A Comprehensive Guide to Mobile Targeted Attacks (and What Can You Do About It) Ohad Bobrov, CTO twitter.com/LacoonSecurity

The collapse of the perimeter Why mobile devices are targeted Mobile Remote Access Trojans (mRATs) Demo Infection vectors Detection, remediation, and building a secure BYOD / HYOD architecture Agenda

Protecting organizations from mobile threats HQ SF, USA. R&D Israel Cutting edge mobile security research team Protecting tier-1 financial, manufacturing, legal and defense organizations About Lacoon Mobile Security

The Collapse Of The Corporate Perimeter > 2011

TARGETED MOBILE THREATS

Why To Hack Mobile Device? Eavesdropping Extracting contact lists, call &text logs Tracking location Infiltrating internal LANs Snooping on corporate s and application data

The Mobile Threatscape Business Impact Complexity Consumer- oriented. Mass. Financially motivated, e.g.: Premium SMS Fraudulent charges Botnets Targeted: Personal Organization Cyber espionage Mobile Malware Apps mRATs / Spyphones

The Mobile Threatscape mRATs / Spyphones High End: Government / Military grade Mid Range:Cybercrime toolkits Low End:Commercial surveillance toolkits

HIGH END: GOV / MIL mRATs Low End High End

FinSpy – Mobile Extracted from:

MID: CYBERCRIME TOOLKITS Low End High End

Recent High-Profiled Examples

LOWER END: COMMERCIAL SURVEILLANCE TOOLKITS

Commercial Mobile Surveillance Tool (Spyphone)

Commercial Mobile Surveillance Tools: A Comparison

Varying Costs, Similar Results CapabilityFlexiSpyAndroRATFinFisher Real-time listening on to phone calls+++ Surround recording+++ Location tracking (GPS)+++ Retrieval of text+++ Retrieval of s+++ Invisible to the user+++ SMS C&C fallback+++ Infection vectorPhysicalRepackageExploit? Cost$279Free€287,000 Activation screen+--

STATISTICS

Data sample 1 GB traffic sample of spyphone targeted traffic, collected over a 2-day period. Collected from a channel serving ~650K subscribers Traffic constrained to communications to selected malicious IP address Communications Traffic included both encrypted and non-encrypted content Survey: Cellular Network 2M Subscribers Sampling: 650K

Infection rates: June 2013: 1 / 1000 devices

Survey: Cellular Network 2M Subscribers Sampling: 650K

DEMO

INFECTION VECTORS

Infection Vectors - Android

Infection Vectors – iOS (iPhones and iPads)

Current Security Status

Current Solutions – FAIL to Protect

Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC

Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC

Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research

Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment

Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligence Vulnerability Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment

Lacoon Solution

Thank You. Ohad Bobrov, CTO Lacoon Security Inc. twitter.com/LacoonSecurity