iota security android sdk white paper
DESCRIPTION
Learn how: 1.)To enhance your PCI and HIPAA compliance; 2.) Android anti-virus solutions fail to detect advanced threats; 3.) Iota Security's proprietary suite of algorithms keep you saferTRANSCRIPT
IOTA SECURITY INC.
SECURE EVERY THING™
WHITE PAPER PROTECTING MOBILE CUSTOMERS
FROM CYBER THREATS
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 2
TABLE OF CONTENTS
Mobile Malware – Risks Abound ....................................................................... 3
Catching Only Half: Malware Heads or Tails .................................................. 4
Comply! (PCI DSS and HIPAA) .......................................................................... 5
Iota Security Provides Mobile Cyber Defenses............................................... 5
Detection Like You’ve Never Seen Before...................................................... 6
Security In Your Hands: Android SDK................................................................ 7
Beyond Compliance .......................................................................................... 8
About Iota Security ............................................................................................. 8
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 3
MOBILE MALWARE – RISKS ABOUND
Like all new technologies, mobile devices present great opportunities to drive new
business, create revenue streams, reduce costs and enhance customer
interactions. Similarly, mobile technology introduces new risks: these new
endpoints reveal an increased attack surface. This poses an unmistakable security
challenge.
Mobile malware has existed for nearly two decades. Malware can read
passwords, copy sensitive files, take pictures, record audio, eavesdrop on network
traffic, and log keystrokes. It’s no surprise that a successful hacker says that your
customer is “pwned” (owned).
Today, the vast majority of mobile malware infects devices running the Android
operating system. According to Cisco’s 2014 Annual Security Report, 99% of
mobile malware targets Android. HP’s analysis is comparable, shown in Figure 1.
FIGURE 1: 10 YEARS OF MOBILE MALWARE (SOURCE: HP CYBER RISK REPORT 2015)
There is no doubt that Android is the target of choice for attacks. Verizon’s 2015
Data Breach Investigations Report compared the incidence of attacks on iOS
and Android, and found that “Android wins so hard that most of the suspicious
activity logged from iOS devices was just failed Android exploits”.
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 4
CATCHING ONLY HALF: MALWARE HEADS OR TAILS
Despite dozens of anti-virus products available for free, the problem persists.
According to the 2015 HP Cyber Risk Report: “Studies show that anti-malware
software catches only about half of all cyberattacks — a truly abysmal rate.”
The problem lies in the process used by anti-virus
products: A large staff of malware researchers
review submitted samples and search the “Dark
Web” for malware. Potential viruses are then
studied and information extracted to create a
signature of the malware. Soon (or not so soon),
the anti-virus company includes the signature in
their “virus definition”, which gets delivered to their customers. This system is both
labor-intensive and time-consuming. Once a new piece of malware is found in
the wild, it can take days or weeks until customers are protected from it.
It gets worse. Once malware is detected, a hacker can easily change the virus to
create a new variant, which goes undetected – its signature has changed.
Security industry experts have no confidence in these solutions. Anton Chuvakin,
Gartner’s VP of Security and Risk Management, wrote in a blog post:
Essentially, people who deal with advanced incident response today
quietly assume that the malware will not be detected by whatever anti-
virus tools installed. The question of "does AV detect it?" never even comes
up anymore. In their world, anti-virus effectiveness is basically 0% and this
is not a subject of any debate. This is simply a fact of their daily life.
http://blogs.gartner.com/anton-chuvakin/2013/03/04/a-quiet-assumption/
According to a 2013 study by researchers at Northwestern University, “Our results
on ten popular commercial anti-malware applications for Android are worrisome:
none of these tools is resistant against common malware transformation
techniques. Moreover, the transformations are simple in most cases and anti-
malware tools make little effort to provide transformation-resilient detection”.
Using signatures is like using fingerprints to check the criminal records of bank
visitors. The heavily armed attacker in a ski mask with no record is waved through.
“Anti-Virus Is Dead”
Brian Dye
SVP Information Security
Symantec
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 5
COMPLY! (PCI DSS AND HIPAA)
The Payment Card Industry Data Security Standard (PCI DSS) involves compliance
with 12 major requirements. Included, “use and regularly update anti-virus
software on all systems commonly affected by malware”.
Similarly, entities that are covered by the Health Insurance Portability and
Accountability Act (HIPAA) need to have safeguards in place to protect Personal
Health Information (PHI). Covered entities include health plans, healthcare
clearinghouses, such as billing services and community health information
systems, and healthcare providers that transmit healthcare data in a way that is
regulated by HIPAA. These entities need to ensure that information systems
housing PHI must be protected from intrusion, and must make sure that the data
in their systems have not been changed or erased in an unauthorized manner.
Unfortunately, according to the Ponemon Institute, 65% of healthcare
organizations had multiple security incidents in the past two years involving the
exposure, theft, or misuse of electronic information.
IOTA SECURITY PROVIDES MOBILE CYBER DEFENSES
Iota Security helps prevent fraud, mBank robbery, and theft of sensitive
information on Android devices. Our advanced threat detection capability
enables us to identify malicious software on Android that all other vendors miss.
We provide this capability as a Software Development Kit (SDK) which can be
easily integrated into sensitive applications.
Iota Security does not rely on easily circumvented signatures. Rather, Iota
Security’s patent-pending approach to securing a device uses a proprietary suite
of machine learning algorithms. These algorithms have been trained on tens of
thousands of malicious software samples to detect the fundamental patterns of
maliciousness.
Signature based products detect only around half of threats. Iota Security detects
94.5% of threats that we have not encountered before.
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 6
DETECTION LIKE YOU’VE NEVER SEEN BEFORE
Iota Security found a common Trojan virus that sends SMS messages to a premium
rate number. This virus, called FPlay.apk was submitted to Virus Total and scanned
by 55 Android anti-virus solutions selected by Virus Total – 41 of them detected it
(figure 3).
FIGURE 2: VIRUSTOTAL RESULTS OF SMS TROJAN
Common obfuscation techniques were applied to the virus. The results are striking:
None of the 57 anti-virus solutions selected by Virus Total detected the Trojan
(figure 4).
FIGURE 3: VIRUSTOTAL RESULTS OF OBFUSCATED SMS TROJAN
Iota Security correctly identified both samples as malicious, as shown in Figure 5.
FIGURE 4: IOTA SECURITY RESULTS OF ORIGINAL AND OBFUSCATED SMS TROJAN
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 7
SECURITY IN YOUR HANDS: ANDROID SDK
Consumers are generally unaware of the security implications of their technology
choices. Many have no Android anti-virus software loaded on their devices, and
those that do are literally lulled into a false sense of security.
Iota Security’s Android SDK allows
organizations to embed our advanced
threat detection capability within their host
application.
Crucially, the SDK approach allows the
developer to own and manage their
customer’s experience, the user interface
and all communications.
The Iota Security Android SDK features several configurations that can be
selected by the developer:
PERSISTENT OR ON-DEMAND MONITORING
The developer can choose to scan a new application at the time of its installation,
or perform a full device scan each time their host application loads.
CUSTOM THREAT NOTIFICATION POLICY
When a threat is detected, the developer can choose how to respond from the
following options:
Notifying the user
Prompting the user to uninstall the malware
Launching the host application with limited functionality to prevent
exploitation, or
Flagging transactions for further security and fraud analysis
Iota Security provides the host application developer all the building blocks
necessary to use the SDK. Designed with mobility in mind, our architecture uses
minimal system resources. The heart of our SDK is an Android library that
implements background services that invisibly check the user’s device and scan
newly installed applications for malware.
FIGURE 5: MOBILE PAYMENTS (CREDIT HLUNDGAARD)
IOTA SECURITY INC. SECURE EVERY THING™
© Copyright Iota Security Inc. P a g e | 8
Using the SDK is simple:
Add the Iota Security library to your Android project within your favourite
development environment
Ensure your Android manifest xml reflects your chosen configuration
Implement a few lines of code to initiate device scans and receive results
Documentation and a sample application are provided for your reference.
BEYOND COMPLIANCE
In today’s “cyber” world, compliance with industry standards and emerging
legislation is only a beginning. Organizations must take responsibility for security
risks to their customers. Your cloud servers may be secured, the transmission
encrypted and the host application coded using secure software development
techniques. However, none of this matters if the device itself is compromised.
Integrating Iota Security’s advanced threat detection into your application helps
protect your customers, reducing an avenue for attack vector over which, until
now, you’ve had little control.
ABOUT IOTA SECURITY
Iota Security provides advanced cyber threat defenses for mobility and the
Internet of Things (IoT). Our social and business mission is to make the world more
secure by allowing people, organizations and governments to safely realize the
benefits of emerging technologies.
Iota Security protects financial institutions, merchants, and healthcare providers –
as well as their customers – from attack. Our approach to security uses on-device
protections coupled with cloud-based analysis and leverages highly effective
machine learning algorithms.
For more information about Iota Security, our Android SDK, and other products
and services, visit www.iotasecurity.com, or contact [email protected]