SlideShare a Scribd company logo

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)

Lacoon Mobile Security
Lacoon Mobile Security

Spyphones are surveillance tools surreptitiously planted on a user’s handheld device. While malicious mobile applications, mainly phone fraud applications distributed through common application channels, target the typical consumer, spyphones are nation states tool of attacks. Why? Once installed, the software stealthy gathers information such as text messages (SMS), geo-location information, emails and even surround-recordings. How are these mobile cyber-espionage attacks carried out? In this engaging session, we present novel proof-of-concept attack techniques - both on Android and iOS devices - which bypass traditional mobile malware detection measures- and even circumvent common Mobile Device Management (MDM) features, such as encryption.

Technology
1 of 42
Download to read offline
Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013
• Security researcher for almost a decade – From PC to Mobile – Low level OS research • Researcher at Lacoon Mobile Security – Developing a dynamic analysis framework for analyzing spyphones and mobile malware About: Daniel
• Decade of experience researching and working in the mobile security space – From feature-phones to smartphones – Mobile Security Research Team leader at NICE Systems • CEO and co-founder of Lacoon Mobile Security About: Michael
Introduction to MDM and Secure Containers Rise of the Spyphones Bypassing secure container encryption capabilities Recommendations and summary Agenda
MDM AND SECURE CONTAINERS 101
• Helps enterprises manage BYOD (Bring Your Own Device) and corporate mobile devices • Policy and configuration management tool • Offerings include separating between business data and personal data Mobile Device Management
MDM: Penetration in the Market “Over the next five years, 65 percent of enterprises will adopt a mobile device management (MDM) solution for their corporate liable users” – Gartner, Inc. October 2012
• Software management • Network service management • Hardware management • Security management – Remote wipe – Secure configuration enforcement – Encryption MDM Key Capabilities
• All leading MDM solutions provide secure containers – MobileIron – AirWatch – Fiberlink – Zenprise – Good Technologies Secure Containers
Behind the Scenes: Secure Containers Enterprise Application Sandbox Secure Container Encrypted Storage Secure Communication (SSL/VPN)
RISE OF THE SPYPHONES
Business Impact Complexity Mobile Malware Apps Consumer-oriented. Mass. Financially motivated, e.g.: - Premium SMS - Fraudulent charges - Botnets Spyphones Targeted: • Personal • Organization • Cyber espionage The Mobile Threatscape
Convergence of Personal Info • Contacts • Emails • Messages • Calls • Corporate Information Follows us everywhere • Office • Meetings • Home • Travel Perfect Spy Hardware • Always Online • Location • Microphone • Camera Why Mobile?
Spyphone Capabilities Eavesdropping and Surround Recording Extracting Call and Text Logs Tracking Location Infiltrating Internal LAN Snooping on Emails and Application Data Collecting Passwords
Examples More Than 50 Different Families in the Wild
The High-End • FinSpy – Gamma Group • DaVinci RCS – Hacking Team • LuckyCat – Chinese • LeoImpact Low End High End
The Low-EndLow End High End • Starting at $4.99 a month! What a steal! – For iOS, Android, Blackberry, Windows Mobile/Phone, Symbian, … • Professional worldwide support • Very simple and mainstream – So simple that even your mother could use it • On your father • Available at a reseller near you!
• From high-end to low-end – Difference is in infection vector -> price • End-result is the same – For $5, you get nearly all the capabilities of a $350K tool Spyphones: Varying Costs, Similar Results
SPYPHONE DEMO
• Partnered with worldwide cellular network operators: – Sampled 250K subscribers – Two separate sampling occasions • Infection rates: – March 2012: 1 in 3000 devices – October 2012: 1 in 1000 devices Spyphones in the Wild
Spyphone Distribution by OS 52% 35% 7% 6% iOS Android Symbian Unknown
51% 12.39% 30.79% 1.40% 3.90% Android Blackberry iOS Symbian Windows Phone 7 and Windows Mobile Mobile OS Market ShareSpyphone Distribution by OS Comscore, March 2012 52% 35% 7% 6% iOS Android Symbian Unknown
IT’S ALRIGHT, IT’S OK, “SECURE CONTAINER” IS THE WAY?
• Secure Containers: – Detect JailBreak/Root – Prevent malicious application installation – Encrypt data – Dependent on the OS sandbox Secure Container Re-Cap
• JailBreaking (iOS)/ Rooting (Android) detection mechanism – “Let Me Google That For You” – Usually just check features of JB/ Root devices (e.g. is Cydia/ SU installed) • Cannot detect exploitation Opening the Secure Container (1)
• Prevention of malicious app installation (Android) – Targeted towards mass malware • Third-Party App restrictions – Should protect against malware • Has been bypassed – Both for Android and iPhone Opening the Secure Container (2)
ANDROID DEMO
• Install Malicious Application – Possible Vector – Publish an app through the market • Use “Two-Stage”: Download the rest of the dex later- and only for the targets we want • Get the target to install the app through spearphishing – Physical access to the device would also work Android Demo: Technical Details (1)
• Privilege Escalation – We used the Exynos exploit. (Released Dec., 2012) • Create a hidden ‘suid’ binary and use it for specific actions – Place in a folder with --x--x--x permissions – Undetected by generic root-detectors Android Demo: Technical Details (2)
• We listen to events in the logs – For <=2.3 we can just use the logging permissions – For >4.0 we use access the logs as root • When an email is read…. Android Demo: Technical Details (3)
• We dump the heap using /proc/<pid>/maps and /mem – Then search for the email structure, extract it, and send it home Android Demo: Technical Details (3)
Android Heap Searching
IOS DEMO
• Install Malicious Application – Possible Vectors – Use the JailBreak just for the installation • Install signed code using Enterprise/Developer certificate • Remove any trace of the JailBreak – Or just jailbreak and hide the jailbreak – Repackage the original application iOS Demo: Technical Details (1)
Load malicious dylib into memory (it’s signed!) Hook using standard Objective-C hooking mechanisms Get notified when an email is read Pull the email from the UI classes Send every email loaded home iOS Demo: Technical Details (2)
• DYLD_INSERT_LIBRARIES – Was very common previously, a bit harder now • MACH-O editing – Requires to resign code or leave device jailbroken – Number of tools to do the work for you • Objective-C Hooking – Objc_setImplementation…. Code Injection
Objective-C Hooking
CONCLUSIONS
• “Secure” Containers depend on the integrity of the host system 1. If the host system is uncompromised: what is the added value? 2. If the host system is compromised: what is the added value? • We’ve been through this movie before! Secure Containers…Secure?
• MDM provides Management, not absolute Security • Beneficial to separate between business and personal data • Main use-case – Remote wipe of enterprise content only – Copy & Paste DLP Infection is Inevitable
• Use MDM as a baseline defense for a multi- layer approach • Needs rethinking outside the box (mobile) • Solutions on the network layer: – C&C communications – Heuristic behavioral analysis – Sequences of events – Data intrusion detection Mitigating Spyphone Threats
THANK YOU! QUESTIONS? Email us at: michael@lacoon.com daniel@lacoon.com

Recommended

WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Malware
MalwareMalware
MalwareSetiya Nugroho
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 

Recommended

WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Malware
MalwareMalware
MalwareSetiya Nugroho
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
CSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacCSF18 - For Your Ears Only - Sasha Kranjac
CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 
iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionCharles Lim
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile AppsSophos Benelux
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
What happened on October 21
What happened on October 21What happened on October 21
What happened on October 21San Diego Continuing Education
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicCharles Lim
 
Advanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarAdvanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarSailaja Tennati
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013Andris Soroka
 
Mobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile Device Management Solution
 

More Related Content

What's hot

iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and EncryptionUrvashi Kataria
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionCharles Lim
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicCharles Lim
 
Advanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarAdvanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarSailaja Tennati
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 

What's hot (20)

iOS Security and Encryption
iOS Security and EncryptioniOS Security and Encryption
iOS Security and Encryption
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusion
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
What happened on October 21
What happened on October 21What happened on October 21
What happened on October 21
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
 
Advanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarAdvanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber War
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 

Viewers also liked

DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013Andris Soroka
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016Lorena Martin
 
Revista octubre infoutrera
Revista octubre infoutreraRevista octubre infoutrera
Revista octubre infoutreraandalumedio
 
Experimentacion con animales 1
Experimentacion con animales 1Experimentacion con animales 1
Experimentacion con animales 1dayana1093
 
08-01-14 Reforma Energética - PEMEX
08-01-14 Reforma Energética - PEMEX08-01-14 Reforma Energética - PEMEX
08-01-14 Reforma Energética - PEMEXMarcela Guerra
 
M-Tec Engineering Solutions Ltd - IIP Report - February 2016
M-Tec Engineering Solutions Ltd - IIP Report - February 2016M-Tec Engineering Solutions Ltd - IIP Report - February 2016
M-Tec Engineering Solutions Ltd - IIP Report - February 2016Tim Keyte
 
Pic16 f877 20p
Pic16 f877 20pPic16 f877 20p
Pic16 f877 20peloirvr
 
Presentación grupo moreno c.a pantalla grande
Presentación grupo moreno c.a pantalla grandePresentación grupo moreno c.a pantalla grande
Presentación grupo moreno c.a pantalla grandejonelsy moreno
 
Youth On Youth Gyc Report Final
Youth On Youth Gyc Report FinalYouth On Youth Gyc Report Final
Youth On Youth Gyc Report Finalibrahimrainbow
 
Email Design for All Devices
Email Design for All DevicesEmail Design for All Devices
Email Design for All DevicesSilverpop
 
Tutorial #3: Kommbox Email Integration
Tutorial #3: Kommbox Email IntegrationTutorial #3: Kommbox Email Integration
Tutorial #3: Kommbox Email IntegrationAshish Belagali
 
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...Brad Bush
 
Requisitos agiles 2010
Requisitos agiles 2010Requisitos agiles 2010
Requisitos agiles 2010Ana Malumbres
 

Viewers also liked (20)

DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
 
Mobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software Solution
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016
Stratesys - Desayuno Atraer Talento Era Digital - EQUIPOS Y TALENTO - JUN 2016
 
luxcon2015
luxcon2015luxcon2015
luxcon2015
 
Revista octubre infoutrera
Revista octubre infoutreraRevista octubre infoutrera
Revista octubre infoutrera
 
Experimentacion con animales 1
Experimentacion con animales 1Experimentacion con animales 1
Experimentacion con animales 1
 
08-01-14 Reforma Energética - PEMEX
08-01-14 Reforma Energética - PEMEX08-01-14 Reforma Energética - PEMEX
08-01-14 Reforma Energética - PEMEX
 
M-Tec Engineering Solutions Ltd - IIP Report - February 2016
M-Tec Engineering Solutions Ltd - IIP Report - February 2016M-Tec Engineering Solutions Ltd - IIP Report - February 2016
M-Tec Engineering Solutions Ltd - IIP Report - February 2016
 
Pic16 f877 20p
Pic16 f877 20pPic16 f877 20p
Pic16 f877 20p
 
Presentación grupo moreno c.a pantalla grande
Presentación grupo moreno c.a pantalla grandePresentación grupo moreno c.a pantalla grande
Presentación grupo moreno c.a pantalla grande
 
Youth On Youth Gyc Report Final
Youth On Youth Gyc Report FinalYouth On Youth Gyc Report Final
Youth On Youth Gyc Report Final
 
311 armonicos-interarmonicos
311 armonicos-interarmonicos311 armonicos-interarmonicos
311 armonicos-interarmonicos
 
SDI - Service Desk Foundation
SDI - Service Desk FoundationSDI - Service Desk Foundation
SDI - Service Desk Foundation
 
Email Design for All Devices
Email Design for All DevicesEmail Design for All Devices
Email Design for All Devices
 
Tutorial #3: Kommbox Email Integration
Tutorial #3: Kommbox Email IntegrationTutorial #3: Kommbox Email Integration
Tutorial #3: Kommbox Email Integration
 
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...
WebRTC Expo Atlanta June 2014 - Brad Bush, CMO GENBAND speaks on the fast mov...
 
Superhouse limited
Superhouse limitedSuperhouse limited
Superhouse limited
 
Requisitos agiles 2010
Requisitos agiles 2010Requisitos agiles 2010
Requisitos agiles 2010
 
Abecedario bilingüe inglés-español
Abecedario bilingüe inglés-españolAbecedario bilingüe inglés-español
Abecedario bilingüe inglés-español
 

Similar to BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)

NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM SolutionsIPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM SolutionsLacoon Mobile Security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)Lacoon Mobile Security
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systemsBirju Tank
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Blueboxer2014
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management SolutionsBlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management SolutionsLacoon Mobile Security
 
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...festival ICT 2016
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 

Similar to BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM) (20)

NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM SolutionsIPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
 
Android vs iOS encryption systems
Android vs iOS encryption systemsAndroid vs iOS encryption systems
Android vs iOS encryption systems
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security RisksCan You Steal From Me Now? Mobile and BYOD Security Risks
Can You Steal From Me Now? Mobile and BYOD Security Risks
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
 
Mobile security
Mobile securityMobile security
Mobile security
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Transforming any apps into self-defending apps
Transforming any apps into self-defending apps Transforming any apps into self-defending apps
Transforming any apps into self-defending apps
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management SolutionsBlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
BlackHat USA 2013 - Practical Attacks against Mobile Device Management Solutions
 
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
festival ICT 2013: L’evoluzione della sicurezza verso la nuova era della Smar...
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 

More from Lacoon Mobile Security

Mobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under AttackMobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under AttackLacoon Mobile Security
 
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Lacoon Mobile Security
 
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E..."Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...Lacoon Mobile Security
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
Amphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMsAmphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMsLacoon Mobile Security
 
How Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure ContainersHow Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure ContainersLacoon Mobile Security
 
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)Lacoon Mobile Security
 

More from Lacoon Mobile Security (8)

Mobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under AttackMobile Threats: Enterprises Under Attack
Mobile Threats: Enterprises Under Attack
 
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
 
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E..."Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
"Bleeding-In-The-Browser" - Why reverse Heartbleed risk is dangerous to the E...
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
 
Amphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMsAmphion Forum 2013: What to Do About Attacks Against MDMs
Amphion Forum 2013: What to Do About Attacks Against MDMs
 
An Overview of mRATs
An Overview of mRATsAn Overview of mRATs
An Overview of mRATs
 
How Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure ContainersHow Mobile Malware Bypasses Secure Containers
How Mobile Malware Bypasses Secure Containers
 
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)Anatomy of a Targeted Attack against Mobile Device Management (MDM)
Anatomy of a Targeted Attack against Mobile Device Management (MDM)
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

BlackHat Europe 2013 - Practical Attacks against Mobile Device Management (MDM)

  • 1. Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013
  • 2. • Security researcher for almost a decade – From PC to Mobile – Low level OS research • Researcher at Lacoon Mobile Security – Developing a dynamic analysis framework for analyzing spyphones and mobile malware About: Daniel
  • 3. • Decade of experience researching and working in the mobile security space – From feature-phones to smartphones – Mobile Security Research Team leader at NICE Systems • CEO and co-founder of Lacoon Mobile Security About: Michael
  • 4. Introduction to MDM and Secure Containers Rise of the Spyphones Bypassing secure container encryption capabilities Recommendations and summary Agenda
  • 5. MDM AND SECURE CONTAINERS 101
  • 6. • Helps enterprises manage BYOD (Bring Your Own Device) and corporate mobile devices • Policy and configuration management tool • Offerings include separating between business data and personal data Mobile Device Management
  • 7. MDM: Penetration in the Market “Over the next five years, 65 percent of enterprises will adopt a mobile device management (MDM) solution for their corporate liable users” – Gartner, Inc. October 2012
  • 8. • Software management • Network service management • Hardware management • Security management – Remote wipe – Secure configuration enforcement – Encryption MDM Key Capabilities
  • 9. • All leading MDM solutions provide secure containers – MobileIron – AirWatch – Fiberlink – Zenprise – Good Technologies Secure Containers
  • 10. Behind the Scenes: Secure Containers Enterprise Application Sandbox Secure Container Encrypted Storage Secure Communication (SSL/VPN)
  • 12. Business Impact Complexity Mobile Malware Apps Consumer-oriented. Mass. Financially motivated, e.g.: - Premium SMS - Fraudulent charges - Botnets Spyphones Targeted: • Personal • Organization • Cyber espionage The Mobile Threatscape
  • 13. Convergence of Personal Info • Contacts • Emails • Messages • Calls • Corporate Information Follows us everywhere • Office • Meetings • Home • Travel Perfect Spy Hardware • Always Online • Location • Microphone • Camera Why Mobile?
  • 14. Spyphone Capabilities Eavesdropping and Surround Recording Extracting Call and Text Logs Tracking Location Infiltrating Internal LAN Snooping on Emails and Application Data Collecting Passwords
  • 15. Examples More Than 50 Different Families in the Wild
  • 16. The High-End • FinSpy – Gamma Group • DaVinci RCS – Hacking Team • LuckyCat – Chinese • LeoImpact Low End High End
  • 17. The Low-EndLow End High End • Starting at $4.99 a month! What a steal! – For iOS, Android, Blackberry, Windows Mobile/Phone, Symbian, … • Professional worldwide support • Very simple and mainstream – So simple that even your mother could use it • On your father • Available at a reseller near you!
  • 18. • From high-end to low-end – Difference is in infection vector -> price • End-result is the same – For $5, you get nearly all the capabilities of a $350K tool Spyphones: Varying Costs, Similar Results
  • 20. • Partnered with worldwide cellular network operators: – Sampled 250K subscribers – Two separate sampling occasions • Infection rates: – March 2012: 1 in 3000 devices – October 2012: 1 in 1000 devices Spyphones in the Wild
  • 21. Spyphone Distribution by OS 52% 35% 7% 6% iOS Android Symbian Unknown
  • 22. 51% 12.39% 30.79% 1.40% 3.90% Android Blackberry iOS Symbian Windows Phone 7 and Windows Mobile Mobile OS Market ShareSpyphone Distribution by OS Comscore, March 2012 52% 35% 7% 6% iOS Android Symbian Unknown
  • 23. IT’S ALRIGHT, IT’S OK, “SECURE CONTAINER” IS THE WAY?
  • 24. • Secure Containers: – Detect JailBreak/Root – Prevent malicious application installation – Encrypt data – Dependent on the OS sandbox Secure Container Re-Cap
  • 25. • JailBreaking (iOS)/ Rooting (Android) detection mechanism – “Let Me Google That For You” – Usually just check features of JB/ Root devices (e.g. is Cydia/ SU installed) • Cannot detect exploitation Opening the Secure Container (1)
  • 26. • Prevention of malicious app installation (Android) – Targeted towards mass malware • Third-Party App restrictions – Should protect against malware • Has been bypassed – Both for Android and iPhone Opening the Secure Container (2)
  • 28. • Install Malicious Application – Possible Vector – Publish an app through the market • Use “Two-Stage”: Download the rest of the dex later- and only for the targets we want • Get the target to install the app through spearphishing – Physical access to the device would also work Android Demo: Technical Details (1)
  • 29. • Privilege Escalation – We used the Exynos exploit. (Released Dec., 2012) • Create a hidden ‘suid’ binary and use it for specific actions – Place in a folder with --x--x--x permissions – Undetected by generic root-detectors Android Demo: Technical Details (2)
  • 30. • We listen to events in the logs – For <=2.3 we can just use the logging permissions – For >4.0 we use access the logs as root • When an email is read…. Android Demo: Technical Details (3)
  • 31. • We dump the heap using /proc/<pid>/maps and /mem – Then search for the email structure, extract it, and send it home Android Demo: Technical Details (3)
  • 34. • Install Malicious Application – Possible Vectors – Use the JailBreak just for the installation • Install signed code using Enterprise/Developer certificate • Remove any trace of the JailBreak – Or just jailbreak and hide the jailbreak – Repackage the original application iOS Demo: Technical Details (1)
  • 35. Load malicious dylib into memory (it’s signed!) Hook using standard Objective-C hooking mechanisms Get notified when an email is read Pull the email from the UI classes Send every email loaded home iOS Demo: Technical Details (2)
  • 36. • DYLD_INSERT_LIBRARIES – Was very common previously, a bit harder now • MACH-O editing – Requires to resign code or leave device jailbroken – Number of tools to do the work for you • Objective-C Hooking – Objc_setImplementation…. Code Injection
  • 39. • “Secure” Containers depend on the integrity of the host system 1. If the host system is uncompromised: what is the added value? 2. If the host system is compromised: what is the added value? • We’ve been through this movie before! Secure Containers…Secure?
  • 40. • MDM provides Management, not absolute Security • Beneficial to separate between business and personal data • Main use-case – Remote wipe of enterprise content only – Copy & Paste DLP Infection is Inevitable
  • 41. • Use MDM as a baseline defense for a multi- layer approach • Needs rethinking outside the box (mobile) • Solutions on the network layer: – C&C communications – Heuristic behavioral analysis – Sequences of events – Data intrusion detection Mitigating Spyphone Threats
  • 42. THANK YOU! QUESTIONS? Email us at: michael@lacoon.com daniel@lacoon.com

Editor's Notes

  1. Pleasentries
  2. Bypassing secure container encryption capabilitiesDemoTechnical aspects
  3. Software management — This is the ability to manage and support mobile applications, contentand operating systems. The components are:■ Configuration■ Updates■ Patches/fixes■ Backup/restore■ Provisioning■ Authorized software monitoring■ Transcode■ Hosting■ Managed mobile enterprise application platforms (MEAPs)■ Development■ Background synchronization.■ Network service management — This is the ability to gain information off of the device thatcaptures location, usage, and cellular and WLAN network information. The components are:■ Invoice/dispute■ Procure and provision■ Reporting■ Help desk/support■ Usage■ Service and contract■ Hardware management — Beyond basic asset management, this includes provisioning andsupport. The components are:■ Procurement■ ProvisioningGartner, Inc. | G00230508 Page 25 of 34■ Asset/inventory■ Activation■ Deactivation■ Shipping■ Imaging■ Performance■ Battery life■ Memory■ Security management — This is the enforcement of standard device security, authenticationand encryption. The components are:■ Remote wipe■ Remote lock■ Secure configuration■ Policy enforcement password-enabled■ Encryption■ Authentication■ Firewall■ Antivirus■ Mobile VPNAlthough many MDM vendors may have different definitions, these are the general areas we assessin MDM.
  4. The Secure Container engine -Containment of corporate data in encrypted environmentEmailsDocsApp wrappers
  5. Spyphone = Remote Access Tool
  6. For mass market, success is dependent on number of users, identity irrelevantFor targeted attacks, success is dependent on reaching a specific person (or people)
  7. RAT’s aren’t new, why the sudden rise in popularity for mobileOur assumption is
  8. Spyphones more popular than spyware on laptops (Shai’s example).EavesdroppingExtracting Call and Text LogsTracking LocationInfiltrating Internal LANSnooping on Corporate Emails and Application Data
  9. Wide spectrum of SpyPhones from official companies helping the average joe spy on his girlfriend, child, or catTo those sold only to goverments
  10. Cost upwards of 250 eurosFinSpy- BaharainDaVinci - DrWebLuckyCat – A sample of amobie agent was found on one of the servres
  11. Starcuks latte
  12. The mindset is that everyone can go and buy one, but does it really happen, or is it just fear mongeringThese numbers are especially troubling when we realize that every person in this sample who was installed was targeted personallyTHIS IS NOT MASS MALWARE
  13. October 2012: 1 in 1000 devices
  14. Anyway to make it look better?
  15. Akin to encrypting the phone but reading emails in plain-text