Smartphone Hacks and Attacks

:
A Demonstration of Current Threats to Mobile Devices

Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Troy Vennon, CISSP, CEH, OPST Global Threat Center Research Engineer

SMobile Global Threat Center Exploit Research and Development
– Complete threat analysis against all exploit vectors – Continual assessment of new devices and platforms – Knowledge-share with worldwide device exploit network

Malware Operation Center
– Actively monitor SMobile customer Malware alerts, reporting and trending – Monitor and scan publicly submitted Malware samples – Scan partner feeds for discovered/ recent viruses, Spyware, etc. – Continually monitor underground and public Malware bulletin boards, websites, newsgroups, etc.

Page 2

Copyright 2009 SMobile Systems

• BlackBerry • Symbian • Windows Mobile • iPhone • Android • Palm

Page 3

Copyright 2009 SMobile Systems

Smartphone Security Perfect Storm?

Page 4

Copyright 2009 SMobile Systems

Smartphone Security – In The News

“Android Security Chief: Mobile-phone Attacks Coming”
PC World August 12th 2009

"The smartphone OS will become a major security target," said Android Security Leader Rich Cannings.

"We wanted developers to be able to upload their applications without anyone stopping them from doing that," Cannings said. "Unfortunately this opens us up to malware."

Page 5

Identity Theft Moves to Mobile
• • • • • • • • • • Identity theft is the Number 1 consumer crime in America¹ Identity theft is a $50 billion per year industry¹ 75% of “Phishing" e-mails are banking related¹ 5 million U.S. consumers lost money to phishing attacks in 2008 - a 40% increase for that period¹ SMS (text) messaging is now the second leading conduit for phishing attacks¹ 80% of mobile device owners store personal information on their handset ² 40% of users who store credit card information on their handset do not have a basic password on the device to limit entry ² 24% of smartphone users store bank account details on their device ² 10% store credit card information ² Approximately 2 million smartphones were stolen in the US 2008 ²

¹ - Gartner Research ² - Credant Technologies

Page 6

6

Mobile Banking is on the Rise

Page 7

Copyright 2009 SMobile Systems

Mobile Banking Trojan – January 21, 2009

Page 8

Copyright 2009 SMobile Systems

Phone Virus Steals Money – February 8, 2009

Page 9

Copyright 2009 SMobile Systems

News Clips

Page 10

• Smartphones are rapidly replacing feature phones. Analyst predictions state that by 2012, 65% of all cell phone sales will be smartphones

• Cell phones are used for the same functions and have the same capabilities as PCs

• While most PCs have at least some security software in place, smartphones commonly do not have any security software installed

Page 11

Copyright 2009 SMobile Systems

Smartphones are the new PCs for consumers Smartphones are the new workstations for workers Smartphones are susceptible to the exact same threats as PCs

Page 12

Copyright 2009 SMobile Systems

Threats to Mobile Devices
• Malware – Viruses, Worms, Trojans, Spyware • Direct Attack – Attacking device interfaces, browser exploits, etc. • Physical Compromise – Accessing sensitive data • Data Communication Interception – Sniffing data as it is transmitted and received • Authentication/Identity Spoofing and Sniffing – Accessing resources with a user’s identity or credentials • Exploitation and Misconduct – Online predators, pornography, inappropriate communications

Page 13

Copyright 2009 SMobile Systems

Are Application Signing and Review Processes the Answer?

Page 14

Copyright 2009 SMobile Systems

Page 15

Copyright 2009 SMobile Systems

Spyware Pushed By Carrier to BlackBerry Users

Page 16

Copyright 2009 SMobile Systems

Symbian Malware Infections

Page 17

Copyright 2009 SMobile Systems

Let’s get specific as to what’s happening today with, Spyware, Direct Attacks and Loss and Theft

Page 18

Copyright 2009 SMobile Systems

Spyware Properties: • Silently runs on devices without the knowledge of the device user • Easily installed via Trojans and other Malware • 2 of the top 3 BlackBerry infectors are Spyware • 4 of the top 5 Windows Mobile infectors are Spyware

Spyware Capabilities: • Intercept and post to a website every SMS, MMS and e-mail (see image) • Track every key typed by the device • Remotely and silently turn on the phone to hear ambient conversations • Track the position of the device
“Users and enterprises who are waiting to experience an infection before implementing security software are placing themselves into the unsavory position of unknowingly becoming infected with Spyware and having absolutely no security software in place to address that infection.” – SMobile Global Threat Center

Page 19

Copyright 2009 SMobile Systems

Mobile Banking Keylogger

Page 20

Copyright 2009 SMobile Systems

Spyware Demo

Page 21

Copyright 2009 SMobile Systems

Threat: Direct Attack Curse of Silence Demo

Page 22

Copyright 2009 SMobile Systems

Curse of Silence Demo

Page 23

Copyright 2009 SMobile Systems

Threat: Data Communication Interception

Page 24

Copyright 2009 SMobile Systems

iPhone E-mail Sniff

Sniffed Packets 118 and 140

Page 25

Copyright 2009 SMobile Systems

Threat: Loss and Theft

Page 26

Copyright 2009 SMobile Systems

Physical Compromise

• Even using a PIN/passcode doesn’t guarantee protection • Data is still unencrypted • The authentication method can be bypassed

Page 27 Page 27

Copyright 2009Copyright 2008 SMobile Systems SMobile Systems

iPhone “Encryption”

Page 28

Copyright 2009 SMobile Systems

Threat: Exploitation and Misconduct

Page 29

Copyright 2009 SMobile Systems

Exploitation and Misconduct

Page 30

Copyright 2009 SMobile Systems

Exploitation and Misconduct

Enterprises:
• Where is your data going? • What is your employee e-mailing, storing on their phone, texting? • What pictures are employees taking; Data Leakage Protection • What websites are being visited with the company device? You control your PCs, why not your smartphones?

Page 31

Copyright 2009 SMobile Systems

Threat
Malware Direct Attack Physical Compromise Data Communication Interception Authentication Attacks Exploit and Misconduct

SMobile Product
Antivirus, Firewall, Application Revocation, Update OS Firewall, AntiVirus, Update OS Encryption, Lock and Wipe VPN, SSL VPN, Antivirus, SSL, Firewall, Update OS Parental and Enterprise Controls, Application Revocation

* Treat the smartphone like a PC … because that’s essentially what it is

Page 32

Copyright 2009 SMobile Systems

Conclusion

• Threats to smartphones do exist and devices are being exploited. This is an undeniable fact and the data supports it • Smartphones are the new PCs and need to be protected with the same security technologies • Physical compromise is currently the easiest means of exploitation • Smartphone Malware does exist and has infected devices • Malware is now being written to be stealthy, undetectable and for financial gain – infection and exploitation can occur without the knowledge of the device user/owner • Not all smartphone security products do not significantly drain the battery!

Page 33

Copyright 2009 SMobile Systems

Additional Resources:
• SMobilesystems.com (Global Threat Center/Mobile Security News) • Ethicalhacker.net • BlackJacking Book • Complete Guide to NAC Book

Page 34

Copyright 2009 SMobile Systems

Sign up to vote on this title
UsefulNot useful