Mobile Security: A Glimpse from the Trenches
•
0 likes•324 views
Hackers today apply covert and persistent techniques to attack mobile devices. In this presentation, Yair Amit, CTO & Founder of Skycure, talks about the latest threats on mobile devices. Mr. Amit describes and demonstrates emerging mobile security threats: from physical, through network and up to application level.
Recommended
Recommended
More Related Content
What's hot
Viewers also liked
Viewers also liked (20)
Similar to Mobile Security: A Glimpse from the Trenches
Similar to Mobile Security: A Glimpse from the Trenches (20)
Mobile Security: A Glimpse from the Trenches
- 1. Mobile Security A Glimpse from the Trenches Yair Amit CTO & Co-Founder Skycure @YairAmit
- 2. ! Today ! CTO & co-founder of Skycure ! Previously ! Managed the Application Security Group at IBM ! Joined IBM through the acquisition of Watchfire ! Loves and lives security ! Filed over 15 security patents About&Me&
- 5. ! Threat&vector& ! Device'lost'/'device'stolen'/'temporary'physical'access ! Basic&physical&security&needs:& ! Remote'wipe ! Locate'device ! Backup ! Local'storage ! Passcode'protec@on ! The&above&becomes&OS&responsibility& ! MDM&provides&the&above&OS&features&together&with& management&and&policy&enforcement& The&Physical&Layer&
- 7. Based on Skycure enabled devices worldwide Real World Incident Statistics& Affected Devices Over Time 0%& 10%& 20%& 30%& 40%& 50%& 0%& 23%& 30%& 35%& 41%& 1&Month& 2&Months& 3&Months& 4&Months& !&
- 8. & ! Did&network&aNacks&happen&near&your&office?& ! Are&airports&more&suscep-ble&to&aNacks?& ! Which&networks&at&a&conference&should&I&be&avoiding?& Global&RealUTime&Threat&Map&& hNps://maps.skycure.com&
- 13. Gotofail&–&The&Code& static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { … if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(ctx, ctx->peerPubKey, dataToSign, /* plaintext */ dataToSignLen, /* plaintext length */ signature, signatureLen); … fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); return err; }& Always&goto& “fail”,&even&if& err==0& Code&is&skipped& (even&though&err&==&0)& Func-on&returns&0&(i.e.&verified),& even&though&sslRawVerify&was& not&called&
- 15. Heartbleed&
- 17. ! Design&issues&are&much&more&interes-ng& ! …'and'much'harder'to'fix ! These&are÷d&into&two&types:& ! General'“protocol”'vulnerabili@es ! Design'issues'affec@ng'mobile'OS ! Mobile&devices&are&more&suscep-ble:& ! Classical'solu@ons'are'inadequate ! Excessive'use'of'untrusted'networks DesignUBased&Vulnerabili-es&
- 20. ! Example&III:& Karma& DesignUBased&Vulnerabili-es&(Generic)& Hak5’s'WiFi'Pineapple >>'Read'more
- 22. iOS sandbox approach Source: Apple’s App Sandbox Design Guide App Characteristics $ ! One&Store& ! Heavy&Screening& ! App&Sandboxing& Profile Characteristics ! No&Store& ! No&Screening& ! No&Sandboxing& iOS Security Model&
- 23. Where$Do$We$Find$Them?$ ! Mobile&Device&Management&(MDM)& ! Cellular&carriers& ! Usually'used'for'APN'sengs ! Mobile&applica-ons& ! Service&providers& Configura-on&Profiles&
- 24. Configura;on$profiles$can$also$be$malicious$ ! Malicious&“service&providers”&(apps/services/WiUFis/etc.)& ! Vulnerable&services& ! Privacy&viola-ng&services& Malicious&Profiles& Click to install streaming profile Welcome to iOS Streamer Watch TV shows and movies free online. Stream your favorite content directly to your iOS device. Hacker'gains'access'to'your'mail,'business' apps,'cloud'services,'bank'accounts'and' more,'even if traffic is encrypted >>'Read'more
- 25. Going$Viral$ ! ANacker&hijacks&vic-m’s&key&iden--es& ! Corporate'Exchange ! Facebook ! LinkedIn ! ANacker&sends&mass&messages&to&vic-m’s&contacts,&luring& them&to&install&the&malicious&profile& ! ANack&propagates& Malicious&Profiles&
- 29. ! Mobile&OS&enforce&addi-onal&security&models& ! Sandbox ! Be_er'updates ! Controlled'applica@on'stores ! AppUlevel&issues&are&now&on&the&rise& App&Level&Security&&&Privacy&
- 33. A$Long$Way$to$Go$ ! Almost&all&major&apps&today&lack&SSL&Pinning& ! Suscep@ble'to'a_acks'such'as'malicious'profiles'by'design ! Also'exploited'when'a_acker'gains'access'to'a'trusted'CA ! Slow&adop-on&should¬&come&as&a&surprise& ! Implementa@on'challenges ! Less'flexibility ! Can'become'a'nightmare'if'done'wrong… Cer-ficate&Pinning&
- 35. Vic@m'interacts'with'the' malicious'server A'while'later, vic@m'opens'the'app App'logic'has' changed! A_acker'returns'a'301' direc@ve'specifying'a' permanent'change'in'URI Victim opens the app in an untrusted environment App'con@nues'to'connect' to'the'malicious'server! Malicious'server'can' return'actual'results' from'the'target'server >>'Read'more HRH&–&ANack&Flow&
- 37. The year of Android malware [1] Google reveals “Bouncer” - its malware scanner [2] Malware is moving out of the Google Play [3] Google adds full-time app scanning to address malware on external stores [4] Google’s&Focus&on&Malware& Android is becoming like iOS when it comes to malware
- 40. Summary$
- 41. ! The&physical&threats& ! Becomes'the'OS'responsibility ! Network&based&threats& ! Implementa@on'vulnerabili@es ! Design'vulnerabili@es ! Generic'vs.'mobile'specific ! App&level&threats& ! Vulnerabili@es ! HTTP/S,'Cer@ficate'Pinning,'HTTP'Request'Hijacking ! The'“maliciousness”'axis ! Malware'!'Ad'Networks'!'Privacy'Viola@ons Summary&
- 42. ! Personal level ! Maintain'an'up'to'date'opera@nglsystem ! Update'the'apps'that'you'are'using ! Be'alerted'and'aware'of'evolving'threats ! Network'layer ! Thirdlparty'app'stores ! OS'misconfigura@ons'and'vulnerabili@es ! Organizational level& ! Deploy'a'mobile'security'solu@on Recommenda-ons&
- 43. Thank you! ! Twi_er: @YairAmit ! Email: yair@skycure.com ! Blog: h_p://www.skycure.com/blog Seamless Mobile Security