MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
•
1 j'aime•745 vues
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
Similaire à MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It) (20)
Dernier
Dernier (20)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
- 1. Anatomy of a Targeted Attack against MDM Solutions (and What Can You Do About It) Michael Shaulov, CEO michael@lacoon.com Twitter: @LacoonSecurity
- 2. Agenda Collapse The collapse of the corporate perimeter Targeted devices Why mobile devices are targeted Demo How mobile malware bypasses current security solutions Mitigation Detection, remediation & building a secure BYOD/HYOD architecture
- 3. About Lacoon Mobile Security • Protecting organizations from mobile threats • Industry leading behavioral protection and mitigation solution • Protecting tier-1 financial, manufacturing, legal and defense organizations • Cutting edge mobile security research team
- 4. The Collapse Of The Corporate Perimeter > 2011
- 5. The Collapse Of The Corporate Perimeter “More than 60% of organizations enable BYOD” Gartner, Inc. October 2012
- 7. Mobile Devices: Attractive Attack Target Snooping on corporate emails and application data Infiltrating internal LANs Eavesdropping Extracting contact lists, call &text logs Tracking location
- 8. The Mobile Threatscape Business Impact mRATs / Spyphones Mobile Malware Apps Targeted: Personal Organization Cyber espionage Consumeroriented. Mass. Financially motivated, e.g.: Premium SMS Fraudulent charges Botnets Complexity
- 9. The Mobile Threatscape mRATs / Spyphones High End: Government / Military grade Mid Range: Cybercrime toolkits Low End: Commercial surveillance toolkits
- 11. Commercial mobile surveillance tools
- 12. Survey: Cellular Network 2M Subscribers Sampling: 650K Data sample • 1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period • Collected from a channel serving ~650K subscribers • Traffic constrained to communications to selected malicious IP address
- 13. Survey: Cellular Network 2M Subscribers Sampling: 650K Infection rates: June 2013: 1 / 1000 devices
- 14. Survey: Cellular Network 2M Subscribers Sampling: 650K
- 16. MDMs and Secure Containers 3 features: l l l Encrypt business data Encrypt communications to the business Detect Jailbreak/ Rooting of devices
- 18. Let’s Test… DEMO
- 20. Step 1: Infect the device
- 21. Step 2: Install a Backdoor / aka Rooting Administrative Every process can run as an administrative (root) user if it is able to triggr a vulnerability in the OS Vulnerability Each Android device had/ has a public vulnerability Exploit Detection mechanisms don’t look at apps that exploit the vulnerability
- 22. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
- 23. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage
- 24. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory
- 25. Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an email Storage Memory Exfiltrate information
- 27. Current Solutions: FAIL to Protect
- 28. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
- 29. Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC
- 30. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research
- 31. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
- 32. Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment
- 34. Thank You. Stop by: Booth 940 Email me: michael@lacoon.com Twitter: @LacoonSecurity