IntroductionMobile devices have become more technical in recent years.• Wireless connectivity• Short range connections via Bluetooth• Mobile Applications• This has lead to the increased vulnerability of mobile device
Mobile Malware 2012Attacks increased by 185 %• increased number of mobile devices99% of these attacks related to Android Mobile devices
What makes Android vulnerable toAttacks?Android is the most popular operating system• 75% of the market shareAndroid Applications widely available• Anyone can post App’s to Google’s Android MarketAndroid is slow in fixing detected flaw
Recent Malware AttacksMarch 2013 – First discovered mobile malware attack• Stole SMS messages, call logs, contacts and phone dataDecember 2012 – Malware used to steal €36 million from 30,000 bank accounts
Main Types of Malware• Collect device data - 28%• Spies on user - 25%• Send content - 24%SMishing, Fake Apps, Stealing Information suchas bank details – major threats
BYODBring Your Own Disaster?• Unknown third-party access via mobile apps• Challenges in tracking data• Data management, segregation difficult for compliance• Stolen, lost mobile devices leak data• Disgruntled employees a risk
Motives• Financial • Main reason for malware• Social • Boosting image as a hacker• Political Agendas • Trojan implanted in a popular app supporting “Arab Spring”
How to detect mobile malware2 methods of detection:• Simple detection techniques• Technical detection technique
Simple detection techniquesSymptoms of Mobile malware• Slow performance• Quick battery consumption• Applications refusing to open or work• Automatic sending of text message to contacts• GPS active even when a program is not running
Technical Detection TechniquesStatic Analysis• Detects malware in operating systems by dissembling mobile deviceDynamic Analysis• Mobile device is isolated into a virtual machine and behaviour is monitoredApplication Permission Analysis• Performs permission checks on installed applications
• Defence against Malware & Viruses• Smarthphones can be attacked in two mediums• Corporate level• Everyday Users
OrganizationsOrganizations need security because member of enterprise are accessinginformation on their mobile devices.National Institute of Standards and Technology provide security guidelines.4 different categories of security that organizations should fall underaccording with NIST guidelines.
4 Categories1) General Policy – enforce enterprise security like monitoring when policyviolations occur.2) Encryptions Policy – making sure that there is strong encryption toprevent attacks.3) Authentication – making sure that users must pass security breaches toget access.4) Restriction – restricting people who you don’t want to have access to yourresources.
BYODAbbreviated for Bring Your Own Devices to Work.People bring these devices to work but there must be security policies forthese devices as well as the organization original hardware.Organizations should specify what devices are allowed.Define what sites are allowed to be used and companies should have aemployee exit strategy.
Everyday UsersUsers use smartphones everyday carrying out transactions with sensitiveinformation like e-mails and bill payments.Current day users are blissfully unaware of the malware and viruses that canpossible interact with their devices.Users should gain education of what malicious kinds of attacks are out thereand what security is available.
Helpful Tips for UsersInstall anti-virus software on their mobile devices.Do not connect to unusual Wi-Fi network.Avoid clicking links that come from unsecure sources as this can forwardusers on to harmful sites.Avoid geo-tagging if people you don’t know will have access to theinformation.Make sure there is encryption system in your device.
Future of Mobile Malware & VirusesGoing to get worse before it gets better because Users are only getting togrips with mobile security.Mobile devices are less protected than computers.More sophisticated methods be introduced so it will be harder to pin down.Examples of future threats are SMS phishing and NFC pay-servicecorruption.