Upload File

mobile threats 2013: android malware & vulnerabilities robert lipovsky [email protected]

19
Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky [email protected]

Upload: kailey-clarey

Post on 29-Mar-2015

220 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Mobile Threats 2013:Android Malware & Vulnerabilities

Robert [email protected]

Page 2: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk
Page 3: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Banking Trojans

Page 4: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Banking Trojans

• Bypassing mTAN 2-factor authentication

• SpitMo, ZitMo, Carberp, Hesperbot, …

Page 5: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Banking Trojans

• Rogue token generation apps

Page 6: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

SMS Trojans

• 1st well-documented Android malware

(FakePlayer)

• Most prevalent category on Android

• Premium SMS

• Subscription to paid services

Page 7: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Android/TrojanSMS.Boxer

• Targeted 60+ different countries

• Disguised as:

• Sim City Deluxe Free, Need for Speed Shift

Free, Assassin Creed, Angry Birds, …

• Google Play & unofficial markets

Page 8: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

“Regular” Malware / Spyware

• Botnets

• Download more malware

• Open websites

• Data theft:

• Messages, Contacts, Location, Apps, …

• Access GPS sensor, microphone, camera, …

Android/Spy.GPSpy.A

Page 9: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Adware

• Android/Adware.Waps• Android/Adware.Airpush

• Homescreen shortcuts• Browser

bookmarks/homepage• Notifications• Collect information• Etc.

Page 10: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Scareware & Ransomware

Android/FakeAV

Page 11: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Malware operations

• Pay-per-install schemes

• Botnets

• DDoS

• …

Page 12: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Android Malware Detection Statistics

November 2011 – October 2013

Page 13: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Some Recent Vulnerabilities…

Page 14: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

The “BitCoin Vulnerability”

• Java Cryptography Architecture

• SecureRandom, KeyGenerator, KeyPairGenerator,

KeyAgreement, Signature

• OpenSSL PRNG

• seed from /dev/urandom

• Patched -> OHA

• 55 Bitcoins stolen in August

Page 15: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

“WebView Vulnerability”

• WebView – load HTML content within app

• addJavascriptInterface (Object object, String

name)

• JavaScript can access object’s methods

http://developer.android.com/reference/java/lang/Object.html
http://developer.android.com/reference/java/lang/String.html
Page 16: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

“WebView Vulnerability”

• Problem: access to all public (incl.inherited)

methods

• Execute commands remotely in the context of

the application through reflection

• Android <4.2

• Since 4.2: @JavaScriptInterface annotation

Page 17: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

“Master Key” Vulnerability

Replacing code within application…

…without breaking its digital signature!

• Android crypto verifier – MANIFEST.MF

• Multiple files with same name in APK

• Replace code, permissions, etc.

• System applications

Page 18: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

USSD Vulnerability

Page 19: Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk

Thank you!

[email protected]@eset.sk

WeLiveSecurity.comVirusRadar.com


Malware & Anti-Malware

Internet Vulnerabilities & Criminal Activities Malware 3.2 9/26/2011

At the Center of Innovation CYBER BGUfrankel/Cyber.pdf · Propagation Patterns ... 48 Unknown Malware Detection Using Network ... Most techniques for ranking vulnerabilities either

REPORT China’s Ministry of State Security Likely ... · Influences National Network Vulnerability Publications ... vulnerabilities exploited by malware ... than a Low-Medium score

VirusMeter: Preventing Your Cellphone from Spiessqchen/publications/raid09.pdf · number of malware instances have been found exploiting vulnerabilities of mo- ... a labeling technique

Software Vulnerabilities and Malware CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University

Advancing Your Anti-Phishing Program - gartner.com · techniques to exploit vulnerabilities in the reader software itself. As malware sandbox evasion techniques improve, the use of

CAP6135: Malware and Software Vulnerability Analysis Program Verification & Other Types of Vulnerabilities Cliff Zou Spring 2015

Antimalware Protection in the Enterprise - cdn.ttgtmedia.com · In this e-guide Vulnerabilities in antivirus ... Go in-depth on malware protection best practices ... It is triggered

Malware - cs.stevens.edu · Where does Malware come from? Malicious scripts on websites that exploit security holes in browsers (Exploits) Security vulnerabilities in operating systems

Malware Nilgün Kablan. Malware …………………………………….…….……………………………………………… Geschichte der Malware ……………….…………………………………………………

Robert Lipovsky Anton Cherepanov - Black Hat …Robert_Lipovsky Anton Cherepanov Senior Malware Researcher @cherepanov74 Robert M. Lee CEO @RobertMLee Ben Miller Director, Threat Operations

Threat Intelligence - IB-Bank · “The set of data collected, assessed and applied regarding security threats, threat actors, exploits, malware, vulnerabilities and compromise indicators.”

Threats, Attacks, and Vulnerabilities · Threats, Attacks, and Vulnerabilities ... Salami Attack from Office Space. ... A computer virus is a type of malware that, when

Industrial Control Systems Vulnerabilities and …...BlackEnergy malware used for recon • Six-month dwell time • Credential harvesting • Actual impact done via manual takeover

A DAILY GRIND: Filtering Java Vulnerabilities · 2016-02-11 · A Daily Grind: Filtering Java Vulnerabilities This PDF then downloads a malware executable. Figure 28. The PDF exploits

VB2016-Brochure - Virus BulletinDENVER 2016 Virus Bulletin International Conference 5–7 Oct 2016 Denver, CO, USA Emerging threats Mobile threats Hacking & vulnerabilities Anti-malware

Continuous vulnerability assessment and remediation...Network Packets Analysis by Plugins OS Version Vulnerabilities Application Running Unwanted Application, e.g. Bitcoin Mining Malware

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social

Student Guide: Cybersecurity for Security Personnel of the five attributes is susceptible to threats and vulnerabilities. ... malware protection, ... Cybersecurity for Security Personnel

Welcome To Ms. Lipovsky’s Language Arts Class. About Ms. Lipovsky Graduated from Misericordia University…

PwC weekly security report edition 73 · Threat and vulnerabilities Malware Top story Threat and vulnerabilities ... Making a comparison to MongoDB deployments, which are also known

The Facebook PokerAgent Robert Lipovsky [email protected]

Continuous Diagnostics and Mitigation (CDM) and Mobile ......Aug 30, 2018  · • Mobile Applications: Malware and vulnerabilities in mobile apps and systems. • Networks: Rogue

2019 - Malware Protection & Internet Security | ESET...smart devices for vulnerabilities. See and block any unexpected access to your webcam. Legendary antivirus technology Banking

Ransomware: The Secret is Out, Healthcare is Vulnerable · • 67% - Malware infections • 57% - HIPAA violations / compromised data • 40% - Internal vulnerabilities • 32% -

Towards Automatic Generation of Security-Centric ... · INTRODUCTION As usage of Android platform has grown, security concerns have also increased. Malware [12,43,45], software vulnerabilities

Comprehensive Malware Detection with SecurityCenter … · Anti-Virus Auditing Nessus has over 100 plugins that examine anti-virus software for vulnerabilities, as well as missing

DSC 101: Security. Topics 1.Components of Security 2.States of Information 3.Threats 4.Attacks 5.Malware 6.Vulnerabilities

Smartcard vulnerabilities in modern banking malware

Administering Microsoft System Center Configuration ... · Endpoint Protection; configure Endpoint Protection to detect and remediate malware and security vulnerabilities. Extend

Trends in Global Cybersecurity - info.microsoft.com...threat landscape of exploits, vulnerabilities, and malware. We’ve used data gathered from more than 600 million computers worldwide

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Title: Ransomware: How consumers and businesses value ...... · latest threat trends including vulnerabilities, exploits, active attacks, viruses and other malware, spam, phishing,

DIGITAL SECURITY ASSESSMENT CHECKLIST€¦ · 口 11. Run Security Advisor regularly to uncover system vulnerabilities and identify malware 口 12. Install an antivirus package and