Embed Size (px)
Citation preview
1 STRICTLY PRIVATE & CONFIDENTIAL © 2015 STRICTLY PRIVATE & CONFIDENTIAL © 2015 1
3 ways to loose your identity in the Mobile World
2 STRICTLY PRIVATE & CONFIDENTIAL © 2015 STRICTLY PRIVATE & CONFIDENTIAL © 2015 2
Rogue Mobile Apps
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
3 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps Subtly altered version of popular apps are being solicited by hackers Often available free, and offered to be installed or downloaded after a
survey that promises an iPAD Google and Apple support alternative stores or private stores Rogue Mobile Apps spread through alternative stores
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
4 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps In 2015 Apple admitted to its App Store
hosted apps that installed Root Certificates
Ad-blocker apps like Been Choice on your phone MiTM the traffic using self-signed Root Certificates to read and remove Ads from Facebook, Pinterest etc
But they can also read/decrypt the TLS traffic thereby stealing your identity(similar to the Lenovo superfish adware)
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
5 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps Rogue Apps that are a look alike
Android 09Droid phishing application is one good example that was intended to gather users’ banking credentials
A snapshot of a set of fake mobile app
Small screen and partial display of URLs make it difficult to differentiate
http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
6 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps The vast majority of rogue apps are
found on unofficial app stores or websites, many based in China or Russia.
This rogue apps presents normal functionality with a malicious code intended to run on behalf of attacker.
Possible suspicious activity : Balance deduction, Rapid Battery drains
Ex: Google++ , DroidDream (malware embedded in apps)
Detection : Anti-virus
http://www.cnet.com/news/android-malware-masquerading-as-google-app/ https://blog.lookout.com/blog/2011/03/02/android-malware-droiddream-how-it-works/
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
7 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps With the increasing numbers of applications available for Android;
spyware is becoming a real concern. Several malicious applications, ranging from fake banking applications
to an SMS Trojan embedded into a fake media player.
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
8 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Rogue Mobile Apps Defending against Rogue Mobile Apps
Do not trust or install ad blocking apps that are not certified by Apple or Google
Do not install apps from unofficial stores
Do not click on links sent via SMS or Whatsapp that invoke installation of apps
Have a good Anti-virus and Anti-malware software installed on mobile phones
9 STRICTLY PRIVATE & CONFIDENTIAL © 2015 STRICTLY PRIVATE & CONFIDENTIAL © 2015 9
Menace of Ad Libraries
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
10 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Menace of Ad Libraries Mobile users should be aware of risks of some mobile ads may pose In a study of 100,000 apps in the Google Play market, more than half
had ad libraries. 297 of these were using ad libraries that could run code from remote servers
Researchers said they've found more than 250 iOS apps that violate Apple's App Store privacy policy forbidding the gathering of e-mail addresses, installed apps, serial numbers, and other personally identifying information that can be used to track users.
In-App ad libraries can retrieve ads remotely and some ad libraries have the same permissions that users grant the app during installation. Retrieve users’ location, call logs, phone numbers, device ID etc
http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/
http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
11 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Menace of Ad Libraries Ads are used to get revenue out of free apps.
Mainly third party library are used.
Have same permission as the actual installed app.
Send and receive data in unencrypted HTTP protocol.
Collects user personal information and location based data.
Could be used to spy users.
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. “ Apple
Impact Collecting sensitive information from
users
Propagating itself via SMS message
Potentially pushing fraudulent advertisements
Ability to execute additional payloads
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
12 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Menace of Ad Libraries Defend against Ad Libraries
Always be wary of apps asking for more permissions that required
Apps like permissionDog allow you check what permissions other apps have.
Check Privacy settings after installation of any app
Delete apps that do not allow you change privacy settings or permissions
13 STRICTLY PRIVATE & CONFIDENTIAL © 2015 STRICTLY PRIVATE & CONFIDENTIAL © 2015 13
NotSoSecure Wifi
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
14 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NotSoSecure Wifi SSLstrip is an SSL stripping proxy, designed to make unencrypted HTTP
sessions look as much as possible like HTTPS sessions. It converts https links to http or to https with a known private key. It even provides a padlock favicon for the illusion of a secure channel. Many HTTPS sites are normally accessed from a redirect on an HTTP
page, and many users don't notice when their connection isn't upgraded.
Commonly used on Wifi networks alongwith MiTM attacks
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
15 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NotSoSecure Wifi App for MiTM
Zanti
SSL strip for android
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
16 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NotSoSecure Wifi Defending Against SSL Stripping
What can Enterprises do? Enable SSL site wide (i.e., use HTTPS only)
Enable HSTS (HTTP Strict Transport Security).
Enable Cert Pinning.
What can Users do? Do not trust Public Wifi
Do not perform sensitive transactions, or access social media via Public Wifi.
Do not start or use email clients, or chat clients while using Public Wifi.
Use a Private VPN service when using Public Wifi to tunnel all internet traffic via the secure VPN connection
18 STRICTLY PRIVATE & CONFIDENTIAL © 2015 © 2015 PALADION NETWORKS PRIVATE LIMITED | WWW.PALADION.NET | CONFIDENTIAL18
