protecting against mobile attacks

Protecting

against Mobile

Attacks Frankie Wong

Security Analyst, HKCERT

1

2014-APR-17

Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

Protecting against Mobile Attacks

Agenda

Attacks moving to mobile

Birthday to mobile malware

Mobile malware trend

Protect your devices

HKCERT Supports

Q & A

2

Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537

Protecting against Mobile Attacks

Attacks moving to mobile

3

Image source: http://universalmobileinterface.wordpress.com/

Protecting against Mobile Attacks

Attacks moving to mobile

4

Why?

Protecting against Mobile Attacks

Attacks moving to mobile

1. Mobile devices are connection-enabled

2. Valuable data

3. Valuable resource

4. High penetration

5. Smart OS eco-system

5

Protecting against Mobile Attacks

Attacks moving to mobile

1. Mobile devices are connection-enabled

3G/LTE

Wi-Fi

Bluetooth

NFC

Camera – QR Code

GSM – SMS

6

Image source: http://www.hightech-edge.com/wireless-communications/14037/

Protecting against Mobile Attacks

Attacks moving to mobile 2. Valuable data

Phone information IMEI, Phone number, SMS history, etc.

Contact list Social engineering, Spam database

Geo-location information Spy, Track history

Images/Camera Spy, Surrounding environment

Documents *.doc; *.pdf

7

Image source: http://blogs.gartner.com/svetlana-sicular/data-scientist-mystified/

Protecting against Mobile Attacks

Attacks moving to mobile

3. Valuable resource

High speed CPU

Powerful computing

Always-On Internet connection

8

Image source: http://www.digitaltrends.com/mobile/mobile-phone-world-population-2014/

Protecting against Mobile Attacks

9

Protecting against Mobile Attacks

Attacks moving to mobile

4. High penetration

10

Image source: http://www.slideshare.net/wearesocialsg/social-digital-mobile-around-the-world-january-2014

Protecting against Mobile Attacks

Attacks moving to mobile

5. Smart OS eco-system

App store market

Easy access

Simple install

Awareness

Permission review

Security tools

PC threats in mobile: email, links, browsers,

flash, etc.

11

Protecting against Mobile Attacks

Birthday to mobile

malware

12

Image source: http://www.cultofmac.com/102888/happy-birthday-iphone-eat-your-way-through-four-years-of-iphone-birthday-cakes-gallery/

Protecting against Mobile Attacks

Birthday to mobile malware

13

How old? 10 Years

Protecting against Mobile Attacks

Birthday to mobile malware

14

Image source: https://blog.fortinet.com/10-Years-of-Mobile-Malware/

Protecting against Mobile Attacks

Birthday to mobile malware

Propagation via Bluetooth

Propagation mix with MMS

Premium SMS

Mobile botnet

Banking Trojan

PC-mobile cross infection

Ransomware

15

2014

2004

Protecting against Mobile Attacks

Mobile malware trend

16

Image source: http://autoblog.johnhughes.com.au/wp-content/uploads/2012/04/Mobile-Trend.jpg

Protecting against Mobile Attacks

Mobile malware trends

17

Image source: http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q4-2013.pdf

Protecting against Mobile Attacks

Mobile malware trends

Premium SMS

Mobile botnet

Cross platform infection

Ransomware

CryptoCurrency Miner

18

Protecting against Mobile Attacks

Mobile malware trends

Premium SMS

19

Image source: https://blog.lookout.com/blog/2012/10/03/avoid-premium-sms-scams/

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

(2009) SMS attacks on iPhones

(2011) DroidDream compromised Android

(2012) Zitmo (Zeus-in-the-mobile) targeted

Blackberry and Android

20

Image source: http://www.pcworld.com/article/2048199/botnet-likely-caused-spike-in-number-of-tor-clients.html

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

(2014) iDroidbot

targets phones running iOS 7.1 and earlier

as well as Android 2.2 and later

Support web administration

Support TOR (anonymous) / proxy connection

Tap mobile wallets

Visa QIWI Wallet

WebMoney Keeper Mobile

Yandex

21

Image source: http://blogs.mcafee.com/mcafee-labs/idroid-bot-for-sale-taps-into-mobile-wallets

Protecting against Mobile Attacks

Mobile malware trends

Mobile botnet

22

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Protecting against Mobile Attacks

Mobile malware trends

Cross platform infection

Android malware infects Windows (2013)

Auto-Run attack

Windows malware infects Android devices

(2014)

adb (Android debug bridge) push

23

Image source: http://www.wpcentral.com/asus-still-bets-androidwindows-8-hybrid-introduces-td300-ces-2014

Protecting against Mobile Attacks

Mobile malware trends

Ransomware

Blackmail: Fake Anti-virus on Android (2013)

Fraud: Fake Anti-virus “Virus Shield” on

Android (2014)

24

Image source: http://ictpost.com/2013/11/12/mobile-malware-crosses-one-million-mark-says-trend-micro/

Protecting against Mobile Attacks

Mobile malware trends

CryptoCurrency Miner

BitCoin / LiteCoin / DogeCoin

[2014-Mar] CryptoCurrency mining malware

found in Play Store

25

Image source: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/03/dogecoinfigure5.png

Image source: http://b-i.forbesimg.com/robertwood/files/2013/05/22.jpg

Protecting against Mobile Attacks

Protect your devices

26

Image source: http://blog.mobpartner.com/2012/10/19/android-mobile-threats/

Protecting against Mobile Attacks

Protect your devices

27

How? What?

Protecting against Mobile Attacks

Protect your devices

Things to protect

Information

Device information

Personal information

Resource

Network resource

CPU resource

28

Image source: http://chicagoagentmagazine.com/3-awesome-apps-for-protecting-your-smartphone/

Protecting against Mobile Attacks

Protect your devices

used by ad libraries to geo-target ads.

for spyware, it provides location data

data helps botnets keep track of their bots.

29

Image source: http://www.mcafee.com/hk/resources/reports/rp-mobile-security-consumer-trends.pdf

Protecting against Mobile Attacks

Protect your devices

Identify the enemy

1. Phishing

2. Malware

3. Vulnerability

30

Image source: http://www.thetechherald.com/articles/Syrian-activists-targeted-by-Phishing-campaigns-and-malware/16429/

Protecting against Mobile Attacks

Protect your devices

Against Phishing

1. Against Phishing

Shorten URL / Long Domain

Email / SMS / IM message

(e.g. WhatsApp, LINE, WeChat, etc.)

Social networking website (e.g. Facebook)

Advertisements

QR-Code / NFC

Wi-Fi / Bluetooth connection

31

AWARE

Protecting against Mobile Attacks

Protect your devices

Against Phishing

[2014-Apr] Apple ID Phishing Scam

32

Image source: http://www.redmondpie.com/new-apple-id-phishing-scam-looks-plausible-enough-to-fool-anyone/

Protecting against Mobile Attacks

Protect your devices

Against Malware

2. Against Malware

Don’t install untrusted apps

Don’t download from the 3rd party markets

33

Protecting against Mobile Attacks

Protect your devices

Against Malware

34

Re-package the

legitimate app with

additional permissions

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Protecting against Mobile Attacks

Protect your devices

Against Malware

35

Malware in Play Store

~ 0.1%

Install apps only from

the official store

Image source: http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

Protecting against Mobile Attacks

Protect your devices

Against Malware

Disable installation from “Unknown sources”

36

Image source: http://www.androidguys.com/2014/04/05/install-amazon-app-store-android/

Protecting against Mobile Attacks

Protect your devices

Against Malware

Install mobile security tools

37

Image source: http://www.av-test.org/en/tests/mobile-devices/android/

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

3. Against Vulnerability

Keep your System up-to-date

Always update your Apps

38

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

[2013-Jul] Vulnerability in WhatsApp for

Android

“Priyanka” worm spreading

39

Image source: http://www.theandroidsoul.com/remove-priyanka-whatsapp-virus/

Protecting against Mobile Attacks

Protect your devices

Against Vulnerability

[2014-Feb] iOS flaw allows malicious apps

to record touch screen presses

40

Image source: http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html

Protecting against Mobile Attacks

Protect your devices

Conclusion

Beware of phishing message

Install apps from official store

Review permissions before apps installation

Keep your System/Apps up-to-date

Install mobile security tools

41

Image source: http://www.smallbiztechnology.com/archive/2013/05/12-mobile-security-tips-all-small-businesses-must-be-aware-of.html/

Protecting against Mobile Attacks

HKCERT Supports

HK Google Play Store’s Apps Security Risk

Report (https://www.hkcert.org/play-store-srr)

Monthly report, 1st released in Jul-2013

HKCERT + NINIS in China

Detect malicious/suspicious behaviors apps

in Hong Kong Google Play Store

42

Protecting against Mobile Attacks

HKCERT Supports

Guidelines on Mobile

Guideline of Mobile Security

BYOD Security Guidelines

NFC Security Guidelines

43

Q&A Thank you

Website: www.hkcert.org

Hotline: 8105-6060

44