Accessibility Clickjacking, Devastating Android Vulnerability
- 1. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 1 HOW TO PROTECT YOUR ORGANIZATION FROM A DEVASTATING NEW ANDROID VULNERABILITY Brian Duckering, Head of Product Marketing, Skycure
- 2. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 2 Meet Your Speaker Brian Duckering Head of Product Marketing Skycure
- 3. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 3 Quick Housekeeping • There will be time for Q&A at the end • Ask questions using the GTW chat pane • The webinar is being recorded • All attendees will receive a copy of the slides/recording Join the discussion #MobileThreatDefense
- 4. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 4 Old Endpoint vs. New Endpoint IPS IDS FIREWALL USB SECURITY DLP DATA ENCRYPTION WIRELESS SECURITY APPLICATION CONTROL AV
- 5. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 5 Mobile Threat Landscape Physical Network Vulnerabilities Malware
- 6. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 6 What is Accessibility Clickjacking? Android Malware & Vulnerability • Discovered by Skycure Research Labs • March 2016 • Undetectable (other than by Skycure) • Invisible to the end user • Affects all except Marshmallow OS • Compromises container solutions Exploitation method • Tricks the user into granting unlimited rights to view and control the device 95.4% of all Android devices in use today
- 7. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 7 How it works Leverages 2 otherwise benign Android features: Accessibility Services • Designed to facilitate interaction with the device for the vision impaired • Accesses ALL textual information Graphic Overlay • Allows apps to draw over other apps and pass touches to the lower app
- 8. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 8 Consequences of Accessibility Clickjacking Grants hacker ability to… • View/steal ALL textual information • Message, Mail, Docs, etc. • Container (MAM) data • Gain admin access • Encrypt device and change passcode • Ransomware
- 9. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 9 Android Version Distribution and Vulnerability Version Codename API Distribution Vulnerable to Accessibility Clickjacking? Android Protection Measures 2.2 Froyo 8 0.1% Yes No protection 2.3.3 - 2.3.7 Gingerbread 10 2.6% Yes 4.0.3 - 4.0.4 Ice Cream Sandwich 15 2.2% Yes 4.1.x Jelly Bean 16 7.8% Yes 4.2.x 17 10.5% Yes 4.3 18 3.0% Yes 4.4 KitKat 19 33.4% Yes 5.0 Lollipop 21 16.4% Yes Restrict pass- through clicks for the “OK” button5.1 22 19.4% Yes 6.0 Marshmallow 23 4.6% No Require manual activation of pass- through clicks Source: Android.com, May 3, 2016 Froyo Marshmallow Ice Cream Sandwich Gingerbread OS Distribution Jelly Bean KitKat Lollipop
- 10. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 10 Accessibility Clickjacking – Live Demo
- 11. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 11 Accessibility Clickjacking – Remediation 1. Upgrade to the latest OS 2. Install apps from reputable stores • We recommend Google Play • Turn off 3rd party app installation • Use a secure app installer 3. Install a Mobile Threat Defense Solution TURN THIS OFF
- 12. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 12 Vulnerabilities Malware Network Can Traditional Solutions Catch AC? Traditional Mobile Malware Analysis • Server-side analysis only • Signature/Static/Dynamic Too Little, Too Late! Ideal Solution Is Holistic • 3-layer strategy • Leverage MDM functions • Automated enforcement Device Server Crowd Wisdom Physical
- 13. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 13 Holistic Defense Against Malware Predict •Reputation analysis – what it is - App, Developer, Store, … Detect •Behavior analysis – what it does - What is the app doing? - How is the app doing it? Protect •Proactive protection – how to stop it
- 14. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 14 Skycure Malware Analysis Modules • Source Analysis • Package Segmentation • Gradual Analysis
- 15. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 15 Skycure Malware Analysis Modules • Source Analysis • Package Segmentation • Gradual Analysis • Signatures Analysis • Static Analysis • Dynamic Analysis
- 16. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 16 Skycure Malware Analysis Modules Crowd Wisdom helps to understand the Entire Attack Flow • Source Analysis • Package Segmentation • Gradual Analysis • Signatures Analysis • Static Analysis • Dynamic Analysis • Legitimate App Profiling • Repackage Detection • Attacker Profiling
- 17. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 17 Vulnerabilities Malware Network Skycure Mobile Threat Defense Holistic • Defend against all attack vectors • Deep, layered analysis Patented • Unique analytics, detection, remediation Public • Respects user/corporate privacy • Future proof and stable • Minimal CPU/battery impact Device Server Crowd Wisdom Physical
- 18. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 18 Skycure Solution Overview Physical Network Vulnerabilities Malware • 24x7 detection and protection • Network, device and app analysis • Multi platform Seamless experience Privacy Minimal footprint End-User App
- 19. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 19 Physical Network Vulnerabilities Malware • Policy enforcement • Risk-based management • Enterprise integrations Security Visibility IT Satisfaction Management • 24x7 detection and protection • Network, device and app analysis • Multi platform End-User App Seamless experience Privacy Minimal footprint Skycure Solution Overview
- 20. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 20 Skycure Solution Overview Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Policy enforcement • Risk-based management • Enterprise integrations • Visibility Security Visibility IT Satisfaction Management • 24x7 detection and protection • Network, device and app analysis • Multi platform Seamless experience Privacy Minimal footprint End-User App 1 Million+ Global Threats Identified https://maps.skycure.com Crowd Wisdom Millions of monthly tests - apps & networks Skycure Research No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut Threat Aggregator Dozens of threat feeds from 3rd parties Legitimate Services Attackers & Threats
- 21. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 21 Is your organization vulnerable? 2 Step Enterprise Trial Process • Step 1 – Download Skycure Public App (Recommendation: 5-20 devices) • Step 2 – Review Skycure Assessment Report in 4 weeks What do we usually find? NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLED PERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATS PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES EVERY ORG with 200+ employees had iOS malware of Android devices
- 22. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 22 Next Steps TRIAL Request a FREE 30 day trial! https://www.skycure.com/trial 1-800-650-4821 sales@skycure.com