Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Droidcon2013 security genes_trendmicro

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Droidcon2013 security genes_trendmicro

  1. 1. Raimund Genes - CTOSecurity under AndroidCopyright 2013 Trend Micro Inc.
  2. 2. Android has beendesigned with security inmind!
  3. 3. Security in Mind?Android is a privilege-separatedoperating system. Each applicationruns through a unique Linux user ID.No application has permission toimpact other applications.Applications can‘t access the networkwithout prior consent
  4. 4. Security in Mind?When installing anapplication, theuser is requestedby the apppackage installerto grantpermission(s)
  5. 5. But!Then, before or while running theapplication, it is never checked againby the user. If the permission wasgranted, the app can then use thedesired features without prompting theuser – forever!
  6. 6. SoWith clever social engineering the badguys convince the users to install a„useful“ application, the user willinglygives permission, and bingo – devicecould be misused
  7. 7. Industry  Trends  Malware  increasing  on  “App  Stores”  
  8. 8. Android Malware•  10K: Middle of 2012!•  100K: End of 2012!http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/
  9. 9. Chris Di Bona from Google, November 2011:”virus companies are playing on your fears to try to sell you bs protectionsoftware for Android, RIM and IOS. They are charlatans and scammers. IFyou work for a company selling virus protection for android, rim or IOSyou should be ashamed of yourself.”“The barriers to spreading such a program from phone to phone are largeand difficult enough to traverse when you have legitimate access to thephone, but this isn’t independence day, a virus that might work on onedevice won’t magically spread to the other.”All the major vendors have app markets, and all the major vendors haveapps that do bad things, are discovered, and are dropped from themarkets.
  10. 10. Industry  Trends  Google’s  Bouncer  
  11. 11. Google Bouncer: “Gone to the Gym”Slide  13  -­‐  TREND  MICRO  CONFIDENTIAL  
  12. 12. Extended Network: The App MarketsUse Case: Personal data exfiltration via an Android MarketApp MarketInfiltration Exfiltration &Exploits
  13. 13. Android Malware120,000 300,000+
  14. 14. ANDROIDOS_JIGENSHA.AImpact Scope:760,000 users data leaked online in Japan Malicious Behavior:The malware collect Users contact listincludes phone number and names, thensends them to a remote server.
  15. 15. Your phone as your wallet
  16. 16. Samsung’s Knox software
  17. 17. Types of ThreatsSpying ToolsTrack user data like GPSand send to a 3rd partyRooterHacks phone to takecontrolPremium ServiceSecretly subscribesuser to paid servicesData StealerSteals personalinformationMaliciousDownloaderDownloads new appswithout user consentClick FraudTriggers pay-per-clickactivity on the device
  18. 18.  Viruses  for  Android    
  19. 19. Where’s the problem?
  20. 20. That’s why don‘t we see this underIOS
  21. 21. Mobile App Reputation•  Mobile App Reputation is a cloud-basedtechnology that automatically identifiesmobile threats based on app behavior–  Crawl & collect huge number of Android appsfrom various Android Markets–  Identifies existing and brand new mobilemalware–  Identifies apps that may abuse privacy / deviceresources–  World’s first automatic mobile app evaluationservice                  •  Malware?•  Privacy Risk?•  High ResourceConsumption?Mobile  App  Reputa<on  Apps  No  Issues  Issue  Iden<fied  
  22. 22. Mobile App ReputationGeneratesreputationscores anddetailed reportCollects Apps andscans them in thecloud1.Static Analysis:Dissects app codeand private dataaccess.2.Correlates webqueries with SmartProtection Network3.Dynamic Analysis:Activates app toanalyze actualbehaviour4.
  23. 23. Mobile Application Reputation Architecture          Data  Bus  /  Control  BusMSR  (Mobile  Sourcing)MPAFI  (Mobile  PAFI)MSA  (Mobile  StaDc    Analyzer)MDA  (Mobile  Dynamic  Analyzer)MSE  (Mobile  Scoring  Engine)MDS  (Mobile  Data  Store)  SPN  (Smart  Protec<on  Network)  WRS/FRS  Correlate  Services  PAFI:  Pre-­‐Analysis  File  Interscan  
  24. 24. The ServiceAppstoresubmitsnew appsFTPCrawlerWebUploadApps arescannedReport isprovidedHTMLXMLEMAILAppstore removesbad apps andadds detailedinfo to app listings
  25. 25. Information provided by MARSMARS Sample Report
  26. 26. Developers! •  Ensure what public libraries do, before you use them!•  Corporate customers are very sensitive regarding DataLeakage!•  CPU load and Battery impact plays a bigger and biggerrole in App selection!•  Quick and Dirty might not be the way to go for asustainable business!•  If you write Apps for a 3rd party, expect that the App willbe tested not only for functionality but also for potentialrisks, negative impacts
  27. 27. Mid of May mars.trendmicro.comto check the rating of your App