ipexpo 2013 - anatomy of a targeted attack against mdm solutions

Post on 25-Dec-2014

428 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

 

TRANSCRIPT

Anatomy of a Targeted Attack against Mobile Device Management (MDM) Solutions

Ohad Bobrov, CTO and co-founder ohad@lacoon.com

Collapse The collapse of the corporate perimeter

Targeted devices Why mobile devices are targeted

Demo How mobile malware bypasses current security solutions

Mitigation Detection, remediation & building a secure BYOD/HYOD architecture

Agenda

•  Protecting organizations from mobile threats

•  Protecting tier-1 financial, manufacturing, legal and defense organizations

•  Cutting edge mobile security research team

About Lacoon Mobile Security

The Collapse Of The Corporate Perimeter

> 2011

The Collapse Of The Corporate Perimeter

“More than

60% of organizations enable BYOD” Gartner, Inc. October 2012

TARGETED MOBILE THREATS

Mobile Devices: Attractive Attack Target

Eavesdropping

Extracting contact lists, call &text logs

Tracking location

Infiltrating internal LANs

Snooping on corporate emails and application data

Recent High-Profiled Examples

Commercial mobile surveillance tools

Data sample •  1 GB traffic sample of spyphone targeted traffic,

collected over a 2-day period

•  Collected from a channel serving ~650K subscribers

•  Traffic constrained to communications to selected malicious IP address

Survey: Cellular Network 2M Subscribers Sampling: 650K

Infection rates:

June 2013:

1 / 1000 devices

Survey: Cellular Network 2M Subscribers Sampling: 650K

Survey: Cellular Network 2M Subscribers Sampling: 650K

Mobile Device Management

(MDM) & Secure

Containers

MDMs and Secure Containers

3 features:

l  Encrypt business data l  Encrypt communications to the

business l  Detect Jailbreak/ Rooting of

devices

HOW ATTACKERS BYPASS

MDM SOLUTIONS

DEMO

Let’s Test…

Overview

Infect the Device

Install Backdoor

Bypass Containerization

Exfiltrate Information

Step 1: Infect the device

Step 2: Install a Backdoor / aka Rooting

Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS

Vulnerability Each Android device had/ has a public vulnerability

Exploit Detection mechanisms don’t look at apps that exploit the vulnerability

Step 3: Bypass Containerization

Jo, yjod od sm r,so;

Storage

Jo, yjod od sm r,so;

Storage

Step 3: Bypass Containerization

Jo, yjod od sm r,so;

Hi, This is an email

Storage Memory

Step 3: Bypass Containerization

Jo, yjod od sm r,so;

Hi, This is an email

Storage Memory

Exfiltrate information

Step 3: Bypass Containerization

CURRENT SECURITY SOLUTIONS

Current Solutions: FAIL to Protect

Mitigation: Current Controls

Mobile Device Management (MDM)

Multi-Persona

Wrapper

Active Sync

NAC

Mitigation: Current Controls

Mobile Device Management (MDM)

Multi-Persona

Wrapper

Active Sync

NAC

Detection: Adding Behavior-based Risk

Malware Analysis

Threat Intelligence

Vulnerability Research

Detection: Adding Behavior-based Risk

Malware Analysis

Threat Intelligence

Vulnerability Research

Application Behavioral

Analysis

Device Behavioral

Analysis

Vulnerability Assessment

Detection: Adding Behavior-based Risk

Malware Analysis

Threat Intelligence

Vulnerability Research

Application Behavioral

Analysis

Device Behavioral

Analysis

Vulnerability Assessment

Lacoon Mobile Security

Thank You.

Stop by: Stand A50 Email me: ohad@lacoon.com Twitter: @LacoonSecurity

top related