, RSA Conf, GovWare … Lacoon Mobile Security 3
  • 4. Quick Disclaimer This talk is NOT about: §  Dismiss VDI value as an enterprise mobile solution §  Specific vendor implementation This talk is about: §  Quantify risks that can compromise VDI sessions §  Provide a framework to assess and mitigate the risks Lacoon Mobile Security 4
  • 5. Agenda §  Mobile VDI 101 §  Practical Mobile Threats against VDI §  Augmenting VDI with Defense-in- Depth Mobile Security §  Conclusions Threat 2 Grabbing credentials locally / Android Threat 3 Screen-scraping/ Android Threat 4 MitM Session Hijacking / iOS Lacoon Mobile Security 5 In the Wild mRAT Key-loggers / AndroidThreat 1
  • 6. Mobile VDI 101 Lacoon Mobile Security 6
  • 7. Mobile VDI Motivation Key Requirements for BYOD / CYOD §  Enablement §  DLP / Lost Device §  Intrusion Lacoon Mobile Security 7
  • 8. Enablement Simplify IT support of BYO devices It can meet the increasing demand for BYO initiatives by delivering apps and desktops as an on-demand service. Lacoon Mobile Security 8
  • 9. DLP / Lost Device X No content is saved on the device On-demand session Lacoon Mobile Security 9
  • 10. Intrusion “Virtual desktop security to protect sensitive information Centrally secured virtual desktops and apps in the datacenter reduce the risk of data loss or intrusion when delivered to any device. Corporate access remains secure while intellectual property and sensitive private information stays safe.” Good Marketing Lacoon Mobile Security 10
  • 11. VDI Architecture - Example Lacoon Mobile Security 11
  • 12. VDI Players 2 major mobile VDI enterprise players: §  Citrix §  VMware Lacoon Mobile Security 12
  • 13. Threats to Mobile VDI Solutions Lacoon Mobile Security 13
  • 14. Threat 1 Using an mRAT for its Keylogging Capabilities Lacoon Mobile Security 14
  • 15. Emails App Data Contact Lists, Call & Text Logs What is a Mobile Remote Access Trojan (mRAT) Key Logger Screen Scrapper Memory Scrapping Files and Photos Microphone and Camera Track Location Lacoon Mobile Security 15
  • 17. mRAT Spectrum $300K-$12M Government -> Terrorists / Activists Free - $300 Cybercriminal -> ? Free - $100 Everyone -> Everyone Surveillance / Monitoring ToolsDarknet mRATsGov / Mil mRATs Lacoon Mobile Security 17
  • 18. mRAT Spectrum $300K-$12M Government -> Terrorists / Activists Free - $100 Everyone -> Everyone Surveillance / Monitoring ToolsGov / Mil mRATs Lacoon Mobile Security 18 “Hacking Team is really a very basic software with a public payload based on CVE bugs PUBLIC. Not different than any commercial spyware on internet. Even with lower features.” -- Mobile Malware Google Group
  • 19. 19 Lacoon Mobile Security Commercial Surveillance Software
  • 20. Data sample Mobile devices communicating through corporate WiFi access points, connected to the Checkpoint firewall Traffic from 95 gateways (~90 enterprises) 20 Lacoon Mobile Security Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research
  • 21. 21 Lacoon Mobile Security Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research mRAT Network Signatures CP Threat Cloud
  • 22. 22 Lacoon Mobile Security How common are mobile threats in the Enterprise? % By Country 41.8 6.6 5.3 4.9 4.9 3.9 3.3 US MX NO TM EC FR BR Key Findings: Number of infected Devices •  290 •  Median: 2 infected devices / enterprise mRATS found •  16 used •  Most common: Spy2Mobile, Mspy, Mobile Spy, Bosspy Types of OS •  90% Android •  10% iOS Country infection rates •  Spread across 30 countries
  • 23. The full report coming soon… Stay tuned @LacoonSecurity. Survey: mRATs in the Enterprise A Lacoon-Checkpoint Research 23 Lacoon Mobile Security
  • 24. Lacoon Mobile Security 24 Recap §  Looked at the two solutions §  Test servers (citrixcloud, pivot3’s testdrive) §  Vmware is more of a slim VDI while Citrix has additional capabilities §  Very configurable §  Both provide a myriad of clients and logging in capabilities
  • 25. Lacoon Mobile Security 25 Threat 1 Using a Widely Popular mRAT on an Android-based Device §  Keylogging for data or authentication info §  mSpy §  Lacoon-Checkpoint “mRATs in the Enterprise” survey §  Mostly used in the enterprise §  Detected in 19 countries, such as USA, Britain, and France Cost: >$50
  • 27. Different Keylogging options §  Repackage keyboard – done on SwiftKey in 2013 §  Used by mRAT’s as a custom keyboard §  MitM on the active input method – grant yourself the BIND_INPUT_METHOD permission §  Pretty complicated and requires elevated privileges §  Input Manager Service is a native process, hooking it at the InputDispatcher- >dispatchOnce will give you access to all input events §  Practically all Android ROMs use default symbol visibility 27 Lacoon Mobile Security
  • 28. Threat 2 Grabbing Credentials Locally on Android 28 Lacoon Mobile Security
  • 29. Threat 2 Grabbing Credentials Locally on Android §  Keylogging has it’s own problems §  Target the client itself to grab whatever credentials you need Lacoon Mobile Security 29
  • 30. Threat 2 Grabbing Credentials Locally on Android 1.  Run a Privilege Elevation vulnerability 1.  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… 2.  Exploit does not leave identifiable root marks 2.  Enable jdwp debugging on all the apps installed on the device 3.  Connect as a debugger to the VDI client 4.  Set a breakpoint on a function that handles the credentials Lacoon Mobile Security 30
  • 31. 31 Lacoon Mobile Security Debugging the Session against the VDI Client
  • 32. Enabling jdwp debugging on apps §  By ptrace-ing the init process to dynamically change the ro.debugabble property §  Similar to what setpropx does §  By starting the jdwp thread by yourself in the relevant process §  Easily done by calling the dvmJdwpStartup with ptrace 32 Lacoon Mobile Security
  • 33. Possibilities to hook apps JDWP easy way to simply sit on a specific java function after enabling debugging XPosed / Cydia Substrate Also great way to dynamically hook a function without needing to resort to debugging §  Uses a small jar injected into every process by zygote to initiate hooking, dalvik changes not neccesary Native code hooking Through ptrace debugging or so- injection §  Either by having a relevant native function somewhere in the stack §  Also very useful for hooking ART 33 Lacoon Mobile Security
  • 34. Threat 3 Screen Scraping against Android 34 Lacoon Mobile Security
  • 35. Two possible methods §  Leverage the clipboard access support §  Record the screen automatically when the mRAT detects that the VDI client is connected Threat 3 Screen Scraping against Android 35 Lacoon Mobile Security
  • 36. Screen Scraping using Clipboard Access Support Run a Privilege Escalation vulnerability §  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… §  Exploit does not leave identifiable root marks Monitor the current foreground activity using standard Android APIs getRunningTasks/getForgroundApp Inject keyboard events to cause content to be copied from the file to the clipboard §  Using InputManager’s injectInputEvent (as root/system) we can inject input events §  Specifically Ctrl+A, Ctrl+C will work for most interesting applications 36 Lacoon Mobile Security
  • 37. 37 Lacoon Mobile Security Screen Scraping using Clipboard Access Support Inside the VDI client Data extracted from VDI client
  • 38. Screen Scraping using Screen Recording 1.  Run a Privilege Escalation vulnerability §  TowelRoot (CVE-2014-315), VROOT (CVE-2013-6282),… §  Exploit does not leave identifiable root marks 2.  Monitor the current foreground activity using standard Android APIs §  getRunningTasks/getForgroundApp 3.  Start recording the screen using one of the recording apis (go into depth) §  4.4 has a nice new screenrecorder – but possible even earlier by accessing framebuffer §  SurfaceView.setSecure would need to be patched on 4.2 and up Lacoon Mobile Security 38
  • 40. User VDI Credentials Authorized List of services & Organizational policy Request for Service A VDI 40 Lacoon Mobile Security VDI Protocol Flow Server User Inserts VDI credsSSL Connections VDI Client Mobile Device
  • 41. 41 Lacoon Mobile Security Malicious Configuration Profiles Proxy/VPN Certificate Authority
  • 42. 42 Lacoon Mobile Security Threat #4: MitM against iOS This is an email with a phishing link to a configuration profile. It will be replaced with a screenshot. VDI Server
  • 43. More possibilities with MitM attacks §  Duplicating the actual screen/input stream to a separate machine §  VmWare Horizon Viewer uses either a proprietary protocol or RDP §  Citrix Receiver uses a proprietary protocol called ICA – not widely analyzed yet §  Simulate commands to the client and/or server §  Can be used to do implementation specific actions, including gaining VPN credentials, etc… 43 Lacoon Mobile Security
  • 44. Building the necessary 44 Lacoon Mobile Security mobile security strategy
  • 45. VDI depends on the integrity of the host system §  Protects the data as long as the device is uncompromised §  If the underlying device is compromised, so is the VDI solution Conclusions 45 Lacoon Mobile Security
  • 46. A multi-layer approach to mobile security. Detect. Assess. Respond to Mobile Threats. A Layered Mobile Security Approach 46 Lacoon Mobile Security
  • 47. A Layered Mobile Security Approach 47 Lacoon Mobile Security •  Assess Device, Configurations, Apps •  Reduce attack surface Accurate mitigation and dynamic access control of compromised devices, using a rich toolbox: •  Integration to MDM, NAC and SIEM •  On-device remediation and on-demand network mitigation •  Device, Application, Network anomaly detection •  Mobile AV, advanced app reputation analysis •  Detect and classify advanced threats (Zero-day, APT, malicious applications, etc) Advanced Mobile Threat Detection Mobile Vulnerability Assessment Mobile Risk Mitigation
  • 48. Thanks to those that helped on the Lacoon-Checkpoint mRATs in the Enterprise Survey! Lacoon §  Pavel Berengoltz §  Shai Yanovski §  Shalom Bublil §  Shayna Tichler §  Amir Kessler §  Noam Modai Checkpoint §  Inna Myslyuk §  Gali Carmel §  Ron Davidson §  Inbar Raz §  Alon Kantor 48 Lacoon Mobile Security
  • 49. Thank You! Email: contact@lacoon.com Twitter: @LacoonSecurity Lacoon Mobile Security 49