Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Issues in the Mobile Environment

2,490 views

Published on

The status of the mobile world and its security issues in mid 2012

Published in: Technology, Business
  • Be the first to comment

Security Issues in the Mobile Environment

  1. 1. Mobile Applications &SecurityLigia Adam, Security Evangelistladam@bitdefender.com@LigiaAdamCopyright@bitdefender 2012 / www.bitdefender.com
  2. 2. mobile devices are on the rise • at the end of 2011, there were 6 billion mobile subscriptions • there are now 1.2 billion mobile Web users worldwide - aka ~17% of the global population uses a smartphone • and over 491.4 million smartphones were sold worldwide in 2011Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 2
  3. 3. global use of mobile browsingCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 3
  4. 4. what’s mobile used for (now) Most popular mobile destinations are news and information, weather reports, social networking, search and maps. - mobile browsers for banking, travel, shopping, local info, news, video, sports and blogs - apps for games, social media, maps and musicCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 4
  5. 5. mobile environment status • there are more than 400,000 Android apps on Google Play • iPhone & iPad users get to choose between over 650,000 iOS Apps • Apps usage • nearly 2 in 3 smartphone users use apps daily • App users had an average of 12 apps on their devices • mobile app downloads should jump to ~50 billion in 2012Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 5
  6. 6. the need for mobile security • Mobile malware attacks are up 155 percent across ALL platforms in the last year, according to Juniper • The most vulnerable platform is Android, where malware increased by more than 4500% in a year (!) • iPhones and iPads are very vulnerable to jailbreaking services that infect the device during the rooting process and just as vulnerable to web browsing attacks as any other device • There are HUGE privacy issues with iOS apps (according to Clueful stats) • attacks to Blackberry and Symbian platforms also doubled since last yearCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 6
  7. 7. Mobile Phising• phishing (criminals attempt to trick users into sharing passwords etc)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 7
  8. 8. Tips to Avoid Becoming a Mobile Banking Phishing Victim - Before you click on a link, make sure it is legitimate. - Remember that e-banking can be risky, especially when using a mobile device - Always keep your mobile device operating system and antivirus solution updated.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 8
  9. 9. Trojans for mobileCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 9
  10. 10. SndApps TrojanCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 10
  11. 11. Mobile Spyware • tracks user’s activity, sending the phone’s location, IMEI, phone number, address book to advertisers etc • 61% of the malware detected on phones is spyware • it does not affect the phone’s functionalityCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 11
  12. 12. the dark side of the mobile world Other threats for mobile users are: • worms (a program that copies itself onto multiple devices via network connections), • man-in-the-middle attacks (where a criminal intercepts and manipulates messages between two devices or device and computer) • Slavery - phones can even be used by part of a botnet (this is a network of infected ‘slave’ devices used for malicious purposes). • Spam / excessive advertising / privacy breaches • losing the deviceCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 12
  13. 13. types of mobile app risks Malicious Functionality • Activity monitoring and data retrieval (e.g: Secret SMS Replicator for Android) • Unauthorized dialing, SMS and payments (Fake Player) • Unauthorized network connectivity • UI Impersonation • System modification (modifying the device proxy configuration or APN (Access Point Name). • Logic or Time bombCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 13
  14. 14. types of mobile app risks / II App Vulnerabilities • Sensitive data leakage (inadvertent or side channel) • Unsafe sensitive data storage • Unsafe sensitive data transmission • Hardcoded password/keysCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 14
  15. 15. how to get to mobile hell • direct download, SMS, MMS, e-mail and Bluetooth. • via device rooting • Not paying enough attention to your mobileCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 15
  16. 16. Q1 mobile malware landscape / I • the most frequent e-threats identified by Bitdefender in the mobile malware landscape for Q1 2012 are related to: - data theft and - malware strains related to device rooting via operating system exploits • data privacy is the number one targeted area - re-packaged applications bundled with malware and delivered through alternative Android Marketplaces have proven an effective means of distributing malicious appsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 16
  17. 17. Q1 mobile malware landscape / II • China, Russia and France have the highest count of smartphone users affected by malware. - These numbers reflect an increase in pirated applications re- packed with malicious code 29.92% 29.49% China United States Spain United Kingdom Romania 6.68% Germany 4.40% India 5.84% France 1.74% 4.47% 3.03% 4.51% 5.06% Russian Federation 4.87% Belgium OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 17
  18. 18. Latest trends in Android malware • Crafty adware, followed by Fake Battery Doctor and Exploit malware (rooted devices) • SMS senders (7th place) and Hack Tools will send users fake notification updates and lure your social media credentialsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 18
  19. 19. Top Android malware in US Android.Adware.Mulad.A 42.68% Android.Adware.Ropin.B Android.Adware.Wallap.A 50.07% Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.C Android.Exploit.Exploid.D 4.04% Android.Exploit.GingerBreak.A Other 0.14% 0.42% 0.84% 0.98% 0.14% 0.14% 0.28% 0.28%Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 19
  20. 20. Top Android malware in DE 0.08% 1.07% 0.38% 0.54% 0.15% 12.88% 0.15% 0.46% 0.08% 0.23% Android.Adware.Mulad.A Android.Adware.Ropin.B Android.Adware.Wallap.A Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Asroot.D Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.C 83.97% Android.Exploit.Exploid.D OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 20
  21. 21. Top Android malware in UK 0.91% 0.20% 0.20% 0.40% 0.20% 0.30% 0.20% 0.61% 8.60% 0.10% Android.Adware.Mulad.A Android.Adware.Wallap.A Android.Exploit.Asroot.A Android.Exploit.Asroot.B Android.Exploit.Asroot.D Android.Exploit.Exploid.A Android.Exploit.Exploid.B Android.Exploit.Exploid.E Android.Exploit.GingerBreak.A 88.26% Android.Exploit.GingerBreak.C OtherCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 21
  22. 22. mobile security predictionsit will get worse, before it gets better, on all levels of mobile security: • software - We estimate a 6000% increase in Android malware samples (including variants) within the next 6 months - from 153 malware families and ~10 000 malicious apps in 2011 to over 3*10 000 malicious apps by the end of the year - an increase of fake battery apps being actually malware. - At the moment, ~80% od malicious apps steal data and ~20% overcarge the user. By the end of 2012, 90% of apps will focus on stealing data • privacy - We estimate HUGE app privacy issues on ALL platforms - detecting various apparently innocent apps that leak your data or which apps ask for extra permissions they don’t actually need • hardware - anti-theft / anti-loss security solutionsCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 22
  23. 23. May 2012Copyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 23
  24. 24. Bitdefender Mobile SecurityCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 24
  25. 25. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 25
  26. 26. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 26
  27. 27. BITDEFENDER MOBILE SECURITY LOVE Bitdefender Mobile Security is practically unnoticeable on your Android device and very easy to use. – PC Mag Bitdefender Mobile Security has the advantage of low system resource occupancy while protecting the mobile device - PCSL TestCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 27
  28. 28. Detailed FeaturesCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 28
  29. 29. How it looks likeCopyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 29
  30. 30. Anti-Theft in MyBitdefenderCopyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 30
  31. 31. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 31
  32. 32. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 32
  33. 33. POWER TUNE-UP IN ONE SLIDEBitdefender Power Tune-Up brings back control in yourhands. Optimize your Android device for maximumperformance, battery economy and controlled data traffic.Saves up batteryInforms you on the remaining time(for standby, talking, navigating)Keeps you from reaching data trafficlimits (3G, thresholds and notifications)Quickly frees up space(internal memory, internal and external SD card)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 33
  34. 34. THE BATTERY SAVERSave up precious battery life byswitching to the predefinedBattery Saver or create your owncustom profile.You have access to running apps(you can identify the CPU andRAM levels) and essential batteryeating options that you can turn onor off.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 34
  35. 35. THE BATTERY WIDGETWith the Power Tune-Upwidget you can keep aneye on your remainingbattery time.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 35
  36. 36. THE DATA METER - 3G DATA TRAFFIC COUNTERIt’s easy to browse away and forgetyou have a limited data plan.Set up a usage cap and Datameter will notify you before it’sreached.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 36
  37. 37. THE CLEAN-UP MODULERunning out of space?With Clean-Up you can removetemporary files, delete downloadedfiles or uninstall unwantedapplications to save space. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 37
  38. 38. 1. CPU used % Power Tune-Up: 0.093 System Panel, System Tuner Lite: 0.11 Mobile Utilities Task Killer (Norton): 0.14 2. RAM (in MB) Android Assistant: 5.61 System Tuner Lite: 5.69 Power Tune-Up: 6.09 System panel: 6.37 3. RAM (in MB) – Android Assistant #1 Power Tune-Up: 3.37 We ran our own benchmarks System Panel Lite: 3.49 Android Assistant: 3.56 and we’re beating the Mobile Utilities Task Killer (Norton): 3.58 competition in three out of 4. Android Battery % five performance tests Power Tune-Up: 0.37 System Panel: 0.54 System Tuner Lite: 0.65 Mobile Utilities Task Killer (Norton): 0.77 5. Space occupied (MB) System Panel Lite: 1.03 Free Advanced Task Manager: 1.37 Android Assistant: 2.01 Power Tune-Up: 2.02 Tested on: - Acer Iconia A500(android 3.2) - HTC HD2(android 4.0) - Samsung Galaxy Nexus(android 4.0.2)Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 38
  39. 39. Bitdefender Power Tune-Up Now out of BETA • FREE • available on Google Play (Android Market) • in English and Portuguese German, French, Spanish, Romanian to follow soonCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 39
  40. 40. Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 40
  41. 41. CLUEFUL is a world first!Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 41
  42. 42. Clueful is the only way to really understand apps, how they use your data and treat your privacy. Clueful identifies nasty apps on your iPhone. It looks at what applications are currently running in memory and it retrieves audit information from the Clueful Cloud. Theres no viruses on the App Store. Apps must pass an Apple review before acceptance on the App Store. The malicious apps are rejected. Most apps are not malicious. Theyre just careless with your data. Take a look under the hood. Be curious! Explore and analyze clues about your apps, including your favorite ones.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 42
  43. 43. There are apps that: -track your location - drain your battery - can read and make use of your address book - track usage behavior via Flurry (or other) analytics networks and display ads - handle your credentials in a sloppy way (think unencrypted over the web) - request access to your Facebook/Twitter/Google credentials - needlessly keep GPS or audio services on intensively, although they dont need to, which may rapidly drain your phones battery.Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 43
  44. 44. How it looks likeCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 44
  45. 45. THE CLUESCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 45
  46. 46. THE HOWS and WHENS Bitdefender Clueful • paid app • available worldwide on the App StoreCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 46
  47. 47. The Clueful App Check it out @ wwww.cluefulapp.comCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 47
  48. 48. Thank you! Q/A?Ligia Adam, Security Evangelistmail me: ladam@bitdefender.comFollow my Tweets: @LigiaAdamCopyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 48
  49. 49. Resources1. http://www.bitdefender.com/news/q1-2012-e-threat-landscape-report-2457.html2. http://www.itu.int/ITU-D/ict/facts/2011/material/ICTFactsFigures2011.pdf3. http://www.itu.int/ITU-D/ict/statistics/at_glance/KeyTelecom.html4. http://www.slideshare.net/CMSummit/ms-internet-trends060710final5. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats6. http://thenextweb.com/mobile/2011/11/29/report-smartphones-account-for-just-27-of-all- mobile-phones-worldwide/7. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#mobilepageviews8. http://www.theretailbulletin.com/news/mcommerce_quadruples_in_two_years_24-05-12/9. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#usprefersmobileweb10. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats11. http://mashable.com/2010/09/14/mobile-apps-pew-survey/12. http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011- Unprecedented-Mobile-Threat/ba-p/12952913. http://www.veracode.com/blog/2010/12/mobile-app-top-10-list/Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 49

×