Your SlideShare is downloading. ×
0
Raimund Genes - CTOSecurity under AndroidCopyright 2013 Trend Micro Inc.
Android has beendesigned with security inmind!
Security in Mind?Android is a privilege-separatedoperating system. Each applicationruns through a unique Linux user ID.No ...
Security in Mind?When installing anapplication, theuser is requestedby the apppackage installerto grantpermission(s)
But!Then, before or while running theapplication, it is never checked againby the user. If the permission wasgranted, the ...
SoWith clever social engineering the badguys convince the users to install a„useful“ application, the user willinglygives ...
Industry	  Trends	  Malware	  increasing	  on	  “App	  Stores”	  
Android Malware•  10K: Middle of 2012!•  100K: End of 2012!http://blog.trendmicro.com/how-big-will-the-android-malware-thr...
Chris Di Bona from Google, November 2011:”virus companies are playing on your fears to try to sell you bs protectionsoftwa...
Industry	  Trends	  Google’s	  Bouncer	  
Google Bouncer: “Gone to the Gym”Slide	  13	  -­‐	  TREND	  MICRO	  CONFIDENTIAL	  
Extended Network: The App MarketsUse Case: Personal data exfiltration via an Android MarketApp MarketInfiltration	 Exfiltr...
Android Malware120,000 300,000+
ANDROIDOS_JIGENSHA.AImpact Scope:760,000 users data leaked online in Japan	Malicious Behavior:The malware collect Users co...
Your phone as your wallet
Samsung’s Knox software
Types of ThreatsSpying ToolsTrack user data like GPSand send to a 3rd partyRooterHacks phone to takecontrolPremium Service...
 Viruses	  for	  Android	  	  
Where’s the problem?
That’s why don‘t we see this underIOS
Mobile App Reputation•  Mobile App Reputation is a cloud-basedtechnology that automatically identifiesmobile threats based...
Mobile App ReputationGeneratesreputationscores anddetailed reportCollects Apps andscans them in thecloud1.Static Analysis:...
Mobile Application Reputation Architecture		  	  	  	  	  Data	  Bus	  /	  Control	  BusMSR	  (Mobile	  Sourcing)MPAFI	  (...
The ServiceAppstoresubmitsnew appsFTPCrawlerWebUploadApps arescannedReport isprovidedHTMLXMLEMAILAppstore removesbad apps ...
Information provided by MARSMARS Sample Report
Developers!	•  Ensure what public libraries do, before you use them!•  Corporate customers are very sensitive regarding Da...
Mid of May	mars.trendmicro.comto check the rating of your App
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Droidcon2013 security genes_trendmicro
Upcoming SlideShare
Loading in...5
×

Droidcon2013 security genes_trendmicro

509

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
509
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Droidcon2013 security genes_trendmicro"

  1. 1. Raimund Genes - CTOSecurity under AndroidCopyright 2013 Trend Micro Inc.
  2. 2. Android has beendesigned with security inmind!
  3. 3. Security in Mind?Android is a privilege-separatedoperating system. Each applicationruns through a unique Linux user ID.No application has permission toimpact other applications.Applications can‘t access the networkwithout prior consent
  4. 4. Security in Mind?When installing anapplication, theuser is requestedby the apppackage installerto grantpermission(s)
  5. 5. But!Then, before or while running theapplication, it is never checked againby the user. If the permission wasgranted, the app can then use thedesired features without prompting theuser – forever!
  6. 6. SoWith clever social engineering the badguys convince the users to install a„useful“ application, the user willinglygives permission, and bingo – devicecould be misused
  7. 7. Industry  Trends  Malware  increasing  on  “App  Stores”  
  8. 8. Android Malware•  10K: Middle of 2012!•  100K: End of 2012!http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/
  9. 9. Chris Di Bona from Google, November 2011:”virus companies are playing on your fears to try to sell you bs protectionsoftware for Android, RIM and IOS. They are charlatans and scammers. IFyou work for a company selling virus protection for android, rim or IOSyou should be ashamed of yourself.”“The barriers to spreading such a program from phone to phone are largeand difficult enough to traverse when you have legitimate access to thephone, but this isn’t independence day, a virus that might work on onedevice won’t magically spread to the other.”All the major vendors have app markets, and all the major vendors haveapps that do bad things, are discovered, and are dropped from themarkets.
  10. 10. Industry  Trends  Google’s  Bouncer  
  11. 11. Google Bouncer: “Gone to the Gym”Slide  13  -­‐  TREND  MICRO  CONFIDENTIAL  
  12. 12. Extended Network: The App MarketsUse Case: Personal data exfiltration via an Android MarketApp MarketInfiltration Exfiltration &Exploits
  13. 13. Android Malware120,000 300,000+
  14. 14. ANDROIDOS_JIGENSHA.AImpact Scope:760,000 users data leaked online in Japan Malicious Behavior:The malware collect Users contact listincludes phone number and names, thensends them to a remote server.
  15. 15. Your phone as your wallet
  16. 16. Samsung’s Knox software
  17. 17. Types of ThreatsSpying ToolsTrack user data like GPSand send to a 3rd partyRooterHacks phone to takecontrolPremium ServiceSecretly subscribesuser to paid servicesData StealerSteals personalinformationMaliciousDownloaderDownloads new appswithout user consentClick FraudTriggers pay-per-clickactivity on the device
  18. 18.  Viruses  for  Android    
  19. 19. Where’s the problem?
  20. 20. That’s why don‘t we see this underIOS
  21. 21. Mobile App Reputation•  Mobile App Reputation is a cloud-basedtechnology that automatically identifiesmobile threats based on app behavior–  Crawl & collect huge number of Android appsfrom various Android Markets–  Identifies existing and brand new mobilemalware–  Identifies apps that may abuse privacy / deviceresources–  World’s first automatic mobile app evaluationservice                  •  Malware?•  Privacy Risk?•  High ResourceConsumption?Mobile  App  Reputa<on  Apps  No  Issues  Issue  Iden<fied  
  22. 22. Mobile App ReputationGeneratesreputationscores anddetailed reportCollects Apps andscans them in thecloud1.Static Analysis:Dissects app codeand private dataaccess.2.Correlates webqueries with SmartProtection Network3.Dynamic Analysis:Activates app toanalyze actualbehaviour4.
  23. 23. Mobile Application Reputation Architecture          Data  Bus  /  Control  BusMSR  (Mobile  Sourcing)MPAFI  (Mobile  PAFI)MSA  (Mobile  StaDc    Analyzer)MDA  (Mobile  Dynamic  Analyzer)MSE  (Mobile  Scoring  Engine)MDS  (Mobile  Data  Store)  SPN  (Smart  Protec<on  Network)  WRS/FRS  Correlate  Services  PAFI:  Pre-­‐Analysis  File  Interscan  
  24. 24. The ServiceAppstoresubmitsnew appsFTPCrawlerWebUploadApps arescannedReport isprovidedHTMLXMLEMAILAppstore removesbad apps andadds detailedinfo to app listings
  25. 25. Information provided by MARSMARS Sample Report
  26. 26. Developers! •  Ensure what public libraries do, before you use them!•  Corporate customers are very sensitive regarding DataLeakage!•  CPU load and Battery impact plays a bigger and biggerrole in App selection!•  Quick and Dirty might not be the way to go for asustainable business!•  If you write Apps for a 3rd party, expect that the App willbe tested not only for functionality but also for potentialrisks, negative impacts
  27. 27. Mid of May mars.trendmicro.comto check the rating of your App
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×