Upload
rebelreg
View
105
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Áine Curry 08406804Brian Flaherty 12232197Reggie Sugrue 12231292
Mobile Device Malware and Viruses
Mobile devices have become more technical in recent years.• Wireless connectivity
• Short range connections via Bluetooth
• Mobile Applications
• This has lead to the increased vulnerability of mobile device
Introduction
Attacks increased by 185 %• increased number of mobile devices
99% of these attacks related to Android Mobile devices
Mobile Malware 2012
Android is the most popular operating system• 75% of the market share
Android Applications widely available• Anyone can post App’s to Google’s Android Market
Android is slow in fixing detected flaw
What makes Android vulnerable to Attacks?
March 2013 – First discovered mobile malware attack• Stole SMS messages, call logs, contacts and phone data
December 2012 – Malware used to steal €36 million from 30,000 bank accounts
Recent Malware Attacks
• Collect device data - 28%
• Spies on user - 25%
• Send content - 24%
SMishing, Fake Apps, Stealing Information such as bank details – major threats
Main Types of Malware
Fake Apps
Bring Your Own Disaster?
• Unknown third-party access via mobile apps
• Challenges in tracking data
• Data management, segregation difficult for compliance
• Stolen, lost mobile devices leak data
• Disgruntled employees a risk
BYOD
• Financial• Main reason for malware
• Social• Boosting image as a hacker
• Political Agendas• Trojan implanted in a popular app
supporting “Arab Spring”
Motives
2 methods of detection:
• Simple detection techniques
• Technical detection technique
How to detect mobile malware
Symptoms of Mobile malware• Slow performance
• Quick battery consumption
• Applications refusing to open or work
• Automatic sending of text message to contacts
• GPS active even when a program is not running
Simple detection techniques
Static Analysis• Detects malware in operating systems by dissembling mobile device
Dynamic Analysis• Mobile device is isolated into a virtual machine and behaviour is monitored
Application Permission Analysis• Performs permission checks on installed applications
Technical Detection Techniques
• Defence against Malware & Viruses
• Smarthphones can be attacked in two mediums
• Corporate level
• Everyday Users
Recommendations
Organizations need security because member of enterprise are accessing information on their mobile devices.
National Institute of Standards and Technology provide security guidelines.
4 different categories of security that organizations should fall under according with NIST guidelines.
Organizations
1) General Policy – enforce enterprise security like monitoring when policy violations occur.
2) Encryptions Policy – making sure that there is strong encryption to prevent attacks.
3) Authentication – making sure that users must pass security breaches to get access.
4) Restriction – restricting people who you don’t want to have access to your resources.
4 Categories
Abbreviated for Bring Your Own Devices to Work.
People bring these devices to work but there must be security policies for these devices as well as the organization original hardware.
Organizations should specify what devices are allowed.
Define what sites are allowed to be used and companies should have a employee exit strategy.
BYOD
Users use smartphones everyday carrying out transactions with sensitive information like e-mails and bill payments.
Current day users are blissfully unaware of the malware and viruses that can possible interact with their devices.
Users should gain education of what malicious kinds of attacks are out there and what security is available.
Everyday Users
Install anti-virus software on their mobile devices.
Do not connect to unusual Wi-Fi network.
Avoid clicking links that come from unsecure sources as this can forward users on to harmful sites.
Avoid geo-tagging if people you don’t know will have access to the information.
Make sure there is encryption system in your device.
Helpful Tips for Users
Going to get worse before it gets better because Users are only getting to grips with mobile security.
Mobile devices are less protected than computers.
More sophisticated methods be introduced so it will be harder to pin down.
Examples of future threats are SMS phishing and NFC pay-service corruption.
Future of Mobile Malware & Viruses