F From Nothing to Massive N thi t M i Android under Attack Vi - - PowerPoint PPT Presentation

F N thi t M i From Nothing to Massive – Android under Attack

Vi t Di Vicente Diaz Senior security analyst

It It´s Sept September ember so so we we It It s Sept September ember, so so we we ... ...

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question Question 1 Question Question 1

How many of you have a mobile phone? How many of you have a mobile phone?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question Question 2 Question Question 2

Do you think you have Do you think you have something valuable g in your mobile phone?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question Question 2 ( 2 (again again) Actually probably more things than you think Question Question 2 ( 2 (again again) …Actually, probably more things than you think

Sep 22, 2011 The Kaspersky Security Symposium, Munich

You probably don´t want everybody to see this

Question Question 3 Question Question 3

Are there viruses for smartphones? Are there viruses for smartphones?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

User A User Awareness areness Very Low

• w!

User A User Awareness areness … Ve Very Low

• w!

How do you estimate the malware infection risk when surfing the web from different devices?

SMARTPHONE PC / NOTEBOOK TABLET PC

(N= 132)

5.1 pts 5.1 pts

SMARTPHONE

(N= 1618)

4.7 4.7 pts pts

PC / NOTEBOOK

(N= 1518)

6.0 6.0 pts pts NO RI SK OF EXTREMELY HI GH NO RI SK OF MALWARE I NFECTI ON EXTREMELY HI GH RI SK OF MALWARE I NFECTI ON

1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9

Sep 22, 2011 The Kaspersky Security Symposium, Munich

• Source: Smartphone Users Study for Kaspersky Lab

My My Mobile W Mobile Was s Com

• mpr

promised

• mised So

So What hat? My My Mobile W Mobile Was s Com

• mpr

promised

• mised, So

So What hat?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Mobile Malw Mobile Malware are Hist istory Mobile Malw Mobile Malware are Hist istory

2000‐2004 2004‐2006 Th b i i 2006‐2008 Evolution 2008‐Now Monetization Proof of concepts The beginning (Symbian) Evolution (J2ME) Monetization (All platforms) Sep 22, 2011 The Kaspersky Security Symposium, Munich

Mobile Malw Mobile Malware are Evolution lution Mobile Malw Mobile Malware are Evolution lution

65% growth of threats in 2010 over 2009

Number of Modifications

1600 1800 2000 1000 1200 1400 400 600 800

Source: Kaspersky Lab

200

jun.04 apr.05 jun.05 aug.05

• ct.05

dec.05 feb.06 apr.06 jun.06 aug.06

• ct.06

dec.06 feb.07 apr.07 jun.07 aug.07

• ct.07

dec.07 feb.08 apr.08 jun.08 aug.08

• ct.08

dec.08 feb.09 apr.09 jun.09 aug.09

• ct.09

dec.09 feb.10 apr.10 jun.10 aug.10

• ct.10

dec.10 feb.11 apr.11

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Source: Kaspersky Lab

Malw Malware f are for Smar r Smartphones tphones 20 2011 Malw Malware f are for Smar r Smartphones tphones, 20 2011

6% 1% 1% 23% Android Symbian Windows Mobile iOS 69% Blackberry

Source: Kaspersky Lab

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Exam Example 1: ple 1: SMS F SMS Fraud aud Exam Example 1: ple 1: SMS F SMS Fraud aud Trojan dials international premium- t b th rate numbers every month

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Exam Example 2: ple 2: Rick Rick in Y in Your iPhone ur iPhone Exam Example 2: ple 2: Rick Rick in Y in Your iPhone ur iPhone

• Jailbroken Iphones first worm
• Nice, we all LOVE Rick Astley,

don´t we?

• However …

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Mobile World Congress ‘Mobile Malware Threatscape in 2011’

Exam Example 3: ple 3: Andr Android Mar

• id Market 20

2011 Exam Example 3: ple 3: Andr Android Mar

• id Market 20

2011

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Main R Main Reason? ason? Main R Main Reason? ason?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

But W But Wait it There’s There’s More

• re

But W But Wait it, There’s There’s More

• re

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Social Engineering Social Engineering Attacks ttacks Social Engineering Social Engineering Attacks ttacks

• Dear Mr. Foo (attacker knows who you are)
• I´m calling you from your YourBank local
• ffice in Chelsea (attacker knows where you
• ffice in Chelsea (attacker knows where you

live and your bank).

• In order to prevent fraud we need to check
• In order to prevent fraud we need to check

some details, first I need to ensure you are the holder of the credit card with number the holder of the credit card with number xxx‐xxx‐xxx‐xxx (attacker knows your credit card) card).

• Can you please tell me the number that

th b k f d?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

appears on the back of your card? …

Targe rgeted A ed Attacks ttacks Targe rgeted A ed Attacks ttacks

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Summar Summary Summar Summary

• Malware is targeting the most popular platforms

g g p p p

• Profit‐driven
• Authors unpunished

p

• Social engineering + lack of user awareness
• Devices easily accessed/stolen

e ces eas y accessed/sto e

• How long does it take to jailbreak an iPhone?
• More and more valuable data on them
• Contacts
• Agenda
• Geo‐location

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Recommendations commendations Recommendations commendations L k

• Lock your screen
• Use security software

k d

• Back up your data
• Use encryption
• Beware of what you install
• Do not jailbreak/root your device
• Do not connect to untrusted Wi‐Fi access points
• Do not skip updates

AND

• Do not assume your mobile is safer than your PC

Sep 22, 2011 The Kaspersky Security Symposium, Munich

[Vi t Di ] [Vicente Diaz] [vicente.diaz@kaspersky.com] [ 34 681244756] [+34 681244756] [@trompi]