Hamilton Turner, profile picture
Uploaded byHamilton Turner
PPTX, PDF205 views

Cybersecurity Risks In the Mobile Environment

The document discusses the cybersecurity risks associated with mobile communications, particularly highlighting various case studies involving financial firms where sensitive information was intercepted using rogue cell towers and malicious applications. It emphasizes the insufficient regulations and security standards in mobile networks, which allow such attacks to occur, and outlines practical recommendations for enterprises to enhance their communication security. Key solutions include using secure communication tools and training employees on the vulnerabilities of traditional voice calls.

Embed presentation

Download to read offline
Nothingseen. Nothingheard. Nothingdisclosed. EverythingSilent. SILENT CIRCLE
About Silent Circle Launched in 2012 by security industry experts Phil Zimmerman – co-founder PGP Jon Callas, co-founder of PGP Corporation & CSO Apple Mike Janke – Seal Team 6 HQ in Columbia, MD Committed to Secure, Private Communications Silent Phone – Enterprise-managed secure talk, text, file sharing Silent World – Global coverage + traditional telephone numbers GoSilent – Portable Next-Gen Firewall + VPN  Financial, Utilities, Logistics, Legal, Healthcare, Government, IoT 2
Cybersecurity Risks in the Mobile Environment  Real-world financial case studies  The forgotten risks of using smartphones as phones  Practical steps to protect the organization  Presentation by Dr. Hamilton Turner, CTO  10+ years of mobile security experience 3
Stories From the Silent Circle  Four real Silent Circle customer cases  All financial or investment firms  Most based in NY  Events span 2015 to 2018 4
Case 1: Intercepting Board Calls To Short Stock • Very large public fin. services company • Mid 2015, preparing to announce quarterly loss • Board meeting scheduled in Manhattan office • Multiple pre-meeting phone calls to strategize • Targeted by well-known organized crime • Rogue cell towers were installed near NYC office • Calls & SMS were intercepted • From many levels e.g. C-level, assistants, others • Stock shorted, criminals gained 30M • FBI caught & convicted criminals
Case 2: Widespread Intelligence Gathering • Early 2017, NYC Police detect Russian mafia activity focused on multiple financial services companies • Brooklyn-based criminals were tapping cell phones • Both phones and network towers were targeted • Numerous companies included – dragnet approach • Concluded goal - intelligence gathering with intent to damage reputation • Attacks were not detected or reacted to in real time • Main conclusion came after criminals stole significant data
Case 3: M&A Espionage Large investment bank Late 2017 – detected compromise of CEO & COO devices Traditional voice communications were recommended 3rd party apps were intercepting voice IA determined multiple M&A opportunities were affected Including multiple that were not closed successfully IA response included recommendation for secure voice telecommunications
Case 4: On-device Call Interception Ongoing American-based multinational financial services Early 2018 Malicious application on-device App intercepts outbound calls and switched the telephone number to fraudsters App intercepts inbound fraudster call and shows bank logo
Understanding the Mobile Ecosystem • The three pillars of secure mobile • Mobile Device • Hardware, OS, Security APIs • Applications • Securing Distribution & Execution, Prevent Forgery & Misleading Actions, App Management • Network • Call interception, call monitoring, message interception, monitoring, • Disproportionate focus on two pillars – securing the network is hard!
What about the network? “As early as 1996, members of Congress experienced calls being illegally intercepted, however no technological solution to this problem has been systematically deployed and it remains to this day.” April 2017 Dept. Homeland Security. Study on Mobile Device Security “In the United States, there are no regulations requiring carriers to run encryption or provide privacy protections to users on their networks” “The caller ID display is unauthenticated and can be made to display any data, including fraudulent information.” “[mobile devices] remain fully functional when running on non-encrypted networks; no notification is provided to the user when operating in this mode.”
What about the network? “LTE standards do not provide confidentiality protection for user traffic as the default configuration” “integrity protection for user traffic is explicitly prohibited” “…security capabilities provided by LTE are markedly more robust [than previous]…yet [LTE systems] coexist with previous cellular infrastructure.” “Current mobile devices do not provide the option for a user to know if their [device’s] connection is encrypted...” December 2017 NIST SP 800-187 Guide to LTE Security [1] Jian A. Zhang, Peng Cheng, Andrew R. Weily, Y. Jay Guo. 2014. Towards 5th Generation Cellular Mobile Networks . Australian Journal of Telecommunications and the Digital Economy, Vol 2, No 2, Article 34. http://doi.org/10.18080/ajtde.v2n2.34(link is external). Published by Telecommunications Association Inc. ABN 34 732 327 053. https://telsoc.org
Is Old News still News? • To security professionals, telecommunication risk is nothing new[1]! • Why hasn’t this situation (drastically)? • Thousands of companies in hundreds of countries • Tens of technologies • ~4.7 billion deployed phones • 2G/3G fallback is consistent – GSM is still prevalent • Making cellular networks at scale is very hard work • CVEs may not exist – pentesting can be illegal! [1] April 2016, NISTR 8071. Jeffrey Cichonski (NIST), Joshua Franklin (NIST), Michael Bartock (NIST) LTE Architecture Overview and Security Analysis http://theinternetofthings.report/Resources/Whitepapers/ 8965b6c5-40e0-448b-950a-a3adc428144b_ The%20Global%20State%20of%202G,%203G,%204G,%20and%205G.pdf
Is Old News still News? • Why has this situation changed, drastically? • Access to low-cost radio hardware • In 2014 • “Baseband attacks are considered extremely difficult”[1] • “system costs as much as $400,000”[2] • In 2016, GSM ISMI Catcher for $1400[3] • In 2018, “The cost of the hardware is about €1,250…”[4] • Ettus USRP, HackRF, BladeRF, etc • Prevalence of readily-available software • OpenBTS, OpenBSC, OpenLTE • Proactive nation-state attackers[5] puts backhaul & core at greater risk [1] https://www.welivesecurity.com/2014/08/28/android-security-2/ [2] https://resources.infosecinstitute.com/stingray-technology-government-tracks-cellular-devices/ [3] https://securityaffairs.co/wordpress/41513/hacking/low-cost-imsi-catcher-lte.html [4] https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ [5] https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/
“Call me on the phone, I don’t want to write this down” • Voice communications is frequently less secure than Wi-Fi • But fewer CVEs – pentesting can be illegal • Also…the logs are only in hands of MNOs/malicious entities • Passive monitoring of un/poorly-encrypted air-traffic • From ground or space! • Calls or messages, device tracking • Rogue towers • Active intercept • Downgrade, de-auth attacks • Backhaul / Core network attacks • No end-to-end security of user data • User data can be sniffed from core network • Malicious attacks on carrier • Malicious carrier
But isn’t LTE more secure • GSM is still the most common global connection • Smart jamming 3G/UMTS and 4G/LTE triggers fallback to 2G/GSM • Regardless of LTE, the device is not secure due to fallback • Rogue base stations are still very real • LTE has poor support for user data security • By default, no user data encryption by default • Disallows user data integrity • No notice to user about non control connection • No regulations about backhaul/core network • Prior evidence of nation-state interest here • Lack of confidentiality – sniff SMS/call traffic • Physical access is always a weakness • Geographic deployment of PKI onto towers • Femtocell-based key theft • No clear mandate forcing secure backhaul https://opensignal.com/reports/2018/02/state-of-lte Feb 2017 Global LTE Availability
What should an enterprise do to protect itself? • Select ‘secure communication’ tools for your organization • Multiple over-the-top options • Many are easy to use • Silent Phone supports management, PSTN integration, etc • Review your sensitive communication policy • NIST SP 800-171 - Compliance impossible with LTE-based cellular networks • ISO 27001 – Does not address cellular well, but A.9.2.3 is difficult • Short answer – recommend a ‘sensitive calling’ app • Train your employees • Traditional voice calls are insecure • Traditional calls are being attacked • Use a ‘secure communication’ tool Steve Davis | Silent Circle Silent Phone stephendavis Office 646.681.6841 Mobile 908.285.4525

More Related Content

PDF
Bringing Government and Enterprise Security Controls to the Android Endpoint
byHamilton Turner
 
PPT
2010: Mobile Security - WHYMCA Developer Conference
byFabio Pietrosanti
 
PDF
Symantec Mobile Security Whitepaper June 2011
bySymantec
 
PDF
C0c0n 2011 mobile security presentation v1.2
bySantosh Satam
 
PDF
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
PDF
Mobile Security
byXavier Mertens
 
PDF
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
PDF
Leaky Mobile Apps: What You Need to Know
byNowSecure
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
byHamilton Turner
 
2010: Mobile Security - WHYMCA Developer Conference
byFabio Pietrosanti
 
Symantec Mobile Security Whitepaper June 2011
bySymantec
 
C0c0n 2011 mobile security presentation v1.2
bySantosh Satam
 
Mobile Security for Smartphones and Tablets
byVince Verbeke
 
Mobile Security
byXavier Mertens
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
Leaky Mobile Apps: What You Need to Know
byNowSecure
 

What's hot

PDF
2010: Mobile Security - Intense overview
byFabio Pietrosanti
 
PDF
Mobile Security: The 5 Questions Modern Organizations Are Asking
byLookout
 
PDF
2012 State of Mobile Survey Global Key Findings
bySymantec
 
PDF
Mobile security - Intense overview
byPrivateWave Italia SpA
 
PDF
Network and Endpoint Security v1.0 (2017)
byRui Miguel Feio
 
PDF
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
PDF
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
PDF
Security Updates Matter: Exploitation for Beginners
byEnergySec
 
PDF
Tips and Tricks for Building Secure Mobile Apps
byTechWell
 
PPTX
Iot Security, Internet of Things
byBryan Len
 
PDF
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
byCellebrite
 
PDF
IOT & BYOD – The New Security Risks (v1.1)
byRui Miguel Feio
 
PDF
Ryan Wilson - ryanwilson.com - IoT Security
byRyan Wilson
 
PPT
Security and privacy
byMohammed Adam
 
PPTX
Trends in Mobile Device Data and Artifacts
byCellebrite
 
PDF
IoT/M2M Security
byYu-Hsin Hung
 
PPTX
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
byOWASP
 
PPT
HIPAA, Privacy, Security, and Good Business
byStephen Cobb
 
PPTX
IoT Security Imperative: Stop your Fridge from Sending you Spam
byAmit Rohatgi
 
PDF
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 
2010: Mobile Security - Intense overview
byFabio Pietrosanti
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
byLookout
 
2012 State of Mobile Survey Global Key Findings
bySymantec
 
Mobile security - Intense overview
byPrivateWave Italia SpA
 
Network and Endpoint Security v1.0 (2017)
byRui Miguel Feio
 
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
Security Updates Matter: Exploitation for Beginners
byEnergySec
 
Tips and Tricks for Building Secure Mobile Apps
byTechWell
 
Iot Security, Internet of Things
byBryan Len
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
byCellebrite
 
IOT & BYOD – The New Security Risks (v1.1)
byRui Miguel Feio
 
Ryan Wilson - ryanwilson.com - IoT Security
byRyan Wilson
 
Security and privacy
byMohammed Adam
 
Trends in Mobile Device Data and Artifacts
byCellebrite
 
IoT/M2M Security
byYu-Hsin Hung
 
OWASP Poland Day 2018 - Michal Kurek - Application Security in IIoT World
byOWASP
 
HIPAA, Privacy, Security, and Good Business
byStephen Cobb
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
byAmit Rohatgi
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
byDesign World
 

Similar to Cybersecurity Risks In the Mobile Environment

PDF
Infonetics white paper: Security at the Speed of VoLTE
byMary McEvoy Carroll
 
PDF
LTE :Mobile Network Security
bySatish Chavan
 
PPTX
Mobile security trends
byKen Huang
 
PDF
day2_research_200-250.pdfday2_research_200-250.pdfday2_research_200-250.pdf
byscribd573057
 
PPTX
Cellular wireless network security
byAnkit Anand
 
PDF
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
bySecurity Gen
 
PDF
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
byAndris Soroka
 
PDF
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
byF5 Networks
 
PDF
LTEcloudSecurityIssuesTakeaways-GP
byDr. Galina Diker Pildush
 
PDF
Security lte environment_cook_zuong
byHoanPeterDuongPronou
 
PPTX
Presentation on 5G security
byRanjitUpadhyay4
 
PDF
2015.11.06. Luca Melette_Mobile threats evolution
byTech and Law Center
 
PPTX
People&AssetProtectionInIndustries202201.pptx
byDinusha Bandara
 
PPTX
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
byPositiveTechnologies
 
PPT
Ict encryption agt_fabio_pietrosanti
byPrivateWave Italia SpA
 
PDF
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
bySecurityGen1
 
PDF
Strengthening Your Network Against Future Incidents with SecurityGen
bySecurityGen1
 
PDF
Unleashing the Power of Telecom Network Security.pdf
bySecurityGen1
 
PDF
LTE WP FINAL
byDaniel Dakessian
 
PDF
LTE - Advancing the Intelligent Edge with Public Safety LTE White Paper
byBrian Mollett
 
Infonetics white paper: Security at the Speed of VoLTE
byMary McEvoy Carroll
 
LTE :Mobile Network Security
bySatish Chavan
 
Mobile security trends
byKen Huang
 
day2_research_200-250.pdfday2_research_200-250.pdfday2_research_200-250.pdf
byscribd573057
 
Cellular wireless network security
byAnkit Anand
 
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
bySecurity Gen
 
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
byAndris Soroka
 
Scaling Mobile Network Security for LTE: A Multi-Layer Approach
byF5 Networks
 
LTEcloudSecurityIssuesTakeaways-GP
byDr. Galina Diker Pildush
 
Security lte environment_cook_zuong
byHoanPeterDuongPronou
 
Presentation on 5G security
byRanjitUpadhyay4
 
2015.11.06. Luca Melette_Mobile threats evolution
byTech and Law Center
 
People&AssetProtectionInIndustries202201.pptx
byDinusha Bandara
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
byPositiveTechnologies
 
Ict encryption agt_fabio_pietrosanti
byPrivateWave Italia SpA
 
Telecom Resilience: Strengthening Networks through Cybersecurity Vigilance
bySecurityGen1
 
Strengthening Your Network Against Future Incidents with SecurityGen
bySecurityGen1
 
Unleashing the Power of Telecom Network Security.pdf
bySecurityGen1
 
LTE WP FINAL
byDaniel Dakessian
 
LTE - Advancing the Intelligent Edge with Public Safety LTE White Paper
byBrian Mollett
 

Cybersecurity Risks In the Mobile Environment

  • 1.
  • 2.
    About Silent Circle Launchedin 2012 by security industry experts Phil Zimmerman – co-founder PGP Jon Callas, co-founder of PGP Corporation & CSO Apple Mike Janke – Seal Team 6 HQ in Columbia, MD Committed to Secure, Private Communications Silent Phone – Enterprise-managed secure talk, text, file sharing Silent World – Global coverage + traditional telephone numbers GoSilent – Portable Next-Gen Firewall + VPN  Financial, Utilities, Logistics, Legal, Healthcare, Government, IoT 2
  • 3.
    Cybersecurity Risks inthe Mobile Environment  Real-world financial case studies  The forgotten risks of using smartphones as phones  Practical steps to protect the organization  Presentation by Dr. Hamilton Turner, CTO  10+ years of mobile security experience 3
  • 4.
    Stories From theSilent Circle  Four real Silent Circle customer cases  All financial or investment firms  Most based in NY  Events span 2015 to 2018 4
  • 5.
    Case 1: InterceptingBoard Calls To Short Stock • Very large public fin. services company • Mid 2015, preparing to announce quarterly loss • Board meeting scheduled in Manhattan office • Multiple pre-meeting phone calls to strategize • Targeted by well-known organized crime • Rogue cell towers were installed near NYC office • Calls & SMS were intercepted • From many levels e.g. C-level, assistants, others • Stock shorted, criminals gained 30M • FBI caught & convicted criminals
  • 6.
    Case 2: WidespreadIntelligence Gathering • Early 2017, NYC Police detect Russian mafia activity focused on multiple financial services companies • Brooklyn-based criminals were tapping cell phones • Both phones and network towers were targeted • Numerous companies included – dragnet approach • Concluded goal - intelligence gathering with intent to damage reputation • Attacks were not detected or reacted to in real time • Main conclusion came after criminals stole significant data
  • 7.
    Case 3: M&AEspionage Large investment bank Late 2017 – detected compromise of CEO & COO devices Traditional voice communications were recommended 3rd party apps were intercepting voice IA determined multiple M&A opportunities were affected Including multiple that were not closed successfully IA response included recommendation for secure voice telecommunications
  • 8.
    Case 4: On-deviceCall Interception Ongoing American-based multinational financial services Early 2018 Malicious application on-device App intercepts outbound calls and switched the telephone number to fraudsters App intercepts inbound fraudster call and shows bank logo
  • 9.
    Understanding the MobileEcosystem • The three pillars of secure mobile • Mobile Device • Hardware, OS, Security APIs • Applications • Securing Distribution & Execution, Prevent Forgery & Misleading Actions, App Management • Network • Call interception, call monitoring, message interception, monitoring, • Disproportionate focus on two pillars – securing the network is hard!
  • 10.
    What about thenetwork? “As early as 1996, members of Congress experienced calls being illegally intercepted, however no technological solution to this problem has been systematically deployed and it remains to this day.” April 2017 Dept. Homeland Security. Study on Mobile Device Security “In the United States, there are no regulations requiring carriers to run encryption or provide privacy protections to users on their networks” “The caller ID display is unauthenticated and can be made to display any data, including fraudulent information.” “[mobile devices] remain fully functional when running on non-encrypted networks; no notification is provided to the user when operating in this mode.”
  • 11.
    What about thenetwork? “LTE standards do not provide confidentiality protection for user traffic as the default configuration” “integrity protection for user traffic is explicitly prohibited” “…security capabilities provided by LTE are markedly more robust [than previous]…yet [LTE systems] coexist with previous cellular infrastructure.” “Current mobile devices do not provide the option for a user to know if their [device’s] connection is encrypted...” December 2017 NIST SP 800-187 Guide to LTE Security [1] Jian A. Zhang, Peng Cheng, Andrew R. Weily, Y. Jay Guo. 2014. Towards 5th Generation Cellular Mobile Networks . Australian Journal of Telecommunications and the Digital Economy, Vol 2, No 2, Article 34. http://doi.org/10.18080/ajtde.v2n2.34(link is external). Published by Telecommunications Association Inc. ABN 34 732 327 053. https://telsoc.org
  • 12.
    Is Old Newsstill News? • To security professionals, telecommunication risk is nothing new[1]! • Why hasn’t this situation (drastically)? • Thousands of companies in hundreds of countries • Tens of technologies • ~4.7 billion deployed phones • 2G/3G fallback is consistent – GSM is still prevalent • Making cellular networks at scale is very hard work • CVEs may not exist – pentesting can be illegal! [1] April 2016, NISTR 8071. Jeffrey Cichonski (NIST), Joshua Franklin (NIST), Michael Bartock (NIST) LTE Architecture Overview and Security Analysis http://theinternetofthings.report/Resources/Whitepapers/ 8965b6c5-40e0-448b-950a-a3adc428144b_ The%20Global%20State%20of%202G,%203G,%204G,%20and%205G.pdf
  • 13.
    Is Old Newsstill News? • Why has this situation changed, drastically? • Access to low-cost radio hardware • In 2014 • “Baseband attacks are considered extremely difficult”[1] • “system costs as much as $400,000”[2] • In 2016, GSM ISMI Catcher for $1400[3] • In 2018, “The cost of the hardware is about €1,250…”[4] • Ettus USRP, HackRF, BladeRF, etc • Prevalence of readily-available software • OpenBTS, OpenBSC, OpenLTE • Proactive nation-state attackers[5] puts backhaul & core at greater risk [1] https://www.welivesecurity.com/2014/08/28/android-security-2/ [2] https://resources.infosecinstitute.com/stingray-technology-government-tracks-cellular-devices/ [3] https://securityaffairs.co/wordpress/41513/hacking/low-cost-imsi-catcher-lte.html [4] https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ [5] https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/
  • 14.
    “Call me onthe phone, I don’t want to write this down” • Voice communications is frequently less secure than Wi-Fi • But fewer CVEs – pentesting can be illegal • Also…the logs are only in hands of MNOs/malicious entities • Passive monitoring of un/poorly-encrypted air-traffic • From ground or space! • Calls or messages, device tracking • Rogue towers • Active intercept • Downgrade, de-auth attacks • Backhaul / Core network attacks • No end-to-end security of user data • User data can be sniffed from core network • Malicious attacks on carrier • Malicious carrier
  • 15.
    But isn’t LTEmore secure • GSM is still the most common global connection • Smart jamming 3G/UMTS and 4G/LTE triggers fallback to 2G/GSM • Regardless of LTE, the device is not secure due to fallback • Rogue base stations are still very real • LTE has poor support for user data security • By default, no user data encryption by default • Disallows user data integrity • No notice to user about non control connection • No regulations about backhaul/core network • Prior evidence of nation-state interest here • Lack of confidentiality – sniff SMS/call traffic • Physical access is always a weakness • Geographic deployment of PKI onto towers • Femtocell-based key theft • No clear mandate forcing secure backhaul https://opensignal.com/reports/2018/02/state-of-lte Feb 2017 Global LTE Availability
  • 16.
    What should anenterprise do to protect itself? • Select ‘secure communication’ tools for your organization • Multiple over-the-top options • Many are easy to use • Silent Phone supports management, PSTN integration, etc • Review your sensitive communication policy • NIST SP 800-171 - Compliance impossible with LTE-based cellular networks • ISO 27001 – Does not address cellular well, but A.9.2.3 is difficult • Short answer – recommend a ‘sensitive calling’ app • Train your employees • Traditional voice calls are insecure • Traditional calls are being attacked • Use a ‘secure communication’ tool Steve Davis | Silent Circle Silent Phone stephendavis Office 646.681.6841 Mobile 908.285.4525

Editor's Notes

  • #10 For the first two pillars, you will find tens of companies, and gartner quadrants. For the network….not so much ;-) To be fair, global rollout of LTE is fairly high – 450+ netowrks before 2015
  • #15 If you’re saying that to skirt compliance, let me remind you that the folks who would get a record of your conversation are exactly the type of individuals interested in your decision to skirt compliance