iota security android sdk white paper

IOTA SECURITY INC.

SECURE EVERY THING™

WHITE PAPER PROTECTING MOBILE CUSTOMERS

FROM CYBER THREATS

IOTA SECURITY INC. SECURE EVERY THING™

© Copyright Iota Security Inc. P a g e | 2

TABLE OF CONTENTS

Mobile Malware – Risks Abound ....................................................................... 3

Catching Only Half: Malware Heads or Tails .................................................. 4

Comply! (PCI DSS and HIPAA) .......................................................................... 5

Iota Security Provides Mobile Cyber Defenses............................................... 5

Detection Like You’ve Never Seen Before...................................................... 6

Security In Your Hands: Android SDK................................................................ 7

Beyond Compliance .......................................................................................... 8

About Iota Security ............................................................................................. 8



MOBILE MALWARE – RISKS ABOUND

Like all new technologies, mobile devices present great opportunities to drive new

business, create revenue streams, reduce costs and enhance customer

interactions. Similarly, mobile technology introduces new risks: these new

endpoints reveal an increased attack surface. This poses an unmistakable security

challenge.

Mobile malware has existed for nearly two decades. Malware can read

passwords, copy sensitive files, take pictures, record audio, eavesdrop on network

traffic, and log keystrokes. It’s no surprise that a successful hacker says that your

customer is “pwned” (owned).

Today, the vast majority of mobile malware infects devices running the Android

operating system. According to Cisco’s 2014 Annual Security Report, 99% of

mobile malware targets Android. HP’s analysis is comparable, shown in Figure 1.

FIGURE 1: 10 YEARS OF MOBILE MALWARE (SOURCE: HP CYBER RISK REPORT 2015)

There is no doubt that Android is the target of choice for attacks. Verizon’s 2015

Data Breach Investigations Report compared the incidence of attacks on iOS

and Android, and found that “Android wins so hard that most of the suspicious

activity logged from iOS devices was just failed Android exploits”.



CATCHING ONLY HALF: MALWARE HEADS OR TAILS

Despite dozens of anti-virus products available for free, the problem persists.

According to the 2015 HP Cyber Risk Report: “Studies show that anti-malware

software catches only about half of all cyberattacks — a truly abysmal rate.”

The problem lies in the process used by anti-virus

products: A large staff of malware researchers

review submitted samples and search the “Dark

Web” for malware. Potential viruses are then

studied and information extracted to create a

signature of the malware. Soon (or not so soon),

the anti-virus company includes the signature in

their “virus definition”, which gets delivered to their customers. This system is both

labor-intensive and time-consuming. Once a new piece of malware is found in

the wild, it can take days or weeks until customers are protected from it.

It gets worse. Once malware is detected, a hacker can easily change the virus to

create a new variant, which goes undetected – its signature has changed.

Security industry experts have no confidence in these solutions. Anton Chuvakin,

Gartner’s VP of Security and Risk Management, wrote in a blog post:

Essentially, people who deal with advanced incident response today

quietly assume that the malware will not be detected by whatever anti-

virus tools installed. The question of "does AV detect it?" never even comes

up anymore. In their world, anti-virus effectiveness is basically 0% and this

is not a subject of any debate. This is simply a fact of their daily life.

http://blogs.gartner.com/anton-chuvakin/2013/03/04/a-quiet-assumption/

According to a 2013 study by researchers at Northwestern University, “Our results

on ten popular commercial anti-malware applications for Android are worrisome:

none of these tools is resistant against common malware transformation

techniques. Moreover, the transformations are simple in most cases and anti-

malware tools make little effort to provide transformation-resilient detection”.

Using signatures is like using fingerprints to check the criminal records of bank

visitors. The heavily armed attacker in a ski mask with no record is waved through.

“Anti-Virus Is Dead”

Brian Dye

SVP Information Security

Symantec



COMPLY! (PCI DSS AND HIPAA)

The Payment Card Industry Data Security Standard (PCI DSS) involves compliance

with 12 major requirements. Included, “use and regularly update anti-virus

software on all systems commonly affected by malware”.

Similarly, entities that are covered by the Health Insurance Portability and

Accountability Act (HIPAA) need to have safeguards in place to protect Personal

Health Information (PHI). Covered entities include health plans, healthcare

clearinghouses, such as billing services and community health information

systems, and healthcare providers that transmit healthcare data in a way that is

regulated by HIPAA. These entities need to ensure that information systems

housing PHI must be protected from intrusion, and must make sure that the data

in their systems have not been changed or erased in an unauthorized manner.

Unfortunately, according to the Ponemon Institute, 65% of healthcare

organizations had multiple security incidents in the past two years involving the

exposure, theft, or misuse of electronic information.

IOTA SECURITY PROVIDES MOBILE CYBER DEFENSES

Iota Security helps prevent fraud, mBank robbery, and theft of sensitive

information on Android devices. Our advanced threat detection capability

enables us to identify malicious software on Android that all other vendors miss.

We provide this capability as a Software Development Kit (SDK) which can be

easily integrated into sensitive applications.

Iota Security does not rely on easily circumvented signatures. Rather, Iota

Security’s patent-pending approach to securing a device uses a proprietary suite

of machine learning algorithms. These algorithms have been trained on tens of

thousands of malicious software samples to detect the fundamental patterns of

maliciousness.

Signature based products detect only around half of threats. Iota Security detects

94.5% of threats that we have not encountered before.



DETECTION LIKE YOU’VE NEVER SEEN BEFORE

Iota Security found a common Trojan virus that sends SMS messages to a premium

rate number. This virus, called FPlay.apk was submitted to Virus Total and scanned

by 55 Android anti-virus solutions selected by Virus Total – 41 of them detected it

(figure 3).

FIGURE 2: VIRUSTOTAL RESULTS OF SMS TROJAN

Common obfuscation techniques were applied to the virus. The results are striking:

None of the 57 anti-virus solutions selected by Virus Total detected the Trojan

(figure 4).

FIGURE 3: VIRUSTOTAL RESULTS OF OBFUSCATED SMS TROJAN

Iota Security correctly identified both samples as malicious, as shown in Figure 5.

FIGURE 4: IOTA SECURITY RESULTS OF ORIGINAL AND OBFUSCATED SMS TROJAN



SECURITY IN YOUR HANDS: ANDROID SDK

Consumers are generally unaware of the security implications of their technology

choices. Many have no Android anti-virus software loaded on their devices, and

those that do are literally lulled into a false sense of security.

Iota Security’s Android SDK allows

organizations to embed our advanced

threat detection capability within their host

application.

Crucially, the SDK approach allows the

developer to own and manage their

customer’s experience, the user interface

and all communications.

The Iota Security Android SDK features several configurations that can be

selected by the developer:

PERSISTENT OR ON-DEMAND MONITORING

The developer can choose to scan a new application at the time of its installation,

or perform a full device scan each time their host application loads.

CUSTOM THREAT NOTIFICATION POLICY

When a threat is detected, the developer can choose how to respond from the

following options:

Notifying the user

Prompting the user to uninstall the malware

Launching the host application with limited functionality to prevent

exploitation, or

Flagging transactions for further security and fraud analysis

Iota Security provides the host application developer all the building blocks

necessary to use the SDK. Designed with mobility in mind, our architecture uses

minimal system resources. The heart of our SDK is an Android library that

implements background services that invisibly check the user’s device and scan

newly installed applications for malware.

FIGURE 5: MOBILE PAYMENTS (CREDIT HLUNDGAARD)



Using the SDK is simple:

Add the Iota Security library to your Android project within your favourite

development environment

Ensure your Android manifest xml reflects your chosen configuration

Implement a few lines of code to initiate device scans and receive results

Documentation and a sample application are provided for your reference.

BEYOND COMPLIANCE

In today’s “cyber” world, compliance with industry standards and emerging

legislation is only a beginning. Organizations must take responsibility for security

risks to their customers. Your cloud servers may be secured, the transmission

encrypted and the host application coded using secure software development

techniques. However, none of this matters if the device itself is compromised.

Integrating Iota Security’s advanced threat detection into your application helps

protect your customers, reducing an avenue for attack vector over which, until

now, you’ve had little control.

ABOUT IOTA SECURITY

Iota Security provides advanced cyber threat defenses for mobility and the

Internet of Things (IoT). Our social and business mission is to make the world more

secure by allowing people, organizations and governments to safely realize the

benefits of emerging technologies.

Iota Security protects financial institutions, merchants, and healthcare providers –

as well as their customers – from attack. Our approach to security uses on-device

protections coupled with cloud-based analysis and leverages highly effective

machine learning algorithms.

For more information about Iota Security, our Android SDK, and other products

and services, visit www.iotasecurity.com, or contact [email protected]

http://www.iotasecurity.com/

mailto:[email protected]

iota security android sdk white paper

Documents