SlideShare ist ein Scribd-Unternehmen logo

GovCert.NL - The Monkey Steals The Berries

Tyler Shields
Tyler Shields
Technologie
1 von 42
The Monkey Steals the Berries Mobile Malware – The State of Mobile Security
Presenter Background © 2010 Veracode, Inc. 2
Agenda  Background  Attacker Motivation  Case Studies  Mobile Security Mechanisms  Potential Effects and Behaviors  Detecting Malicious Mobile Applications  Demonstration  Conclusion © 2010 Veracode, Inc. 3
Background © 2010 Veracode, Inc. 4
Malicious Mobile Applications  Modifications to legit programs  Developer created  Intentional  Inadvertent  Any programming language  Any operating system © 2010 Veracode, Inc. 5
Attacker Motivation © 2010 Veracode, Inc. 6
Attacker Motivation  Practical method of compromise  Retrieve or manipulate valuable private data  Cost effective and reliable © 2010 Veracode, Inc. 7
Units Sold By Operating System 90,000.00 80,879 80,000.00 72,934 70,000.00 60,000.00 Units Sold 50,000.00 40,000.00 34,347 2008 Units 2009 Units 30,000.00 24,890 23,149 20,000.00 16,498 11,418 10,622 10,000.00 15,028 6,798 1,193 4,027 8,127 641 0 1,112 0.00 Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs Motion Windows Mobile Data Source: DISTMO Appstore Analytics Operating System www.appstore.info © 2010 Veracode, Inc. 8
Units Sold Market Growth 8% 6% 6% Percentage Growth in Market Share 4% 3% 3% 2% 0% 0% Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs 0% Motion Windows Mobile -2% -2% -3% -3% -4% -6% -6% Operating System Data Source: DISTMO Appstore Analytics www.appstore.info © 2010 Veracode, Inc. 9
Application Counts 160,000 150,998 140,000 120,000 Number Of Applications In Store Last Counted Jan/Feb 2010 100,000 80,000 60,000 40,000 19,897 20,000 6118 5291 1452 944 0 iPhone App Store Android Nokia Ovi Store Blackberry App Palm App Catalog Windows Marketplace (Maemo) World Marketplace Data Source: DISTMO Appstore Analytics Marketplace Name www.appstore.info © 2010 Veracode, Inc. 10
iPhone Applications Sold 3.00 Applications Sold (In Billions) 2.50 2.00 1.50 1.00 0.50 0.00 Data Source: Gartner, Inc., a research and advisory firm © 2010 Veracode, Inc. 11
Back To The Future © 2010 Veracode, Inc. 12
Back To The Future © 2010 Veracode, Inc. 13
Case Studies © 2010 Veracode, Inc. 14
FlexiSpy  http://www.flexispy.com  $149 - $350 PER YEAR depending on features © 2010 Veracode, Inc. 15
FlexiSpy Web Site Quotes  “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “  “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.”  “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 16
Mobile Spy  http://www.mobile-spy.com  $49.97 PER QUARTER or $99.97 PER YEAR © 2010 Veracode, Inc. 17
Mobile Spy Web Site Quotes  “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?”  “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.”  “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 18
eBlaster Mobile  http://www.spectorsoft.com  $49.95 a year © 2010 Veracode, Inc. 19
Etisalat (SS8)  UAE cellular carrier  Distribution: SMS link to patch  Command & Control: BB PIN  Hidden on device  Data stolen: Email, SMS © 2010 Veracode, Inc. 20
Storm8 Phone Number Farming  iPhone video game maker  Built into game  Distribution: iTunes  Command & Control: None  Hidden within application  Data stolen: Phone Number © 2010 Veracode, Inc. 21
Symbian Sexy Space  No real facade  Botnet for Symbian phone  Distribution: Malicious web sites  Worm: SPAM contacts  Data stolen: Phone number, network information  Signed by Symbian as safe! – Anti-virus scan – Some manual assessment © 2010 Veracode, Inc. 22
09Droid – Banking Applications Attack  09Droid developer  Web frontends to 50+ banks  Distribution: Android Marketplace  Data stolen: Unknown – likely none  Multiple bank fraud warnings released © 2010 Veracode, Inc. 23
3D Anti-Terrorist / PDA Poker Art / Codec Pack WM1.0  Original author: Huike  Repackaged in Russia  Built into game  Distribution: WM shareware web sites  Command & Control: None  Data stolen: Money! © 2010 Veracode, Inc. 24
Mobile Security Mechanisms © 2010 Veracode, Inc. 25
Does It Really Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 26
Common Mobile Security Mechanisms  Corporate level security policies  Application level security policies  Mobile anti-virus  Application marketplace screening  Code Signing © 2010 Veracode, Inc. 27
V5.0.0.328 Trusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 28
V5.0.0.328 Untrusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 29
Potential Effects and Behaviors © 2010 Veracode, Inc. 30
Installation Methods Application Marketplace Over The Air (OTA) •iTunes •Android •Web Sites Marketplace •Carrier •Blackberry Pushed App World Enterprise Distribution PC Loader •User Desktop •Mass Push Distribution •With/Without •Corporate Assitance Targets •Virus © 2010 Veracode, Inc. 31
Technical Methods  Data Dumpers  Listeners  Exfiltration Methods  Command and Control © 2010 Veracode, Inc. 32
Logging and Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 33
Exfiltration and C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket DNS Exfiltration Default command and control to inbound SMS TXSPROTO Bidirectional TCP based command and control © 2010 Veracode, Inc. 34
Detecting Malicious Mobile Code © 2010 Veracode, Inc. 35
Detecting Malicious Mobile Code  Signature Based Detection – Broken  Resource Usage Whitelisting – Semi-broken  Sandbox Based Execution Heuristics – Semi-broken  Static Decompilation and Analysis – Hard to do, but WORKS! © 2010 Veracode, Inc. 36
Mobile Malicious Code Detection © 2010 Veracode, Inc. 37
Defense in Depth Do all of the above!  Implement and enforce strong IT policies  Implement and enforce additional application policies as required  Implement a best of breed anti-virus solution – If only for thoroughness of deployed options  Utilize static decompilation and analysis of applications considered for deployment © 2010 Veracode, Inc. 38
Demonstration © 2010 Veracode, Inc. 39
Conclusion  We are currently trusting the vendor application store provider for the majority of our mobile device security  Minimal methods of real time eradication or detection of spyware type activities exists  When the do exist they are not configured correctly (or at all)  No easy/automated way to confirm for ourselves what the applications are actually doing  Automate the decompilation and static analysis of applications that are required for the ongoing functioning of your business © 2010 Veracode, Inc. 40
The Monkey Steals the Berries! Questions? © 2010 Veracode, Inc. 41
Questions?

Empfohlen

iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
BRUCon 2010 - The Monkey Steals the Berries
BRUCon 2010 - The Monkey Steals the BerriesBRUCon 2010 - The Monkey Steals the Berries
BRUCon 2010 - The Monkey Steals the BerriesTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Neli Vacheva - IDC
Neli Vacheva - IDCNeli Vacheva - IDC
Neli Vacheva - IDCIvo_Dreshkov
 

Empfohlen

iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareiSec Forum NYC - Smartphone Backdoors an Analysis of Mobile Spyware
iSec Forum NYC - Smartphone Backdoors an Analysis of Mobile SpywareTyler Shields
 
Raleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesRaleigh ISSA 2010 - The Monkey Steals the Berries
Raleigh ISSA 2010 - The Monkey Steals the BerriesTyler Shields
 
BRUCon 2010 - The Monkey Steals the Berries
BRUCon 2010 - The Monkey Steals the BerriesBRUCon 2010 - The Monkey Steals the Berries
BRUCon 2010 - The Monkey Steals the BerriesTyler Shields
 
Software Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesSoftware Developers Forum 2010 - The Monkey Steals the Berries
Software Developers Forum 2010 - The Monkey Steals the BerriesTyler Shields
 
IT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksIT Hot Topics 2010 - The Coming Wave of Smartphone Attacks
IT Hot Topics 2010 - The Coming Wave of Smartphone AttacksTyler Shields
 
The Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRThe Coming Wave of Smartphone Attacks - Texas DIR
The Coming Wave of Smartphone Attacks - Texas DIRTyler Shields
 
Source Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxSource Boston 2010 - The Monkey Steals the Berries Part Deux
Source Boston 2010 - The Monkey Steals the Berries Part DeuxTyler Shields
 
Neli Vacheva - IDC
Neli Vacheva - IDCNeli Vacheva - IDC
Neli Vacheva - IDCIvo_Dreshkov
 
Facebook: an investment for the future
Facebook: an investment for the futureFacebook: an investment for the future
Facebook: an investment for the futureIdeas4Tomorrow
 
Мониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаМониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаAgency of Industrial Marketing
 
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE Mine ISIK
 
Mobile Services in Japan
Mobile Services in JapanMobile Services in Japan
Mobile Services in JapanMobileMonday Norway
 
Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010thomasmartinelli94
 
Mobile Marketing Slide Deck
Mobile Marketing Slide DeckMobile Marketing Slide Deck
Mobile Marketing Slide DeckKevin McGee, MBA
 
Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11Deutsche EuroShop AG
 
When supply met_demand
When supply met_demandWhen supply met_demand
When supply met_demandVictor Barros
 
The Insider Track to Mobile Marketing
The Insider Track to Mobile MarketingThe Insider Track to Mobile Marketing
The Insider Track to Mobile MarketingInMobi
 
Milioone Presentatioon
Milioone PresentatioonMilioone Presentatioon
Milioone PresentatioonClaudio Ferraris
 
Mobclix Sfmobile
Mobclix SfmobileMobclix Sfmobile
Mobclix SfmobileVishal Gurbuxani
 
AdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriAdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriErol Dizdar
 
Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Erol Dizdar
 
AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Inc
 
Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Erol Dizdar
 
Android and its apps market overview
Android and its apps market overviewAndroid and its apps market overview
Android and its apps market overview01Booster
 
Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Ross Sleight
 
Advertising metrics for mobile
Advertising metrics for mobileAdvertising metrics for mobile
Advertising metrics for mobileMitya Voskresensky
 
Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10bianchiassociates
 
AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010AdMob Inc
 
The rules of mobile advertising
The rules of mobile advertisingThe rules of mobile advertising
The rules of mobile advertisingSeungyul Kim
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyBernard Leong
 

Weitere ähnliche Inhalte

Was ist angesagt?

Facebook: an investment for the future
Facebook: an investment for the futureFacebook: an investment for the future
Facebook: an investment for the futureIdeas4Tomorrow
 
Мониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаМониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаAgency of Industrial Marketing
 
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE Mine ISIK
 
Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010thomasmartinelli94
 
Mobile Marketing Slide Deck
Mobile Marketing Slide DeckMobile Marketing Slide Deck
Mobile Marketing Slide DeckKevin McGee, MBA
 
Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11Deutsche EuroShop AG
 
When supply met_demand
When supply met_demandWhen supply met_demand
When supply met_demandVictor Barros
 
The Insider Track to Mobile Marketing
The Insider Track to Mobile MarketingThe Insider Track to Mobile Marketing
The Insider Track to Mobile MarketingInMobi
 

Was ist angesagt? (10)

Facebook: an investment for the future
Facebook: an investment for the futureFacebook: an investment for the future
Facebook: an investment for the future
 
Мониторинг рынка плоского стекла
Мониторинг рынка плоского стеклаМониторинг рынка плоского стекла
Мониторинг рынка плоского стекла
 
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
A DECISION SUPPORT SYSTEM TO DETERMINE THE SPORT SPONSORSHIP RESPONSE
 
Mobile Services in Japan
Mobile Services in JapanMobile Services in Japan
Mobile Services in Japan
 
Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010Snapshot on the French Oncology Market March 2010
Snapshot on the French Oncology Market March 2010
 
Mobile Marketing Slide Deck
Mobile Marketing Slide DeckMobile Marketing Slide Deck
Mobile Marketing Slide Deck
 
Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11Deutsche EuroShop | Company Presentation | 11/11
Deutsche EuroShop | Company Presentation | 11/11
 
When supply met_demand
When supply met_demandWhen supply met_demand
When supply met_demand
 
The Insider Track to Mobile Marketing
The Insider Track to Mobile MarketingThe Insider Track to Mobile Marketing
The Insider Track to Mobile Marketing
 
Milioone Presentatioon
Milioone PresentatioonMilioone Presentatioon
Milioone Presentatioon
 

Ähnlich wie GovCert.NL - The Monkey Steals The Berries

AdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriAdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriErol Dizdar
 
Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Erol Dizdar
 
AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Inc
 
Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Erol Dizdar
 
Android and its apps market overview
Android and its apps market overviewAndroid and its apps market overview
Android and its apps market overview01Booster
 
Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Ross Sleight
 
Advertising metrics for mobile
Advertising metrics for mobileAdvertising metrics for mobile
Advertising metrics for mobileMitya Voskresensky
 
Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10bianchiassociates
 
AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010AdMob Inc
 
The rules of mobile advertising
The rules of mobile advertisingThe rules of mobile advertising
The rules of mobile advertisingSeungyul Kim
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyBernard Leong
 
Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009guestd94b193
 
Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Exicon
 
中国アプリ市場とその周辺
中国アプリ市場とその周辺中国アプリ市場とその周辺
中国アプリ市場とその周辺良太郎 小原
 
Overcoming challenges of implementing mobile audience measurement studies in ...
Overcoming challenges of implementing mobile audience measurement studies in ...Overcoming challenges of implementing mobile audience measurement studies in ...
Overcoming challenges of implementing mobile audience measurement studies in ...Merlien Institute
 
Internet world mobile marketing 270410
Internet world mobile marketing 270410Internet world mobile marketing 270410
Internet world mobile marketing 270410Jason Cross
 
Nick Lane, mobileSQUARED, UK mobile update
Nick Lane, mobileSQUARED, UK mobile updateNick Lane, mobileSQUARED, UK mobile update
Nick Lane, mobileSQUARED, UK mobile updatemobilesquared Ltd
 

Ähnlich wie GovCert.NL - The Monkey Steals The Berries (20)

Mobclix Sfmobile
Mobclix SfmobileMobclix Sfmobile
Mobclix Sfmobile
 
AdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleriAdMob 2010 mart istatistikleri
AdMob 2010 mart istatistikleri
 
Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-Ad mob 2010 mart istatistikleri-
Ad mob 2010 mart istatistikleri-
 
AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010AdMob Mobile Metrics Report - March 2010
AdMob Mobile Metrics Report - March 2010
 
Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10Ad mob mobile-metrics-mar-10
Ad mob mobile-metrics-mar-10
 
Android and its apps market overview
Android and its apps market overviewAndroid and its apps market overview
Android and its apps market overview
 
Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)Somo - Investing in a Mobile Strategy (UK specific)
Somo - Investing in a Mobile Strategy (UK specific)
 
Advertising metrics for mobile
Advertising metrics for mobileAdvertising metrics for mobile
Advertising metrics for mobile
 
Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10Ad Mob Mobile Metrics Feb 10
Ad Mob Mobile Metrics Feb 10
 
AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010AdMob Mobile Metrics Report - February 2010
AdMob Mobile Metrics Report - February 2010
 
The rules of mobile advertising
The rules of mobile advertisingThe rules of mobile advertising
The rules of mobile advertising
 
The Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web EconomyThe Chronicles of a Mobile-Web Economy
The Chronicles of a Mobile-Web Economy
 
Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009Quantacast Mobile Web trends report 2009
Quantacast Mobile Web trends report 2009
 
5 mobile trends (2009)
5 mobile trends (2009)5 mobile trends (2009)
5 mobile trends (2009)
 
Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012Enterprise Mobility Computerworld Mar 2012
Enterprise Mobility Computerworld Mar 2012
 
Hk enterprise mobility computerworld mar 2012
Hk enterprise mobility computerworld mar 2012Hk enterprise mobility computerworld mar 2012
Hk enterprise mobility computerworld mar 2012
 
中国アプリ市場とその周辺
中国アプリ市場とその周辺中国アプリ市場とその周辺
中国アプリ市場とその周辺
 
Overcoming challenges of implementing mobile audience measurement studies in ...
Overcoming challenges of implementing mobile audience measurement studies in ...Overcoming challenges of implementing mobile audience measurement studies in ...
Overcoming challenges of implementing mobile audience measurement studies in ...
 
Internet world mobile marketing 270410
Internet world mobile marketing 270410Internet world mobile marketing 270410
Internet world mobile marketing 270410
 
Nick Lane, mobileSQUARED, UK mobile update
Nick Lane, mobileSQUARED, UK mobile updateNick Lane, mobileSQUARED, UK mobile update
Nick Lane, mobileSQUARED, UK mobile update
 

Mehr von Tyler Shields

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile DeviceTyler Shields
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora PitfallTyler Shields
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Tyler Shields
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...Tyler Shields
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesTyler Shields
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsTyler Shields
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application BackdoorsTyler Shields
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyTyler Shields
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More ProblemsTyler Shields
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerTyler Shields
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 

Mehr von Tyler Shields (20)

The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Defending Behind the Mobile Device
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
 
Avoiding the Pandora Pitfall
Avoiding the Pandora PitfallAvoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
 
Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!Social and Mobile and Cloud - OH MY!
Social and Mobile and Cloud - OH MY!
 
Social Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social MediaSocial Media Basics: Security Loopholes with Twitter & Other Social Media
Social Media Basics: Security Loopholes with Twitter & Other Social Media
 
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
United Security Summit 2011 - Using the Mobile Top 10 as a Guide to Assessing...
 
Shmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the BerriesShmoocon 2010 - The Monkey Steals the Berries
Shmoocon 2010 - The Monkey Steals the Berries
 
Survey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital ForensicsSurvey of Rootkit Technologies and Their Impact on Digital Forensics
Survey of Rootkit Technologies and Their Impact on Digital Forensics
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Static Detection of Application Backdoors
Static Detection of Application BackdoorsStatic Detection of Application Backdoors
Static Detection of Application Backdoors
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Praetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile PrivacyPraetorian Veracode Webinar - Mobile Privacy
Praetorian Veracode Webinar - Mobile Privacy
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software Security
 
More Apps More Problems
More Apps More ProblemsMore Apps More Problems
More Apps More Problems
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
IT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every LayerIT Hot Topics - Mobile Security Threats at Every Layer
IT Hot Topics - Mobile Security Threats at Every Layer
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 

Kürzlich hochgeladen

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

GovCert.NL - The Monkey Steals The Berries

  • 1. The Monkey Steals the Berries Mobile Malware – The State of Mobile Security
  • 2. Presenter Background © 2010 Veracode, Inc. 2
  • 3. Agenda  Background  Attacker Motivation  Case Studies  Mobile Security Mechanisms  Potential Effects and Behaviors  Detecting Malicious Mobile Applications  Demonstration  Conclusion © 2010 Veracode, Inc. 3
  • 5. Malicious Mobile Applications  Modifications to legit programs  Developer created  Intentional  Inadvertent  Any programming language  Any operating system © 2010 Veracode, Inc. 5
  • 6. Attacker Motivation © 2010 Veracode, Inc. 6
  • 7. Attacker Motivation  Practical method of compromise  Retrieve or manipulate valuable private data  Cost effective and reliable © 2010 Veracode, Inc. 7
  • 8. Units Sold By Operating System 90,000.00 80,879 80,000.00 72,934 70,000.00 60,000.00 Units Sold 50,000.00 40,000.00 34,347 2008 Units 2009 Units 30,000.00 24,890 23,149 20,000.00 16,498 11,418 10,622 10,000.00 15,028 6,798 1,193 4,027 8,127 641 0 1,112 0.00 Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs Motion Windows Mobile Data Source: DISTMO Appstore Analytics Operating System www.appstore.info © 2010 Veracode, Inc. 8
  • 9. Units Sold Market Growth 8% 6% 6% Percentage Growth in Market Share 4% 3% 3% 2% 0% 0% Symbian Research In iPhone OS Microsoft Linux Android WebOS Other OSs 0% Motion Windows Mobile -2% -2% -3% -3% -4% -6% -6% Operating System Data Source: DISTMO Appstore Analytics www.appstore.info © 2010 Veracode, Inc. 9
  • 10. Application Counts 160,000 150,998 140,000 120,000 Number Of Applications In Store Last Counted Jan/Feb 2010 100,000 80,000 60,000 40,000 19,897 20,000 6118 5291 1452 944 0 iPhone App Store Android Nokia Ovi Store Blackberry App Palm App Catalog Windows Marketplace (Maemo) World Marketplace Data Source: DISTMO Appstore Analytics Marketplace Name www.appstore.info © 2010 Veracode, Inc. 10
  • 11. iPhone Applications Sold 3.00 Applications Sold (In Billions) 2.50 2.00 1.50 1.00 0.50 0.00 Data Source: Gartner, Inc., a research and advisory firm © 2010 Veracode, Inc. 11
  • 12. Back To The Future © 2010 Veracode, Inc. 12
  • 13. Back To The Future © 2010 Veracode, Inc. 13
  • 14. Case Studies © 2010 Veracode, Inc. 14
  • 15. FlexiSpy  http://www.flexispy.com  $149 - $350 PER YEAR depending on features © 2010 Veracode, Inc. 15
  • 16. FlexiSpy Web Site Quotes  “Download FlexiSPY spyphone software directly onto a mobile phone and receive copies of SMS, Call Logs, Emails, Locations and listen to conversations within minutes of purchase. “  “Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms etc.”  “F Secure seem to think that its ok for them to interfere with legitimate, legal and accountable software. Who appointed them judge, jury and executioner anyway, and why wont they answer our emails, so we have to ask who is the real malware? Here is how to remove FSecure malware from your device. Please don't believe the fsecure fear mongers who simply wish you to buy their products.” © 2010 Veracode, Inc. 16
  • 17. Mobile Spy  http://www.mobile-spy.com  $49.97 PER QUARTER or $99.97 PER YEAR © 2010 Veracode, Inc. 17
  • 18. Mobile Spy Web Site Quotes  “This high-tech spy software will allow you to see exactly what they do while you are away. Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?”  “Our software is not for use on a phone you do not own or have proper permission to monitor from the user or owner. You must always follow all applicable laws and regulations in your region.”  “Purchased by more than 30,000 customers in over 150 countries” © 2010 Veracode, Inc. 18
  • 19. eBlaster Mobile  http://www.spectorsoft.com  $49.95 a year © 2010 Veracode, Inc. 19
  • 20. Etisalat (SS8)  UAE cellular carrier  Distribution: SMS link to patch  Command & Control: BB PIN  Hidden on device  Data stolen: Email, SMS © 2010 Veracode, Inc. 20
  • 21. Storm8 Phone Number Farming  iPhone video game maker  Built into game  Distribution: iTunes  Command & Control: None  Hidden within application  Data stolen: Phone Number © 2010 Veracode, Inc. 21
  • 22. Symbian Sexy Space  No real facade  Botnet for Symbian phone  Distribution: Malicious web sites  Worm: SPAM contacts  Data stolen: Phone number, network information  Signed by Symbian as safe! – Anti-virus scan – Some manual assessment © 2010 Veracode, Inc. 22
  • 23. 09Droid – Banking Applications Attack  09Droid developer  Web frontends to 50+ banks  Distribution: Android Marketplace  Data stolen: Unknown – likely none  Multiple bank fraud warnings released © 2010 Veracode, Inc. 23
  • 24. 3D Anti-Terrorist / PDA Poker Art / Codec Pack WM1.0  Original author: Huike  Repackaged in Russia  Built into game  Distribution: WM shareware web sites  Command & Control: None  Data stolen: Money! © 2010 Veracode, Inc. 24
  • 25. Mobile Security Mechanisms © 2010 Veracode, Inc. 25
  • 26. Does It Really Matter?! Only 23% of smartphone owners use the security software installed on the devices. (Source: Trend Micro Inc. survey of 1,016 U.S. smartphone users, June 2009) 13% of organizations currently protect from mobile viruses (Mobile Security 2009 Survey by Goode Intelligence) © 2010 Veracode, Inc. 26
  • 27. Common Mobile Security Mechanisms  Corporate level security policies  Application level security policies  Mobile anti-virus  Application marketplace screening  Code Signing © 2010 Veracode, Inc. 27
  • 28. V5.0.0.328 Trusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 28
  • 29. V5.0.0.328 Untrusted 3rd Party Application Permissions Bluetooth Phone USB Connections Location Data Connections Connections Server Network Internet IPC Device Settings Application Media Themes Input Simulation Management Security Timer Display Information Browser Filtering Recording Reset While Locked Email Data Organizer Data Files Security Data © 2010 Veracode, Inc. 29
  • 30. Potential Effects and Behaviors © 2010 Veracode, Inc. 30
  • 31. Installation Methods Application Marketplace Over The Air (OTA) •iTunes •Android •Web Sites Marketplace •Carrier •Blackberry Pushed App World Enterprise Distribution PC Loader •User Desktop •Mass Push Distribution •With/Without •Corporate Assitance Targets •Virus © 2010 Veracode, Inc. 31
  • 32. Technical Methods  Data Dumpers  Listeners  Exfiltration Methods  Command and Control © 2010 Veracode, Inc. 32
  • 33. Logging and Dumping Monitor connected / disconnected calls Monitor PIM added / removed / updated Monitor inbound SMS Monitor outbound SMS Real Time track GPS coordinates Dump all contacts Dump current location Dump phone logs Dump email Dump microphone capture (security prompted) © 2010 Veracode, Inc. 33
  • 34. Exfiltration and C&C Methods SMS (No CDMA) SMS Datagrams (Supports CDMA) Email HTTP GET HTTP POST TCP Socket UDP Socket DNS Exfiltration Default command and control to inbound SMS TXSPROTO Bidirectional TCP based command and control © 2010 Veracode, Inc. 34
  • 35. Detecting Malicious Mobile Code © 2010 Veracode, Inc. 35
  • 36. Detecting Malicious Mobile Code  Signature Based Detection – Broken  Resource Usage Whitelisting – Semi-broken  Sandbox Based Execution Heuristics – Semi-broken  Static Decompilation and Analysis – Hard to do, but WORKS! © 2010 Veracode, Inc. 36
  • 37. Mobile Malicious Code Detection © 2010 Veracode, Inc. 37
  • 38. Defense in Depth Do all of the above!  Implement and enforce strong IT policies  Implement and enforce additional application policies as required  Implement a best of breed anti-virus solution – If only for thoroughness of deployed options  Utilize static decompilation and analysis of applications considered for deployment © 2010 Veracode, Inc. 38
  • 40. Conclusion  We are currently trusting the vendor application store provider for the majority of our mobile device security  Minimal methods of real time eradication or detection of spyware type activities exists  When the do exist they are not configured correctly (or at all)  No easy/automated way to confirm for ourselves what the applications are actually doing  Automate the decompilation and static analysis of applications that are required for the ongoing functioning of your business © 2010 Veracode, Inc. 40
  • 41. The Monkey Steals the Berries! Questions? © 2010 Veracode, Inc. 41