Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cp3201 mobile security final


Published on

  • FREE TRAINING: "How to Earn a 6-Figure Side-Income Online" ... ➤➤
    Are you sure you want to  Yes  No
    Your message goes here
  • Stop getting scammed by online, programs that don't even work! ◆◆◆
    Are you sure you want to  Yes  No
    Your message goes here

Cp3201 mobile security final

  1. 1. Ong Howe Shang<br />KohJyeYiing<br />Mobile Security - Malwares<br />
  2. 2. Agenda<br />Current Trends<br />Threats:<br />Denial of Service to VoIP<br />Bluetooth Hacking<br />SMS viruses<br />Man-in-mobile attacks<br />Mobile eavesdropping<br />Data Theft<br />Mobile Viruses:<br />Soundminer<br />Zeus<br />Geimini<br />Solutions<br />
  3. 3. Current Trends<br />Increasing number of mobile phone user-base<br />Capabilities of smart phones<br />mCommerce<br />Mobile vouchers, coupons and loyalty cards<br />Mobile marketing and advertising<br />Mobile Browsing<br />mWallets<br />mobile identity<br />
  4. 4. Current Trends<br />Growth of smartphone market:<br />Source take from M86 Security Labs: Threat Predictions 2011<br />
  5. 5. Current Trends<br />More than a million mobile apps available and one billion smartphones in circulation<br />No mandatory information security regulations<br />Factors for the increase in mobile malware:<br />Mobile devices becoming gold mines for storing, collecting and transmitting confidential data. <br />Mobile banking and NFC enabled (online banking transactions) payments are beginning to be targeted by cybercriminals<br />
  6. 6. Current Trends-<br />Growth of mobile malware:<br />Source take from Malware goes Mobile Novemeber 2006<br />
  7. 7. Cases and Incidents<br />Case 1: <br /> In late September 2010, ZeuS was released to steal financial credentials . The virus can infect the mobile device and sniff all the SMS messages<br />Case 2: <br /> 4th October 2010, a 3rd iteration of “FakePlayer” SMS Trojan was release to Android mobile phones. <br />
  8. 8. Cases and Incidents<br />Case 3: <br />
  9. 9. Cases and Incidents<br />Case 4: <br /> End of 6 October, a Firefox plugin name “Firesheep” was released to conduct “sidejacking” to steal session cookies<br /> Critical when users use iPads and mobile to accessed web through public Wi-Fi hotspots<br />
  10. 10. Case 5: Identity theft, stalking and bullying<br />Cases and Incidents<br />
  11. 11. Story on how the mobile virus spreads <br />
  12. 12. Story on how the mobile virus spreads <br />
  13. 13. Story on how the mobile virus spreads <br />
  14. 14. Story on how the mobile virus spreads <br />
  15. 15. Story on how the mobile virus spreads <br />
  16. 16. Story on how the mobile virus spreads <br />
  17. 17. Story on how the mobile virus spreads <br />
  18. 18. The Changing Threat Environments<br />
  19. 19. Threat: Denial of service to VoIP<br />Tom Cross - X-Force Researcher , IBM Internet Security Systems) said:<br />“Criminals know that VoIP can be used in scams to steal personal and financial data so voice spam and voice phishing are not going away”<br />
  20. 20. Threat: Denial of service to VoIP<br />People are trained to enter social security numbers, credit card numbers, bank account numbers over the phone <br />Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft<br />Customer demand better availability from phone service than they would from an ISP<br /> Threat of a DoS attack might compel carriers to pay out on a blackmail scam.<br />
  21. 21. Bluetooth hacking<br />
  22. 22. Threat: SMS Viruses<br />Known as the ‘SMS of death’<br /> Threatens to disable many Sony Ericsson, Samsung, Motorola, Micromax and LG mobile phones<br />It’s payload?<br />A simple malicious text or MMS messages which it sends <br />What it results in?<br />crashing of mobile phones<br />Some of the bugs discovered have the potential to cause problems for entire mobile networks.<br />
  23. 23. Threat: SMS Viruses<br />iPhone SMS attack<br />a series of malicious SMS messages - a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code.<br />Results from a bug in the iPhone iOS software that could let hackers take over the iPhone, just by sending out and SMS message<br />
  24. 24. Threat: Man-in-mobile attacks<br />Man-in-mobile works by<br />
  25. 25. Threat: Mobile eavesdropping<br />FBI taps cell phone mic as eavesdropping tool<br />The technique is called a "roving bug“<br />Use against members of a crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.<br />"functioned whether the phone was powered on or off."<br />
  26. 26. Threat: Data Theft<br />Data theft is the leaking out of information on the mobile phones.<br />Stolen<br />Remember this story <br />From just now?<br />Solution lies in TenCube’sWaveSecure<br />
  27. 27. Threat: Mobile Malware<br />Smart phones are being “attacked” by malicious software which could severely threaten both the users and the usefulness of the phone <br />Malwares: <br />Cabir: <br />Infects Symbian OS mobile phones<br />Infected phone displays the message 'Caribe’<br />The worm attempts to spread to other phones via wireless Bluetooth signals<br />
  28. 28. Threat: Mobile Malware<br />Skulls: <br />Infects all types of mobile phones<br />Trojan virus replaces all phone desktop icons with images of a skull<br />Renders all applications<br />
  29. 29. Threat: Mobile Malware<br />CommWarrior: <br />First worm to use MMS messages in order to spread to other devices<br />Infects devices running under OS Symbian Series 60<br />Spreads through Bluetooth<br />ZeuSMitmo<br />Steals username and passwords<br />Injecting HTML or adding field using JavaScript<br />
  30. 30. Agenda<br />Current Trends<br />Cases and Incidences<br />Threats:<br />Denial of Service to VoIP<br />Bluetooth Hacking<br />SMS viruses<br />Man-in-mobile attacks<br />Mobile eavesdropping<br />Data Theft<br />Mobile Viruses:<br />Soundminer<br />Zeus<br />Geimini<br />The difference between Apple and <br /> Android’s security model<br />Solutions<br />
  31. 31. Agenda<br />Current Trends<br />Cases and Incidences<br />Threats:<br />Denial of Service to VoIP<br />Bluetooth Hacking<br />SMS viruses<br />Man-in-mobile attacks<br />Mobile eavesdropping<br />Data Theft<br />Mobile Viruses:<br />Soundminer<br />Zeus<br />Geimini<br />The difference between Apple and <br /> Android’s security model<br />Solutions<br />
  32. 32. Taking a closer look at the viruses we’ve been studying<br />
  33. 33. Geimini and ZeuS in the news<br />
  34. 34. Geimini on the news<br />
  35. 35. Geimini<br />Geinimi is a Trojan affecting Android devices<br />emerging through third-party application sources<br />Geinimi, means “give you rice” (Ghay-knee-mē) in chinese, which is essentially slang for “give you money”<br />Geinimi can<br />Read and collect SMS messages<br />Send and delete selected SMS messages<br />Pull all contact information and send it to a remote server (number, name, the time they were last contacted)<br />Place a phone call<br />Silently download files<br />Launch a web browser with a specific URL<br />
  36. 36. ZeuS<br />Malicious users weren’t interested in all of the text messages — just the ones that contained authentication codes for online banking transactions<br />The attack’s set up<br />This shows that malicious users are constantly broadening their interests. Prior to this, text message authentication was a reliable form of online banking transactions <br />Now, malicious users have found a way to bypass even this level of security.<br />
  37. 37. ZeuSSymbOS/Zitmo.A = SMS Viruses<br />SMS viruses are part of the Zeus Trojan’s payload<br />Called the SymbOS/Zitmo.A<br />Implemented for gathering information from victims<br />So it could send a targeted download link to them<br />Send an mTAN SMS messages sent from an infected user’s bank to an attacker<br />The attacker could then change what numbers were monitored by the spyware to go after specific banks<br />
  38. 38. SymbOS/Zitmo.A<br />What we find interesting is that the SymbOS/Zitmo.A virus is great at avoiding detection!<br /><ul><li>Symbos/Zitmo.B process running on a Symbian phone. The spyware does not show a GUI.
  39. 39. MSIL/Zitmo.B running on device. The spyware does not show a GUI.</li></li></ul><li>The bank (account) robbers have not stopped at their first mobile spyware attempt.  This time around the thieves went after bank accounts in Poland.<br />They created the latest update: MSIL/Zitmo.B<br />Works for Windows Mobile or other .Net Compact Framework and <br />SymbOS/Zitmo.B<br />Latest news on SymbOS/Zitmo.A<br />
  40. 40. How ZeuSSymbOS/Zitmo.A works? (1)<br />Trojan ask for new details in website: mobile vendor, model, phone number<br />Send SMS to mobile device with a link to download<br /><br />
  41. 41. How ZeuSSymbOS/Zitmo.A works? (2)<br />Backdoor installed to receive commands via SMS<br />Send commands for SMS attacks for own profit (SMS charges)<br />
  42. 42. Now to watch the Soundminer demo<br />
  43. 43. Soundminer (1)<br />Low-profile Trojan horse virus for Android OS<br />Steals data => unlikely to be detected<br />Soundminer<br />Monitors phone calls<br />Records credit card number<br />Uses various analysis techniques<br />Trims the extraneous recorded information down to essential credit card number<br />Send information back to the attacker over the network<br />
  44. 44. Soundminer (2)<br />Designed to ask for as few permissions as possible<br />Soundminer is paired with a separate Trojan, Deliverer => responsible for sending the information <br />Android OS security mechanisms could prevent communication between applications<br />Communicates via “covert channels” <br />vibration settings<br />
  45. 45. Soundminer (3)<br />Code sensitive data in a form of vibration settings <br />Unlikely to raise suspicion<br />Two antivirus programs, VirusGuard and AntiVirus, both failed to identify Soundminer as malware<br />Study by Kehuan Zhang, Xiaoyong Zhou, MehoolIntwala, ApuKapadia, XiaoFeng Wang called Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones<br />
  46. 46. iOS and Android’s Security Models<br />
  47. 47. Security Models: iOSvs Android<br />
  48. 48. Security Models: iOSvs Android<br />
  49. 49.
  50. 50. Security Models: iOSvs Android<br />Trend Micro believes the iOS security model is better<br />
  51. 51. Security Models: iOSvs Android<br />Many believe the iOS security model is better just because Android’s model is receiving a lot of bad press.<br />
  52. 52. Solutions we believe to be useful for Android<br />
  53. 53. Solutions (1)<br />Either create a strict app filtering process like how Apple’s AppStore does it or create a market crawling tool to look for potential malicious apps<br />With more granular permissions<br />All the viruses could be prevented<br />Or at least disclosed to user at install time<br />Sandboxing to the rescue<br />Browser -> still a big deal<br />Media player -> not catastrophic<br />Crowd-sourcing -> getting people to report<br />
  54. 54. Solutions (2)<br />Protection is system-level, not app-level<br />Bad considering proliferation of rooted phones<br />Combined with 24 hour refund<br />Likely to see pirated apps distributed in near future<br />Third-party protection available<br />Eg. SlideLock and Lookout<br />
  55. 55. Back to the iPhone vs Android’s security model<br />Mobile security is a delicate balance<br />restricted vs. open platforms<br />Allow self-signed apps?<br />Allow non-official app repositories?<br />Allow free interaction between apps?<br />Allow users to override security settings?<br />Allow users to modify system/firmware?<br />Financial motivations<br />
  56. 56. Some Simple Tips And Tricks<br />Do not use any device inflected with malware for exchanging data.<br />De-activate after using blue tooth.<br />De-activate your infrared function.<br />After registering, in few sites then those sites send you confirmation or verification to your mobile phone. Always check the backgroundbefore registering on any web sites is safe or not then click ok.<br />While saving the data, check it with Antivirus Software.<br />Ignore SMS, if you don’t know the sender.<br />Use mobile antivirus.<br />
  57. 57. Future Concerns?<br />Attack during mobile firmware update<br />Firmware loaded into phone<br />A “preloaded” virus <br />Crackers -> hack the source servers or use a man-in-mobile attack <br />
  58. 58. Future Concerns?<br />
  59. 59. "There is no security on this earth, there is only opportunity" - General Douglas MacArthur (1880-1964)<br />Both JyeYiing and myself would like to thank you for listening!<br />
  60. 60. Thank you for listening! Any Questions?<br />