droidcon2013 security genes_trendmicro
TRANSCRIPT
![Page 1: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/1.jpg)
Raimund Genes - CTO
Security under Android
Copyright 2013 Trend Micro Inc.
![Page 2: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/2.jpg)
Android has been designed with security in
mind!
![Page 3: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/3.jpg)
Security in Mind?
Android is a privilege-separated operating system. Each application runs through a unique Linux user ID. No application has permission to impact other applications. Applications can‘t access the network without prior consent
![Page 4: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/4.jpg)
Security in Mind?
When installing an application, the
user is requested by the app
package installer to grant
permission(s)
![Page 5: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/5.jpg)
But!
Then, before or while running the application, it is never checked again by the user. If the permission was granted, the app can then use the desired features without prompting the user – forever!
![Page 6: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/6.jpg)
So
With clever social engineering the bad guys convince the users to install a „useful“ application, the user willingly gives permission, and bingo – device could be misused
![Page 7: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/7.jpg)
Industry Trends Malware increasing on “App Stores”
![Page 8: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/8.jpg)
Android Malware
• 10K: Middle of 2012! • 100K: End of 2012!
http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/
![Page 9: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/9.jpg)
![Page 10: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/10.jpg)
Chris Di Bona from Google, November 2011:
”virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.” “The barriers to spreading such a program from phone to phone are large and difficult enough to traverse when you have legitimate access to the phone, but this isn’t independence day, a virus that might work on one device won’t magically spread to the other.” All the major vendors have app markets, and all the major vendors have apps that do bad things, are discovered, and are dropped from the markets.
![Page 11: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/11.jpg)
![Page 12: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/12.jpg)
Industry Trends Google’s Bouncer
![Page 13: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/13.jpg)
Google Bouncer: “Gone to the Gym”
Slide 13 -‐ TREND MICRO CONFIDENTIAL
![Page 14: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/14.jpg)
Extended Network: The App Markets Use Case: Personal data exfiltration via an Android Market
App Market
Infiltration Exfiltration & Exploits
![Page 15: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/15.jpg)
Android Malware
120,000 300,000+
![Page 16: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/16.jpg)
ANDROIDOS_JIGENSHA.A
Impact Scope:
760,000 users' data leaked online in Japan Malicious Behavior: The malware collect User's contact list includes phone number and names, then sends them to a remote server.
![Page 17: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/17.jpg)
Your phone as your wallet
![Page 18: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/18.jpg)
![Page 19: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/19.jpg)
Samsung’s Knox software
![Page 20: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/20.jpg)
![Page 21: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/21.jpg)
Types of Threats
Spying Tools Track user data like GPS and send to a 3rd party
Rooter Hacks phone to take
control
Premium Service Secretly subscribes user to paid services
Data Stealer Steals personal
information
Malicious Downloader
Downloads new apps without user consent
Click Fraud Triggers pay-per-click activity on the device
![Page 22: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/22.jpg)
Viruses for Android
![Page 23: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/23.jpg)
Where’s the problem?
![Page 24: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/24.jpg)
That’s why don‘t we see this under IOS
![Page 25: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/25.jpg)
Mobile App Reputation
• Mobile App Reputation is a cloud-based technology that automatically identifies mobile threats based on app behavior – Crawl & collect huge number of Android apps
from various Android Markets – Identifies existing and brand new mobile
malware – Identifies apps that may abuse privacy / device
resources – World’s first automatic mobile app evaluation
service
• Malware? • Privacy Risk? • High Resource
Consumption?
Mobile App Reputa<on
Apps
No Issues
Issue Iden<fied
![Page 26: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/26.jpg)
Mobile App Reputation
Generates reputation scores and
detailed report
Collects Apps and scans them in the
cloud
1.
Static Analysis: Dissects app code
and private data access.
2.
Correlates web queries with Smart Protection Network
3.
Dynamic Analysis: Activates app to analyze actual
behaviour
4.
![Page 27: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/27.jpg)
Mobile Application Reputation Architecture
Data Bus / Control Bus
MSR (Mobile Sourcing)
MPAFI (Mobile PAFI)
MSA (Mobile StaDc Analyzer)
MDA (Mobile Dynamic
Analyzer)
MSE (Mobile Scoring
Engine)
MDS (Mobile Data
Store)
SPN (Smart Protec<on Network) WRS/FRS Correlate Services
PAFI: Pre-‐Analysis File Interscan
![Page 28: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/28.jpg)
The Service
Appstore submits
new apps
FTP
Crawler
Web Upload
Apps are scanned
Report is provided
HTML
XML
Appstore removes bad apps and adds detailed
info to app listings
![Page 29: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/29.jpg)
![Page 30: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/30.jpg)
Information provided by MARS
MARS Sample Report
![Page 31: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/31.jpg)
![Page 32: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/32.jpg)
Developers! • Ensure what public libraries do, before you use them!
• Corporate customers are very sensitive regarding Data Leakage!
• CPU load and Battery impact plays a bigger and bigger role in App selection!
• Quick and Dirty might not be the way to go for a sustainable business!
• If you write Apps for a 3rd party, expect that the App will be tested not only for functionality but also for potential risks, negative impacts
![Page 33: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/33.jpg)
Mid of May
mars.trendmicro.com to check the rating of your App
![Page 34: Droidcon2013 security genes_trendmicro](https://reader033.vdocuments.site/reader033/viewer/2022052822/554d2b4ab4c905ab268b4f85/html5/thumbnails/34.jpg)