THE MOBILE UNDERGROUND ACTIVITIES IN CHINA Lion Gu, Trend Micro RUXCON 2014 11/10/2014.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

The Electronic Office & The Internet Chapters 22 & 26 Information Systems for You.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

_Protecting Our Kids New Technology: New Pitfalls Purpose: To help families ask the right questions, and make an informed decision for their children regarding.

Mountain Lion Security Mac OS X Strong Passwords Every Mac needs a login name and password Every user on every Mac should have their own account.

Threats To A Computer Network

Mobmail is your FREE worldwide UNIQUE id, Professional, Personal, Social, Verified Now find your friends even you just know their mobile number,

Internet Fraud By: Noelle Woodman.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

William Enck, Machigar Ongtang, and Patrick McDaniel.

ICASAS206A Detect and protect from spam and destructive software Identify and Stop Spam Warren Toomey North Coast TAFE Port Macquarie campus.

Presentation By Deepak Katta

Sophos Mobile Security

Safeguarding. Your responsibility Your responsibility.

Internet Standard Grade Computing. Internet a wide area network spanning the globe. consists of many smaller networks linked together. Service a way of.

Prepared by:-Nirmal Dhruvi

Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.

1 Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘維亞 (P ) 周明哲 (P ) 劉子揚 (N )

Possible application with SMS. Banks Inform the customer whether their order (stock or currencies) is successful – E.g. Buy AUS$25000 at the exchange.

Impacts of the use of IT -Social network sites This is a site that lets you post messages, upload pictures and stories on your own personal page. You can.

IT security By Tilly Gerlack.

Digital Citizenship Project.  The etiquette guidelines that govern behavior when communicating on the internet have become known as netiquette.

Component 4: Introduction to Information and Computer Science Unit 10b: Future of Computing.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Steps Towards Advance Technology “LPS, GIS & SMS SYSTEM” ( LPS = Loading Point System GIS=Geographical Information System SMS = Short Message Service)

An explanation by Katie Hutchinson. QR stands for Q uick R esponse code It’s a two-dimensional bar code that can be interpreted by a smartphone camera.

Spam Act 2003 Consumer Education and Awareness. About the ACA Independent government regulator Ensures industry compliance with legislation (Telecommunications.

Best Out of the Parent Portal Available Student lives at finger tips!

advantages The system is nearly universal because anyone who can access the Internet has an address. is fast because messages.

Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.

SMS Module Model ： SB-DN-SMS/IP Configuration of SMS Module.

EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.

Communication Systems The Internet The largest wide area network in the world. It is made up of thousands of linked networks. What.

XP Practical PC, 3e Chapter 7 1 Connecting to the Internet.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Topic 5: Basic Security.

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

 Carla Bates Technology and Education ED 505.  Social Media Sites are interactive webpages, blogs, and other user created sites that all others to create,

The rising standards of EU Mobile Payments October 2015 Jeremy King, International Director.

MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.

6 January 2016Examples of communication systems1 Communication Systems 2/5 Examples.

AUTOMATED STUDENT ATTENDANCE SYSTEM

INTRODUCTION & QUESTIONS.

FriendFinder Location-aware social networking on mobile phones.

Mobile Device Security Threats Christina Blakley Host Computer Security.

Android and IOS Permissions Why are they here and what do they want from me?

Websms Offers Professional Messaging Solutions via Web, , Gateway or Directly Out of Excel (Online) on the Microsoft Office 365 Platform OFFICE 365.

Electronic mail News File transfer protocol Chat Instant messaging Online services Online shopping.

T HE D ESIGN AND I MPLEMENTATION OF A GSM B ASED U SER -M ACHINE I NTERACTED R EFRIGERATOR Hüseyin Gürüler Mugla SK University September 2, 2015.

Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

Start up: 1. Power off and insert a GSM card, power on and check the GSM signal on the LCD. 2. Use the LCD and keys on the module to check and set the.

Trusty E-Commerce Application User Guide

Facebook privacy policy

Learn how to protect yourself against common attacks

SmartHOTEL Planner Add-In for Outlook: Office 365 Integration Enhances Room Planning, Booking, and Guest Management for Small Hotels and B&Bs OFFICE 365.

+Vonus: An Intuitive, Cloud-Based Point-of-Sale Solution That’s Powered by Microsoft Office 365 with Tools to Increase Sales Using Social Media OFFICE.

Digital $$ Quiz Test your knowledge.

Internet Safety Vocabulary

Android.Adware.Plankton.A % Android.Adware.Wapsx.A – 4.73%

Internet Safety and Security Curtis Shaw nwtel.ca November 2012

ACN Premium Technical Support

LO2 – Understand Computer Software

Confidential, not for publication

New type of devices for identification of users of “Raiffeisen ONLINE” – Hardware and Software Tokens.

Presentation transcript:

THE MOBILE UNDERGROUND ACTIVITIES IN CHINA Lion Gu, Trend Micro RUXCON /10/2014

About Lion Threat researcher of Trend Micro Malware analysis Mobile security Underground activities … 11+ years as security professionals First time to RuxCon Thanks a lot for invitation First time as speaker Feel nervous

Mobile Phone - Major Internet Access Device in China

Mobile Phone – Hot Target of Bad Guys Large amount of users A lot of privacy Contacts Photos Messages Phone charges Can connect to Internet

Attack Vectors for Mobile Phone APPMessageCall

APP Unapproved Charges Privacy Premium Service Number SMS Forwarder Vector Purpose Product/Service

SMS Forwarder Malicious app running in Android phone Forward victim’s SMS from given sender, like Banks Online payment services Target for certain SMS, like Registration Password resetting

Product/ServicePrice Source code of SMS forwarderRMB 3,000 (AUD 557)

Premium Service Number Unique phone number for subscription of a premium SMS Common premium SMS services: Weather SMS News SMS Subscription need confirmation SMS sent by users manually

Abuse of Premium SMS Rogue Premium SMS operators Apply service permission from mobile carriers Rent premium service numbers to anyone Rogue Android developers Buy and exploit premium service numbers for unapproved charges Subscription and confirmation SMS are sent by apps automatically Relevant SMS are deleted for stealthy

Products/ServicesPrices 6-digit premium service numberRMB 220,000 (AUD 40,855) per year 7-digit premium service numberRMB 100,000 (AUD 18,570) per year 8-digit premium service numberRMB 50,000 (AUD 9,285) per year 9-digit premium service numberRMB 15,000 (AUD 2,785) per year

Message Phishing Spam iMessage Spamming SMS Server Vector Purpose Product/Service GSM Modem Pool

iMessage iMessage is Apple’s instant-messaging (IM) service Run on both iOS and OS X Support sending various messages via Internet without charges Text messages Group messages Audio messages Video messages

Spamming in iMessage

Spamming Targets iPhone Users Phone numbers of iPhone can be used for iMessage accounts Can probe phone numbers to look for accounts Send probe message Check send status from iMessage server

iMessage Spam Work

Products/ServicesPrices 1,000 text messages in iMessageRMB 100 (AUD 19) 1,000 multimedia messages in iMessageRMB 500 (AUD 93) “iMessage Spam Work” softwareRMB 30,000 (AUD 5,571)

SMS Server A low-cost piece of radio frequency (RF) hardware Emit software-defined radio (SDR) signals in GSM frequency ranges Also known as ‘FAKE BASE STATION ( 伪基站 )’ in China

SMS Server Box

Base Station of Carrier SMS Server GSM Phone

Specification of SMS Server Frequency range of signal Uplink: 885 ‒ 915MHz Downlink: 930 ‒ 960MHz Working range: 200 ~ 2,000 meters Pushing SMS: 300 msg/min

Impact of SMS Server Serve for fraud attack Sender number in such SMS can be assigned to public service number, like bank’s number Interrupt communication to legal carriers Hard to trace and take down

Products/ServicePrice SMS serverRMB 45,000 (AUD 8,357)

GSM Modem Pool for Spam SMS A device used for sending SMS It integrates a number of GSM modules Each module operates like a normal mobile phone does A GSM modem pool with 16 modules can send 9,600 SMS messages in one hour

Products/ServicePrice GSM modem pool with 16 GSM modulesRMB 2,600 (AUD 483)

Call Promoting Scam Phone Number Scanning Vector Purpose Product/Service

Where Are Targets of Scam? Huge amount of phone numbers offered by telecom carriers But, 40% phone numbers are not in service Power off, unreachable,… Spammers and scammers need ACTIVE phone numbers

Phone Number Scanning Scanning service Offers ACTIVE phone numbers Service owner probes large amount of phone numbers regularly On demand scanning is also available Scanning tools Offers device and software Fulfill demand of custom scanning

Scanning Software - Sanwangtong

Scanning Device GSM Modem Pool with 8 GSM Modules and SIM Cards 8 GSM Phones with 1 PCI Serial Card

Products/ServicePrice 3,000,000 queries for active phone numbersRMB 1,000 (AUD 186) “Sanwangtong” phone number scanning software RMB 230 (AUD 43) 8 GSM phones and 1 PCI serial cardRMB 1,100 (AUD 204)

Experience of Monitoring Underground Activities Mobile businesses are hot in underground Many posts and participants in underground forums, instant messaging groups Selling messages are more than buying messages Use Alipay as payment method Alipay is an online payment service in China Use Tencent QQ as communication tool Most participants work at night Peak time: 19:00 ~ 22:00 A lot of cheaters Be careful

Thank You