Testing tools and AI - ideas what to try with some tool examples
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
1. Anatomy of a Targeted Attack
against MDM Solutions
(and What Can You Do About It)
Michael Shaulov, CEO
michael@lacoon.com
Twitter: @LacoonSecurity
2. Agenda
Collapse
The collapse of the corporate perimeter
Targeted devices
Why mobile devices are targeted
Demo
How mobile malware bypasses current security solutions
Mitigation
Detection, remediation & building a secure BYOD/HYOD architecture
3. About Lacoon Mobile Security
• Protecting organizations from mobile threats
• Industry leading behavioral protection and
mitigation solution
• Protecting tier-1 financial, manufacturing, legal
and defense organizations
• Cutting edge mobile security research team
7. Mobile Devices: Attractive Attack Target
Snooping on corporate emails
and application data
Infiltrating internal LANs
Eavesdropping
Extracting contact lists, call
&text logs
Tracking location
8. The Mobile Threatscape
Business Impact
mRATs /
Spyphones
Mobile
Malware
Apps
Targeted:
Personal
Organization
Cyber espionage
Consumeroriented. Mass.
Financially
motivated, e.g.:
Premium SMS
Fraudulent charges
Botnets
Complexity
9. The Mobile Threatscape
mRATs /
Spyphones
High End:
Government / Military grade
Mid Range:
Cybercrime toolkits
Low End:
Commercial surveillance toolkits
12. Survey: Cellular Network 2M Subscribers
Sampling: 650K
Data sample
•
1 GB traffic sample of spyphone targeted traffic,
collected over a 2-day period
•
Collected from a channel serving ~650K subscribers
• Traffic constrained to communications to selected
malicious IP address
21. Step 2: Install a Backdoor / aka Rooting
Administrative
Every process can run as an administrative (root)
user if it is able to triggr a vulnerability in the OS
Vulnerability
Each Android device had/ has a public vulnerability
Exploit
Detection mechanisms don’t look at apps that
exploit the vulnerability
22. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Storage
23. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Storage
24. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Hi, This
is an
email
Storage
Memory
25. Step 3: Bypass Containerization
Jo, yjod
od sm
r,so;
Hi, This
is an
email
Storage
Memory
Exfiltrate
information