IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions

777 views
598 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
777
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions

  1. 1. Anatomy of a Targeted Attack against Mobile Device Management (MDM) Solutions Ohad Bobrov, CTO and co-founder ohad@lacoon.com
  2. 2. Agenda Collapse The collapse of the corporate perimeter Targeted devices Why mobile devices are targeted Demo How mobile malware bypasses current security solutions Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
  3. 3. About Lacoon Mobile Security •  Protecting organizations from mobile threats •  Protecting tier-1 financial, manufacturing, legal and defense organizations •  Cutting edge mobile security research team
  4. 4. The Collapse Of The Corporate Perimeter > 2011
  5. 5. The Collapse Of The Corporate Perimeter “More than 60% of organizations enable BYOD” Gartner, Inc. October 2012
  6. 6. TARGETED MOBILE THREATS
  7. 7. Mobile Devices: Attractive Attack Target Snooping on corporate emails and application data Infiltrating internal LANs Eavesdropping Extracting contact lists, call &text logs Tracking location
  8. 8. Recent High-Profiled Examples
  9. 9. Commercial mobile surveillance tools
  10. 10. Survey: Cellular Network 2M Subscribers Sampling: 650K Data sample •  1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period •  Collected from a channel serving ~650K subscribers •  Traffic constrained to communications to selected malicious IP address
  11. 11. Survey: Cellular Network 2M Subscribers Sampling: 650K Infection rates: June 2013: 1 / 1000 devices
  12. 12. Survey: Cellular Network 2M Subscribers Sampling: 650K
  13. 13. Mobile Device Management (MDM) & Secure Containers
  14. 14. MDMs and Secure Containers 3 features: l  l  l  Encrypt business data Encrypt communications to the business Detect Jailbreak/ Rooting of devices
  15. 15. HOW ATTACKERS BYPASS MDM SOLUTIONS
  16. 16. Let’s Test… DEMO
  17. 17. Overview Infect the Device Install Backdoor Bypass Containerization Exfiltrate Information
  18. 18. Step 1: Infect the device
  19. 19. Step 2: Install a Backdoor / aka Rooting Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS Vulnerability Each Android device had/ has a public vulnerability Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
  20. 20. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
  21. 21. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
  22. 22. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory
  23. 23. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory Exfiltrate information
  24. 24. CURRENT SECURITY SOLUTIONS
  25. 25. Current Solutions: FAIL to Protect
  26. 26. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
  27. 27. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
  28. 28. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research
  29. 29. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
  30. 30. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
  31. 31. Lacoon Mobile Security
  32. 32. Thank You. Stop by: Stand A50 Email me: ohad@lacoon.com Twitter: @LacoonSecurity

×