Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions

821 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions

  1. 1. Anatomy of a Targeted Attack against Mobile Device Management (MDM) Solutions Ohad Bobrov, CTO and co-founder ohad@lacoon.com
  2. 2. Agenda Collapse The collapse of the corporate perimeter Targeted devices Why mobile devices are targeted Demo How mobile malware bypasses current security solutions Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
  3. 3. About Lacoon Mobile Security •  Protecting organizations from mobile threats •  Protecting tier-1 financial, manufacturing, legal and defense organizations •  Cutting edge mobile security research team
  4. 4. The Collapse Of The Corporate Perimeter > 2011
  5. 5. The Collapse Of The Corporate Perimeter “More than 60% of organizations enable BYOD” Gartner, Inc. October 2012
  6. 6. TARGETED MOBILE THREATS
  7. 7. Mobile Devices: Attractive Attack Target Snooping on corporate emails and application data Infiltrating internal LANs Eavesdropping Extracting contact lists, call &text logs Tracking location
  8. 8. Recent High-Profiled Examples
  9. 9. Commercial mobile surveillance tools
  10. 10. Survey: Cellular Network 2M Subscribers Sampling: 650K Data sample •  1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period •  Collected from a channel serving ~650K subscribers •  Traffic constrained to communications to selected malicious IP address
  11. 11. Survey: Cellular Network 2M Subscribers Sampling: 650K Infection rates: June 2013: 1 / 1000 devices
  12. 12. Survey: Cellular Network 2M Subscribers Sampling: 650K
  13. 13. Mobile Device Management (MDM) & Secure Containers
  14. 14. MDMs and Secure Containers 3 features: l  l  l  Encrypt business data Encrypt communications to the business Detect Jailbreak/ Rooting of devices
  15. 15. HOW ATTACKERS BYPASS MDM SOLUTIONS
  16. 16. Let’s Test… DEMO
  17. 17. Overview Infect the Device Install Backdoor Bypass Containerization Exfiltrate Information
  18. 18. Step 1: Infect the device
  19. 19. Step 2: Install a Backdoor / aka Rooting Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS Vulnerability Each Android device had/ has a public vulnerability Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
  20. 20. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
  21. 21. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
  22. 22. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory
  23. 23. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory Exfiltrate information
  24. 24. CURRENT SECURITY SOLUTIONS
  25. 25. Current Solutions: FAIL to Protect
  26. 26. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
  27. 27. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
  28. 28. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research
  29. 29. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
  30. 30. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
  31. 31. Lacoon Mobile Security
  32. 32. Thank You. Stop by: Stand A50 Email me: ohad@lacoon.com Twitter: @LacoonSecurity

×