I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
Upcoming SlideShare
Loading in...5

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure



I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure Presentation Transcript

    • #ACAD-­‐CSIRT  Mobile Security, MobileMalware & CountermeasureIGN Mantra, ChairmanEmail: mantra@acad-csirt.or.id, URL: acad-csirt.or.idHoneynet Seminar 2013
    • #ACAD-­‐CSIRT  Why the mobile phone BOOM
    • #ACAD-­‐CSIRT  The complex picture of the mobile phone marketBut mobile phone market share doesn’t tell the full storySource: VisionMobile
    • #ACAD-­‐CSIRT  Smartphones reached 30% market share in 2011483M units shipped worldwideSmartphone shipments as a % of total handset shipmentsSource: VisionMobile
    • #ACAD-­‐CSIRT  Smartphone sales vary greatly by region Q2 2011are the majority of handset sales in North America (63%) and Europe (51%)Market shareSource: VisionMobile
    • #ACAD-­‐CSIRT  Android became dominant smartphone OSSamsung and HTC benefited the most from Android success (Q4 2011)Smartphone market share by OEM and platform (H2 2011)Source: VisionMobile
    • #ACAD-­‐CSIRT  Android turned the tables on handset makersSamsung and HTC benefited, Nokia, Motorola, Sony were challengedBeneficiaries:fast-moving challengersEfficient cost structure plus ability to differentiatein software, hardware or bothlow cost assemblersCost structure optimised for razor-thin marginsAndroid is a long-term opportunity for global reachUnder pressure:old guard OEMsCost structure requiring high-marginsCommoditising effect of Android makes high-margins unattainable for OEM without ownecosystem or meaningful differentiationNo Name source: VisionMobile
    • #ACAD-­‐CSIRT  10 Malware Types 2013source : boston.comDroidKungFuGeinimiPlankton DroidDreamAndroid.PjappsIkeeZitmoHongTouTouTimifonicaSymbOS.Skull
    • #ACAD-­‐CSIRT  Mobile Malware Statistic 2013Source : Kaspersky Lab
    • #ACAD-­‐CSIRT  Mobile MalwareMalware is software withmalicious purpose. It may bedesigned to disable your phone,remotely control your phone, orsteal valueable your information.Mobile malware uses the sametechniques as a PC malware toinfect mobile devices.apppc
    • #ACAD-­‐CSIRT  The Growth
    • #ACAD-­‐CSIRT  Malware Samples LibrarySource : http://rogunix.com/docs/Android/Malware/
    • #ACAD-­‐CSIRT  The Real Dangers of Mobile MalwareBank accountpassword arestolen.Private informationis captured.Phone data isdeleted.Device is “bricked”and need replacingThe phone isforced to send thesms premiumnumbers. (sedotpulsa).Malware infecteddevices can be usedby botnet owners tolaunch attacks ondigital targets.
    • #ACAD-­‐CSIRT  How they get youPHISINGA fake version of real sitegathers your log-in ad otherprivate informationsSPYWARESilently collects informationfrom users and sends it toeavesdroppersEXPLOITINGSome malware will exploitmobile platform vulnerabilities togain control of the deviceWORMA program tha replicates itselfspreading throughout a networkMAN IN THE MIDDLEThe attackers becomes amiddle man in a communicationstream and logs all informationrelayed between thecommunicating partiesDIRECT ATTACKComes from files or viruses sentright to your cell phone.
    • #ACAD-­‐CSIRT  Mobile Malware & AwarenessOf users say that theyare unaware ofsecurity software forsmartphonesOf mobile users bankfrom a phone, yet mostdon’t have securitymeasures in place53%24%
    • #ACAD-­‐CSIRT  What should You Do and Don’tDO•  Make sure the OS and sowftware areup to date at all times•  Download apps from reputable sitesand closely review app permissionrequests.•  Make sure to check the feedbackfrom other users before installing theprogram from an app store•  User strong password•  User personal firewall•  Turn off bluetooth and otherconnections when not in use•  Install a mobile security application.DON’T•  Download apps from thirdparty app repositories•  Jailbreak your phone•  Leave your “wifi ad hocmode on”•  Accessing banking orshopping sites over a publicWIFI connection•  Leave your mobile deviceunattended in public places.
    • #ACAD-­‐CSIRT  References•  A window into Mobile device security–  http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf•  http://www.continuitycentral.com/feature0919.html•  http://www.usatoday.com/tech/news/story/2012-03-22/lost-phones/53707448/1]•  US-CERT Resource: Paul Ruggiero and Jon Foote,“Cyber Threats to Mobile Phones”, http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf)•  Top 10 android Security Riskshttp://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm
    • #ACAD-­‐CSIRT  TERIMA KASIHIGN MANTRAEmail : incident@acad-csirt.or.id, info@acad-csirt.or.id