Introduction to Mobile Malware

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Dissecting Android Malware : Characterization and Evolution
By Hiranmayi Pai Neeraj Jain
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Android Malware Characterisaion. Android Under Attack Android Malware is on the rise In 2012 malware presence has increased by 580% compared to the same.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Trojan Horse Program Presented by : Lori Agrawal.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
William Enck, Machigar Ongtang, and Patrick McDaniel.
Mobile Malware in the Wild Acknowledgement: Hiromu Enoki.
Presentation By Deepak Katta
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
DroidKungFu and AnserverBot
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Data Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
THREATS TO MOBILE NETWORK SECURITY
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
Is Your Mobile App Secure. DEF CON 23 Wall of Sheep Sat
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Types of Electronic Infection
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
1 Company Proprietary and ConfidentialThe document name can go here Android OS Security Omar Alaql July 8, 2013 Kent State University Android OS Security.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Android Security Auditing Slides and projects at samsclass.info.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.
Topic 5: Basic Security.
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
What is Spam? d min.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
W elcome to our Presentation. Presentation Topic Virus.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
Kaspersky Small Office Security INTRODUCING New for 2014!
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Android and IOS Permissions Why are they here and what do they want from me?
Information Systems Design and Development Security Precautions Computing Science.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Instructor Materials Chapter 7 Network Security
How to Get Rid of Online Threats Impacting your Computer Device?
 Security is a must today. If your device is not secure with updated antivirus then it is surely vulnerable to the attacks of dangerous viruses, spyware.
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
Security.
Operating System Concepts
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Presentation transcript:

Introduction to Mobile Malware

Outline Introduction Types of Malware Malware examples How Malware Spreads Prevention AndroRAT Hands-on Lab

Introduction Mobile Security has become a fast growing issue Nearly 100,000 new malicious programs for mobile devices were detected in 2013 (Kaspersky Lab) More than twice the number detected in 2012

Types of Malware In terms of functionality, there are three types: Mobile Device Data Stealers Rooting Capable Malware Premium Service Abuser

Mobile Device Data Stealers Mobile Device Data Stealers – Malware that steals personal information such as contacts, phone logs, browsing habbit, SMS and GPS data.

Mobile Device Data Stealer Example: NickiBot NickiBot – a malware with client and server components Can perform (GPS-based) location monitoring, sound recording, email-based uploading, as well as call log collection. After installation it will obtain the phone’s International Mobile Equipment Identity (IMEI) and runs in the background while trying to connect to a server. It only works on phones that have the ability to connect to a particular server. if the phone does not connect to the server, NickiBot will automatically terminate. NickiBot will only execute certain function when it receives commands from the server or through SMS.

Nickibot Permission Review Permissions needed: android.permission.INTERNET android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION android.permission.READ_PHONE_STATE android.permission.READ_CONTACTS

NikiBot Code Example: Stealing Contacts Pseudo code: Uri CONTENT_URI = ContactsContract.Contacts.CONTENT_URI; Cursor cursor = contentResolver.query (CONTENT_URI, null, null, null, null); // cursor points to a contact String name, num; while(cursor.next != null){ name = c.name; // get the contact name num = c.num; // get the contact phone number } Print name and num;

Mobile Device Data Stealer Example: Find and Call Find and Call – a malware on iOS and Android devices When it is started on your device, it will ask you to register your device online Once registration is completed it will begin spreading to the contacts in the phone By sending SMS spam messages embedding an URL in the message It will also upload the contact book to a remote server

Rooting Capable Malware Rooting capable Malware – Malware that controls a device by obtaining root access. Once malware has root access to your phone it becomes very challenging to remove it.

Rooting Rooting allows higher level of customization Installing from unofficial markets System Backups Tethering- the connection of one device to another via cable or wireless Uninstalling apps However, malwares can take advantage of root commands to obtain permissions

Rooting Capable Malware Example 1– DroidDream DroidDream is a high threat level malware that has rooting capability It can infect many legitimate applications. It has client and server components The application that is infected with DroidDream client can root the device and send sensitive information like the IMEI to a remote server. IMEI (International Mobile Station Equipment Identifier)

Rooting Capable Malware Example 2 – DroidKungFu DroidKungFu obtains absolute control of the phone in order to access arbitrary files in the phone Has the capability to install or remove any packages which will result in certain applications not working. Some minor variants of the DroidKungFu have the ability to change the user homepage without the user knowing.

Premium Service Abusers Premium Service abusers – Malware that will send SMS messages or dial premium services that will charge the device owner.

Premium Service Abusers Example 1 -Zsone Zsone: found in China. Once the user runs the app on their phone, the app will send an SMS message to subscribe the user to a premium-rate SMS service.. Txtnation is an example of premium-rate SMS service It provides Bulk SMS alerts and reminders, SMS Billing for Premium Rate SMS for content services

Premium Service Code Example Permissions needed: android.permission.SEND_SMS Sending SMS: public void sendSMS() { String phoneNumber = "0123456789"; String message = "Hello World!"; SmsManager smsManager = SmsManager.getDefault(); smsManager.sendTextMessage(add parameter); }

How mobile malware spreads Infect via Bluetooth Malware can spread to other Bluetooth devices in surrounding areas User Download from suspicious sites Malware authors create fake websites to cause their malware being downloaded Repackage as Trojan Malware author disassemble a popular app, enclose malicious payloads, re-assemble and submit to App Store Apps automatically download updates During the update, malicious commands are downloaded to the phone

Mobile Malware Prevention Google Play store's Protection against Mobile Malware Anti-virus software Best Practices for Mobile Device Users to Defend against Malware Malware Prevention and Detection Using Sandbox

Google Play Store’s Protection Against Mobile Malware Google play store does not allow worms, virus, Trojan horses or malware to be updated to google play store However, the process of uploading apps does not completely prevent malware being uploaded to the Google play store Google’s bouncer software is a measure to prevent malware in Google play store

Google’s Bouncer Software Bouncer is a dynamic analyzer that scans new and old malware on the play store periodically. 40% of malware was detected and removed Problems: Each time it only runs for 5 minutes on one app and only does dynamic analysis Therefore if a malware did not misbehave during the scan it will not be removed

Anti-virus When a new software is downloaded, anti-virus software will automatically scan When an external drive is used, the drive will be automatically scanned If no virus is found, scan will continue to its destination. If virus is found in a file The infected file can be disinfected and the scan will continue to its destination while alerting the user The infected file cannot be disinfected and will be moved to a sandbox. Popular antivirus software: AVG, Lookout, Norton and Mobile Care.

Best Practices for Mobile Device Users to Defend against Malware Always look at the permissions requested by the app and check to see if the app really needs that function of the phone. Download from Reliable Sources Install updates as soon as they are released If device is infected with malware, remove as quickly as possible. Use password-based authorization on the device Install security software and antivirus Do not root device. Rooting may give malware control to the device Encrypt your data – some android devices have full encryption.

Malware Prevention and Detection Using Sandbox - 1 An area that is separated from critical resources of a system, in which untested code is run Static and dynamic analysis tools can be run within sandbox Mobile Sandbox (proposed by Spreitzenbarth et al.) Static analysis to check for dangerous function calls (such as connecting to premium service) Dynamic analysis to monitor whether sensitive information leaves the phone

Malware Prevention and Detection Using Sandbox - 2 A mechanism to identify malware that uses packing and obfuscation to avoid Antivirus (Lee et. al) The API call sequence o the malware is converted to a call graph, which is reduced to a code graph A code graph is used to uniquely identify the malware Airmid A prototype tool that automatically identifies and responds to mobile malware based on their network behavior Network sensors detect malicious traffic and alerts the device A program on the device identifies the executable code responsible and creates a plan of action to repair the device Filtering the traffic at the device, sandboxing or removing the app, patching the device, or restoring the device to its factory settings

AndroRAT It is a remote administration tool (RAT) for Android devices It allows an attacker to remotely gain control over another device and steal information from it It has client and server components The client is Android APK file running on an Android device The server is java file running on a server Client can be injected into another Android application to become a Trojan by using AndroRAT APK binder

AndroRAT Features Retrieve call log and place a calls Retrieve and send SMS messages Retrieve contact information Retrieve and download files from mobile device Capture and stream sound/video Get device location Open a URL in the default browser

AndroRat Implementation The client side: runs on a mobile device as a simple application A button “start service” initiates the communication between the device and the server The server side: socket programming is used for client/server communication using TCP

AndroRat Binder Implementation