This document discusses mobile botnets and rootkits. It begins by introducing the author and their work in mobile malware analysis. Various examples of existing mobile malware are provided, including botnets that coordinate infected devices and rootkits that hide on phones. The document outlines characteristics of botnets like command and control and how they are used for attacks. It also defines rootkits and provides examples found in the wild for Symbian and other mobile platforms. Finally, it discusses the potential for future mobile botnets and rootkits as the capabilities of smartphones increase.
This presentation gives an overview of various security issues in mobile phones having different operating systems. Ways to avoid spamming and malware in our mobile phones are also presented.
The above PPT contains the following content:
1. SPREADING OF VIRUS
2. ANAMNESIS (CASE STUDIES)
3. CURRENT STATUS OF MOBILE MALWARE
4. PROTECTIVE MEASURES
5. THREATS OF MOBILE PHONE
6. CONCLUSION
The detailed PROTECTIVE MEASURES are given in the above PPT.
In this presentation, Sowmya presents an interesting application that finds malware/viruses in mobile platforms through the use of data mining techniques
This presentation gives an overview of various security issues in mobile phones having different operating systems. Ways to avoid spamming and malware in our mobile phones are also presented.
The above PPT contains the following content:
1. SPREADING OF VIRUS
2. ANAMNESIS (CASE STUDIES)
3. CURRENT STATUS OF MOBILE MALWARE
4. PROTECTIVE MEASURES
5. THREATS OF MOBILE PHONE
6. CONCLUSION
The detailed PROTECTIVE MEASURES are given in the above PPT.
In this presentation, Sowmya presents an interesting application that finds malware/viruses in mobile platforms through the use of data mining techniques
cell phone is the basic requirement for any type of communication over the world so you r supposed to know the minimum basic information of your cell phone, viruses & its security.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
This presentation has been created by Mr.Santhosh Kumar (Certified Ethical Hacker)
College : Mount Zion College of Engineering and Technology
Department : CSE
Year : second
Year of Publishing : 2019
Security challenges of smart phone & mobile device
Visualizing mobile security
Attacks moving to mobile – why?
What your phone knows & what it shares
Smart phone & mobile device the threats
Countermeasures
Mobile security best practices
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureHeimdal Security
Smartphone Security Guide: The easiest way to keep your phone & data secure. Follow this step-by-step guide in order to enhance your smartphone's security and privacy and keep your data safe.
You can read the extended version here: https://heimdalsecurity.com/blog/smartphone-security-guide-keep-your-phone-data-safe/
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
cell phone is the basic requirement for any type of communication over the world so you r supposed to know the minimum basic information of your cell phone, viruses & its security.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
This presentation has been created by Mr.Santhosh Kumar (Certified Ethical Hacker)
College : Mount Zion College of Engineering and Technology
Department : CSE
Year : second
Year of Publishing : 2019
Security challenges of smart phone & mobile device
Visualizing mobile security
Attacks moving to mobile – why?
What your phone knows & what it shares
Smart phone & mobile device the threats
Countermeasures
Mobile security best practices
Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureHeimdal Security
Smartphone Security Guide: The easiest way to keep your phone & data secure. Follow this step-by-step guide in order to enhance your smartphone's security and privacy and keep your data safe.
You can read the extended version here: https://heimdalsecurity.com/blog/smartphone-security-guide-keep-your-phone-data-safe/
“Design and Detection of Mobile Botnet Attacks”iosrjce
A mobile botnet is a type of bot that runs automatically when installed on a mobile phone, which
does not have any anti-malware. The botnet gains complete access over our mobile device. The common
propagation medium for smartphone based botnet attacks are SMS, Bluetooth and Wi-Fi. In our project, we will
demonstrate a SMS-cum-Wi-Fi based mobile botnet using a centralized C&C server. The botmaster initiates
commands to C&C server and the C&C propagates to infected smartphones i.e. bots. We will try to develop a
network which cannot be detected easily and propagates fast. The target of the propagation will be Android
Operating System. For detection, an application is created to detect whether smartphone is working as bot or
not. In this, we guide user about possible botnet attacks.
C0c0n 2011 mobile security presentation v1.2Santosh Satam
Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise.
One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment.
In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks.
Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.
Viruses on mobile platforms why we don't/don't we have viruses on android_Jimmy Shah
This presentation will discuss the resources available to attackers to write Android viruses, including methods of infecting executables, gaining control from the original app and avoiding detection.
Can You Steal From Me Now? Mobile and BYOD Security RisksMichael Davis
Presentation I gave at BriForum 2012 where I discuss Mobile Security Risks, BYOD and mobile privacy issues. Lastly, I wrap up with a discussion of Document Rights Management and mobile.
The Mobile Security Risks as adapted and updated from the Veracode Top 10 Mobile Security issues (With permission from Chris Wysopal)
Mobile Security for Smartphones and TabletsVince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
Are security concerns for mobile devices, like smartphones and tablets, real? Or, are claims of exponential growth in malware simply FUD? We will explore the major mobile operating systems and security concerns with each. This session will provide tips that can be shared to help your users protect their personal info and data when viewed from a mobile device. Information on mobile security programs will be shared, as well, including a look at whether free or commercial offerings provide better protection.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
Brick all the internet of things!(with notes)Jimmy Shah
Recently someone released a worm on the Internet that targeted IoT devices. In the past similar worms turned your Internet connected cameras and DVRs into nodes in a massive botnet. This time it used the same entry points into your devices to brick them. The better to prevent them from possibly being turned into weapons of mass denial of service.
We'll cover why that's a Bad Idea. And what are more constructive ways to get IoT/Internet-enabled embedded device manufacturers and vulnerability researchers to sit down at the same table.
There's no S(ecurity) in IoT: This is why we can't sleepJimmy Shah
IoT devices are embedded systems. Essentially "[a] computer small enough to fit in a pocket". One wouldn’t put a computer on the Internet without at least considering securing it, yet security for IoT devices is quite often an afterthought.
BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APTJimmy Shah
Mobile devices are not simply PCs. While one knows to look for an Advanced Persistent Threat(APT) on their desktop endpoints, mobile tends to be ignored. Setting up an MDM solution is not enough. Installing AV on as many devices as possible is not enough. The holes in the net are still too wide; attackers have more options than just malicious apps for getting on your network.
Topics covered will be:
How attackers are moving to mobile in order to bypass traditional protection.
Apps are only one part of the problem. Documents, email, messaging are still left wide open
Bypassing Mobile Antivirus
Bypassing MDM, MAM and Containers
Attackers are turning from apps to exploits.
Finally we’ll cover what to do next – how to effectively deal with Mobile APT.
Solar Powered Parking Meters - An IoT thought experimentJimmy Shah
The Internet of Things is not as complex as one would think. Objects(e.g. Power meters, Fridge computers, etc.) or "Things" don;t have their own Internet, instead they "speak" to each other over the same Internet we all use. There lies their vulnerability. Assuming that since the machines will only talk to each other, that no one will eavesdrop or intrude on their conversation. Security researchers have a saying, "Security through Obscurity is no Security".
The presentation shows how the Internet of Things' veil of obscurity can be pierced by an attacker(or more likely a Security Researcher) would assess a particular Smart Parking Meter ecosystem. Only open source intelligence(OSINT)[e.g. patents, newspaper articles] was used to compile the information on:
* parking meters
* mesh networking
* machine2machine(m2m) SIMs
* management consoles
* RF usage
Mobile malware heuristics the path from 'eh' to pretty good'Jimmy Shah
The 'Platypus' talk
Malware on mobile phones is rapidly increasing. There are many reasons for this, but the primary one is the ease of monetizing malware on mobile phones, Attackers are incentivized to create more malware faster and cheaper. They are overwhelming the limited resources of malware researchers with this glut of cheap and "good enough" malware. Malware can be identified by humans, but there is insufficient time to handle all that is released daily by malware writers. There is a need to develop both better heuristics and the tools that let an analyst separate the wheat from the chaff. The presentation will cover not just the development of heuristics for mobile malware, but also its path from simple detection to more advanced and more successful(i.e fewer false positives) detection. Along the way we will cover the missteps and pitfalls that slow the development of automation.
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareJimmy Shah
Attackers are starting to move on from simple attacks, mainly because users are starting to figure out that the free adult entertainment or chat app shouldn't be sending SMS messages to expensive numbers. They're leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software.
2. Smartphone Ownage: The State of Mobile Botnets and Rootkits2
Contents
• Who we are
• Mobile malware
• Definitions
• Mobile Botnets
• Mobile Rootkits
4. Smartphone Ownage: The State of Mobile Botnets and Rootkits4
Who we are
• Mobile Antivirus Researchers
• My team and I specialize in mobile malware and threat analysis on
existing(J2ME, SymbOS,WM, iPhone OS, Android) and upcoming
mobile platforms.
• We work with a number of large mobile network operators.
5. Smartphone Ownage: The State of Mobile Botnets and Rootkits5
Mobile malware
In the Wild
Comparison to PC malware
Trends
6. Smartphone Ownage: The State of Mobile Botnets and Rootkits6
In the Wild
SymbOS
J2ME
WinCE
Python
MSIL
VBS
Linux
740+ variants
7. Smartphone Ownage: The State of Mobile Botnets and Rootkits7
Mobile malware
In the Wild
Comparison to PC malware
Trends
8. Smartphone Ownage: The State of Mobile Botnets and Rootkits8
Comparison to PC malware
PCs Mobile Examples
Worms
● SymbOS/Commwarrior family
● MSIL/Xrove.A
● SymbOS/Cabir.A
Viruses
● WinCE/Duts.1536
● SymbOS/Lasco.A
Trojan Horses
● J2ME Trojans
● SymbOS Trojans
● WinCE Trojans
Spyware
● Commercial spyware – jailbroken/rooted devices
● txbbspy – Blackberry
● PhoneSpy – iPhone
9. Smartphone Ownage: The State of Mobile Botnets and Rootkits9
Mobile malware
In the Wild
Comparison to PC malware
Trends
10. Smartphone Ownage: The State of Mobile Botnets and Rootkits10
Trends – Mobile Malware Lifecycle
11. Smartphone Ownage: The State of Mobile Botnets and Rootkits11
Definitions
Botnets
Rootkits
12. Smartphone Ownage: The State of Mobile Botnets and Rootkits12
Botnets
• Network
– Clients - Infected machines, “bots”, “zombies” , “bot clients”, etc.
– Server(s) - Command & control, “bot master”, “herd master”, etc.
• Uses
– Stealing PII, confidential information, etc.
– Attacks(DDoS, Spam, phishing)
13. Smartphone Ownage: The State of Mobile Botnets and Rootkits13
Definitions
Botnets
Rootkits
14. Smartphone Ownage: The State of Mobile Botnets and Rootkits14
Rootkits
• Originally used on UNIX systems to assist in gaining/keeping root
access
– Scripts and rigged binaries
• Essentially, rootkits do a few things
– Evasion
– Reduce or maintain reduced security
– Self-Protection
First one on the machine wins.
15. Smartphone Ownage: The State of Mobile Botnets and Rootkits15
Mobile Rootkits
Examples in the wild
Precursors
Actual
16. Smartphone Ownage: The State of Mobile Botnets and Rootkits16
SymbOS/Commwarrior
Variant Feature Type
A-B Delete other malware Self-protection
C Copies itself to the memory card Evasion/Self-protection
C Self-repair, protection from being deleted Self-protection
D Encrypts internal strings Evasion
D Infects other programs' installation files Evasion
D Deletes Antivirus programs Evasion/Self-protection
17. Smartphone Ownage: The State of Mobile Botnets and Rootkits17
WinCE/Infojack.A
• Self-protection
– Installing as an autorun program on the memory card
– installing itself to the phone when an infected memory card is inserted
– protecting itself from deletion, copying itself back to disk
• Reduce security/bypass protection
– allows unsigned applications to install without warning
WinCE/InfoJack is installed with
a collection of legitimate games
WinCE/InfoJack installs silently
along with other applications
WinCE/InfoJack installs as an autorun
program on the memory card
18. Smartphone Ownage: The State of Mobile Botnets and Rootkits18
Mobile Rootkits
Examples in the wild
Precursors
Actual
19. Smartphone Ownage: The State of Mobile Botnets and Rootkits19
Linux Mobile Phone Rootkits
• Rutgers University Researchers Bickford, et al developed a set of
mobile rootkits
• Perform attacks
– Dial attacker on alarm
– Dial attacker on SMS
– GPS coords. Sent to attacker via SMS
– Battery drain attack
• Evasion/Self-protection
– Evade user-mode detection
• Port to N900 in the works
Openmoko Neo1973 (Photo Credit: Ryan Baumann)
20. Smartphone Ownage: The State of Mobile Botnets and Rootkits20
Mobile Rootkits
Future Research
21. Smartphone Ownage: The State of Mobile Botnets and Rootkits21
Android on iPhone/iPhone Linux
• Spinoff/side project from one of the iPhone dev team developers
• Security reduced
– Requires jailbroken phone
– Entirely different OS runs
• Self-protection
– Custom iboot designed to load linux
22. Smartphone Ownage: The State of Mobile Botnets and Rootkits22
Mobile Botnets
Examples in the wild
Precursors
Actual
23. Smartphone Ownage: The State of Mobile Botnets and Rootkits23
OSX/iPHSponey.A
• Network Communication
– Exfiltrate data via email
• Not hardcoded or updated in PoC
• Data gathering(including PII)
– Acquire data from
• interesting apps(Safari, YouTube)
• keyboard cache
24. Smartphone Ownage: The State of Mobile Botnets and Rootkits24
OSX/RRoll.C/OSX/iPHDownloader.A - “botnet”
• Reduce Security
– Enable phishing via hosts file entry
– Unlike previous variant does not disable sshd
– Alters password of user 'mobile' (not root)
• Data gathering
– Attempts to send SMS DB to attacker
• C & C
– /etc/hosts changing script downloaded
• Redirects Dutch bank site to attacker's server
• More of an intended botnet
– OSX/RRoll.C propagates OSX/iPHDownloader.A, but neither propagate
on their own
– C & C server taken down
25. Smartphone Ownage: The State of Mobile Botnets and Rootkits25
SymbOS/XMJTC - “sexy view” worm
• Self-protection/evasion
– Signed installation file
• No warning to user during installation
– Silent install of updates
• Kills processes of 3rd party task managers
• C&C via SMS messages
– Download and install update from supplied URL
– Writes a “serial number” to disk
– Ping the attacker's server/phone via SMS
• Perform attacks
– spamming links to malware via SMS
26. Smartphone Ownage: The State of Mobile Botnets and Rootkits26
“Rise of the iBots: 0wning a telco network”
• Security researchers Collin Mulliner and Jean-Pierre Seifert developed
a PoC iPhone botnet
– Research concentrated on evading detection
• C&C over SMS and P2P network
– Encrypted commands
• Tested in lab
– “Installed bot(s) on a number of iPhones in the lab.”
• No “spreading functionality”
– Experiments were testing the feasibility of the C&C channels
• Presented at the 5th International Conference on Malicious and
Unwanted Software(MALWARE 2010)
27. Smartphone Ownage: The State of Mobile Botnets and Rootkits27
“Rise of the iBots: 0wning a telco network”
Signature
Length
ECDSA
Signature
Sequence
Number
Command
Type
Command
1 <variable> 4 1 <variable>
Command Function
Add phone number(s)
Adds numbers to the forwarding list. Commands
are forwarded to all bots on the list.
Set sleep interval
Sets how long the client waits before searching
the P2P network for a command
Execute shell sequence Run a command in the shell( e.g. ls, ping, etc.)
Download URL Downloads a command file from the botmaster
28. Smartphone Ownage: The State of Mobile Botnets and Rootkits28
Mobile Botnets
Examples in the wild
Precursors
Actual
29. Smartphone Ownage: The State of Mobile Botnets and Rootkits29
WeatherFistBadMonkey – iPhone/Android botnet
• PoC created by Security Researchers
– Derek Brown and Daniel Tijerina(Tipping Point DV Labs)
• Evasion
– Performs nominal function – connects to legitimate weather site
• Bot capability
– Clients available for multiple platforms
– Jailbroken iPhone
– Stock Android
• C & C Server
– Spamming
– provide reverse shell
– perform DDoS
Screenshot Weather Underground site
30. Smartphone Ownage: The State of Mobile Botnets and Rootkits30
Rootstrap & Eclipsetrap
• PoC created by Security Researcher Jon Oberheide of Scio Security
• Evasion
– Pretends to be “Twilight Eclipse Preview” app
• Updates/Commands
– Downloads new native binaries regularly
Despite being only nominally a movie preview app and receiving bad reviews, the PoC garnered over 200 downloads.
31. Smartphone Ownage: The State of Mobile Botnets and Rootkits31
• Zeus trojan on the PC puts up a dialog asking for the victims phone
model and mobile number
– Uses number to send download link to victim
– Download is a signed installation file pretending to be a “Nokia update”
• Zitmo.A is spyware used to forward incoming SMS to the attacker
– Unlike other more common Symbian spyware, forwarded SMS are not
logged to an account on a central server
SymbOS/Zitmo.A
32. Smartphone Ownage: The State of Mobile Botnets and Rootkits32
SymbOS/Zitmo.A, cont.
Command Function
set admin/
SET ADMIN
Setting the C&C phone
number(in memory or in the
config file)[case-sensitive]
[ON/OFF]
Starting/Stopping the
forwarding of SMS messages
BLOCK [ON|OFF] Ignore SMS commands
SET SENDER <number>
ADD SENDER <number1>,…,<number n>
ADD SENDER ALL
Add sender's number to the
forwarding list
REM SENDER <number1>,…,<number n>
REM SENDER ALL
Remove specific/all senders'
numbers
33. Smartphone Ownage: The State of Mobile Botnets and Rootkits33
SymbOS/Zitmo.A, cont.
• Used for stealing mTAN/mTAC(Mobile Transaction Authorization
Number/Code)
– mTAN/mTAC are not used by all banks
• Not written from scratch
– Cracked version of commercial spyware “SMS Monitor”
Installation of the commercial spyware
(images from dTarasov.ru documentation)
The original program required payment.
(images from dTarasov.ru documentation)