IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
•
1 like•906 views
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
Similar to IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions (20)
More from Lacoon Mobile Security
More from Lacoon Mobile Security (6)
Recently uploaded
Recently uploaded (20)
IPExpo 2013 - Anatomy of a Targeted Attack Against MDM Solutions
- 1. Anatomy of a Targeted Attack against Mobile Device Management (MDM) Solutions Ohad Bobrov, CTO and co-founder ohad@lacoon.com
- 2. Agenda Collapse The collapse of the corporate perimeter Targeted devices Why mobile devices are targeted Demo How mobile malware bypasses current security solutions Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
- 3. About Lacoon Mobile Security • Protecting organizations from mobile threats • Protecting tier-1 financial, manufacturing, legal and defense organizations • Cutting edge mobile security research team
- 4. The Collapse Of The Corporate Perimeter > 2011
- 5. The Collapse Of The Corporate Perimeter “More than 60% of organizations enable BYOD” Gartner, Inc. October 2012
- 7. Mobile Devices: Attractive Attack Target Snooping on corporate emails and application data Infiltrating internal LANs Eavesdropping Extracting contact lists, call &text logs Tracking location
- 9. Commercial mobile surveillance tools
- 10. Survey: Cellular Network 2M Subscribers Sampling: 650K Data sample • 1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period • Collected from a channel serving ~650K subscribers • Traffic constrained to communications to selected malicious IP address
- 11. Survey: Cellular Network 2M Subscribers Sampling: 650K Infection rates: June 2013: 1 / 1000 devices
- 12. Survey: Cellular Network 2M Subscribers Sampling: 650K
- 14. MDMs and Secure Containers 3 features: l l l Encrypt business data Encrypt communications to the business Detect Jailbreak/ Rooting of devices
- 16. Let’s Test… DEMO
- 18. Step 1: Infect the device
- 19. Step 2: Install a Backdoor / aka Rooting Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS Vulnerability Each Android device had/ has a public vulnerability Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
- 20. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
- 21. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
- 22. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory
- 23. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory Exfiltrate information
- 25. Current Solutions: FAIL to Protect
- 26. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
- 27. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
- 28. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research
- 29. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
- 30. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
- 32. Thank You. Stop by: Stand A50 Email me: ohad@lacoon.com Twitter: @LacoonSecurity