smart phone hacks and attacks - a demonstration of current threats to mobile devices
TRANSCRIPT
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
1/34
Smartphone Hacks and Attacks:A Demonstration ofCurrent Threats to Mobile Devices
Daniel V. Hoffman, CISSP, CEH, CHFI
Chief Technology Officer
Troy Vennon, CISSP, CEH, OPST
Global Threat Center Research Engineer
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
2/34
Copyright 2009 SMobile SystemsPage 2
SMobile Global Threat Center
Exploit Research and Development
Complete threat analysis against all exploit vectors
Continual assessment of new devices and platforms
Knowledge-share with worldwide device exploit
network
Malware Operation Center
Actively monitor SMobile customer Malware alerts,
reporting and trending
Monitor and scan publicly submitted Malware
samples
Scan partner feeds for discovered/
recent viruses, Spyware, etc.
Continually monitor underground and public Malware
bulletin boards, websites, newsgroups, etc.
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
3/34
Copyright 2009 SMobile SystemsPage 3
BlackBerry
Symbian
Windows Mobile
iPhone
Android
Palm
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
4/34
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
5/34
Pa e 5
Smartphone Security In The News
Android Security Chief: Mobile-phone Attacks ComingPC World
August 12th 2009
"The smartphone OS will become a major security target," said Android Security LeaderRich Cannings.
"We wanted developers to be able to upload their applications without anyone stoppingthem from doing that," Cannings said. "Unfortunately this opens us up to malware."
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
6/34
Pa e 66
Identity Theft Moves to Mobile
Identity theft is the Number 1 consumer crime in America
Identity theft is a $50 billion per year industry
75% of Phishing" e-mails are banking related
5 million U.S. consumers lost money to phishing attacks in 2008 - a 40% increase for thatperiod
SMS (text) messaging is now the second leading conduit for phishing attacks
80% of mobile device owners store personal information on their handset
40% of users who store credit card information on their handset do not have a basicpassword on the device to limit entry
24% of smartphone users store bank account details on their device
10% store credit card information
Approximately 2 million smartphones were stolen in the US 2008
- Gartner Research - Credant Technologies
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
7/34
Copyright 2009 SMobile SystemsPage 7
Mobile Banking is on the Rise
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
8/34
Copyright 2009 SMobile SystemsPage 8
Mobile Banking Trojan January 21, 2009
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
9/34Copyright 2009 SMobile SystemsPage 9
Phone Virus Steals Money February 8, 2009
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
10/34Pa e 10
News Clips
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
11/34Copyright 2009 SMobile SystemsPage 11
Smartphones are rapidly replacing featurephones. Analyst predictions state that by 2012,65% of all cell phone sales will be smartphones
Cell phones are used for the same functionsand have the same capabilities as PCs
While most PCs have at least some securitysoftware in place, smartphones commonly donot have any security software installed
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
12/34Copyright 2009 SMobile SystemsPage 12
Smartphones are the new PCs for consumers
Smartphones are the new workstations forworkers
Smartphones are susceptible to the exactsame threats as PCs
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
13/34Copyright 2009 SMobile SystemsPage 13
Threats to Mobile Devices
Malware Viruses, Worms, Trojans, Spyware
Direct Attack Attacking device interfaces, browser exploits, etc.
Physical Compromise Accessing sensitive data
Data Communication InterceptionSniffing data as it is transmittedand received
Authentication/IdentitySpoofing and SniffingAccessing resources with ausers identity or credentials
Exploitation and MisconductOnline predators, pornography,inappropriate communications
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
14/34Copyright 2009 SMobile SystemsPage 14
Are Application Signing and Review Processes the Answer?
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
15/34Copyright 2009 SMobile SystemsPage 15
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
16/34Copyright 2009 SMobile SystemsPage 16
Spyware Pushed By Carrier to BlackBerry Users
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
17/34Copyright 2009 SMobile SystemsPage 17
Symbian Malware Infections
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
18/34Copyright 2009 SMobile SystemsPage 18
Lets get specific as to whatshappening today with,
Spyware, Direct Attacks and
Loss and Theft
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
19/34Copyright 2009 SMobile SystemsPage 19
Spyware Capabilities:
Intercept and post to a website everySMS, MMS and e-mail (see image)
Track every key typed by the device
Remotely and silently turn on thephone to hear ambient conversations
Track the position of the device
Spyware Properties:
Silently runs on devices without theknowledge of the device user
Easily installed via Trojans and otherMalware
2 of the top 3 BlackBerry infectorsare Spyware
4 of the top 5 Windows Mobileinfectors are Spyware
Users and enterprises who are waiting to experience an infection beforeimplementing security software are placing themselves into the unsavoryposition of unknowingly becoming infected with Spyware and havingabsolutely no security software in place to address that infection.
SMobile Global Threat Center
M bil B ki K l
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
20/34Copyright 2009 SMobile SystemsPage 20
Mobile Banking Keylogger
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
21/34Copyright 2009 SMobile SystemsPage 21
Spyware Demo
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
22/34Copyright 2009 SMobile SystemsPage 22
Threat: Direct Attack
Curse of Silence Demo
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
23/34Copyright 2009 SMobile SystemsPage 23
Curse of Silence Demo
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
24/34
iPhone E mail Sniff
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
25/34Copyright 2009 SMobile SystemsPage 25
iPhone E-mail Sniff
Sniffed Packets118 and 140
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
26/34Copyright 2009 SMobile SystemsPage 26
Threat: Loss and Theft
Physical Compromise
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
27/34Copyright 2009 SMobile SystemsPage 27 Copyright 2008 SMobile Systems
Page 27
Physical Compromise
Even using a PIN/passcodedoesnt guarantee protection
Data is still unencrypted
The authentication method can be
bypassed
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
28/34
Copyright 2009 SMobile SystemsPage 28
iPhone Encryption
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
29/34
Copyright 2009 SMobile SystemsPage 29
Threat: Exploitation and
Misconduct
Exploitation and Misconduct
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
30/34
Copyright 2009 SMobile SystemsPage 30
Exploitation and Misconduct
Exploitation and Misconduct
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
31/34
Copyright 2009 SMobile SystemsPage 31
Exploitation and Misconduct
Enterprises: Where is your data going?
What is your employee e-mailing, storing ontheir phone, texting?
What pictures are employees taking; DataLeakage Protection
What websites are being visited with thecompany device? You control your PCs, whynot your smartphones?
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
32/34
Copyright 2009 SMobile SystemsPage 32
Threat SMobile Product
MalwareAntivirus, Firewall,Application Revocation, Update OS
Direct Attack Firewall, AntiVirus, Update OS
Physical Compromise Encryption, Lock and Wipe
Data Communication Interception VPN, SSL
Authentication AttacksVPN, Antivirus, SSL, Firewall, UpdateOS
Exploit and Misconduct Parental and Enterprise Controls,Application Revocation
* Treat the smartphone like a PC because thats essentially what it is
Conclusion
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
33/34
Copyright 2009 SMobile SystemsPage 33
Threats to smartphones do exist and devices are
being exploited. This is an undeniable fact and thedata supports it
Smartphones are the new PCs and need to beprotected with the same security technologies
Physical compromise is currently the easiestmeans of exploitation
Smartphone Malware does exist and has infecteddevices
Malware is now being written to be stealthy,undetectable and for financial gain infection andexploitation can occur without the knowledge of thedevice user/owner
Not all smartphone security products do notsignificantly drain the battery!
Conclusion
-
8/14/2019 Smart Phone Hacks And Attacks - A Demonstration of Current Threats to Mobile Devices
34/34
Additional Resources:
SMobilesystems.com (Global Threat Center/MobileSecurity News)
Ethicalhacker.net
BlackJacking Book
Complete Guide to NAC Book