Cp3201 mobile security final
•Transferir como PPTX, PDF•
2 gostaram•1,067 visualizações
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Cp3201 mobile security final
Semelhante a Cp3201 mobile security final (20)
Cp3201 mobile security final
- 1. Ong Howe Shang KohJyeYiing Mobile Security - Malwares
- 2. Agenda Current Trends Threats: Denial of Service to VoIP Bluetooth Hacking SMS viruses Man-in-mobile attacks Mobile eavesdropping Data Theft Mobile Viruses: Soundminer Zeus Geimini Solutions
- 3. Current Trends Increasing number of mobile phone user-base Capabilities of smart phones mCommerce Mobile vouchers, coupons and loyalty cards Mobile marketing and advertising Mobile Browsing mWallets mobile identity
- 4. Current Trends Growth of smartphone market: Source take from M86 Security Labs: Threat Predictions 2011
- 5. Current Trends More than a million mobile apps available and one billion smartphones in circulation No mandatory information security regulations Factors for the increase in mobile malware: Mobile devices becoming gold mines for storing, collecting and transmitting confidential data. Mobile banking and NFC enabled (online banking transactions) payments are beginning to be targeted by cybercriminals
- 6. Current Trends- Growth of mobile malware: Source take from Malware goes Mobile Novemeber 2006
- 7. Cases and Incidents Case 1: In late September 2010, ZeuS was released to steal financial credentials . The virus can infect the mobile device and sniff all the SMS messages Case 2: 4th October 2010, a 3rd iteration of “FakePlayer” SMS Trojan was release to Android mobile phones.
- 8. Cases and Incidents Case 3:
- 9. Cases and Incidents Case 4: End of 6 October, a Firefox plugin name “Firesheep” was released to conduct “sidejacking” to steal session cookies Critical when users use iPads and mobile to accessed web through public Wi-Fi hotspots
- 10. Case 5: Identity theft, stalking and bullying Cases and Incidents
- 11. Story on how the mobile virus spreads
- 12. Story on how the mobile virus spreads
- 13. Story on how the mobile virus spreads
- 14. Story on how the mobile virus spreads
- 15. Story on how the mobile virus spreads
- 16. Story on how the mobile virus spreads
- 17. Story on how the mobile virus spreads
- 18. The Changing Threat Environments
- 19. Threat: Denial of service to VoIP Tom Cross - X-Force Researcher , IBM Internet Security Systems) said: “Criminals know that VoIP can be used in scams to steal personal and financial data so voice spam and voice phishing are not going away”
- 20. Threat: Denial of service to VoIP People are trained to enter social security numbers, credit card numbers, bank account numbers over the phone Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft Customer demand better availability from phone service than they would from an ISP Threat of a DoS attack might compel carriers to pay out on a blackmail scam.
- 22. Threat: SMS Viruses Known as the ‘SMS of death’ Threatens to disable many Sony Ericsson, Samsung, Motorola, Micromax and LG mobile phones It’s payload? A simple malicious text or MMS messages which it sends What it results in? crashing of mobile phones Some of the bugs discovered have the potential to cause problems for entire mobile networks.
- 23. Threat: SMS Viruses iPhone SMS attack a series of malicious SMS messages - a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code. Results from a bug in the iPhone iOS software that could let hackers take over the iPhone, just by sending out and SMS message
- 24. Threat: Man-in-mobile attacks Man-in-mobile works by
- 25. Threat: Mobile eavesdropping FBI taps cell phone mic as eavesdropping tool The technique is called a "roving bug“ Use against members of a crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. "functioned whether the phone was powered on or off."
- 26. Threat: Data Theft Data theft is the leaking out of information on the mobile phones. Stolen Remember this story From just now? Solution lies in TenCube’sWaveSecure
- 27. Threat: Mobile Malware Smart phones are being “attacked” by malicious software which could severely threaten both the users and the usefulness of the phone Malwares: Cabir: Infects Symbian OS mobile phones Infected phone displays the message 'Caribe’ The worm attempts to spread to other phones via wireless Bluetooth signals
- 28. Threat: Mobile Malware Skulls: Infects all types of mobile phones Trojan virus replaces all phone desktop icons with images of a skull Renders all applications
- 29. Threat: Mobile Malware CommWarrior: First worm to use MMS messages in order to spread to other devices Infects devices running under OS Symbian Series 60 Spreads through Bluetooth ZeuSMitmo Steals username and passwords Injecting HTML or adding field using JavaScript
- 30. Agenda Current Trends Cases and Incidences Threats: Denial of Service to VoIP Bluetooth Hacking SMS viruses Man-in-mobile attacks Mobile eavesdropping Data Theft Mobile Viruses: Soundminer Zeus Geimini The difference between Apple and Android’s security model Solutions
- 31. Agenda Current Trends Cases and Incidences Threats: Denial of Service to VoIP Bluetooth Hacking SMS viruses Man-in-mobile attacks Mobile eavesdropping Data Theft Mobile Viruses: Soundminer Zeus Geimini The difference between Apple and Android’s security model Solutions
- 32. Taking a closer look at the viruses we’ve been studying
- 33. Geimini and ZeuS in the news
- 34. Geimini on the news
- 35. Geimini Geinimi is a Trojan affecting Android devices emerging through third-party application sources Geinimi, means “give you rice” (Ghay-knee-mē) in chinese, which is essentially slang for “give you money” Geinimi can Read and collect SMS messages Send and delete selected SMS messages Pull all contact information and send it to a remote server (number, name, the time they were last contacted) Place a phone call Silently download files Launch a web browser with a specific URL
- 36. ZeuS Malicious users weren’t interested in all of the text messages — just the ones that contained authentication codes for online banking transactions The attack’s set up This shows that malicious users are constantly broadening their interests. Prior to this, text message authentication was a reliable form of online banking transactions Now, malicious users have found a way to bypass even this level of security.
- 37. ZeuSSymbOS/Zitmo.A = SMS Viruses SMS viruses are part of the Zeus Trojan’s payload Called the SymbOS/Zitmo.A Implemented for gathering information from victims So it could send a targeted download link to them Send an mTAN SMS messages sent from an infected user’s bank to an attacker The attacker could then change what numbers were monitored by the spyware to go after specific banks
- 40. How ZeuSSymbOS/Zitmo.A works? (1) Trojan ask for new details in website: mobile vendor, model, phone number Send SMS to mobile device with a link to download http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html
- 41. How ZeuSSymbOS/Zitmo.A works? (2) Backdoor installed to receive commands via SMS Send commands for SMS attacks for own profit (SMS charges)
- 42. Now to watch the Soundminer demo
- 43. Soundminer (1) Low-profile Trojan horse virus for Android OS Steals data => unlikely to be detected Soundminer Monitors phone calls Records credit card number Uses various analysis techniques Trims the extraneous recorded information down to essential credit card number Send information back to the attacker over the network
- 44. Soundminer (2) Designed to ask for as few permissions as possible Soundminer is paired with a separate Trojan, Deliverer => responsible for sending the information Android OS security mechanisms could prevent communication between applications Communicates via “covert channels” vibration settings
- 45. Soundminer (3) Code sensitive data in a form of vibration settings Unlikely to raise suspicion Two antivirus programs, VirusGuard and AntiVirus, both failed to identify Soundminer as malware Study by Kehuan Zhang, Xiaoyong Zhou, MehoolIntwala, ApuKapadia, XiaoFeng Wang called Soundminer: A Stealthy and Context-Aware Sound Trojan for Smartphones
- 46. iOS and Android’s Security Models
- 47. Security Models: iOSvs Android
- 48. Security Models: iOSvs Android
- 50. Security Models: iOSvs Android Trend Micro believes the iOS security model is better
- 51. Security Models: iOSvs Android Many believe the iOS security model is better just because Android’s model is receiving a lot of bad press.
- 52. Solutions we believe to be useful for Android
- 53. Solutions (1) Either create a strict app filtering process like how Apple’s AppStore does it or create a market crawling tool to look for potential malicious apps With more granular permissions All the viruses could be prevented Or at least disclosed to user at install time Sandboxing to the rescue Browser -> still a big deal Media player -> not catastrophic Crowd-sourcing -> getting people to report
- 54. Solutions (2) Protection is system-level, not app-level Bad considering proliferation of rooted phones Combined with 24 hour refund Likely to see pirated apps distributed in near future Third-party protection available Eg. SlideLock and Lookout
- 55. Back to the iPhone vs Android’s security model Mobile security is a delicate balance restricted vs. open platforms Allow self-signed apps? Allow non-official app repositories? Allow free interaction between apps? Allow users to override security settings? Allow users to modify system/firmware? Financial motivations
- 56. Some Simple Tips And Tricks Do not use any device inflected with malware for exchanging data. De-activate after using blue tooth. De-activate your infrared function. After registering, in few sites then those sites send you confirmation or verification to your mobile phone. Always check the backgroundbefore registering on any web sites is safe or not then click ok. While saving the data, check it with Antivirus Software. Ignore SMS, if you don’t know the sender. Use mobile antivirus.
- 57. Future Concerns? Attack during mobile firmware update Firmware loaded into phone A “preloaded” virus Crackers -> hack the source servers or use a man-in-mobile attack
- 58. Future Concerns?
- 59. "There is no security on this earth, there is only opportunity" - General Douglas MacArthur (1880-1964) Both JyeYiing and myself would like to thank you for listening!
- 60. Thank you for listening! Any Questions?
Notas do Editor
- Attackers are no longer targeting web and email servers. Today, they are attacking enterprises from the inside out, by first compromising end user systems and then leveraging them to gain access to confidential data.Integrated functions :
- Since the introduction of the iPhone, the smartphone market has grown over the last several years. And the introduction of tablet devices such as the Apple iPad, HP Slate and Android-based tablets signals a potential shift in which cybercriminals target end users via mobile platforms. As with other platforms, the attackers will go where the most users are, and where these users are the least protected.
- Currently, there are more than a million mobile apps available and one billion smartphones in circulation and there is no mandatory information security regulations in place for the distribution of application channels, which will put users at riskAs devices grow more intricate and multi-faceted, they become gold mines for storing, collecting and transmitting confidential data. PDA’s are not alone anymore; Tablets are now also on the radar for malicious malware. Mobile banking and NFC enabled (online banking transactions) payments are beginning to be targeted by cybercriminals, and today’s unregulated virtual infrastructure will demand a plan of action to protect mobile devices.
- Swop 6 and 7Since we hav e
- Summarise the cases and incidents slidesMany people is having problem of mobile virus in this time. People are automatic getting virus in their hand sets.Several notable mobile incidents occurred in the later half of 2010.In late September, Zeus in the mobile malware (Zitmo for short) was released to steal financial Credentials (e.g., SMS one--‐time--‐passwords) from Symbian and Blackberry mobile phones3. Shang will be doing further elaboration and demonstration on this attackTrojan variants have been cropping up for Android mobile phones to generate revenue for the criminals by sending SMS/text messages – a third iteration of the “FakePlayer” SMS Trojan was released in early October4. The Geinimi Android Trojan also made headlines toward the End of December – it has botnet characteristics and has been embedded within legitimate applications (particularly Chinese apps) within the Android Marketplace5.
- A new Trojan horse aimed at Android devices has surfaced in China in 30 December 2010.It is Named “Geinimi” A San Francisco firm Lookout Mobile Security says the Trojan is “the most sophisticated Android malware [the firm has] seen to date.”
- Firesheep, a Firefox Plugin to conduct “sidejacking” to steal session cookies, was released at the end of October6. While not exactly mobile malware, it is a tool that is particularly useful to obtain unauthorized access to FB or google accounts that are being accessed by users on public Wi-Fi hotspots. Laptops, iPads, and mobile phone accessing the web from a coffee shop (Wi-Fi hotspots) can leak session cookies to anyone listening on the network. These session cookies are then replayed by the attacker to gain access to the victim’s accounts.Firesheep -> dilute Fire Shephard = defense -> it will scan for firesheep, it will flood firesheep back
- Source:http://www.youtube.com/watch?v=uCyKcoDaofg&feature=related5 min 12 sec13 Investigates explains how your cell phone can be secretly hijacked and used against you - and how to protect yourself. ALSO SEE OUR STORY HERE: http://www.wthr.com/Global/story.asp?S=9346833
- Good to use the story to make a point
- Can condense the threatslides
- Expert predict that the Denial of service will also continue to be a significant threat to VoIP. If a large number of VoIP phones become infected by malware and flood a network with traffic, the results could be extremely disruptive. It isExpected that some cyber criminals to attempt to blackmail carriers based on a DoS attack scenario.
- Most people have been trained to enter social security numbers, credit card numbers, bank accountnumbers, etc. over the phone while interacting with voice response systems,” “Criminals will exploit this social conditioning to perpetrate voice phishing and identity theft. At the same time, customers will demand better availability from phone service than they would from an ISP, so the threat of a DoS attack might compel carriers to pay out on a blackmail scam.”
- Put at the end if you have the timehttp://www.youtube.com/watch?v=XlTEIYGk3Ro&feature=related2 min 33 secneed a program called "Super Bluetooth Hack“With the program you can do things on the other phone such as:- read SMS messages - read contacts - change profile - play ringtone (even if phone is on silent)- play songs- restart the phone - turn off the phone - restore factory settings - change ringing volume - call from the other phone (it includes all call functions like hold etc.)
- 27C3 presentation claims many mobiles vulnerable to SMS attacks'SMS of death' => threatens to disable many current Sony Ericsson, Samsung, Motorola, Micromax and LG mobilessecurity researchers at TU Berlin, claimed that sending malicious text or MMS messages represents a relatively simple means of crashing current mobile phones. Some of the bugs discovered have the potential to cause problems for entire mobile networks.In recent months, the tendency has been for hackers and security testers to focus their efforts on smartphones such as the iPhone or Android-based phones. Most people are still using feature phones, which only runs JAVA based apps. Texting is always supported, as are, usually, additional functions such as the ability to have messages displayed immediately by means of flash texts, to attach a digital business card, to address various ports and to send texts in more than one part.All of these functions are prone to bugshttp://www.h-online.com/security/news/item/27C3-presentation-claims-many-mobiles-vulnerable-to-SMS-attacks-1159568.html
- IPhone SMS Attack to Be Unleashed at Black Hathttp://www.pcworld.com/businesscenter/article/169245/iphone_sms_attack_to_be_unleashed_at_black_hat.htmla series of malicious SMS messages - a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code.SMS is emerging a promising area of security research, as security researchers use the powerful computing capabilities of the iPhone and Google's Android to take a closer look at the way it works on mobile networks.
- Good SMS sent outHacker intercepts the SMSMalicious SMS will be received by the intended receiverReceiver’s phone is infected and payload deploy in the name of the senderBecause GSM Encryption/3G can already crack -> http://www.neowin.net/search/news?terms=gsm+cracked
- Source:http://www.youtube.com/watch?v=uCyKcoDaofg&feature=relatedStory of how your cell phone can be secretly hijacked and used against you. Just a // SEE OUR STORY HERE: http://www.wthr.com/Global/story.asp?S=9346833The solution lies in this software called WaveSecure, you may remember there being a mobile security seminar and the presenter talked about the software being able to “lock and wipe”, “backup and restore” and “locate and track your SIM”.
- Like the computer viruses, smart phones are being “attacked” by such malicious software which could severely threaten both the users and the usefulness of the phone We will be exploring some common malware in detail to show you what they can doCabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals
- Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also renders all phone applications, including SMSes and MMSes useless
- Comwar: First worm to use MMS messages in order to spread to other devices. Thankfully, its limitted to only infecting devices running under OS Symbian Series 60. Can spread through Bluetooth too. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.Mobile device users have given rise to a market for third-party applications (such as games and other mobile applications) and with it opened up opportunities for malicious use through web downloads too.ZeuSMitmofromhttp://leonardomusumeci.net/tag/zeus/?lang=enhttp://www.eweekeurope.co.uk/news/bank-site-sms-passcodes-intercepted-by-zeus-trojan-variant-21818Stealing the username or the password is relatively easy, and malware like ZeuS have been doing that for ages (injecting HTML or adding field using JavaScript work like a charm). But now, the trojan will also ask for new details: our mobile vendor, model, and phone number (the website will force you to fill in this information due to its new security measures).
- Disclaimer:We’re not mobile security experts, please do not fault us if we misunderstand any conceptsUnfortunately, this section may also be a little boring to those who are unable to understand thisSo we’ll be looking at 3 types of malware, 2 of them ZeuS and Geimini were on the news and 1, a research-based data theft mobile malware called Soundminer.
- Both ZeuS and Geimini were called the “most interesting mobile threats” on CNET in an article published in late 2010.
- Source: http://www.youtube.com/watch?v=P0J2FSB8OSA
- Geinimi is a Trojan affecting Android devices emerging through third-party application sources (markets and app-sharing forums), primarily in China. Geinimi is noteworthy as it represents a reasonable jump in capabilities and sophistication over existing Android malware observed to date. The word Geinimi (Ghay-knee-mē) is derived from the name of the first repackaged application it was discovered in. Geinimi is Mandarin Chinese for “give you rice”, essentially slang for “give you money”. The Trojan was originally injected using the package “com.geinimi” but as it spread, subsequent variants took on an obfuscated package scheme.It has the ability to steal your personal data and send it to a remote computer, as well as take commands from a remote server, which would effectively turn your Android device into a zombie inside of a botnet.This Trojan also can:* Read and collect SMS messages* Send and delete selected SMS messages* Pull all contact information and send it to a remote server (number, name, the time they were last contacted)* Place a phone call* Silently download files* Launch a web browser with a specific URLThe detailed description of everything Geinimi can do sounds scary: it can send your location, device identifiers (IMEI and IMSI) and list of installed apps to someone. It can also download an app and prompt the user to install it.While the intent is still undetermined, Geinimi is clearly well equipped to perform malicious activities without a user’s knowledge.Sources:http://www.nsai.it/tag/geinimi-trojan-technical-analysis/http://blog.mylookout.com/2011/01/geinimi-trojan-technical-analysis/http://www.smart-internet.com/blog/2010/12/30/advanced-trojan-could-zombify-your-android-device/Other sources:http://www.androidet.com/security-firm-lookout-dissects-the-geinimi-trojan/http://www.androidet.com/lookout-warning-new-trojan-affecting-android/http://www.androidet.com/lookout-mobile-security-analyzes-that-super-evil-geinimi-trojan/http://nakedsecurity.sophos.com/2010/12/31/geinimi-android-trojan-horse-discovered/Android Phones Hit With A Trojan Virus. http://www.youtube.com/watch?v=fkSEX4Apgfk
- What ZeuS does?In late September 2010, specialists at S21Sec detected a malicious program capable of forwarding incoming text messages to a specific number. At first, it appeared to be of no particular interest. However, it turned out that this threat was, first of all, connected to the well known Zbot (ZeuS) Trojan, and furthermore, malicious users weren’t interested in all of the text messages — just the ones that contained authentication codes for online banking transactions. Kaspersky Lab labeled this threat Trojan-Spy.SymbOS.Zbot.a.The attack was set up as follows:Zbot steals online banking access data from an infected computer.bAfter confirming the victim’s telephone number, the malicious user sends a text message with a link to a malicious program for smartphones.When a user clicks on the malicious link, they are asked to download an app and can either install it, which launches the Trojan, or decline it.The malicious user then attempts to conduct a transaction via online banking services that require text message confirmation.The bank sends a text message with the authentication code to the victim’s phone number.The malicious program then forwards the incoming message to the malicious user’s phone number.The malicious user obtains the authentication code and completes the online banking transactions.This malicious program also had a legitimate digital signature.Such a complex plan of attack just goes to show that malicious users are constantly broadening their interests. Prior to the detection of this particular threat, text message authentication was one of the last reliable means of protection when conducting banking transactions on the Internet. Now, malicious users have found a way to bypass even this level of security.The Mitmo Zeus Trojan has infected phones to intercept login SMS credentials and access bank accountsSource: http://www.eweekeurope.co.uk/news/bank-site-sms-passcodes-intercepted-by-zeus-trojan-variant-21818Malware authors are already a step ahead with new tricks as more banks and organisations move towards two-factor authentication to secure their Web sites.A mobile variant of the Zeus banking Trojan is targeting ING customers in Poland by intercepting one-time passcodes sent to customer phones via SMS, according to F-Secure. It appears to be the same style of attack as the one discovered byS21sec in September, F-Secure said.The actual analysis of the variant, Zeus in the Mobile (ZitMo), was performed by security consultant PiotrKonieczny on his personal site. Konieczny said customers of Polish bank MBank were also targeted.Clunky But Proves The ConceptMitmo is fairly clunky in its execution, as it requires the user to first download an application to their phone, but attackers are tricking users into thinking it is a critical software update to keep the ability to receive more SMS alerts, Konieczny said. It can affect Symbian and Blackberry devices, said Konieczny, and it was also likely to target Windows Mobile devices, according to Denis Maslennikov, a malware researcher at Kaspersky Lab. The research did not mention Android or iPhones. Apple’s iPhone and other iOS devices may be safe because rogue apps cannot install unless the device has been jailbroken.Considered by security experts to be one of the most sophisticated Trojans, Zeus originally targeted financial institutions by using keyloggers to steal users’ login credentials as they were entered on banking sites. Many banks switched to two-factor authentication to thwart the Trojan, since the one-time passcodes that authorise transactions expire as soon as they are used. Mitmo intercepts the one-time passcodes before they can be used.The most common two-factor authentication method involves sending out mTANs, mobile transaction authentication numbers, via SMS message as a one-time passcode for customers to enter on the Web site. Two-factor authentication combines something the user knows, the password, with something the user has, the phone that receives the SMS message, to tighten security. Google recently rolled out similartwo-factor authentication for Gmail based on one-time passwords.The two-pronged attack begins when Mitmo infects a user’s computer, whether from a spam link, drive-by-download, or some other method, according to Konieczny. When the user then browses to a bank Web site, such as ING, users are shown a “security notification” to update their phone so that it can receive the SMS codes, Konieczny said.The update process asks for mobile phone number and type of mobile device, he said. The Trojan injects HTML fields into the Web site, so there are no changes to the URL nor any changes to the header and footer of the page to hint that the security panel may not be legitimate, he said. Users do not realise the notification is not real and think they are enhancing their security by providing the information.Once the attackers have the information, they send a SMS to the user with a link to some other Web site which downloads an app to the device. The app is claimed to be part of the security update so that users would be able to receive the passcodes. Once installed, the mobile app intercepts all SMS sent to the phone and forwards to another phone number, giving the attacker access to the user’s bank information and any other site that sends information to the mobile device.Mitmo dials back to the same command and control server based out of Great Britain, according to Maslennikov. ING Poland said in an email statement that none of the customer’s accounts have been compromised by Mitmo at this time.
- SymbOS/Zitmo.A is a mobile spyware application used to intercept and forward the mTAN SMS messages sent from an infected user’s bank to an attacker. It was implemented by the Zeus Trojan for gathering information from victims (= Data theft) about their mobile phones so that it could send a targeted download link to them. The attacker could then change what numbers were monitored by the spyware to go after specific banks. This particular group of crooks was using SymbOS/Zitmo.A in a targeted attack against Spanish banks.
- Source:http://www.computersecurityarticles.info/antivirus/mcafee/write-once-mobile-malware-anywhere/
- Source:http://www.computersecurityarticles.info/antivirus/mcafee/write-once-mobile-malware-anywhere/
- The attacker steals both the online username and password using a malware (ZeuS 2.x)The attacker infects the user's mobile device by forcing him to install a malicious application (he sends a SMS with a link to the malicious mobile application)ZeuSMitmofromhttp://leonardomusumeci.net/tag/zeus/?lang=en
- The application that the user installs in his mobile device is a simple application that will monitor all the incoming SMS and will install a backdoor to receive commands via SMS. The technique that the malicious application uses for monitoring the incoming SMS without notifying the user is not something advanced (it is using the Symbian API), but allows the trojan to use the SMS stack for its own profit without showing any SMS in the mobile screen:The attacker logs in with the stolen credentials using the user's computer as a socks/proxy and performs a specific operation that needs SMS authenticationAn SMS is sent to the user's mobile device with the authentication code. The malicious software running in the device forwards the SMS to other terminal controlled by the attackerThe attacker fills in the authentication code and completes the operation.
- OK, now that I’m done with buying time, lets wake up to watch the Soundminer in action.http://www.youtube.com/watch?v=Z8ASb-tQVpU
- Researchers have developed a low-profile Trojan horse program for Google’s Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software.The malware, called Soundminer, monitors phone calls and records when a person, for example, says their credit card number or enters one on the phone’s keypad, according to the study.Source: http://gigasite.wordpress.com/category/software/Soundminer uses various analysis techniques, Soundminer trims the extraneous recorded information down to the most essential, such as the credit card number itself, and sends just that small bit of information back to the attacker over the network, the researchers said.“We implemented Soundminer on an Android phone and evaluated our technique using realistic phone conversation data,” they wrote. “Our study shows that an individual’s credit card number can be reliably identified and stealthily disclosed. Therefore, the threat of such an attack is real.”
- Soundminer is designed to ask for as few permissions as possible to avoid suspicionFor example, Soundminer may be allowed access to the phone’s microphone, but further access to transmit data, intercept outgoing phone calls and access contact lists might look suspicious.So in another version of the attack, the researchers paired Soundminer with a separate Trojan, called Deliverer, which is responsible for sending the information collected by Soundminer.Since Android could prevent that communication between applications, the researchers investigated a stealthy way for Soundminer to communicate with Deliverer. They found what they term are several “covert channels,” where changes in a feature are communicated with other interested applications, such as vibration settings.http://gigasite.wordpress.com/category/software/
- Using the covert channels of viberation settings, Soundminer could code its sensitive data in a form that looks like a vibration setting but is actually the sensitive data, where Deliverer could decode it and then send it to a remote server. That covert vibration settings channel only has 87 bits of bandwidth, but that is enough to send a credit card number, which is just 54 bits, they wrote.If it is installed on a device, users are likely to approve of the settings that Soundminer is allowed to use, such as the phone’s microphone. Since Soundminer doesn’t directly need network access due to its use of a covert side channel to send its information, it is unlikely to raise suspicion.In fact, 2 antivirus programs for Android, VirusGuard from SMobile Systems and Droid Security’s AntiVirus, both failed to identify Soundminer as malware even when it was recording and uploading data, according to the researchers.In an e-mail statement, Google officials in London did not directly address Soundminer but said that Android is designed to minimize the impact of “poorly programmed or malicious applications if they appear on a device.”“If users believe an application is harmful or inappropriate, they can flag it, give it a low rating, leave a detailed comment, and of course, remove it from their device,” Google said. “Applications deemed to be in violation of our policies are removed from Market, and abusive developers can also be blocked from using the Android Market for repeated or egregious violations of our policies.”http://gigasite.wordpress.com/category/software/
- So now that we know much more about howmobile attacks, lets look at the security models that the organisations which built these systems provide.
- The security of iOS is really provided by the lack of application choice. All applications are supposed to be loaded from the Apple App Store, and Apple uses human review, static and dynamic analysis to look for potentially malicious actions by uploaded apps. You are not allowed to sideload applications from the Internet or your PC, so in theory every bit of executable code your phone is exposed to has passed by Apple's gatekeepers. In reality, mobile Safari has had hundreds of vulnerabilities and the sandbox mechanism is regularly defeated, as evidenced by the success of enthusiasts in creating jailbreak software for pretty much every version of iOS. Android was always intended to allow users to load software from untrusted sources, so the security model needed to be "collapsed" onto the phone and can't rely on external review processes. An non-jailbroken phone includes runtime Code Signing Enforcement, which makes exploitation of memory corruption vulnerabilities significantly more difficult as you cannot execute injected code. This is a significantly stronger defense than the non-executable memory protections on other systems (i.e. DEP, NX/XD, PaX PAGEEXEC, etc). It is always possible to achieve the same effects using return-oriented programming, but significantly more labor intensive (especially if you need to do loops or conditionals). On Android, you may simply execute the injected shellcode that the exploit has sprayed onto the heap.Given that both Android and iOS use the same WebKit library for their browsers, developing the exploit against iOS will take at least an order of magnitude longer than developing the exploit against Android for the same vulnerability. In both cases, the attacker will likely also have to exploit a kernel vulnerability in order to escalate privileges and modify the device. Since they also have roughly the same marketshare currently, the rational attacker will attack the platform that provides the greatest return on their time investment.From Quora discussion: http://www.quora.com/Which-platform-is-more-vulnerable-to-viruses-iOS-or-Android
- iOS runs all applications as the same user, and utilizes a kernel-level mandatory access control mechanism known as "SeatBelt" to limit interaction between applications. While SeatBelt policies could, in theory, be customized for each downloaded application, in practice customization is only used for a handful of pre-loaded apps (like mobile Safari) and all downloaded apps run with the same set of permissions. This set of permissions is not visible to users, and the standard seatbelt policy has actually become more permissive as the platform has evolved, with iOS 4 granting many more rights than iPhone OS 2.Because of the freedom Google gives to the Android market, the Android’s security model needs to be "collapsed" onto the phone and can't rely on external review processes which are non-existent in this case. Every application on Android is assigned it's own uid on install, and by default the application's user is granted no rights outside of access to it's home directory, the ability to execute itself and write to the screen. Android applications request permissions to perform other actions, like access the network, use the Bluetooth stack, make phone calls or read the user's contacts. The user needs to approve these permissions on install, and a lot of work has gone into designing a UX that makes this decision easier to understand while not "lying" to the user. A handful of these permissions are enforced in the Linux kernel by use of group membership by each app's user, but the majority of them are enforced on IPC calls between the application and services that provide these abilities.From Quora discussion: http://www.quora.com/Which-platform-is-more-vulnerable-to-viruses-iOS-or-Android
- It is more likely that an Android phone will be exposed to malicious software than a non-jailbroken iPhone, due to its rigorous screening processes, because the Android market is not as controlled and the user can download applications whenever he/she pleases. If you were trying to attack a fully patched Android phone and a fully patched iPhone, then the iPhone is probably the softer target, especially if you can get the user to navigate to a malicious page using Safari. In this way, Android and iOS play out the Windows/OS X security drama in miniature and reflect the difference between security and safety. The former OSes are like very secure homes in bad neighborhoods, the Apple OSes are like mansions with unlocked front doors in much safer neighborhoods.Takes on the “Prevention is better than cure” philosophyLike a “kaisu” overly concern parent of a very young babySecurity model is more catered to geeks as a whole as it Like a parent of a teenager, giving them the freedom to make their own choices and mistakesFrom Quora discussion: http://www.quora.com/Which-platform-is-more-vulnerable-to-viruses-iOS-or-Android
- Trend Micro releases Android security app, says iOS is more secure http://www.techspot.com/news/41951-trend-micro-releases-android-security-app-says-ios-is-more-secure.html
- http://adtmag.com/articles/2011/03/03/android-attacks-on-rise.aspx?utm_source=2359_Media&utm_campaign=86404dbd86-Daily_Newsletter_0703111&utm_medium=emailhttp://www.zdnet.com/blog/btl/googles-android-wears-big-bulls-eye-for-mobile-malware/45733http://www.appleinsider.com/articles/10/07/29/millions_of_android_users_hit_by_malicious_data_theft_app.html
- But having said all these -> going back to the iPhone vs Android’s security modelYou must understand that implementing mobile security solutions is a delicate balance and we must have a delicate balance between making restrictions and open platformsWill Android still allowAllow self-signed apps?Allow non-official app repositories?Allow free interaction between apps?***And also Google must consider the consequences as many Android users chose this platform because of the freedom it gives its users.Allow users to override security settings?Allow users to modify system/firmware?
- Do not use any virus inflected system or device inflected with malware for exchanging data…it’ll only make things worse…of cause, that’s if you know its inflectedAfter using blue tooth, de-activate your blue tooth instantly. Don‘t leave it on and bring it wherever you go!De-activate your infrared function. Don‘t leave it on and bring it wherever you go!When you register in few sites then those sites send you confirmation or verification to your mobile phone. Always check the site is safe or not then click ok.While saving the data, check it with Antivirus Software.Ignore SMS, if you don’t know the sender.Use mobile antivirus.
- Some future attack concerns-> just a tribute to my bro there, the guys Justin, Jun Ming and Jeremy who suggested thisDuring mobile firmware update, could the virus be installed already on the firmware?This means that the firmware which people load into the phone would already have a “preloaded” virus Crackers could hack the source servers of the Google Android system or iPhone system or use a man-in-mobile attack
- Some future attack concerns-> just a tribute to my bro there, the guys Justin, Jun Ming and Jeremy who suggested thisDuring mobile firmware update, could the virus be installed already on the firmware?This means that the firmware which people load into the phone would already have a “preloaded” virus Crackers could hack the source servers of the Google Android system or iPhone system or use a man-in-mobile attack