SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.
The session will provide the risk of insecure mobile application development in various types with demonstration; Client-side, Communication channel and Server side. The presentation includes case study of insecure development practice which lead attacker to abuse the vulnerable application (e.g. Coin/Gem cheating on gaming app, Bypassing security control on client-side and server-side).
What is Secure Mobility? Remote working or working outside of the workplace With Any device from Anywhere at Anytime, ensuring High Security and Credential Assurance by using Active Security Policy Enforcement while Improving ease of use and management. This presentation goes into more detail regarding Secure Mobility from GGR Communications.
Comment spammers are most often motivated by search engine optimization for the purposes of advertisement, click fraud, and malware distribution. By spamming multiple targets over a long period of time, spammers are able to gain profit, and do harm. Comment spam attacks can cripple a website, impacting uptime, and compromise the user experience. Quickly identifying the source of an attack can greatly limit the attack’s effectiveness and minimize its impact on your website. This presentation will:
- Present an attack from both points of views – the attacker's and the victim’s
- Identify tools utilized by comment spam attackers
- Discuss mitigation techniques to stop comment spam in its early stages
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.
(Source: RSA USA 2016-San Francisco)
Here you can find the flyer with all of our services and features: Cybersercurity Platform Brochure. Vulnerability assessment, Network Scan, Code Review, GDPR Compliance and much more… Swascan is the perfect tool for any corporate need.
https://www.swascan.com/brochure-swascan/
IronPort works as Proxy, URL Filtering, Anti-Virus & Anti Phishing.
IronPort protect enterprises against Internet threats. It was best
known for IronPort AntiSpam, the SenderBase email reputation
service, and email security appliances. These appliances ran a
modified FreeBSD kernel under the trademark AsyncOS.
Level Up Your Security with Threat IntelligenceIBM Security
View on-demand webinar: https://securityintelligence.com/events/level-security-threat-intelligence/
As companies struggle to protect valuable data, threat intelligence can provide a much-needed “power up” to help enhance the detection and prevention capabilities of many security solutions like SIEMs, intrusion prevention, and malware and endpoint protection. By adding external context to internal indicators through seamless integration of data and insights, a better view of the network can help decipher the attackers’ playbook.
View this on-demand webinar to learn:
- How to use threat intelligence to improve security decision making
- Why open standards are a must to support security integration
- Best practices for integrating threat intelligence into your security practice
Building an Android Scale Incident Response ProcessPriyanka Aash
The Android ecosystem has over one billion active devices from hundreds of OEMs and carrier networks. The Android Security Team will explain how the ecosystem is able to respond quickly and effectively to security incidents. This will be part historical analysis of actual incidents, such as the Stagefright vulnerabilities, and part data-focused analysis of technology and processes we developed.
(Source: RSA USA 2016-San Francisco)
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
IT security teams have a tough job. While organizations depend upon Internet access to conduct business, security teams are responsible for safeguarding these communications and transactions from those who wish to profit by stealing intellectual property, customer private data or even just encrypting your data and demanding a ransom for its safe recovery. There are a number of tools available to monitor log events, network flows, and packet captures, but most of these are performing after-the-fact analysis. That can make it easy for the bad guys to hide out on your network.
IBM QRadar Network Insights (QNI) uses innovative network threat analytics to identify malicious content – including those hidden in data transmissions, SSL certificate violations, protocol obfuscation, file tags, and suspicious network flows – and then pieces together those indicators of attack to provide security teams with real-time alerts. These alerts help organizations detect attacks that are in progress, as well as determine what damage may have already been inflicted.
View this on-demand webinar to learn how QRadar Network Insights can:
Remove network blind spots and reduce complexities in log data to reveal previously hidden threats and malicious behaviors;
Record application activities, capture file metadata and artifacts, and identify assets, applications and users participating in network communications;
Reduce the impact of threats associated with malware, phishing emails, data exfiltration, and the lateral network movements of advanced attacks.
What is Secure Mobility? Remote working or working outside of the workplace With Any device from Anywhere at Anytime, ensuring High Security and Credential Assurance by using Active Security Policy Enforcement while Improving ease of use and management. This presentation goes into more detail regarding Secure Mobility from GGR Communications.
Comment spammers are most often motivated by search engine optimization for the purposes of advertisement, click fraud, and malware distribution. By spamming multiple targets over a long period of time, spammers are able to gain profit, and do harm. Comment spam attacks can cripple a website, impacting uptime, and compromise the user experience. Quickly identifying the source of an attack can greatly limit the attack’s effectiveness and minimize its impact on your website. This presentation will:
- Present an attack from both points of views – the attacker's and the victim’s
- Identify tools utilized by comment spam attackers
- Discuss mitigation techniques to stop comment spam in its early stages
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.
(Source: RSA USA 2016-San Francisco)
Here you can find the flyer with all of our services and features: Cybersercurity Platform Brochure. Vulnerability assessment, Network Scan, Code Review, GDPR Compliance and much more… Swascan is the perfect tool for any corporate need.
https://www.swascan.com/brochure-swascan/
IronPort works as Proxy, URL Filtering, Anti-Virus & Anti Phishing.
IronPort protect enterprises against Internet threats. It was best
known for IronPort AntiSpam, the SenderBase email reputation
service, and email security appliances. These appliances ran a
modified FreeBSD kernel under the trademark AsyncOS.
Level Up Your Security with Threat IntelligenceIBM Security
View on-demand webinar: https://securityintelligence.com/events/level-security-threat-intelligence/
As companies struggle to protect valuable data, threat intelligence can provide a much-needed “power up” to help enhance the detection and prevention capabilities of many security solutions like SIEMs, intrusion prevention, and malware and endpoint protection. By adding external context to internal indicators through seamless integration of data and insights, a better view of the network can help decipher the attackers’ playbook.
View this on-demand webinar to learn:
- How to use threat intelligence to improve security decision making
- Why open standards are a must to support security integration
- Best practices for integrating threat intelligence into your security practice
Building an Android Scale Incident Response ProcessPriyanka Aash
The Android ecosystem has over one billion active devices from hundreds of OEMs and carrier networks. The Android Security Team will explain how the ecosystem is able to respond quickly and effectively to security incidents. This will be part historical analysis of actual incidents, such as the Stagefright vulnerabilities, and part data-focused analysis of technology and processes we developed.
(Source: RSA USA 2016-San Francisco)
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
IT security teams have a tough job. While organizations depend upon Internet access to conduct business, security teams are responsible for safeguarding these communications and transactions from those who wish to profit by stealing intellectual property, customer private data or even just encrypting your data and demanding a ransom for its safe recovery. There are a number of tools available to monitor log events, network flows, and packet captures, but most of these are performing after-the-fact analysis. That can make it easy for the bad guys to hide out on your network.
IBM QRadar Network Insights (QNI) uses innovative network threat analytics to identify malicious content – including those hidden in data transmissions, SSL certificate violations, protocol obfuscation, file tags, and suspicious network flows – and then pieces together those indicators of attack to provide security teams with real-time alerts. These alerts help organizations detect attacks that are in progress, as well as determine what damage may have already been inflicted.
View this on-demand webinar to learn how QRadar Network Insights can:
Remove network blind spots and reduce complexities in log data to reveal previously hidden threats and malicious behaviors;
Record application activities, capture file metadata and artifacts, and identify assets, applications and users participating in network communications;
Reduce the impact of threats associated with malware, phishing emails, data exfiltration, and the lateral network movements of advanced attacks.
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
How can mobile device data be protected? This SANS webcast reviews the current and emerging services and practices designed to help secure and protect the data on these devices, and identifies areas where solutions are needed to fill the remaining gaps and provides recommendations for a holistic approach including mobile threat protection.
We are CyberPact Solutions, a technology powered cyber security consulting private limited company located in Bangalore with unique yet unifying ecosystem of comprehensive cyber security assessment, design and deployment. Apart from offering core solutions in the ambit of cyber security, our expertise also spans allied areas including privacy planning, incident response, Cyber Forensics and information security training services.
We are CyberPact Solutions, a technology powered cyber security consulting private limited company located in Bangalore with unique yet unifying ecosystem of comprehensive cyber security assessment, design and deployment. Apart from offering core solutions in the ambit of cyber security, our expertise also spans allied areas including privacy planning, incident response, Cyber Forensics and information security training services.
Despite its notoriously poor user experience for both users and admins, the remote access VPN has remained the standard for remote access to internally managed applications. The tool, which dates back to the 1990s, extends the corporate network to users and exposes it to malware that may be running on mobile devices.
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
Browser isolation provides protection for your devices from malware, phishing and many other web-based attacks. The air gaps between your browser and the devices you're on isolate all your browser activities from being affected your devices, thus protect you from malicious attacks.
Application Security Assessments by the Numbers - A Whole-istic View - OWASP ...Denim Group
By analyzing the data from over 60 mobile application security assessments, we identify the typical types of mobile vulnerabilities, the system components that contain those vulnerabilities, the components where given types of vulnerabilities cluster, and how to test for each of these.
Attendees will learn in the session how to identify these vulnerabilities, how to create and implement an effective mobile security plan, and where to focus their limited testing resources to minimize mobile application portfolio risks. This is critical because automated web application testing tools are able to easily find vulnerabilities while today's mobile security industry does not offer automated testing tools that can effectively test web services (i.e. the interaction between mobile clients and back-end services.) As a result, best practices for mobile application testing must incorporate significant, often laborious, manual testing. At this point in the presentation, we will use the statistics from the research to define the appropriate manual testing that needs to be implemented.
Implementation of information security techniques on modern android based Kio...DefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
A Security hole in an application can cause not only major financial loss but also loss of customer confidence, trust and reputation severely impacting the business. This webinar looks at well-established industry practices to identify and secure applications from breaches while adhering with regulatory compliances.
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
Jay Klein CTO of Allot Communications in this in depth presentation drills down into different aspects of enterprise security including the threat of anonymizers, application visibility and control.
We at EveryCloud, help you to be more cloud confident, we do this in a number of ways that include email security, web security, insider threat management, identity and access management, cloud communications and cloud access security.
Web Security – preventing DLP, URL spoofing, malicious sties, rogue web applications etc. Control access to networks, apps and websites, visualise users, data and device behaviour
Email Security – preventing phishing, ransomware, spam and data exposure. Improved protection against malware and other threats, increase employee and network efficiency.
Identity Access Management - helping your business to stay safe, by providing powerful solutions for MFA, password vulnerabilities, improve visibility and reporting, helping you reduce high volume helpdesk tickets, on boarding and off boarding staff, contractors and suppliers, leveraging best of breed SaaS, unify API access and management to keep apps and data safe, automate user lifecycles by connecting business and IT processes
Insider Threat protection - providing a 360-degree view of activities around your data – the who, what, where and when – by monitoring user behaviour and data flow – then instantly alerting to any anomalous or malicious activity.
Cloud Communications - we help your journey to a Cloud based Contact Centre improving Customer Service in an omni-channel environment integrating Call Centre, Email, Live Chat, co-browsing, Instant Messaging and much more.
Cloud Access Security - we assist you to govern your business’ cloud usage with visibility and control. We help you to understand risky activity, protect and prevent the loss of sensitive data and guard against cloud-based threats such as malware and ransomware.
Email us discover@everycloud.co.uk or visit our website www.everycloud.co.uk - we are happy to help you
Similar to An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps
1. www.data61.csiro.au
An Analysis of the Privacy and Security Risks of
Android VPN Permission-enabled Apps
Muhammad Ikram (UNSW, Data61, CSIRO)
Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)
Suranga Seneviratne (Data61, CSIRO)
Mohamed Ali Kaafar (Data61, CSIRO)
Vern Paxson(UC Berkeley, ICSI)
2. Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
Typical VPN Use Cases
2
VPN Tunnel
• Geo-filtered content
• Anti-surveillance
• Censorship
• Untrusted networks
3. Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
Android VPN API
• Available since Android ≧ 4.0 (Ice Cream Sandwich)
• Highly sensitive API
+ Protected by BIND_VPN_SERVICE
+ Requires user’s direct action
3
- Users may not understand VPN technology
- Lack of apps’ vetting process
4. 4 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
5. 5 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
Are VPN Android apps trustworthy?
6. 6 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
1. Static Analysis
2. Network Measurements
Approach
7. Some salient results
7 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
• Malware presence
• Traffic leak
• Javascript injection and TLS interception
38% of VPN apps have malware presence (VirusTotal)
18% of VPN apps do not use encrypted tunnels
84% leak IPv6 traffic
66% leak DNS traffic
2 apps inject JavaScript code
4 apps implement TLS interception
8. Agenda
• VPN App Detection and Methodology
• Passive Analysis
• Network Measurements
• Summary
• Developer’s feedback
8 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
9. Methodology
9
Google Play Crawl
(1.4M+ Apps)
Static
Analysis
Network
Measurements
VPN App
Detection and
Classification
Executables and metadata
(apps description, reviews, etc)
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
10. 10
App Category # of apps found
(N = 283)
Free VPN apps with Free services 130
Free VPN apps with Premium services 153
Identified VPN App
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
11. Analyzed VPN Apps - Evolution
11
Android 4.0
release date
Estimated Release Date
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
12. User installs and ratings
12
37% of apps > 500K installs
55% of apps > 4-star rating
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
14. 67% of Android VPN apps claim privacy and security enhancement
features
14 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
15. 3rd-party Tracking Libraries
• 67% of VPN apps include 3rd-party tracking libraries
15 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
16. Malware Presence
• Scanner: VirusTotal aggregator
• AV-rank: number of AV tools reporting malware
• 38% of VPN apps contain malware with 4% have AV-rank ≧ 5
16 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
18. Testbed
18 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
Traffic manipulations
19. • Tested manually each vantage point reported in the app
• 18% of apps do not inform about the terminating end-point
• 4% of VPN apps intercept traffic on localhost
• 16% use vantage points hosted on residential networks (Spamhaus PBL)
19
Forwarding models
1lt.su
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
20. 20 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
USERS HAVE NO CONTROL!
maxhane.com
qudosteam.com
21. Traffic leak
21
• 18% of apps do not use encrypted tunnels
• 84% of VPN apps leak IPv6 traffic
• 66% of VPN apps leaks DNS queries
Users can be potentially subject to in-path modification, profiling, redirection, and
censorship.
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
22. Adblocking and JavaScript Injection
• DOM-based analysis
• Top 30 Alexa sites, reference website and seven e-commerce sites
22 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
24. More details:
24 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
25. “And isn’t it ironic?”
25
• Do users care or know?
• Manually analysed negative reviews (4.5K) (1- and 2-Stars)
• < 1% of the negative reviews raised privacy and security concerns
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
26. Summary
• 38% of apps have malware presence
• 67% of apps have at least one third-party tracking library
• 66% of VPN apps have DNS leakages and 84% have IPv6 Leakages
• 2 VPN apps perform JS-injection for ads, tracking, and redirections
• 4 VPN apps perform TLS interception
26 Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
27. Developer Feedback and Reactions
27
“… Appflood [third-party library] was the best choice to
monetize the app”.
Now: ads- and tracking free app
Confirmed JS-Injections for tracking users and showing their
own advertisements
Now: status quo
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
28. 28
November 2015 October 2016
Privacy and Security Risks of Android VPN Permission-enabled Apps | Muhammad Ikram
“… we will promise these problems never
occur again.”
15 AV-RANK 1 AV-RANK
Developer Feedback and Reactions
SITUATION: Normally, all static code analyses do not fully convey behavioral (or runtime) issues of Android apps. We aim to analyze runtime behavior and networking functionalities of VPN apps to further illuminate on security and privacy issues.
ACTION: POINT 1 - To this end, we devised a test, as you can seen in the figure, that consist of testing device connects VPN endpoints (and internet) via dual WiFI AP. POINT 2 – To measure VPN app’s behavior and networking function, we collect data on testing device (DNS setting, TUN, original and changed IP addresses of testing device), VPN app ON and OFF scenarios, and WiFI AP (tcpdump). We also used Netalyzr for Android for network analysis of VPN apps. Using the the testbed, we performed more than 700 VPN apps installs and 5340 tests (connected to 5340 endpoints).
RESULTS Our testbed revealed several interesting privacy and security related insights, grouped as: traffic interception and forwarding mechanisms, apps vulnerabilities/misconfigurations, traffic manipulation, and TLS-interceptions. [That I will explain in the next slides one by one.]
SITUATION: To provide security and privacy, VPN apps resolve DNS traffic on their servers and modify host’s routing tables to enroute user traffic to its VPN servers. However, VPN developers may have miss-configuration and loop-holes in their source code. In other words, they may not fully enforce policies on host’s DNS resolution and routing tables thus exposing/leaking IPv6 and DNS traffic. We aim to illuminate on those leakages.
ACTION: To this end, we tested each with our testbed. In the figure when VPN app is ON, an attacker (an open WiFi AP at Starbuck/airport or in this case our instrumented WiFi AP acts like passive man-in-the-middle) enforces DNS resolution and over-writes host’s VPN app DNS settings.
RESULTS: [After explaining the third and fourth bullet] and explain that such leakage could expose user traffic to modification, user-profiling, and even to censorship.
SITUATION: VPN apps may actively modify user traffic either by injecting or blocking content. We aim to detect VPN apps performing active traffic modifications – specifically JavaScript injection and adblocking.
ACTION: [Very clear from the first three bullets]
RESULTS: POINT 1 – Two apps, point to Secure Wireless and F-Secure Freedome VPN, blocks advertisements and analytics networks such as DoubleClick and Google Analytics. As we pointed out in our paper that their black list based approach result in usability issues – due to F-Secure Freedome VPN blocking of TagServices useful content such videos were not accessible on Nytimes.
POINT 2 – From our analysis, we found out that two VPN apps, WiFi Protector and Hotspot Shield VPN, are injecting JavaScripts for tracking and advertisements purposes. Hotspot Shield VPN also use JavaScripts to redirect users to its affiliate ad-networks that we reported in our paper, in detail.
SITUATION: VPN apps may target user HTTPS traffic for extensive user profiling or provision of specialized services such traffic acceleration and compression. We aim to identify all such apps. We are also interested to figure out whether these apps target perform TLS interception for all user traffic or aiming at some specific services such as Banks, IM, Emails or social networks.
ACTION: For each analyzed VPN apps, we use OpenSSL and customized scripts to access 60 different websites/domains consist of OSN, banks, emails, and news services (detailed in our paper) from our testing device. For each website/domain, our customized scripts and OpenSSL result in SSL certificate chain that we analyzed with ICSI Notary to check the validity of certificate chain.
RESULT: We found 4 apps are performing TLS interception. Packet Capture intercepting all HTTPS traffic whilst all other 3 VPN apps are focusing on shopping, banks, and social media traffic. Upon our enquires, Neopard’s developer confirmed that they are performing TLS interception for traffic acceleration and MARKET research – selling aggregate statistical data.
[There are more interesting insights and we encourage you to read our paper.]
SITUATION: Did our study impact on VPN apps ecosystem?
ACTION: We shared our results with all the developers whose apps were explicitly discussed in the paper. We shared our findings and explained that presence certain intentional features or errors undermine user privacy and security. From 21st to 25th of October, we selectively tested VPN apps to confirm whether the developer made changes or not.
RESULT: ip-shield VPN acknowledged that they used Appflood, a third-party tracking library, to maximize their revenue from targeted advertisements. They promised to stop this to ensure user privacy. We found out that the developer removed all third-party tracking and advertisement libraries from ip-shield VPN source code.
Whilst WiFi Protector VPN also acknowledged our finding however still injecting JS for tracking and advertisement purposes.
SITUATION: Did our study impact on VPN apps ecosystem?
ACTION: We shared our results with all the developers whose apps were explicitly discussed in the paper. We shared our findings and explained that presence certain intentional features or errors undermine user privacy and security. On 7th of November, we tested VPN apps that have some malware in the source code to confirm whether the developer made changes or not.
Figure on the left : VirusTotal Scan, dated on 7th November 2016, of the Betternet Free VPN’s APK that we analyzed in our paper
Figure on the right : VirusTotal Scan, dated on 7th November 2016, of the Betternet Free VPN’s APK that we downloaded 22nd October, 2016.
RESULT: Only one VPN developer took action and fulfilled promise to remove malware from its VPN app source code.