w a ndroidt rojan,w r s in(seandroid c...6 malware(trend(vs(security(enhancements(version( codename...
TRANSCRIPT
![Page 1: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/1.jpg)
1
Rowland Yu & William Lee
WILL ANDROID TROJAN, WORM OR ROOTKIT SURVIVE IN SEANDROID AND CONTAINERIZATION?
Email: {rowland.yu, william.lee}@sophos.com.au
![Page 2: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/2.jpg)
2
Agenda
• Why SEAndroid and Containeriza?on? • What are SEAndroid and Containeriza?on? • Doom to fail • We prove • The future • Conclusion
![Page 3: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/3.jpg)
3 3
Why SEAndroid and ContainerizaHon?
![Page 4: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/4.jpg)
4
SEAndroid and ContainerizaHon
Access Control
![Page 5: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/5.jpg)
5
Goals of SEAndroid and ContainerizaHon
![Page 6: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/6.jpg)
6
Malware Trend VS Security Enhancements Version Codename API DistribuHon Release Date
4.3 Jelly Bean 18 4.7% Jul 2013 4.4 KitKat 19 39.3% Sep 2013 5.0 Lollipop 21 15.5% Nov 2014 5.1 22 2.6%
0
200000
400000
600000
800000
1000000
1200000
1400000
1600000
1800000
2000000
2013-‐01
2013-‐02
2013-‐03
2013-‐04
2013-‐05
2013-‐06
2013-‐07
2013-‐08
2013-‐09
2013-‐10
2013-‐11
2013-‐12
2014-‐01
2014-‐02
2014-‐03
2014-‐04
2014-‐05
2014-‐06
2014-‐07
2014-‐08
2014-‐09
2014-‐10
2014-‐11
2014-‐12
2015-‐01
2015-‐02
2015-‐03
2015-‐04
2015-‐05
2015-‐06
Malware vs PUA Growth CumulaHve
Malware
PUA
62%
399K
1M
1.95M
SEAndroid released
![Page 7: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/7.jpg)
7 7
What is SEAndroid?
![Page 8: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/8.jpg)
8
Android Security Model
• DAC (Discre?onary Access Control) ○ Each App has its own UID/GID for app isola?on.
○ The file owner makes decision for the file access.
○ Owner(rwx):Group(rwx):Others(rwx) ‒ drwxr-‐x-‐-‐x system system com.android.seZngs
‒ drwxr-‐x-‐-‐x u0_a15 u0_a15 com.android.browser
• App Permissions ○ Each App has requested Permissions such as SEND_SMS/INTERNET.
○ Granted Permissions are allowed.
![Page 9: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/9.jpg)
9
DAC Weaknesses
• No system-‐wide security policy as Access control is based on the discre?on of the file owner.
• Flawed or malicious applica?ons can bypass permission system and escalate their privileges.
• Inability to confine any system daemons or setuid programs that run with the root.
![Page 10: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/10.jpg)
10
Mandatory Access Control (MAC)
Process #0 Domain
Subject
Access?
Rules Database
Objects
Class
<av_acHon> <subject...> <object...>:<class...> { <permissions...> } allow appdomain system_data_file:dir r_dir_perms;
ps -‐Z u:r:system_app:s0 system com.android.selngs u:r:untrusted_app:s0 u0_a15 com.android.browser
![Page 11: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/11.jpg)
11
SELinux Policy and ConfiguraHon Files
Mac Permission
Context Files
ConfiguraHon Files
Policy Files
Security Server
zygote init installd
AcHvityManagerService
PackageManagerService
Libselinux (support security policy, file aoributes and process APIs)
SELinux Linux Security Module (LSM)
Security Server
Access Vector Cache
User Space
SELinux File System read/write
lookup
Kernel Space
SELinux uHliHes & commands
LSM Hooks Various Linux Kernel Services
reload
Cache Miss
The overview
of S
EAnd
roid Framew
ork
![Page 12: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/12.jpg)
12
mac_permissions.xml – Middleware MAC (MMAC)
The file is used for the install-‐Hme check of applica?on permissions against the MAC policy. It u?lizes the value of signature and seinfo tags to assign policy stanzas for a given app or all apps from either pladorm or third-‐par?es.
![Page 13: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/13.jpg)
13
<?xml version="1.0" encoding="utf-‐8"?> <policy> <!-‐-‐ Sample signer stanza for install policy Rules: Sample stanzas are given below based on the AOSP developer keys. -‐-‐> <!-‐-‐ Platform dev key with AOSP -‐-‐> <signer signature="....b357" > <allow-‐all /> <seinfo value="platform" /> </signer> <!-‐-‐ shared dev key in AOSP -‐-‐> <signer signature="...6f84" > <allow-‐permission name="android.permission.ACCESS_COARSE_LOCATION" /> <allow-‐permission name="android.permission.CALL_PHONE" /> .... <seinfo value="shared" /> </signer> <!-‐-‐ All other keys -‐-‐> <default> <seinfo value="default" /> <deny-‐permission name="android.permission.ACCESS_COARSE_LOCATION" /> <deny-‐permission name="android.permission.CALL_PHONE" /> .... </default> </policy>
![Page 14: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/14.jpg)
14
mac_permissions.xml from a Nexus 5 running on Android 5.1
<?xml version="1.0" encoding="iso-‐8859-‐1"?> <!-‐-‐ AUTOGENERATED FILE DO NOT MODIFY -‐-‐> <policy> <signer signature="...e26a"> <seinfo value="platform"/> </signer> <default> <seinfo value="default"/> </default> </policy>
![Page 15: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/15.jpg)
15
SEAndroid with Root Exploits
• GingerBreak ○ Following MAC policy rejected execu?on of a binary from the data
par??on from vold.
○ neverallow appdomain system_file:dir_file_class_set { create write
setagr relabelfrom relabelto append unlink link rename }
• RageAgaintTheCage ○ Following MAC policy rejected transi?ons to the privileged security
context and remoun?ng system par??on.
○ neverallow { appdomain -‐shell userdebug_or_eng(`-‐su') } { domain -‐
appdomain }:process { transi?on dyntransi?on };
![Page 16: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/16.jpg)
16 16
What is ContainerizaHon?
![Page 17: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/17.jpg)
17
ContainerizaHon (Secure Container)
• Design for BYOD (bring your own device)
• Be Adopted in mobile device management (MDM)
• Securely access to corporate data
• Prevent the misuse of malware, intruders or other apps
![Page 18: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/18.jpg)
18
ContainerizaHon (Secure Container)
• Corporate Apps
Secure Container
Personal App1
Personal App2
Personal App3
Corporate Data
Business Email
Contacts
File Shares
Intranet Browsing
Secure Access
![Page 19: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/19.jpg)
19 19
Doom to Fail
![Page 20: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/20.jpg)
20
Why?
• Permissions are the key to control access
• Social Engineering
• Vulnerabili?es and exploits subvert Android system
• Compa?bility problems then break other func?onali?es
• Android Fragmenta?on
• …….
![Page 21: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/21.jpg)
21 21
We Prove
![Page 22: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/22.jpg)
22
The survival of exisHng Android malware
SMS 55.6%
Backdoor 20.7%
Spyware 16.2%
Others 2.7%
FakeApp 1.5%
Downloader 1.2% Rootkit
0.7% Banker 0.7%
Ransomware 0.5%
ClassificaHons of Android Maware in last 12 months
![Page 23: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/23.jpg)
23
Premium SMS Sender
• Easiness ○ Permission: "android.permission.SEND_SMS" ○ sendTextMessage () method
• Social engineering
• Demo…
![Page 24: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/24.jpg)
24
Backdoor
• Set up or distribute via mobile Botnet • Send or intercept SMS messages • Download, install, or ac?vate any Android app without user knowledge
• Make arbitrary phone call • Clear user data, uninstall exis?ng applica?ons, or disable system applica?ons
• Upload sensi?ve informa?on including device id, loca?ons, applica?on usage, call log and SMS history to remote websites
• Execute command & control services • Quick Demo ……
![Page 25: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/25.jpg)
25
Backdoor Cont.
CoolReaper hidden in a legi?mate ROM image
![Page 26: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/26.jpg)
26
Spyware & Banker Trojan
Social Engineering
![Page 27: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/27.jpg)
27
Spyware & Banker Trojan cont.
Permissions: ○ INTERNET ○ ACCESS_NETWORK_STATE ○ WRITE_EXTERNAL_STORAGE
![Page 28: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/28.jpg)
28
FakeAV and Ransomware
• Fake alerts to scare vic?ms to pay money • Permissions: uses-‐permission:'android.permission.WAKE_LOCK’ Or uses-‐permission:'android.permission.SYSTEM_ALERT_WINDOW’ uses-‐permission:'android.permission.READ_EXTERNAL_STORAGE' uses-‐permission:'android.permission.WRITE_EXTERNAL_STORAGE'
![Page 29: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/29.jpg)
29
FakeAV and Ransomware
![Page 30: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/30.jpg)
30
FakeAV and Ransomware
• Demo…
![Page 31: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/31.jpg)
31
VulnerabiliHes
• Samsung Pre-‐installed Swiv Keyboard Security Risk : Over 600M+ Devices Worldwide Impacted
• CVE-‐2015-‐4640 and CVE-‐2015-‐4641
○ Language files are downloaded via HTTP
○ Keyboard was signed with Samsung’s private key
aapt d xmltree SamsungIME.apk AndroidManifest.xml | grep shared A: android:sharedUserId(0x0101000b)="android.uid.system" (Raw: "android.uid.system")
![Page 32: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/32.jpg)
32
VulnerabiliHes cont.
• Stagefright – C++ sovware library for playing mul?media files
• Agack vector exploits contain integer overflow vulnerabili?es
![Page 33: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/33.jpg)
33
MiHgaHon Summary of StageFright
ASLR (�Address space layout randomizaHon) is the ONLY challenge.
MiHgaHon Applicability SELinux/SEAndroid N/A Stack Cookies N/A FORTIFY_SOURCE N/A ASLR Only Android >= 4.0 NX Bpass with ROP GCC new[] mi?ga?on N/A*
^ From Joshua "jduck" Drake August 5th 2015 Black Hat USA
![Page 34: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/34.jpg)
34
Rootkit & Bootkit
• Customized ROM • Oldboot …
![Page 35: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/35.jpg)
35 35
The Future
![Page 36: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/36.jpg)
36
• Android permission model is the key to control (Android M)
• Uprising trends will keep domina?ng Android malware agacks
• GeZng smarter and aiming to generate more profit ○ SMS Sender – (game, fakeapp, porn …) ○ Social Engineering ○ Diversified and Mul?channel ○ Taking advantage of Android Fragmenta?on ○ …
![Page 37: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/37.jpg)
37 37
Conclusion
![Page 38: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/38.jpg)
38
Conclusion
• Everything is in enforcement since the 5.0 release • By 2017, 65 percent of enterprises will adopt MDM • Volume and sophis?cated • Android M 6.0 introduces a new permissions model • More agack vectors than before • Vehicle and wearable based malware
![Page 39: W A NDROIDT ROJAN,W R S IN(SEANDROID C...6 Malware(Trend(VS(Security(Enhancements(Version( Codename API( Distribuon( Release(Date(4.3( JellyBean( 18 4.7% Jul2013 4.4( KitKat 19 39.3%](https://reader034.vdocuments.us/reader034/viewer/2022050216/5f620a318d573a08b935f96c/html5/thumbnails/39.jpg)
39 © Sophos Ltd. All rights reserved.
Q&A