Security Issues in the Mobile Environment

Mobile Applications &
Security
Ligia Adam, Security Evangelist
ladam@bitdefender.com
@LigiaAdam

Copyright@bitdefender 2012 / www.bitdefender.com

mobile devices are on the rise

• at the end of 2011, there were 6 billion mobile subscriptions

• there are now 1.2 billion mobile Web users worldwide

- aka ~17% of the global population uses a smartphone

• and over 491.4 million smartphones were sold worldwide in 2011

Copyright@bitdefender 2012 / www.bitdefender.com 7/9/2012 • 2

global use of mobile browsing


what’s mobile used for (now)

Most popular mobile destinations are news and information, weather

reports, social networking, search and maps.

- mobile browsers for banking, travel, shopping, local

info, news, video, sports and blogs

- apps for games, social media, maps and music


mobile environment status

• there are more than 400,000 Android apps on Google Play

• iPhone & iPad users get to choose between over 650,000 iOS Apps

• Apps usage

• nearly 2 in 3 smartphone users use apps daily

• App users had an average of 12 apps on their devices

• mobile app downloads should jump to ~50 billion in 2012


the need for mobile security
• Mobile malware attacks are up 155 percent across ALL platforms
in the last year, according to Juniper

• The most vulnerable platform is Android, where malware
increased by more than 4500% in a year (!)

• iPhones and iPads are very vulnerable to jailbreaking
services that infect the device during the rooting process and
just as vulnerable to web browsing attacks as any other device
• There are HUGE privacy issues with iOS apps (according
to Clueful stats)

• attacks to Blackberry and Symbian platforms also doubled
since last year


Mobile Phising

• phishing (criminals attempt to trick users into sharing passwords etc)


Tips to Avoid Becoming a Mobile Banking Phishing Victim

- Before you click on a link, make sure it is legitimate.

- Remember that e-banking can be risky, especially when
using a mobile device

- Always keep your mobile device operating system and
antivirus solution updated.


Trojans for mobile


SndApps Trojan


Mobile Spyware

• tracks user’s activity, sending the phone’s
location, IMEI, phone number, address book to
advertisers etc

• 61% of the malware detected on phones is spyware

• it does not affect the phone’s functionality


the dark side of the mobile world
Other threats for mobile users are:

• worms (a program that copies itself onto multiple devices via
network connections),
• man-in-the-middle attacks (where a criminal intercepts and
manipulates messages between two devices or device and
computer)
• Slavery - phones can even be used by part of a botnet (this is a
network of infected ‘slave’ devices used for malicious purposes).
• Spam / excessive advertising / privacy breaches
• losing the device


types of mobile app risks

Malicious Functionality

• Activity monitoring and data retrieval (e.g: Secret SMS
Replicator for Android)
• Unauthorized dialing, SMS and payments (Fake Player)
• Unauthorized network connectivity
• UI Impersonation
• System modification (modifying the device proxy
configuration or APN (Access Point Name).
• Logic or Time bomb


types of mobile app risks / II

App Vulnerabilities

• Sensitive data leakage (inadvertent or side channel)
• Unsafe sensitive data storage
• Unsafe sensitive data transmission
• Hardcoded password/keys


how to get to mobile hell

• direct download, SMS, MMS, e-mail and Bluetooth.

• via device rooting

• Not paying enough attention to your mobile


Q1 mobile malware landscape / I

• the most frequent e-threats identified by Bitdefender in
the mobile malware landscape for Q1 2012 are related to:
- data theft and
- malware strains related to device rooting via
operating system exploits

• data privacy is the number one targeted area
- re-packaged applications bundled with malware
and delivered through alternative Android
Marketplaces have proven an effective means of
distributing malicious apps


Q1 mobile malware landscape / II
• China, Russia and France have the highest count of smartphone
users affected by malware.
- These numbers reflect an increase in pirated applications re-
packed with malicious code

29.92% 29.49% China
United States
Spain
United Kingdom
Romania
6.68% Germany

4.40% India
5.84% France
1.74% 4.47%
3.03% 4.51% 5.06% Russian Federation
4.87%
Belgium
Other


Latest trends in Android malware
• Crafty adware, followed by Fake Battery Doctor and Exploit
malware (rooted devices)
• SMS senders (7th place) and Hack Tools will send users fake
notification updates and lure your social media credentials


Top Android malware in US

Android.Adware.Mulad.A
42.68% Android.Adware.Ropin.B
Android.Adware.Wallap.A
50.07%
Android.Exploit.Asroot.A
Android.Exploit.Asroot.B
Android.Exploit.Exploid.A
Android.Exploit.Exploid.B
Android.Exploit.Exploid.C
Android.Exploit.Exploid.D
4.04%
Android.Exploit.GingerBreak.A
Other

0.14%
0.42%
0.84%
0.98% 0.14%

0.14%
0.28%
0.28%


Top Android malware in DE
0.08%
1.07% 0.38% 0.54%
0.15%
12.88% 0.15%

0.46%
0.08%

0.23% Android.Adware.Mulad.A
Android.Adware.Ropin.B
Android.Exploit.Asroot.D
Android.Exploit.Exploid.C
83.97%
Android.Exploit.Exploid.D
Other


Top Android malware in UK 0.91%

0.20% 0.20%
0.40%
0.20%
0.30%
0.20% 0.61%
8.60%
0.10%

Android.Adware.Mulad.A
Android.Exploit.Asroot.D
Android.Exploit.Exploid.E
Android.Exploit.GingerBreak.A
88.26%
Android.Exploit.GingerBreak.C
Other


mobile security predictions
it will get worse, before it gets better, on all levels of mobile security:
• software
- We estimate a 6000% increase in Android malware samples (including
variants) within the next 6 months
- from 153 malware families and ~10 000 malicious apps in 2011 to over
3*10 000 malicious apps by the end of the year
- an increase of fake battery apps being actually malware.
- At the moment, ~80% od malicious apps steal data and ~20% overcarge
the user. By the end of 2012, 90% of apps will focus on stealing data

• privacy
- We estimate HUGE app privacy issues on ALL platforms
- detecting various apparently innocent apps that leak your data or
which apps ask for extra permissions they don’t actually need
• hardware
- anti-theft / anti-loss security solutions


May 2012

Copyright@Bitdefender 2011 / www.Bitdefender.com 7/9/2012 • 23

Bitdefender Mobile Security


BITDEFENDER MOBILE SECURITY LOVE

Bitdefender Mobile Security is practically unnoticeable on your Android device and very easy
to use. – PC Mag

Bitdefender Mobile Security has the advantage of low system resource occupancy while
protecting the mobile device - PCSL Test


Detailed Features


How it looks like


Anti-Theft in MyBitdefender


POWER TUNE-UP IN ONE SLIDE

Bitdefender Power Tune-Up brings back control in your
hands. Optimize your Android device for maximum
performance, battery economy and controlled data traffic.

Saves up battery
Informs you on the remaining time
(for standby, talking, navigating)

Keeps you from reaching data traffic
limits (3G, thresholds and notifications)

Quickly frees up space
(internal memory, internal and external SD card)


THE BATTERY SAVER

Save up precious battery life by
switching to the predefined
Battery Saver or create your own
custom profile.

You have access to running apps
(you can identify the CPU and
RAM levels) and essential battery
eating options that you can turn on
or off.


THE BATTERY WIDGET

With the Power Tune-Up
widget you can keep an
eye on your remaining
battery time.


THE DATA METER - 3G DATA TRAFFIC COUNTER

It’s easy to browse away and forget
you have a limited data plan.

Set up a usage cap and Data
meter will notify you before it’s
reached.


THE CLEAN-UP MODULE

Running out of space?

With Clean-Up you can remove
temporary files, delete downloaded
files or uninstall unwanted
applications to save space.


1. CPU used %
Power Tune-Up: 0.093
System Panel, System Tuner Lite: 0.11
Mobile Utilities Task Killer (Norton): 0.14

2. RAM (in MB)
Android Assistant: 5.61
System Tuner Lite: 5.69
Power Tune-Up: 6.09
System panel: 6.37

3. RAM (in MB) – Android Assistant
#1
Power Tune-Up: 3.37 We ran our own benchmarks
System Panel Lite: 3.49
Android Assistant: 3.56 and we’re beating the
Mobile Utilities Task Killer (Norton): 3.58 competition in three out of
4. Android Battery % five performance tests
Power Tune-Up: 0.37
System Panel: 0.54
System Tuner Lite: 0.65
Mobile Utilities Task Killer (Norton): 0.77

5. Space occupied (MB)
System Panel Lite: 1.03
Free Advanced Task Manager: 1.37
Android Assistant: 2.01
Power Tune-Up: 2.02

Tested on:
- Acer Iconia A500(android 3.2)
- HTC HD2(android 4.0)
- Samsung Galaxy Nexus(android 4.0.2)

Bitdefender Power Tune-Up

Now out of BETA

• FREE
• available on Google Play (Android Market)
• in English and Portuguese

German, French, Spanish, Romanian to follow soon


CLUEFUL is a world first!


Clueful is the only way to really understand apps, how they use your data and treat your privacy.

Clueful identifies nasty apps on your iPhone.
It looks at what applications are currently running in memory and it retrieves audit information from
the Clueful Cloud.

There's no viruses on the App Store.
Apps must pass an Apple review before acceptance on the App Store. The malicious apps are
rejected.

Most apps are not malicious.
They're just careless with your data.
Take a look under the hood. Be curious!
Explore and analyze clues about your apps, including your favorite ones.


There are apps that:

-track your location
- drain your battery
- can read and make use of your address book
- track usage behavior via Flurry (or other) analytics networks
and display ads
- handle your credentials in a sloppy way (think unencrypted
over the web)
- request access to your Facebook/Twitter/Google
credentials
- needlessly keep GPS or audio services on
intensively, although they don't need to, which may rapidly drain
your phone's battery.


How it looks like


THE CLUES


THE HOWS and WHENS

Bitdefender Clueful

• paid app
• available worldwide on the App Store


The Clueful App

Check it out @ wwww.cluefulapp.com


Thank you!

Q/A?
Ligia Adam, Security Evangelist
mail me: ladam@bitdefender.com
Follow my Tweets: @LigiaAdam


Resources
1. http://www.bitdefender.com/news/q1-2012-e-threat-landscape-report-2457.html

2. http://www.itu.int/ITU-D/ict/facts/2011/material/ICTFactsFigures2011.pdf
3. http://www.itu.int/ITU-D/ict/statistics/at_glance/KeyTelecom.html
4. http://www.slideshare.net/CMSummit/ms-internet-trends060710final
5. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats
6. http://thenextweb.com/mobile/2011/11/29/report-smartphones-account-for-just-27-of-all-
mobile-phones-worldwide/
7. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#mobilepageviews
8. http://www.theretailbulletin.com/news/mcommerce_quadruples_in_two_years_24-05-12/
9. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats#usprefersmobileweb
10. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats
11. http://mashable.com/2010/09/14/mobile-apps-pew-survey/
12. http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011-
Unprecedented-Mobile-Threat/ba-p/129529
13. http://www.veracode.com/blog/2010/12/mobile-app-top-10-list/


Security Issues in the Mobile Environment

Security Issues in the Mobile Environment

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (18)

Ähnlich wie Security Issues in the Mobile Environment

Ähnlich wie Security Issues in the Mobile Environment (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Security Issues in the Mobile Environment

Hinweis der Redaktion