Mobile Applications &SecurityLigia Adam, Security Evangelistladam@bitdefender.com@LigiaAdamCopyright@bitdefender 2012 / ww...
mobile devices are on the rise         •      at the end of 2011, there were 6 billion mobile subscriptions         •     ...
global use of mobile browsingCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 3
what’s mobile used for (now)         Most popular mobile destinations are news and information, weather                rep...
mobile environment status         •      there are more than 400,000 Android apps on Google Play         •      iPhone & i...
the need for mobile security         •      Mobile malware attacks are up 155 percent across ALL platforms                ...
Mobile Phising•     phishing (criminals attempt to trick users into sharing passwords etc)Copyright@bitdefender 2012 / www...
Tips to Avoid Becoming a Mobile Banking Phishing Victim                - Before you click on a link, make sure it is legit...
Trojans for mobileCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 9
SndApps TrojanCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 10
Mobile Spyware         • tracks user’s activity, sending the phone’s           location, IMEI, phone number, address book ...
the dark side of the mobile world         Other threats for mobile users are:         •      worms (a program that copies ...
types of mobile app risks         Malicious Functionality         • Activity monitoring and data retrieval (e.g: Secret SM...
types of mobile app risks / II         App Vulnerabilities         •      Sensitive data leakage (inadvertent or side chan...
how to get to mobile hell         • direct download, SMS, MMS, e-mail and Bluetooth.         • via device rooting         ...
Q1 mobile malware landscape / I         • the most frequent e-threats identified by Bitdefender in           the mobile ma...
Q1 mobile malware landscape / II         •      China, Russia and France have the highest count of smartphone             ...
Latest trends in Android malware         •      Crafty adware, followed by Fake Battery Doctor and Exploit                ...
Top Android malware in US                                                                                               An...
Top Android malware in DE                                                            0.08%                                ...
Top Android malware in UK                                                            0.91%                                ...
mobile security predictionsit will get worse, before it gets better, on all levels of mobile security:         • software ...
May 2012Copyright@Bitdefender 2011 / www.Bitdefender.com   7/9/2012 • 23
Bitdefender Mobile SecurityCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 24
Copyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 25
Copyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 26
BITDEFENDER MOBILE SECURITY LOVE            Bitdefender Mobile Security is practically unnoticeable on your Android device...
Detailed FeaturesCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 28
How it looks likeCopyright@Bitdefender 2011 / www.Bitdefender.com   7/9/2012 • 29
Anti-Theft in MyBitdefenderCopyright@Bitdefender 2011 / www.Bitdefender.com   7/9/2012 • 30
Copyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 31
Copyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 32
POWER TUNE-UP IN ONE SLIDEBitdefender Power Tune-Up brings back control in yourhands. Optimize your Android device for max...
THE BATTERY SAVERSave up precious battery life byswitching to the predefinedBattery Saver or create your owncustom profile...
THE BATTERY WIDGETWith the Power Tune-Upwidget you can keep aneye on your remainingbattery time.Copyright@bitdefender 2012...
THE DATA METER - 3G DATA TRAFFIC COUNTERIt’s easy to browse away and forgetyou have a limited data plan.Set up a usage cap...
THE CLEAN-UP MODULERunning out of space?With Clean-Up you can removetemporary files, delete downloadedfiles or uninstall u...
1. CPU used %          Power Tune-Up: 0.093          System Panel, System Tuner Lite: 0.11          Mobile Utilities Task ...
Bitdefender Power Tune-Up                                                   Now out of BETA                               ...
Copyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 40
CLUEFUL is a world first!Copyright@bitdefender 2012 / www.bitdefender.com                               7/9/2012 • 41
Clueful is the only way to really understand apps, how they use your data and treat your privacy.  Clueful identifies nast...
There are apps that:          -track your location          - drain your battery          - can read and make use of your ...
How it looks likeCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 44
THE CLUESCopyright@bitdefender 2012 / www.bitdefender.com   7/9/2012 • 45
THE HOWS and WHENS                                                   Bitdefender Clueful                                  ...
The Clueful App                                                   Check it out @ wwww.cluefulapp.comCopyright@bitdefender ...
Thank you!                                                   Q/A?Ligia Adam, Security Evangelistmail me: ladam@bitdefender...
Resources1.    http://www.bitdefender.com/news/q1-2012-e-threat-landscape-report-2457.html2.    http://www.itu.int/ITU-D/i...
Security Issues in the Mobile Environment
Upcoming SlideShare
Loading in …5
×

Security Issues in the Mobile Environment

2,307 views
2,240 views

Published on

The status of the mobile world and its security issues in mid 2012

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,307
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
75
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Mobile devices have now replaced laptops as the soft target.- 96 percent of smartphones and tablets do not have third-party security software installed, according to Canalys and Juniper
  • People who believe "there's nothing worth stealing on a smartphone“overlooks emails, attachments, contacts and address books and, of course, the wireless and VPN configuration that permit access to the corporate network.
  • EG: sending each email sent on the device to a hidden 3rd party address, letting an attacker listen in on phone calls or simply open microphone recordingThe category of Vulnerabilities are errors in design or implementation that expose the mobile device data to interception and retrieval by attackers. Vulnerabilities can also expose the mobile device or the cloud applications used from the device to unauthorized access.
  • Closely followed by “Battery Doctor” (also known as Android.Trojan.FakeDoc.A) with a 23.37% infection rate, we’re left to conclude that either awareness of this Trojan is still pretty low or people simply don’t mind having their devices pried into.Worth mentioning is a second adware (Android.Adware.Wallap.A) which, although ranked seventh in our chat, proves that adware is definitely on the rise. The downloaded file is “Update.apk” and the application is named “com.Security.Update” so that everyone will execute it when user assistance is prompted. Ranked eighth in our chart, this Trojan will probably fade out of existence unless more websites are hit by the same drive-by attacks.Your Facebook, Twitter, and LinkedIn usernames and passwords are still not safe, because Android.Hacktool.DroidSheep.A is still in our top ten malware chart. Headstrong and not going away, we still issue a warning to those in the habit of downloading bizarre and questionable apps from strange marketplaces.
  • Demo the functionalities of Bitdefender mobile security with focus onCloud detection and speedLittle to no impact on battery performanceHigh and reliable detection rateInsight to the permissions granted to the installed applications through Security AuditAnti-Theft functionalities : Remotely Locate the device
  • Security Issues in the Mobile Environment

    1. 1. Mobile Applications &SecurityLigia Adam, Security Evangelistladam@bitdefender.com@LigiaAdamCopyright@bitdefender 2012 / www.bitdefender.com
    2. 2. mobile devices are on the rise • at the end of 2011, there were 6 billion mobile subscriptions • there are now 1.2 billion mobile Web users worldwide - aka ~17% of the global population uses a smartphone • and over 491.4 million smartphones were sold worldwide in 2011Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 2
    3. 3. global use of mobile browsingCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 3
    4. 4. what’s mobile used for (now) Most popular mobile destinations are news and information, weather reports, social networking, search and maps. - mobile browsers for banking, travel, shopping, local info, news, video, sports and blogs - apps for games, social media, maps and musicCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 4
    5. 5. mobile environment status • there are more than 400,000 Android apps on Google Play • iPhone & iPad users get to choose between over 650,000 iOS Apps • Apps usage • nearly 2 in 3 smartphone users use apps daily • App users had an average of 12 apps on their devices • mobile app downloads should jump to ~50 billion in 2012Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 5
    6. 6. the need for mobile security • Mobile malware attacks are up 155 percent across ALL platforms in the last year, according to Juniper • The most vulnerable platform is Android, where malware increased by more than 4500% in a year (!) • iPhones and iPads are very vulnerable to jailbreaking services that infect the device during the rooting process and just as vulnerable to web browsing attacks as any other device • There are HUGE privacy issues with iOS apps (according to Clueful stats) • attacks to Blackberry and Symbian platforms also doubled since last yearCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 6
    7. 7. Mobile Phising• phishing (criminals attempt to trick users into sharing passwords etc)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 7
    8. 8. Tips to Avoid Becoming a Mobile Banking Phishing Victim - Before you click on a link, make sure it is legitimate. - Remember that e-banking can be risky, especially when using a mobile device - Always keep your mobile device operating system and antivirus solution updated.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 8
    9. 9. Trojans for mobileCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 9
    10. 10. SndApps TrojanCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 10
    11. 11. Mobile Spyware • tracks user’s activity, sending the phone’s location, IMEI, phone number, address book to advertisers etc • 61% of the malware detected on phones is spyware • it does not affect the phone’s functionalityCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 11
    12. 12. the dark side of the mobile world Other threats for mobile users are: • worms (a program that copies itself onto multiple devices via network connections), • man-in-the-middle attacks (where a criminal intercepts and manipulates messages between two devices or device and computer) • Slavery - phones can even be used by part of a botnet (this is a network of infected ‘slave’ devices used for malicious purposes). • Spam / excessive advertising / privacy breaches • losing the deviceCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 12
    13. 13. types of mobile app risks Malicious Functionality • Activity monitoring and data retrieval (e.g: Secret SMS Replicator for Android) • Unauthorized dialing, SMS and payments (Fake Player) • Unauthorized network connectivity • UI Impersonation • System modification (modifying the device proxy configuration or APN (Access Point Name). • Logic or Time bombCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 13
    14. 14. types of mobile app risks / II App Vulnerabilities • Sensitive data leakage (inadvertent or side channel) • Unsafe sensitive data storage • Unsafe sensitive data transmission • Hardcoded password/keysCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 14
    15. 15. how to get to mobile hell • direct download, SMS, MMS, e-mail and Bluetooth. • via device rooting • Not paying enough attention to your mobileCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 15
    16. 16. Q1 mobile malware landscape / I • the most frequent e-threats identified by Bitdefender in the mobile malware landscape for Q1 2012 are related to: - data theft and - malware strains related to device rooting via operating system exploits • data privacy is the number one targeted area - re-packaged applications bundled with malware and delivered through alternative Android Marketplaces have proven an effective means of distributing malicious appsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 16
    17. 17. Q1 mobile malware landscape / II • China, Russia and France have the highest count of smartphone users affected by malware. - These numbers reflect an increase in pirated applications re- packed with malicious code 29.92% 29.49% China United States Spain United Kingdom Romania 6.68% Germany 4.40% India 5.84% France 1.74% 4.47% 3.03% 4.51% 5.06% Russian Federation 4.87% Belgium OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 17
    18. 18. Latest trends in Android malware • Crafty adware, followed by Fake Battery Doctor and Exploit malware (rooted devices) • SMS senders (7th place) and Hack Tools will send users fake notification updates and lure your social media credentialsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 18
    19. 19. Top Android malware in US Android.Adware.Mulad.A 42.68% Android.Adware.Ropin.B Android.Adware.Wallap.A 50.07% Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.C Android.Exploit.Exploid.D 4.04% Android.Exploit.GingerBreak.A Other 0.14% 0.42% 0.84% 0.98% 0.14% 0.14% 0.28% 0.28%Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 19
    20. 20. Top Android malware in DE 0.08% 1.07% 0.38% 0.54% 0.15% 12.88% 0.15% 0.46% 0.08% 0.23% Android.Adware.Mulad.A Android.Adware.Ropin.B Android.Adware.Wallap.A Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Asroot.D Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.C 83.97% Android.Exploit.Exploid.D OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 20
    21. 21. Top Android malware in UK 0.91% 0.20% 0.20% 0.40% 0.20% 0.30% 0.20% 0.61% 8.60% 0.10% Android.Adware.Mulad.A Android.Adware.Wallap.A Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Asroot.D Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.E Android.Exploit.GingerBreak.A 88.26% Android.Exploit.GingerBreak.C OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 21
    22. 22. mobile security predictionsit will get worse, before it gets better, on all levels of mobile security: • software - We estimate a 6000% increase in Android malware samples (including variants) within the next 6 months - from 153 malware families and ~10 000 malicious apps in 2011 to over 3*10 000 malicious apps by the end of the year - an increase of fake battery apps being actually malware. - At the moment, ~80% od malicious apps steal data and ~20% overcarge the user. By the end of 2012, 90% of apps will focus on stealing data • privacy - We estimate HUGE app privacy issues on ALL platforms - detecting various apparently innocent apps that leak your data or which apps ask for extra permissions they don’t actually need • hardware - anti-theft / anti-loss security solutionsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 22
    23. 23. May 2012Copyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 23
    24. 24. Bitdefender Mobile SecurityCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 24
    25. 25. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 25
    26. 26. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 26
    27. 27. BITDEFENDER MOBILE SECURITY LOVE Bitdefender Mobile Security is practically unnoticeable on your Android device and very easy to use. – PC Mag Bitdefender Mobile Security has the advantage of low system resource occupancy while protecting the mobile device - PCSL TestCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 27
    28. 28. Detailed FeaturesCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 28
    29. 29. How it looks likeCopyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 29
    30. 30. Anti-Theft in MyBitdefenderCopyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 30
    31. 31. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 31
    32. 32. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 32
    33. 33. POWER TUNE-UP IN ONE SLIDEBitdefender Power Tune-Up brings back control in yourhands. Optimize your Android device for maximumperformance, battery economy and controlled data traffic.Saves up batteryInforms you on the remaining time(for standby, talking, navigating)Keeps you from reaching data trafficlimits (3G, thresholds and notifications)Quickly frees up space(internal memory, internal and external SD card)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 33
    34. 34. THE BATTERY SAVERSave up precious battery life byswitching to the predefinedBattery Saver or create your owncustom profile.You have access to running apps(you can identify the CPU andRAM levels) and essential batteryeating options that you can turn onor off.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 34
    35. 35. THE BATTERY WIDGETWith the Power Tune-Upwidget you can keep aneye on your remainingbattery time.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 35
    36. 36. THE DATA METER - 3G DATA TRAFFIC COUNTERIt’s easy to browse away and forgetyou have a limited data plan.Set up a usage cap and Datameter will notify you before it’sreached.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 36
    37. 37. THE CLEAN-UP MODULERunning out of space?With Clean-Up you can removetemporary files, delete downloadedfiles or uninstall unwantedapplications to save space. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 37
    38. 38. 1. CPU used % Power Tune-Up: 0.093 System Panel, System Tuner Lite: 0.11 Mobile Utilities Task Killer (Norton): 0.14 2. RAM (in MB) Android Assistant: 5.61 System Tuner Lite: 5.69 Power Tune-Up: 6.09 System panel: 6.37 3. RAM (in MB) – Android Assistant #1 Power Tune-Up: 3.37 We ran our own benchmarks System Panel Lite: 3.49 Android Assistant: 3.56 and we’re beating the Mobile Utilities Task Killer (Norton): 3.58 competition in three out of 4. Android Battery % five performance tests Power Tune-Up: 0.37 System Panel: 0.54 System Tuner Lite: 0.65 Mobile Utilities Task Killer (Norton): 0.77 5. Space occupied (MB) System Panel Lite: 1.03 Free Advanced Task Manager: 1.37 Android Assistant: 2.01 Power Tune-Up: 2.02 Tested on: - Acer Iconia A500(android 3.2) - HTC HD2(android 4.0) - Samsung Galaxy Nexus(android 4.0.2)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 38
    39. 39. Bitdefender Power Tune-Up Now out of BETA • FREE • available on Google Play (Android Market) • in English and Portuguese German, French, Spanish, Romanian to follow soonCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 39
    40. 40. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 40
    41. 41. CLUEFUL is a world first!Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 41
    42. 42. Clueful is the only way to really understand apps, how they use your data and treat your privacy. Clueful identifies nasty apps on your iPhone. It looks at what applications are currently running in memory and it retrieves audit information from the Clueful Cloud. Theres no viruses on the App Store. Apps must pass an Apple review before acceptance on the App Store. The malicious apps are rejected. Most apps are not malicious. Theyre just careless with your data. Take a look under the hood. Be curious! Explore and analyze clues about your apps, including your favorite ones.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 42
    43. 43. There are apps that: -track your location - drain your battery - can read and make use of your address book - track usage behavior via Flurry (or other) analytics networks and display ads - handle your credentials in a sloppy way (think unencrypted over the web) - request access to your Facebook/Twitter/Google credentials - needlessly keep GPS or audio services on intensively, although they dont need to, which may rapidly drain your phones battery.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 43
    44. 44. How it looks likeCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 44
    45. 45. THE CLUESCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 45
    46. 46. THE HOWS and WHENS Bitdefender Clueful • paid app • available worldwide on the App StoreCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 46
    47. 47. The Clueful App Check it out @ wwww.cluefulapp.comCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 47
    48. 48. Thank you! Q/A?Ligia Adam, Security Evangelistmail me: ladam@bitdefender.comFollow my Tweets: @LigiaAdamCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 48
    49. 49. Resources1. http://www.bitdefender.com/news/q1-2012-e-threat-landscape-report-2457.html2. http://www.itu.int/ITU-D/ict/facts/2011/material/ICTFactsFigures2011.pdf3. http://www.itu.int/ITU-D/ict/statistics/at_glance/KeyTelecom.html4. http://www.slideshare.net/CMSummit/ms-internet-trends060710final5. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats6. http://thenextweb.com/mobile/2011/11/29/report-smartphones-account-for-just-27-of-all- mobile-phones-worldwide/7. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#mobilepageviews8. http://www.theretailbulletin.com/news/mcommerce_quadruples_in_two_years_24-05-12/9. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#usprefersmobileweb10. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats11. http://mashable.com/2010/09/14/mobile-apps-pew-survey/12. http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011- Unprecedented-Mobile-Threat/ba-p/12952913. http://www.veracode.com/blog/2010/12/mobile-app-top-10-list/Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 49

    ×