Mobile Threats at the Tipping Point, Jan Volzke, McAfee
Upcoming SlideShare
Loading in...5
×
 

Mobile Threats at the Tipping Point, Jan Volzke, McAfee

on

  • 1,229 views

 

Statistics

Views

Total Views
1,229
Views on SlideShare
1,229
Embed Views
0

Actions

Likes
1
Downloads
24
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Developers:Enable field patches Confuscate source codeTransparent data useInvest in security testingUse third party trust marksEnterprises:Understand your mobile security riskEnforce IT-policies across devicesEducate users and customers Offer complimentary protection Individuals:Apply common sense Protect yourself against:Mobile viruses and SpywareWeb based Phishing attacksDevice and Data LossManufacturers:MS need not agreement from OEM’s to patchDecouple customization from OS updatesReduce OS update cycle to 7 daysEnhance security features, esp. authenticationPreload complimentary securityCarriers:Protect key assets (location, subs data, billing)Work with OEMs to shorten update cyclesUse network to solve most security issuesAppStores:Security gate keeper, final resortIf nothing than intense security testingUse Trustmarks to show users safe appsEnable revocation of apps in field

Mobile Threats at the Tipping Point, Jan Volzke, McAfee Mobile Threats at the Tipping Point, Jan Volzke, McAfee Presentation Transcript

  • Mobile Threats at the Tipping Point
    Jan Volzke
    Director, Product Management
    McAfee, Inc.
    June 2011
  • Mobile Malware Trend and Outlook
    - A new Generation of Malware Writers
    Mobile Threat Research McAfee, Inc., June 2011
    Mobile Threats at the Tipping Point, Jan Volzke
    2
  • Malware Authors
    - Focus is Shifting to Android
    New mobile malware by platform Q2 2010- May 2011
    • 450+ new variants
    Mobile Threat Research McAfee, Inc., June 2011
    Mobile Threats at the Tipping Point, Jan Volzke
    3
  • Why Mobile Threats are Expected to Rise
    - Key Accelerating Trends
    User Aggregation
    2015 OS shipments
    IDCJune’11
    Protection Gap
    Mobile Money
    Reliance on User
    Alternative Access
    Sensitivity of Data
    Mobile Threats at the Tipping Point, Jan Volzke
    4
  • Mobile Malware Life Cycle- Show me the Money
    R&D
    Reuse
    Profit Taking
    Mobile malware monetization methods:
    Sell stolen information, Premium SMS/Calls, Click Fraud, Traffic generation, Cash out account balances, Malware for sale, Subscription scams, Mobile banking attacks, Ransom ware extortion, Resell pirated apps
    Mobile Threats at the Tipping Point, Jan Volzke
    5
  • Recent Malware Examples - DrdDream, Zeus Mobile, 09Droid
    DrdDream
    • 1st major Trojan embedded in app
    • 50+ apps removed from Android Market
    • Steals information and waits for instructions from C&C server
    Zeus
    • Targeting banks using mTAN authentication
    • Used against major Spanish institution
    • Signed app for BB, WM, Symbian S60
    09Droid
    • Not Malware but fake banking apps sold at $1.49
    • Linking to bank’s own web site
    • Apps targeted 35 banks of all sizes
    Mobile Threats at the Tipping Point, Jan Volzke
    6
  • Phishing is a Cross Device Threat
    - Mobile Phishing Sites
    • Spoofedbanking sites are riskier onfor Mobile browsers than PC browsers
    • Lack of SSL indicators
    • Auto hiding URL bar
    • Scotiabank’s mobile banking attack:
    • Requested the users card number and 3digit security code
    • The attacker gains access to the victim’s bank account
    McAfee Global Threat Report Q1’2011
    Opening the page on a PC browser unveils a dubious URL
    Mobile Threats at the Tipping Point, Jan Volzke
    7
  • Industry Recommendations for Next 12 Months- Prepare for the Unexpected
    Enterprises:
    • Data Loss Prevention via email and apps
    Developers:
    • Code protection
    • Security certification
    Individuals:
    • Common sense
    • Protect yourself
    AppStores:
    • Security testing
    • Field revocation
    Carriers:
    • Protect billing infra
    • Use cloud & network
    Manufacturers:
    • Shorten update cycles
    • Embedded security
    Mobile Threats at the Tipping Point, Jan Volzke
    8
  • Questions?
    Advertisement
    Contact:
    Jan Volzke
    McAfee, Inc.
    Jan_Volzke@mcafee.com
    Comprehensive Protection Against Viruses, Data Loss and Web Threats
    http://McAfeeMobileSecurity.com
    Mobile Threats at the Tipping Point
    9
  • References and Acknowledgements
    • Android/DrdDream
    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=399522
    • Symbian/Zeus/Zitmo
    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=290717
    • Android/09Droid
    https://www.bayportcu.org/site/mobilesecurityupdates.html
    • mPhishing site
    http://www.malwarecity.com/blog/mobile-phishing-do-you-know-where-that-link-leads-to-1021.html
    • OSX/RRoll.C
    http://vil.nai.com/vil/content/v_244695.htm
    •  OSX/iPHDownloader.A
    http://vil.nai.com/vil/content/v_244696.htm
    • General banking risks
    http://blogs.mcafee.com/mcafee-labs/mobile-reunion-hackers-and-banks
    http://blogs.mcafee.com/mcafee-labs/get-out-of-jail-not-so-free
    • General Android risks
    http://blogs.mcafee.com/enterprise/mobile/mcafee-for-android-a-mobile-security-update
    Acknowledgements:
    Jimmy Shah (McAfee), Jon Oberheide (Duo Security), Dan Cornell (Denim Group), AlinDamian (Bitdefender), Roland Schmitz (Stuttgart Media University), Fabio Pietrosanti (PrivateWave), Rich Cannings (Google), Chris Clark, Alex Stamos (iSec)
    Mobile Threats at the Tipping Point, Jan Volzke
    10