Your SlideShare is downloading. ×
Droidcon2013 security genes_trendmicro
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Droidcon2013 security genes_trendmicro


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Raimund Genes - CTOSecurity under AndroidCopyright 2013 Trend Micro Inc.
  • 2. Android has beendesigned with security inmind!
  • 3. Security in Mind?Android is a privilege-separatedoperating system. Each applicationruns through a unique Linux user ID.No application has permission toimpact other applications.Applications can‘t access the networkwithout prior consent
  • 4. Security in Mind?When installing anapplication, theuser is requestedby the apppackage installerto grantpermission(s)
  • 5. But!Then, before or while running theapplication, it is never checked againby the user. If the permission wasgranted, the app can then use thedesired features without prompting theuser – forever!
  • 6. SoWith clever social engineering the badguys convince the users to install a„useful“ application, the user willinglygives permission, and bingo – devicecould be misused
  • 7. Industry  Trends  Malware  increasing  on  “App  Stores”  
  • 8. Android Malware•  10K: Middle of 2012!•  100K: End of 2012!
  • 9. Chris Di Bona from Google, November 2011:”virus companies are playing on your fears to try to sell you bs protectionsoftware for Android, RIM and IOS. They are charlatans and scammers. IFyou work for a company selling virus protection for android, rim or IOSyou should be ashamed of yourself.”“The barriers to spreading such a program from phone to phone are largeand difficult enough to traverse when you have legitimate access to thephone, but this isn’t independence day, a virus that might work on onedevice won’t magically spread to the other.”All the major vendors have app markets, and all the major vendors haveapps that do bad things, are discovered, and are dropped from themarkets.
  • 10. Industry  Trends  Google’s  Bouncer  
  • 11. Google Bouncer: “Gone to the Gym”Slide  13  -­‐  TREND  MICRO  CONFIDENTIAL  
  • 12. Extended Network: The App MarketsUse Case: Personal data exfiltration via an Android MarketApp MarketInfiltration Exfiltration &Exploits
  • 13. Android Malware120,000 300,000+
  • 14. ANDROIDOS_JIGENSHA.AImpact Scope:760,000 users data leaked online in Japan Malicious Behavior:The malware collect Users contact listincludes phone number and names, thensends them to a remote server.
  • 15. Your phone as your wallet
  • 16. Samsung’s Knox software
  • 17. Types of ThreatsSpying ToolsTrack user data like GPSand send to a 3rd partyRooterHacks phone to takecontrolPremium ServiceSecretly subscribesuser to paid servicesData StealerSteals personalinformationMaliciousDownloaderDownloads new appswithout user consentClick FraudTriggers pay-per-clickactivity on the device
  • 18.  Viruses  for  Android    
  • 19. Where’s the problem?
  • 20. That’s why don‘t we see this underIOS
  • 21. Mobile App Reputation•  Mobile App Reputation is a cloud-basedtechnology that automatically identifiesmobile threats based on app behavior–  Crawl & collect huge number of Android appsfrom various Android Markets–  Identifies existing and brand new mobilemalware–  Identifies apps that may abuse privacy / deviceresources–  World’s first automatic mobile app evaluationservice                  •  Malware?•  Privacy Risk?•  High ResourceConsumption?Mobile  App  Reputa<on  Apps  No  Issues  Issue  Iden<fied  
  • 22. Mobile App ReputationGeneratesreputationscores anddetailed reportCollects Apps andscans them in thecloud1.Static Analysis:Dissects app codeand private dataaccess.2.Correlates webqueries with SmartProtection Network3.Dynamic Analysis:Activates app toanalyze actualbehaviour4.
  • 23. Mobile Application Reputation Architecture          Data  Bus  /  Control  BusMSR  (Mobile  Sourcing)MPAFI  (Mobile  PAFI)MSA  (Mobile  StaDc    Analyzer)MDA  (Mobile  Dynamic  Analyzer)MSE  (Mobile  Scoring  Engine)MDS  (Mobile  Data  Store)  SPN  (Smart  Protec<on  Network)  WRS/FRS  Correlate  Services  PAFI:  Pre-­‐Analysis  File  Interscan  
  • 24. The ServiceAppstoresubmitsnew appsFTPCrawlerWebUploadApps arescannedReport isprovidedHTMLXMLEMAILAppstore removesbad apps andadds detailedinfo to app listings
  • 25. Information provided by MARSMARS Sample Report
  • 26. Developers! •  Ensure what public libraries do, before you use them!•  Corporate customers are very sensitive regarding DataLeakage!•  CPU load and Battery impact plays a bigger and biggerrole in App selection!•  Quick and Dirty might not be the way to go for asustainable business!•  If you write Apps for a 3rd party, expect that the App willbe tested not only for functionality but also for potentialrisks, negative impacts
  • 27. Mid of May mars.trendmicro.comto check the rating of your App