IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
1. Anatomy of a Targeted Attack
against Mobile Device
Management (MDM) Solutions
Ohad Bobrov, CTO and co-founder
ohad@lacoon.com
2. Agenda
Collapse
The collapse of the corporate perimeter
Targeted devices
Why mobile devices are targeted
Demo
How mobile malware bypasses current security solutions
Mitigation
Detection, remediation & building a secure BYOD/HYOD architecture
3. About Lacoon Mobile Security
• Protecting organizations from mobile threats
• Protecting tier-1 financial, manufacturing, legal
and defense organizations
• Cutting edge mobile security research team
10. Survey: Cellular Network 2M Subscribers
Sampling: 650K
Data sample
•
1 GB traffic sample of spyphone targeted traffic,
collected over a 2-day period
•
Collected from a channel serving ~650K subscribers
• Traffic constrained to communications to selected
malicious IP address
19. Step 2: Install a Backdoor / aka Rooting
Administrative
Every process can run as an administrative (root)
user if it is able to triggr a vulnerability in the OS
Vulnerability
Each Android device had/ has a public vulnerability
Exploit
Detection mechanisms don’t look at apps that
exploit the vulnerability
20. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Storage
21. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Storage
22. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Hi, This
is an
email
Storage
Memory
23. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Hi, This
is an
email
Storage
Memory
Exfiltrate
information