Juniper secure your mobile life - may 2011Presentation Transcript
Relever le challenge du mobile en entreprise SECURE YOUR MOBILE LIFEThe year of the mobile malware Pascal Geenens Juniper Networks, Inc.
Mobility is exploding! 14%of information workers use smartphones in 2010 to access data; expected to reach 30% by 2013** World's mobile worker population to surpass 1B peoplein 2010 and grow to > 1/3of world's workforce by 2013* By 2012, smartphone penetration to roughly double globally (~9% to 20%)* About 1/4 of employees use smartphones that are not “corporate-standard” or managed* *Forrester Research; ** IDC
Enterprise Mobile Security
86 % of respondents rank mobile security as a high or critical priority
31% noted that their data has been compromised at least once in 2009
Forester Research Study: Healthcare IT Leaders Need to Address Mobile Security and Management - March 11, 2010
“…the threat profile for handheld devices is a superset of the profile for desktop computers… Security threats to mobile handheld devices include: Loss, theft or disposal , Spam, Unauthorized access, Electronic eavesdropping, Malware, Electronic tracking National Institute of Technology and Standards
“As mobile devices become more ingrained in individuals’ lives, they tend to contain more financial, medical, corporate, and personal information, ripe for exploitation. Also, as we see mobile devices become a conduit for financial transactions, the need for security will grow. Organizations need to build strategies to protect information end-to-end – through various channels and access points.”
Deloitte - Top 10 Security & Privacy Challenges in 2010
MOBILE SECURITY RISKS ARE GROWING FAST! 40% use their smartphone for both personal and business 72% share or access sensitive info such as banking, credit card, social security, medical records 80% access their employer’s network without permission – 59% do it everyday 50%+ are very concerned about loss, theft and identity theft resulting from their mobile usage Sources: KRC Research and Juniper Mobile Threat Center
A survey of consumer users found that one out of every three users lost their mobile device1 Approximately 2 million smartphones were stolen in the U.S. in 20082 Over 56,000 mobile devices were left in the back seats of the city of London taxi cabs during 6 month period between 2008 and 2009 Over the 2010 holidays, in the U.K. alone, a total of 5,100 smartphones and 3,844 notebook computers were lost at 15 different airports3 In Paris, 75% of 991 violent crimes that took place in October 2010 happened because of mobile phone theft4 Mobile device loss and theft 1Information obtained from Junos Pulse Mobile Security Suite internal transaction logs; 2Forrester Research; 3Credant Technologies; 4The Sydney Morning Herald, 12/10/10
Malicious mobile software Smartphones have become computers 2010 SANS report: 85% of smartphone users not employing an antivirus solution SMARTPHONE 12.23.09 MALICIOUS APPS FOUND IN GOOGLE’S ANDROID ONLINE STORE Commercial spyware applications like Flexispy, MobileSpy, MobileStealth The greatest mobile malware risk comes from rapid proliferation of applications from app stores Information obtained from Juniper Malicious Mobile Threats Report 2010/2011
Evolution of mobile Malware Mobile Apps in App Stores Criminals now using PC-style malware attacks to infect mobile devices Greatest mobile malware risk comes from rapid proliferation of applications in app stores 2010 2009 FlexiSpy, Mobile Spy, MobiStealth… Between 2009 and 2010, reported increase in mobile threats of 250%* Mobile spyware is prevalent and now commercialized *Information obtained from analysis of Junos Pulse Mobile Security Suite virus definition database dated 10/15/2010
Fast Proliferating mobile malware threats $ € ₤ $ ₤ SMS ¥ ₤ € $ ¥ $ ¥ € ₤ ₤ € ¥ $ Trojans that send SMS messages to premium rate numbers Background calling apps that rack up exorbitant long distance bills … “Credit Card: 1-2-3-4-5…” “Credit Card: 1-2-3-4-5…” Keylogging applications that compromise passwords and credit card or bank account numbers Self-propagating code that infects devices and spreads to additional devices listed in a user’s address book Malware growing more sophisticated, now with polymorphic attacks
Commercial spyware 61% of Juniper-detected malware infections are from spyware Commercial spyware readily available on the internet: Designed to monitor device communications Capability to control the spyware remotely Effective at concealing both their presence and actions from user Controller to monitor every SMS/MMS, email and phone call Location tracking Remotely listen to voice conversations Information obtained from Juniper Malicious Mobile Threats Report 2010/2011 http://www.mobistealth.com/http://www.flexispy.com/
GOOGLE ANDROID Most dominant growing force on the marketBiggest target for malware and exploit developers Open ecosystem and researchable security model A perfect storm and it continues to brew in 2011 Jan 2010: Phishing for DollarsBank phishing application in the Adroid Market. Developer by the name of Droid09 published app that purported to be a banking client to access online financial accounts. March 2010: First Android “Botnet”Vodafone unknowingly shipping devices with SD cards preloaded with the Mariposa botnet that affected Windows system upon USB connection.
Google android July 2010: GPS Monitoring Spyware in “Tap Snake” GamesTap snake game in Adroid Market, nothing more than a simple game. In reality, was spyware that could monitor the device’s location through the device’s GPS. Accompanied by ‘GPS Spy’ which could be installed on the attackers Android device. August 2010: First Android SMS Trojan“Fake Player” swept the world, affecting many Russian users. Pretends to be a media player but sends SMS messages to Russian premium numbers at a rate of 6.00usd (170 rubles) per message. December 2010: Mobile Malware TargetSeries of Android application downloaded from the official Android Market were unpacked and the malicious code “Geinimi” was added to 24 different apps. The modified applications were redistributed through Chinese third-party application repositories
Google android – story continues in 2011 Jan/Feb 2011: Storm continues in ChinaResearches uncovered two additional families of malicious applications. ADRD and PJApps are legitimate apps that were pirated from the Android Market, deconstructed, packed with malicious code and repackaged through third-party Chinese application stores – represented over 75 different pirated and “trojanized” applications. PJApps registers device for remote commands and device abused for sending SMS tot premium rate numbers. March 2011: Myournet/DroidDreamAlso a series of legitimate applications out of Android Market and repackaged. Over 55 applications were found the Android Market. Known to have existed in the Android Market for at least 4 days, and were downloaded between 50,000 and 250,000 time onto unique devices. Myournet/DroidDream attempted the ‘rageinthecage’ exploit to gain root access. Hard reset only way to reverse the effects. Google published the Android Market Security Tools to remediate the Myournet/DroidDream infections on infected devices, to find out that just a few days later the tool had been pirated and packed with malicious code and dissimilated in third-party app stores based in China.
Google android – april 2011: the joke’s on you 14e rated application “Walk and Text” pirated from the Android Market and redistributed through pirated app sites. Developer only meant to ridicule users who were installing pirated applications, however few hours later the pirated app was re-pirated and injected with other malicious code. The malicious “Walk and Text” application sends SMS messages to all user’s contacts stored on the mobile device with a message stating: “Hey, just downlaoded a pirated App off the internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Don’t steal like I did!”
APPLE IPHONE and ipad Little known malware Applications do exist to obtain user data and clandestinely transmit this information. NDSS 2011 conference study analyzed 1,400 iPhoneand iPad apps to determine extend of personal dataleakage. 50% of the analyzed apps leaked various forms of sensitive data to third parties. In most cases developers used prepackaged code purchased from advertising agencies to build advertising profiles of the device user. To date, major threats to iPhones still associates with jailbroken devices and web-based jailbreak utilities.
RIM Blackberry Several instances of commercial spyware were released: Flexispy, Mobile Spy, MobiStealth, and SpyBubble. These spyware applications pose a great risk to ensuring confidentiality, integrity and availability of corporate data on devices connected to corporate resources.
Data communication interception Data encryption over cellular networks is easily broken, using a well documented and publicly available methodology. Cellular networks can only be accessed using specialized equipment and tools to access specific frequencies used by mobile devices. 50% of current smartphones provide Wi-Fi capabilities – risk of Wi-Fi sniffing accentuates the communication intercept threat. Man-in-the-Middle (MITM) attacks are increasingly possible against Wi-Fi enabled devices using widely available tools. Wi-Fi hacking used to require deep technical expertise. Today, Firesheep is a Firefox plugin allowing a hacker to intercept an un-encrypted cookie and use this to exploit eg a user’s email account – very easy in use.
Direct attacks Direct attacks target computer interfaces, subsystems, browsers, and programs running on the device as well as associated protocols. Mobile devices have SMS and MMS messaging interfaces as additional threat vectors. Direct attacks used to: exploit systems to gain control over device functions and data Render device unusable (DoS) To date reported attacks predominantly focus on the SMS and MMS messaging components. “Curse of Silence” attack against Symbian devices: specially crafted SMS message renders a significant number of Symbian devices unusable.
Looking ahead: 2011, The year of the mobile malware The Juniper Global Threat Centers predicts for 2011: More advanced attacks against Android Command and Control capabilities for zombies and botnet participants Door will be open for ‘rootkits’ due to increasing sophistication of hackers Payment options such as Near-Field Communications (NFC) become widely adopted in 2011, anticipating an increasing number of malware targeted at intercepting valuable financial information Increase in malware that infiltrates the application stores Increase in malicious SMS and MMS messages to exploit mobile devices
Now what:steps to protecting mobile devices On-device anti-malware to protect against malicious applications, spyware, infected SD cards, and attacks On-device firewall to protect device interfaces SSLVPN clients to protect data in transit, and to ensure secure and appropriate network access and authorization Centralized remote locate, track, lock, wipe, backup and restore facilities for lost and stolen devices Centralized administration to enforce and report on security policies across the entire mobile device population Device Monitor and Control such as monitoring of messaging for data leak prevention (DLP) and control of installed applications Management capabilities to enforce security policies, such as mandating the use of PINs or passcodes Anti-spam to protect against unwanted voice and SMS/MMS communications
JUNOS PULSEMOBILE SECURITY SUITEFOR ENTERPRISES
ENTERPRISE CHALLENGE Mobile Devices are Mobile Computers…are they being protected the same way?
Challenges of Today’s Environment Multiple Types of Devices and Providers Multiple Device Owners Personal Devices Used for Work Activities/Work Devices Used for Personal Activities User’s implored to download applications and store data User’s demand to use devices to fullest potential
Fundamental Product Components Protect – The device, enterprise networks; enterprise and personal data Control – Manage devices, control access to network resources, control and gain insight into data and usage Connect – Securely to corporate networks, service provider networks
SECURES MOBILITY FOR ALL ENTERPRISE MOBILE DEVICE USERS Benefits For The Enterprise Wipe data and access rights from lost and stolen devices remotely Combine security and access in a single client Enforce policies across all devices attached to the network Reduce IT overhead by better managing complexity
SECURE MOBILITY SOLUTION Junos Pulse Mobile Security Gateway Antivirus
Scan all files
Scan all connections
Personal Firewall Mobile Security
Inbound and outbound
Alerts and logging
Block SMS and voice spam
Disable alerts options
Automatic denial options
Loss & Theft Protection SA Series SSL VPN
Remote lock and wipe
Backup and restore
SIM change notification
Secure Connectivity Device Control
App inventory and control
Pulse Mobile Client availability Apple iOS Google Android Windows Mobile Nokia Symbian BlackBerry Google Android Windows Mobile Nokia Symbian BlackBerry Google Apps Marketplace Apple App Store Windows Marketplace BlackBerry App World Nokia Ovi Store *Q2’11 Available as a free download from App Stores
JUNOS PULSE MOBILE SECURITY SUITE AND THE ENTERPRISE
Junos Pulse Mobile Security Suite
Protects corporate data with centralizes control
Addresses the consumerization of IT challenges
Saves cost by supporting existing smartphones and mobile devices
(Re)sources The Juniper Networks Global Threat Center (GTC) at http://globalthreatcenter.com/ Juniper GTC Malicious Mobile Threats Report 2011 http://www.juniper.net/us/en/dm/interop/go/ Junos Pulse Mobile Security Suite http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/mobile-security/