The document discusses security issues related to mobile applications and devices. It makes several key points:
1) Mobile device usage and app downloads are increasing rapidly worldwide. There were over 6 billion mobile subscriptions and 1.2 billion mobile web users in 2011.
2) Android devices are highly vulnerable to malware attacks, which have increased over 4500% in the last year for Android. The document expresses concerns about privacy issues and data leakage from iOS apps as well.
3) The document predicts that mobile security threats will get worse before improving, with a predicted 6000% increase in Android malware over the next 6 months targeting data theft. It recommends mobile security solutions to help address these growing threats.
2. mobile devices are on the rise
• at the end of 2011, there were 6 billion mobile subscriptions
• there are now 1.2 billion mobile Web users worldwide
- aka ~17% of the global population uses a smartphone
• and over 491.4 million smartphones were sold worldwide in 2011
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 2
3. global use of mobile browsing
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 3
4. what’s mobile used for (now)
Most popular mobile destinations are news and information, weather
reports, social networking, search and maps.
- mobile browsers for banking, travel, shopping, local
info, news, video, sports and blogs
- apps for games, social media, maps and music
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 4
5. mobile environment status
• there are more than 400,000 Android apps on Google Play
• iPhone & iPad users get to choose between over 650,000 iOS Apps
• Apps usage
• nearly 2 in 3 smartphone users use apps daily
• App users had an average of 12 apps on their devices
• mobile app downloads should jump to ~50 billion in 2012
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 5
6. the need for mobile security
• Mobile malware attacks are up 155 percent across ALL platforms
in the last year, according to Juniper
• The most vulnerable platform is Android, where malware
increased by more than 4500% in a year (!)
• iPhones and iPads are very vulnerable to jailbreaking
services that infect the device during the rooting process and
just as vulnerable to web browsing attacks as any other device
• There are HUGE privacy issues with iOS apps (according
to Clueful stats)
• attacks to Blackberry and Symbian platforms also doubled
since last year
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 6
7. Mobile Phising
• phishing (criminals attempt to trick users into sharing passwords etc)
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 7
8. Tips to Avoid Becoming a Mobile Banking Phishing Victim
- Before you click on a link, make sure it is legitimate.
- Remember that e-banking can be risky, especially when
using a mobile device
- Always keep your mobile device operating system and
antivirus solution updated.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 8
11. Mobile Spyware
• tracks user’s activity, sending the phone’s
location, IMEI, phone number, address book to
advertisers etc
• 61% of the malware detected on phones is spyware
• it does not affect the phone’s functionality
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 11
12. the dark side of the mobile world
Other threats for mobile users are:
• worms (a program that copies itself onto multiple devices via
network connections),
• man-in-the-middle attacks (where a criminal intercepts and
manipulates messages between two devices or device and
computer)
• Slavery - phones can even be used by part of a botnet (this is a
network of infected ‘slave’ devices used for malicious purposes).
• Spam / excessive advertising / privacy breaches
• losing the device
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 12
13. types of mobile app risks
Malicious Functionality
• Activity monitoring and data retrieval (e.g: Secret SMS
Replicator for Android)
• Unauthorized dialing, SMS and payments (Fake Player)
• Unauthorized network connectivity
• UI Impersonation
• System modification (modifying the device proxy
configuration or APN (Access Point Name).
• Logic or Time bomb
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 13
14. types of mobile app risks / II
App Vulnerabilities
• Sensitive data leakage (inadvertent or side channel)
• Unsafe sensitive data storage
• Unsafe sensitive data transmission
• Hardcoded password/keys
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 14
15. how to get to mobile hell
• direct download, SMS, MMS, e-mail and Bluetooth.
• via device rooting
• Not paying enough attention to your mobile
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 15
16. Q1 mobile malware landscape / I
• the most frequent e-threats identified by Bitdefender in
the mobile malware landscape for Q1 2012 are related to:
- data theft and
- malware strains related to device rooting via
operating system exploits
• data privacy is the number one targeted area
- re-packaged applications bundled with malware
and delivered through alternative Android
Marketplaces have proven an effective means of
distributing malicious apps
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 16
17. Q1 mobile malware landscape / II
• China, Russia and France have the highest count of smartphone
users affected by malware.
- These numbers reflect an increase in pirated applications re-
packed with malicious code
29.92% 29.49% China
United States
Spain
United Kingdom
Romania
6.68% Germany
4.40% India
5.84% France
1.74% 4.47%
3.03% 4.51% 5.06% Russian Federation
4.87%
Belgium
Other
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 17
18. Latest trends in Android malware
• Crafty adware, followed by Fake Battery Doctor and Exploit
malware (rooted devices)
• SMS senders (7th place) and Hack Tools will send users fake
notification updates and lure your social media credentials
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 18
19. Top Android malware in US
Android.Adware.Mulad.A
42.68% Android.Adware.Ropin.B
Android.Adware.Wallap.A
50.07%
Android.Exploit.Asroot.A
Android.Exploit.Asroot.B
Android.Exploit.Exploid.A
Android.Exploit.Exploid.B
Android.Exploit.Exploid.C
Android.Exploit.Exploid.D
4.04%
Android.Exploit.GingerBreak.A
Other
0.14%
0.42%
0.84%
0.98% 0.14%
0.14%
0.28%
0.28%
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 19
20. Top Android malware in DE
0.08%
1.07% 0.38% 0.54%
0.15%
12.88% 0.15%
0.46%
0.08%
0.23% Android.Adware.Mulad.A
Android.Adware.Ropin.B
Android.Adware.Wallap.A
Android.Exploit.Asroot.A
Android.Exploit.Asroot.B
Android.Exploit.Asroot.D
Android.Exploit.Exploid.A
Android.Exploit.Exploid.B
Android.Exploit.Exploid.C
83.97%
Android.Exploit.Exploid.D
Other
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 20
21. Top Android malware in UK 0.91%
0.20% 0.20%
0.40%
0.20%
0.30%
0.20% 0.61%
8.60%
0.10%
Android.Adware.Mulad.A
Android.Adware.Wallap.A
Android.Exploit.Asroot.A
Android.Exploit.Asroot.B
Android.Exploit.Asroot.D
Android.Exploit.Exploid.A
Android.Exploit.Exploid.B
Android.Exploit.Exploid.E
Android.Exploit.GingerBreak.A
88.26%
Android.Exploit.GingerBreak.C
Other
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 21
22. mobile security predictions
it will get worse, before it gets better, on all levels of mobile security:
• software
- We estimate a 6000% increase in Android malware samples (including
variants) within the next 6 months
- from 153 malware families and ~10 000 malicious apps in 2011 to over
3*10 000 malicious apps by the end of the year
- an increase of fake battery apps being actually malware.
- At the moment, ~80% od malicious apps steal data and ~20% overcarge
the user. By the end of 2012, 90% of apps will focus on stealing data
• privacy
- We estimate HUGE app privacy issues on ALL platforms
- detecting various apparently innocent apps that leak your data or
which apps ask for extra permissions they don’t actually need
• hardware
- anti-theft / anti-loss security solutions
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 22
27. BITDEFENDER MOBILE SECURITY LOVE
Bitdefender Mobile Security is practically unnoticeable on your Android device and very easy
to use. – PC Mag
Bitdefender Mobile Security has the advantage of low system resource occupancy while
protecting the mobile device - PCSL Test
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 27
33. POWER TUNE-UP IN ONE SLIDE
Bitdefender Power Tune-Up brings back control in your
hands. Optimize your Android device for maximum
performance, battery economy and controlled data traffic.
Saves up battery
Informs you on the remaining time
(for standby, talking, navigating)
Keeps you from reaching data traffic
limits (3G, thresholds and notifications)
Quickly frees up space
(internal memory, internal and external SD card)
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 33
34. THE BATTERY SAVER
Save up precious battery life by
switching to the predefined
Battery Saver or create your own
custom profile.
You have access to running apps
(you can identify the CPU and
RAM levels) and essential battery
eating options that you can turn on
or off.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 34
35. THE BATTERY WIDGET
With the Power Tune-Up
widget you can keep an
eye on your remaining
battery time.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 35
36. THE DATA METER - 3G DATA TRAFFIC COUNTER
It’s easy to browse away and forget
you have a limited data plan.
Set up a usage cap and Data
meter will notify you before it’s
reached.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 36
37. THE CLEAN-UP MODULE
Running out of space?
With Clean-Up you can remove
temporary files, delete downloaded
files or uninstall unwanted
applications to save space.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 37
38. 1. CPU used %
Power Tune-Up: 0.093
System Panel, System Tuner Lite: 0.11
Mobile Utilities Task Killer (Norton): 0.14
2. RAM (in MB)
Android Assistant: 5.61
System Tuner Lite: 5.69
Power Tune-Up: 6.09
System panel: 6.37
3. RAM (in MB) – Android Assistant
#1
Power Tune-Up: 3.37 We ran our own benchmarks
System Panel Lite: 3.49
Android Assistant: 3.56 and we’re beating the
Mobile Utilities Task Killer (Norton): 3.58 competition in three out of
4. Android Battery % five performance tests
Power Tune-Up: 0.37
System Panel: 0.54
System Tuner Lite: 0.65
Mobile Utilities Task Killer (Norton): 0.77
5. Space occupied (MB)
System Panel Lite: 1.03
Free Advanced Task Manager: 1.37
Android Assistant: 2.01
Power Tune-Up: 2.02
Tested on:
- Acer Iconia A500(android 3.2)
- HTC HD2(android 4.0)
- Samsung Galaxy Nexus(android 4.0.2)
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 38
39. Bitdefender Power Tune-Up
Now out of BETA
• FREE
• available on Google Play (Android Market)
• in English and Portuguese
German, French, Spanish, Romanian to follow soon
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 39
41. CLUEFUL is a world first!
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 41
42. Clueful is the only way to really understand apps, how they use your data and treat your privacy.
Clueful identifies nasty apps on your iPhone.
It looks at what applications are currently running in memory and it retrieves audit information from
the Clueful Cloud.
There's no viruses on the App Store.
Apps must pass an Apple review before acceptance on the App Store. The malicious apps are
rejected.
Most apps are not malicious.
They're just careless with your data.
Take a look under the hood. Be curious!
Explore and analyze clues about your apps, including your favorite ones.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 42
43. There are apps that:
-track your location
- drain your battery
- can read and make use of your address book
- track usage behavior via Flurry (or other) analytics networks
and display ads
- handle your credentials in a sloppy way (think unencrypted
over the web)
- request access to your Facebook/Twitter/Google
credentials
- needlessly keep GPS or audio services on
intensively, although they don't need to, which may rapidly drain
your phone's battery.
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 43
44. How it looks like
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 44
46. THE HOWS and WHENS
Bitdefender Clueful
• paid app
• available worldwide on the App Store
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 46
47. The Clueful App
Check it out @ wwww.cluefulapp.com
Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 47
Mobile devices have now replaced laptops as the soft target.- 96 percent of smartphones and tablets do not have third-party security software installed, according to Canalys and Juniper
People who believe "there's nothing worth stealing on a smartphone“overlooks emails, attachments, contacts and address books and, of course, the wireless and VPN configuration that permit access to the corporate network.
EG: sending each email sent on the device to a hidden 3rd party address, letting an attacker listen in on phone calls or simply open microphone recordingThe category of Vulnerabilities are errors in design or implementation that expose the mobile device data to interception and retrieval by attackers. Vulnerabilities can also expose the mobile device or the cloud applications used from the device to unauthorized access.
Closely followed by “Battery Doctor” (also known as Android.Trojan.FakeDoc.A) with a 23.37% infection rate, we’re left to conclude that either awareness of this Trojan is still pretty low or people simply don’t mind having their devices pried into.Worth mentioning is a second adware (Android.Adware.Wallap.A) which, although ranked seventh in our chat, proves that adware is definitely on the rise. The downloaded file is “Update.apk” and the application is named “com.Security.Update” so that everyone will execute it when user assistance is prompted. Ranked eighth in our chart, this Trojan will probably fade out of existence unless more websites are hit by the same drive-by attacks.Your Facebook, Twitter, and LinkedIn usernames and passwords are still not safe, because Android.Hacktool.DroidSheep.A is still in our top ten malware chart. Headstrong and not going away, we still issue a warning to those in the habit of downloading bizarre and questionable apps from strange marketplaces.
Demo the functionalities of Bitdefender mobile security with focus onCloud detection and speedLittle to no impact on battery performanceHigh and reliable detection rateInsight to the permissions granted to the installed applications through Security AuditAnti-Theft functionalities : Remotely Locate the device