SlideShare a Scribd company logo

Hey android, Where is my car?

Priyanka Aash
Priyanka Aash

Vehicles are increasingly connected and researchers have shown just how easily some of these connected features can be hacked. Just as people think the story’s been done, our research reveals that there is a key vector that has been overlooked and we ignore it at our peril: malware through an infected mobile device. This talk will reveal the results of our tests on several popular car-manufacturer apps. (Source: RSA Conference USA 2017)

Technology
1 of 36
Download to read offline
#RSAC Victor Chebyshev, Mikhail Kuzin Hey Android, Where is My Car? Session# HTA-R10 Security experts @Kaspersky Lab
#RSAC My day life 2 You may know that sometimes it`s too cold in Russia It`s me warming up my car almost every winter day
#RSAC My day life 3 I want this But reality is
#RSAC Mikhail`s day life 4 Misha has a car too But it has one feature: Remote Start from his phone Misha just pushes a button and after 10-15 minutes comes out to a warmed car
#RSAC Scope 5 There are millions of people like Misha, who have paired their cars with their phones: They have become nice targets for cybercriminals
#RSAC Consequences 6 So Mikhail like many other people has remote access to his car But … Mikhail`s phone was infected with malware And his car was stolen By a cybercriminal Remote access is a dream for the car hijackers
#RSAC Ok, how did that happen?
#RSAC About 8 With mobile phone you can Start the engine of your car Unlock the doors Track your car location Even drive without the keys For me it`s a breakthrough For cybercriminals it`s like winning the lottery – they just need an access to the phone
#RSAC This part of interaction is likely to be more secure than the mobile app itself, it`s much more difficult to use MiTM attack Mobile-to-car scheme 9 Secure channel Secure channel Telematics infrastructure Let`s start with this thing
#RSAC Car mobile app local data 10 Connected car app like any other app has its internal data: Login and password Authentication token Car model Driver data Debug log Other interesting info Developers put all this stuff inside the protected app space - /data/data/ with faith that nobody can read it.
#RSAC Stored data examples 11 [top tier auto manufacturer app] with credentials.xml [another top tier auto manufacturer app] with prefs.{?????????}.xml
#RSAC Stored data secured 12 In normal scenario There is no way to read protected data There is no way to download an app without user’s knowledge There is no way to install an app without user’s knowledge There is no way to launch an app without user’s knowledge But with the root privileges all these things can be done silently That is what actually happened to Misha
#RSAC Infection vector 13 • But how do they get into the phone? • We usually leave them a small loophole • We put our phone number under the windshield. Why? For emergency calls • So, they just need to send us an SMS or WhatsApp spam with malicious link • That’s it
#RSAC Rooting Is it that dangerous?
#RSAC Mobile malware stats 15 Top 10 Android malware list by Q3 2016 Threat name % of attacked users 1 DangerousObject.Multi.Generic 78,46 2 Trojan-Banker.AndroidOS.Svpeng.q 11,45 3 Trojan.AndroidOS.Ztorg.t 8,03 4 Backdoor.AndroidOS.Ztorg.c 7,24 5 Backdoor.AndroidOS.Ztorg.a 6,55 6 Trojan- Dropper.AndroidOS.Agent.dm 4,91 7 Trojan.AndroidOS.Hiddad.v 4,55 8 Trojan.AndroidOS.Agent.gm 4,25 9 Trojan-Dropper.AndroidOS.Agent.cv 3,67 10 Trojan.AndroidOS.Ztorg.aa 3,61 40% of widespread malware can escalate to root privileges This malware can read sensitive car data from the protected storage with just a CP command https://securelist.com/analysis/quarterly-malware-reports/76513/it-threat-evolution-q3-2016-statistics/
#RSAC Vulnerable Android versions 16 Version Codename API Distribution 2.2 Froyo 8 0.1% 2.3.3 - 2.3.7 Gingerbread 10 1.3% 4.0.3 - 4.0.4 Ice Cream Sandwich 15 1.3% 4.1.x Jelly Bean 16 4.9% 4.2.x 17 6.8% 4.3 18 2.0% 4.4 KitKat 19 25.2% 5.0 Lollipop 21 11.3% 5.1 22 22.8% 6.0 Marshmallow 23 24.0% 7.0 Nougat 24 0.3% Different exploit count About 75% of worldwide devices are at risk According to Google data, https://developer.android.com/about/dashboards/index.html
#RSAC All devices are at risk 17 “Dirty Cow” exploit (CVE-2016-5195) Discovered by Phil Oester Race condition in the Linux kernel Existed since 2007 and was fixed on Oct 18, 2016 Works on almost all Android devices
#RSAC All devices are at risk 18 “Drammer” - DRAM Rowhammer Attack Hardware-based attack Doesn’t depend on Android version Cannot be fixed by software update PoC and detailed research are publicly available
#RSAC All devices are at risk 19 “QuadRooter” Discovered by CheckPoint Uses 4 different vulnerabilities in the drivers Affects popular devices with Qualcomm chipset Over 900 Million Devices are at risk
#RSAC All devices are at risk 20 Want more? December 2016 Android Security Bulletin And this is just the tip of the iceberg…
#RSAC Demo
#RSAC
#RSAC Different attack possibilities
#RSAC Overlapping technique
#RSAC Overlapping technique 25 The phone was infected Car app launch attempt is intercepted Entered login and password just gone away
#RSAC Overlapping technique 26 Common technique for Android banking Trojans Faketoken trojan uses this technique to attack 2000 financial apps 9 connected car apps were tested > no one checks if it is really in the foreground Can be done easily with just Android API: just check Top Activity
#RSAC Repackaging technique
#RSAC Repackaging technique 28 Almost every Android app can be decompiled Some code changes can be performed App can be compiled back App can be signed with another certificate Profit – app is ready for delivering to the victim
#RSAC Repackaging technique 29 In the case with the connected car app login activity can be patched We modified app code, login and password are just showed as a toast Patched app was successfully run [top tier auto manufacturer] app
#RSAC Repackaging technique 30 Common technique for Android adware and “rooting” Trojans Trojan-Downloader.AndroidOS.Leech: modified YouTube downloader Trojan-Spy.AndroidOS.Instealy.a: modified Instagram client
#RSAC Attacks conclusion
#RSAC Developers fail 32 We listed three attack techniques Internal data leakage Overlapping of the app Repackaging of the app We tested 9 connected car apps but no one was protected Fortunately, we haven’t seen these attacks applied to the connected car applications ITW
#RSAC Mitigations
#RSAC Connected car app = Banking app 34 App that controls such an expansive thing like a car must not be less protected than a banking app: Root detection Foreground app control Self-integrity checks
#RSAC Collaboration 35 Security researchers App developers Car manufacturers
#RSAC Victor Chebyshev (Victor.Chebyshev@kaspersky.com), Mikhail Kuzin (Mikhail.Kuzin@kaspersky.com) Thank you! Questions? Security experts @Kaspersky Lab

Recommended

David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android BotPriyanka Aash
 
Sophos introduces the Threat Landscape
Sophos introduces the Threat LandscapeSophos introduces the Threat Landscape
Sophos introduces the Threat LandscapeSophos Benelux
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Api security-present
Api security-presentApi security-present
Api security-presentSecurity Bootcamp
 
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...CODE BLUE
 
"Latest Android threats and their techniques" - Lukas Štefanko
"Latest Android threats and their techniques" - Lukas Štefanko "Latest Android threats and their techniques" - Lukas Štefanko
"Latest Android threats and their techniques" - Lukas Štefanko PROIDEA
 
Mobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaMobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaGarvit Arya
 

Recommended

David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
How to Analyze an Android Bot
How to Analyze an Android BotHow to Analyze an Android Bot
How to Analyze an Android BotPriyanka Aash
 
Sophos introduces the Threat Landscape
Sophos introduces the Threat LandscapeSophos introduces the Threat Landscape
Sophos introduces the Threat LandscapeSophos Benelux
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Api security-present
Api security-presentApi security-present
Api security-presentSecurity Bootcamp
 
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...
[CB19] Leveraging Yara Rules to Hunt for Abused Telegram Accounts by Asaf Apr...CODE BLUE
 
"Latest Android threats and their techniques" - Lukas Štefanko
"Latest Android threats and their techniques" - Lukas Štefanko "Latest Android threats and their techniques" - Lukas Štefanko
"Latest Android threats and their techniques" - Lukas Štefanko PROIDEA
 
Mobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaMobile Malwares Analysis - Garvit Arya
Mobile Malwares Analysis - Garvit AryaGarvit Arya
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
How to Monetize IP Reputation
How to Monetize IP ReputationHow to Monetize IP Reputation
How to Monetize IP ReputationAPNIC
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
IT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trendsIT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trendsSophos Benelux
 
Removable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and ProfitRemovable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and ProfitRungga Reksya Sabilillah
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop securityRungga Reksya Sabilillah
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
China Cyber
China CyberChina Cyber
China CyberDominic Karunesudas
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityRahul Neel Mani
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for androidKazi Sarwar Hossain
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Avar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingAvar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingYoungjun Chang
 
Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]Angelo Rüggeberg
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machinePriyanka Aash
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
 

More Related Content

What's hot

Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
How to Monetize IP Reputation
How to Monetize IP ReputationHow to Monetize IP Reputation
How to Monetize IP ReputationAPNIC
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
IT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trendsIT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trendsSophos Benelux
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for androidKazi Sarwar Hossain
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016Andrey Apuhtin
 
Avar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingAvar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingYoungjun Chang
 
Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]Angelo Rüggeberg
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 

What's hot (16)

Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
 
How to Monetize IP Reputation
How to Monetize IP ReputationHow to Monetize IP Reputation
How to Monetize IP Reputation
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ Vikjava
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
 
IT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trendsIT Security landscape and the latest threats and trends
IT Security landscape and the latest threats and trends
 
Removable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and ProfitRemovable Disk Hacking for Fun and Profit
Removable Disk Hacking for Fun and Profit
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 
China Cyber
China CyberChina Cyber
China Cyber
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Bitdefender mobile security for android
Bitdefender mobile security for androidBitdefender mobile security for android
Bitdefender mobile security for android
 
Flashpoint ransomware april2016
Flashpoint ransomware april2016Flashpoint ransomware april2016
Flashpoint ransomware april2016
 
Avar2011 changing security_awareness_training
Avar2011 changing security_awareness_trainingAvar2011 changing security_awareness_training
Avar2011 changing security_awareness_training
 
Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]Hacking Android [MUC:SEC 20.05.2015]
Hacking Android [MUC:SEC 20.05.2015]
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 

Similar to Hey android, Where is my car?

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machinePriyanka Aash
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safePrayukth K V
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Mobile Application Assessment By the Numbers: a Whole-istic View
Mobile Application Assessment By the Numbers: a Whole-istic ViewMobile Application Assessment By the Numbers: a Whole-istic View
Mobile Application Assessment By the Numbers: a Whole-istic ViewDenim Group
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014viaForensics
 
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas North Texas Chapter of the ISSA
 
Wultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWareUmer Saeed
 

Similar to Hey android, Where is my car? (20)

Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Fighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safeFighting malware - keeping your Intellectual Property safe
Fighting malware - keeping your Intellectual Property safe
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Mobile Application Assessment By the Numbers: a Whole-istic View
Mobile Application Assessment By the Numbers: a Whole-istic ViewMobile Application Assessment By the Numbers: a Whole-istic View
Mobile Application Assessment By the Numbers: a Whole-istic View
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
Hacking ios-on-the-run-using-cycript-viaforensics-rsa-conference-2014
 
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
NTXISSACSC3 - Manage Mobile Security Incidents like A Boss by Ismail Guneydas
 
Wultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra: Mobile Application Security
Wultra: Mobile Application Security
 
Combating RANSOMWare
Combating RANSOMWareCombating RANSOMWare
Combating RANSOMWare
 
HinDroid
HinDroidHinDroid
HinDroid
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Hey android, Where is my car?

  • 1. #RSAC Victor Chebyshev, Mikhail Kuzin Hey Android, Where is My Car? Session# HTA-R10 Security experts @Kaspersky Lab
  • 2. #RSAC My day life 2 You may know that sometimes it`s too cold in Russia It`s me warming up my car almost every winter day
  • 3. #RSAC My day life 3 I want this But reality is
  • 4. #RSAC Mikhail`s day life 4 Misha has a car too But it has one feature: Remote Start from his phone Misha just pushes a button and after 10-15 minutes comes out to a warmed car
  • 5. #RSAC Scope 5 There are millions of people like Misha, who have paired their cars with their phones: They have become nice targets for cybercriminals
  • 6. #RSAC Consequences 6 So Mikhail like many other people has remote access to his car But … Mikhail`s phone was infected with malware And his car was stolen By a cybercriminal Remote access is a dream for the car hijackers
  • 7. #RSAC Ok, how did that happen?
  • 8. #RSAC About 8 With mobile phone you can Start the engine of your car Unlock the doors Track your car location Even drive without the keys For me it`s a breakthrough For cybercriminals it`s like winning the lottery – they just need an access to the phone
  • 9. #RSAC This part of interaction is likely to be more secure than the mobile app itself, it`s much more difficult to use MiTM attack Mobile-to-car scheme 9 Secure channel Secure channel Telematics infrastructure Let`s start with this thing
  • 10. #RSAC Car mobile app local data 10 Connected car app like any other app has its internal data: Login and password Authentication token Car model Driver data Debug log Other interesting info Developers put all this stuff inside the protected app space - /data/data/ with faith that nobody can read it.
  • 11. #RSAC Stored data examples 11 [top tier auto manufacturer app] with credentials.xml [another top tier auto manufacturer app] with prefs.{?????????}.xml
  • 12. #RSAC Stored data secured 12 In normal scenario There is no way to read protected data There is no way to download an app without user’s knowledge There is no way to install an app without user’s knowledge There is no way to launch an app without user’s knowledge But with the root privileges all these things can be done silently That is what actually happened to Misha
  • 13. #RSAC Infection vector 13 • But how do they get into the phone? • We usually leave them a small loophole • We put our phone number under the windshield. Why? For emergency calls • So, they just need to send us an SMS or WhatsApp spam with malicious link • That’s it
  • 15. #RSAC Mobile malware stats 15 Top 10 Android malware list by Q3 2016 Threat name % of attacked users 1 DangerousObject.Multi.Generic 78,46 2 Trojan-Banker.AndroidOS.Svpeng.q 11,45 3 Trojan.AndroidOS.Ztorg.t 8,03 4 Backdoor.AndroidOS.Ztorg.c 7,24 5 Backdoor.AndroidOS.Ztorg.a 6,55 6 Trojan- Dropper.AndroidOS.Agent.dm 4,91 7 Trojan.AndroidOS.Hiddad.v 4,55 8 Trojan.AndroidOS.Agent.gm 4,25 9 Trojan-Dropper.AndroidOS.Agent.cv 3,67 10 Trojan.AndroidOS.Ztorg.aa 3,61 40% of widespread malware can escalate to root privileges This malware can read sensitive car data from the protected storage with just a CP command https://securelist.com/analysis/quarterly-malware-reports/76513/it-threat-evolution-q3-2016-statistics/
  • 16. #RSAC Vulnerable Android versions 16 Version Codename API Distribution 2.2 Froyo 8 0.1% 2.3.3 - 2.3.7 Gingerbread 10 1.3% 4.0.3 - 4.0.4 Ice Cream Sandwich 15 1.3% 4.1.x Jelly Bean 16 4.9% 4.2.x 17 6.8% 4.3 18 2.0% 4.4 KitKat 19 25.2% 5.0 Lollipop 21 11.3% 5.1 22 22.8% 6.0 Marshmallow 23 24.0% 7.0 Nougat 24 0.3% Different exploit count About 75% of worldwide devices are at risk According to Google data, https://developer.android.com/about/dashboards/index.html
  • 17. #RSAC All devices are at risk 17 “Dirty Cow” exploit (CVE-2016-5195) Discovered by Phil Oester Race condition in the Linux kernel Existed since 2007 and was fixed on Oct 18, 2016 Works on almost all Android devices
  • 18. #RSAC All devices are at risk 18 “Drammer” - DRAM Rowhammer Attack Hardware-based attack Doesn’t depend on Android version Cannot be fixed by software update PoC and detailed research are publicly available
  • 19. #RSAC All devices are at risk 19 “QuadRooter” Discovered by CheckPoint Uses 4 different vulnerabilities in the drivers Affects popular devices with Qualcomm chipset Over 900 Million Devices are at risk
  • 20. #RSAC All devices are at risk 20 Want more? December 2016 Android Security Bulletin And this is just the tip of the iceberg…
  • 22. #RSAC
  • 25. #RSAC Overlapping technique 25 The phone was infected Car app launch attempt is intercepted Entered login and password just gone away
  • 26. #RSAC Overlapping technique 26 Common technique for Android banking Trojans Faketoken trojan uses this technique to attack 2000 financial apps 9 connected car apps were tested > no one checks if it is really in the foreground Can be done easily with just Android API: just check Top Activity
  • 28. #RSAC Repackaging technique 28 Almost every Android app can be decompiled Some code changes can be performed App can be compiled back App can be signed with another certificate Profit – app is ready for delivering to the victim
  • 29. #RSAC Repackaging technique 29 In the case with the connected car app login activity can be patched We modified app code, login and password are just showed as a toast Patched app was successfully run [top tier auto manufacturer] app
  • 30. #RSAC Repackaging technique 30 Common technique for Android adware and “rooting” Trojans Trojan-Downloader.AndroidOS.Leech: modified YouTube downloader Trojan-Spy.AndroidOS.Instealy.a: modified Instagram client
  • 32. #RSAC Developers fail 32 We listed three attack techniques Internal data leakage Overlapping of the app Repackaging of the app We tested 9 connected car apps but no one was protected Fortunately, we haven’t seen these attacks applied to the connected car applications ITW
  • 34. #RSAC Connected car app = Banking app 34 App that controls such an expansive thing like a car must not be less protected than a banking app: Root detection Foreground app control Self-integrity checks
  • 36. #RSAC Victor Chebyshev (Victor.Chebyshev@kaspersky.com), Mikhail Kuzin (Mikhail.Kuzin@kaspersky.com) Thank you! Questions? Security experts @Kaspersky Lab