I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

506 views

Published on

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
506
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure

  1. 1. #ACAD-­‐CSIRT  Mobile Security, MobileMalware & CountermeasureIGN Mantra, ChairmanEmail: mantra@acad-csirt.or.id, URL: acad-csirt.or.idHoneynet Seminar 2013
  2. 2. #ACAD-­‐CSIRT  MOBILE TRENDS
  3. 3. #ACAD-­‐CSIRT  Why the mobile phone BOOM
  4. 4. #ACAD-­‐CSIRT  The complex picture of the mobile phone marketBut mobile phone market share doesn’t tell the full storySource: VisionMobile
  5. 5. #ACAD-­‐CSIRT  Smartphones reached 30% market share in 2011483M units shipped worldwideSmartphone shipments as a % of total handset shipmentsSource: VisionMobile
  6. 6. #ACAD-­‐CSIRT  Smartphone sales vary greatly by region Q2 2011are the majority of handset sales in North America (63%) and Europe (51%)Market shareSource: VisionMobile
  7. 7. #ACAD-­‐CSIRT  Android became dominant smartphone OSSamsung and HTC benefited the most from Android success (Q4 2011)Smartphone market share by OEM and platform (H2 2011)Source: VisionMobile
  8. 8. #ACAD-­‐CSIRT  Android turned the tables on handset makersSamsung and HTC benefited, Nokia, Motorola, Sony were challengedBeneficiaries:fast-moving challengersEfficient cost structure plus ability to differentiatein software, hardware or bothlow cost assemblersCost structure optimised for razor-thin marginsAndroid is a long-term opportunity for global reachUnder pressure:old guard OEMsCost structure requiring high-marginsCommoditising effect of Android makes high-margins unattainable for OEM without ownecosystem or meaningful differentiationNo Name source: VisionMobile
  9. 9. #ACAD-­‐CSIRT  MOBILE MALWARE
  10. 10. #ACAD-­‐CSIRT  10 Malware Types 2013source : boston.comDroidKungFuGeinimiPlankton DroidDreamAndroid.PjappsIkeeZitmoHongTouTouTimifonicaSymbOS.Skull
  11. 11. #ACAD-­‐CSIRT  Mobile Malware Statistic 2013Source : Kaspersky Lab
  12. 12. #ACAD-­‐CSIRT  Mobile MalwareMalware is software withmalicious purpose. It may bedesigned to disable your phone,remotely control your phone, orsteal valueable your information.Mobile malware uses the sametechniques as a PC malware toinfect mobile devices.apppc
  13. 13. #ACAD-­‐CSIRT  The Growth
  14. 14. #ACAD-­‐CSIRT  Malware Samples LibrarySource : http://rogunix.com/docs/Android/Malware/
  15. 15. #ACAD-­‐CSIRT  The Real Dangers of Mobile MalwareBank accountpassword arestolen.Private informationis captured.Phone data isdeleted.Device is “bricked”and need replacingThe phone isforced to send thesms premiumnumbers. (sedotpulsa).Malware infecteddevices can be usedby botnet owners tolaunch attacks ondigital targets.
  16. 16. #ACAD-­‐CSIRT  How they get youPHISINGA fake version of real sitegathers your log-in ad otherprivate informationsSPYWARESilently collects informationfrom users and sends it toeavesdroppersEXPLOITINGSome malware will exploitmobile platform vulnerabilities togain control of the deviceWORMA program tha replicates itselfspreading throughout a networkMAN IN THE MIDDLEThe attackers becomes amiddle man in a communicationstream and logs all informationrelayed between thecommunicating partiesDIRECT ATTACKComes from files or viruses sentright to your cell phone.
  17. 17. #ACAD-­‐CSIRT  PROTECT MOBILE DEVICE
  18. 18. #ACAD-­‐CSIRT  Mobile Malware & AwarenessOf users say that theyare unaware ofsecurity software forsmartphonesOf mobile users bankfrom a phone, yet mostdon’t have securitymeasures in place53%24%
  19. 19. #ACAD-­‐CSIRT  What should You Do and Don’tDO•  Make sure the OS and sowftware areup to date at all times•  Download apps from reputable sitesand closely review app permissionrequests.•  Make sure to check the feedbackfrom other users before installing theprogram from an app store•  User strong password•  User personal firewall•  Turn off bluetooth and otherconnections when not in use•  Install a mobile security application.DON’T•  Download apps from thirdparty app repositories•  Jailbreak your phone•  Leave your “wifi ad hocmode on”•  Accessing banking orshopping sites over a publicWIFI connection•  Leave your mobile deviceunattended in public places.
  20. 20. #ACAD-­‐CSIRT  References•  A window into Mobile device security–  http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf•  http://www.continuitycentral.com/feature0919.html•  http://www.usatoday.com/tech/news/story/2012-03-22/lost-phones/53707448/1]•  US-CERT Resource: Paul Ruggiero and Jon Foote,“Cyber Threats to Mobile Phones”, http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf)•  Top 10 android Security Riskshttp://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm
  21. 21. #ACAD-­‐CSIRT  TERIMA KASIHIGN MANTRAEmail : incident@acad-csirt.or.id, info@acad-csirt.or.id

×