Presentation is loading. Please wait.

Presentation is loading. Please wait.

MOBILE THREATS AND ATTACKS. Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser.

Similar presentations

Presentation on theme: "MOBILE THREATS AND ATTACKS. Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser."— Presentation transcript:


2 Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send malicious code/data from malicious logic websites to victims browser after user browses the malicious page and the malicious code will take over the control to get all sensitive data on the victims device. Social engineering Hackers use hyped contents to attract, manipulate, or persuade people into revealing confidential information through deception such as phishing for the purpose of information gathering, fraud, or access rights.

3 Possible attack threats to mobile devices Malware Virus hosted on a legitimate code, replicable spread worms, Trojan horses with action in purpose Misuse available resource and service /SMS spam or denial of service (A group of the attacking devices send volume data to one targets on the Internet to impact the targets services)

4 Possible attack threats to mobile devices Enterprise/private Data Loss Work place data on a mobile device may be uploaded to home PC while synchronizing of entertainment downloading or Enterprise/private data loss due to stolen device Data tamper Intentionally modify/corrupt device data without the permission such as devices contact list

5 Best practices protecting mobile device from potential threats Protect data loss due to mobile device loss with device ID and remotely remove all the apps, contacts, and confidential data right after the mobile phone is stolen or lost Type URL instead of copying/pasting or clicking links to protect mobile phones from drive-by download attacks Protect data privacy by data Encryption, dont cache sensitive data Disable unnecessary device features such as Wi-Fi, Bluetooth, and infrared when they arent in use. Enabling the firewall, disable sharing

6 Best practices protecting mobile device from potential threats Isolate personal apps and corporate apps Detect and Remove malware Apps Download all mobile apps from trusted sources application providers and check the permission requests during installation Install a mobile security application to protect the mobile device from attacks

7 Mobile device security protection Strategies Block the apps attempt to act beyond granted permissions Access Control with ID and resource access permission requirement App signature: Each app is signed with the identity of its author and protect app from tampering Encryption: Encrypt data for data protection in case of device loss or theft Isolation: Restrict any app to access the sensitive data on a device. Each Android app runs in its own virtual machine (process) which does not allow any access to resource belong to other VM except special permission grant.

8 Androids Security Androids Security is supported by encryption, signature, Isolation, and access control security protection Strategies. However there still are vulnerabilities for Android mobile devices. The Android app signature system is to ensure that the apps logic is not tampered with, enforce a user to recognize the identity of the apps author. Although Android will only install and run a signed app, a certificate is not required by Google. Hackers can still use anonymous digital certificates to sign their malware and distribute them without any certification by Google which is required by Apple. A hacker can create and distribute malicious app since people will not be able to track down to the source and attackers add Trojan horses and malicious code to a existing legitimate app and then re- sign the updated version with an anonymous or fake certificate and distribute it. Its original digital signature is tempered and lost.

9 Bring Your Own Device (BYOD) with Mobile Device Management (MDM) Enterprise BYOD policy: Use MDM tools to oversee and control mobile devices in secure operations Store enterprise data in sandbox Encrypte enterprise data on mobile devices Keep apps current with less vulnerabilities and flaws Routinely back up all apps and upgrade OS Authenticate and register all mobile devices with Secure Socket Layer (SSL) certificate Adopt app blacklisting within enterprise Management on the lost and stolen devices Separate personal and business accounts Controls user access

10 Mobile Malware Security Solutions Popular Mobile Malware(malicious software) are: Spyware – steals user information with users consent somehow. Trojan horse – steals confidential information such as credit card Adware - displays unwanted pop-up ads with/without theft of sensitive data There are some malware that just degrade or disrupt device operations such as rebooting device and exhausting device power without financial profit purpose. Due to small screen size of mobile device most apps dont show the URL address on the device screen while accessing web which takes even more difficult for mobile device user monitor and determine the destination of app on web.

11 Common types of malware delivery mechanisms Drive-by malware(silent Malware) Drive-by malware delivers(downloads) itself onto a users devices without their consent and interaction by exploiting vulnerabilities of user browser via an invisible element such as HTML iframe tag element or by HTML embed element of image file. Such malware either tempts the victim to visit a infected website or send malware-infected messages (SMS). Software updates Malware invites users to update software ( turned out to be a malicious one) on social network or web sits.

12 Common types of malware delivery mechanisms Pop-up ads Adware lures users to click on an ad that directs user to download/install malicious code such as Trojan horse in a word or pdf file. The downloaded may also be The keylogger which monitors mouse operations or keyboard strokes to steal personal data. Man-in-the-middle(MITM) Hacker may hijack a session by eavesdropping where the hacker makes independent connections with the victims and relays messages between two parties such that both parties thought they are talking directly to each other over. The MITM hacker intercepts all conversation and injecteavesdropping Botnet One attacker controls a group of sites(devices) to send a large volume of traffic to a victim resulted in a denial of service (DoS) attack. Afterwards, the hacker Demands the victim a payment to stop the attack.

13 Malware detection and protection solution Filtering with blacklisting and whitelisting Many search engines place malicious website a blocked list blacklist. The search engine will warn to potential visitor who intends access such sites on the list. A enterprise or a personal can also setup their own blacklist. A whitelist filter only only access to these on the list if a whitelist is exclusive. The filter techniques are widely used for spam filtering. View page source code Use Page Source (Firefox) or Source (IE) to view the actual source code to find out the injected malicious code

14 Spyware detection techniques a. Static analysis Static analysis is a reverse engineering analysis approach to finding malicious characteristics code segments in an app without execution. The analysis focus on these obvious security threats which have been reported before. One lab in this module is given on the static analysis approach to detect spyware. b. b. Dynamic analysis Dynamic analysis will execute the suspicious mobile app in an isolated sandbox, such as a virtual machine or emulator to monitor and inspect the apps dynamic behavior. c. c. App Permission analysis Android security uses permission to protect and detect by permissions in an Android mobile apps intentions. The permissions are required to be clearly specified by apps authors. Many spyware attacks make use of apps vulnerability on the permission.

15 Malware injection Malware injection is the act of inserting malicious code into a vulnerable web server page with poor application input filtering such that their devices get infected with malware when users interact with such page via form or other GUI components. This injection can be detected by a filter deployed on web server to filter out invalid commands such as SQL injection commands. Malware injection works as:

16 Malware injection 1. Inject a vulnerable website with malicious code that web browsers may request HTML:

Ads by Google