amphion forum 2013: what to do about attacks against mdms
TRANSCRIPT
Amphion Forum 2013 Practical Attacks Against Popular MDM Solutions (and What Can We Do About It)
Michael Shaulov CEO, Co-Founder
Agenda
l About Lacoon
l Your Data
l Exploits to target enterprise data on mobile devices
l Your Information
l Point & click mobile remote access Trojans
l Your Life
l Mobile device Trojans as a service (M-TaaS)
l Hacking iOS devices?
Lacoon Mobile Security
l Founded by mobile security experts from the Defense and
Security industries
l Serving the Fortune-1000
l Cutting edge research team
l Partnerships with leading mobile operators
l Well-funded and backed by security industry veterans and
Index Ventures
Why to Hack Mobile Devices?
BYOD and Corporate Mobility
“More than
60% of organizations enable BYOD”
Gartner, Inc. October 2012
Mobile Devices: Attractive Attack Target
Eavesdropping
Extracting contact lists, call &text logs
Tracking location
Infiltrating internal LANs
Snooping on corporate emails and application data
Enterprise Mobile Data Protection Solutions?
Enterprise Security & Data Protection Solutions
l Mobile Device Management (MDM)
l Secure Containers
l Wrappers
l VDI
YOUR DATA
What is a Secure Container?
MDMs and Secure Containers
3 features:
l Encrypt business data l Encrypt communications to the
business l Detect Jailbreak / Rooting of
devices
12 Hours | 1000 USD
Attack Demo
Step 1: Infect the device
Step 2: Install a Backdoor / aka Rooting
Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS
Vulnerability Each Android device had/ has a public vulnerability
Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Step 3: Bypass Containerization
Jo, yjod od sm r,so;
Hi, This is an email
Storage Memory
Exfiltrate information
Step 3: Bypass Containerization
How Many Privilege Escalation Exploits are Out There?
Date Name Affected Devices 12/2012 Exynos Most Samsung
Devices (Galaxy S2/3, Note…)
6/2013 MasterKey 1
All devices
8/2013 MasterKey 2
All devices
11/2013 MasterKey 3 All devices
11/2013 V-Root All devices, bypass SEAndroid…
How Many Privilege Escalation Exploits are Out There?
Date Name Affected Devices 12/2012 Exynos Most Samsung
Devices (Galaxy S2/3, Note…)
6/2013 MasterKey 1
All devices
8/2013 MasterKey 2
All devices
11/2013 MasterKey 3 All devices
11/2013 V-Root All devices, bypass SEAndroid…
YOUR INFORMATION
Point & Click | Free (0 USD)
AndroRAT – Point & Click mRAT Generator
l Injects polymorphic mobile remote access Trojan to any
Android application
l Released as Open Source on Nov 2012
l https://github.com/DesignativeDave/androrat
l Forked many times
l Available on many dark forums
AndroRAT Demo
YOUR LIFE
Mobile Device Trojans as a
Service (M-TaaS)
Read the Manual | 60 USD per Year
Commercial mobile surveillance tools
mSpy Demo
Survey: Cellular Network 2M Subscribers Sampling: 650K
Infection rates:
June 2013:
1 / 1000 devices
Survey: Cellular Network 2M Subscribers Sampling: 650K
Current Solutions in Use to Protect Mobility
http://www.lacoon.com/hand-of-thief-hot-moves-its-way-to-android/
Anti Virtual Machine - “the best way to infect the user is by placing the malware on Google Play”
Lacoon MobileFortress – Behavior-based Detection & Mitigation
Malware Analysis
Threat Intelligence
Vulnerability Research
Application Behavioral
Analysis
Device Behavioral
Analysis
Multi-Layer Mitigation
Thank You. Contact details: www.lacoon.com [email protected] Twitter: @LacoonSecurity