BETTER- Threat Whitepaper- PoS
- 1. iOS-Based POS Systems Under Attack Protecting Android Mobile Devices from Known Threats Android OS – A Popular Target for Hacks Popular Retail Platform Becomes Attractive New Target of Advanced Dynamic Threats – How Can you Protect Your Infrastructure? BETTER Mobile Security’s Advanced Threat Protection for iOS-based Point of Sale (POS) solutions continuously monitors, prevents and records all unwanted activity using our endpoint agent for real-time detection and denial of unauthorized apps, network attacks and configuration changes. BETTER helps retail organizations control change, block the latest advanced threats, secure customers’ personal account and financial information, and eliminate the risk associated with Payment Card Industry (PCI) Data Security Standard (DSS) noncompliance. Common Android Vulnerabilities What are the Current Risks? Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal iOS Remote Access Trojans (iRATs) - including “Xsser” iRAT These advanced attacks jailbreak an iOS device, removing all of the built-in security mechanisms, and installs an iRAT surveillance app that gives the attacker the ability to remotely gain access to all data that is stored or flowing through the device. data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected. Attackers can jailbreak a device by obtaining physical access or by propagating the jailbreak code from a compromised computer through a USB cable. How-ever, in some cases the attacker doesn’t need to jailbreak the device themselves Here are some of the most common Android vulnerabilities that mali-cious – device owners are notorious for their desire to unlock their own mobile phones and tablets. Case in point, in February 2013 a jailbreaking technique Evasi0n enabled nearly seven million hacked devices in just programmers four days by seek their to owners. exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, @MCCNMNSMDBDRR@QHKXQDƦDBS@Ʀ@V in Android’s design and implemen-tation. BETTER at work. Contact us BETTER Mobile Security 110 Fifth Avenue New York, NY 10023 +1 877-710-5636 info@better.mobi In the tech industry, it’s a truism that hackers focus their attention on af- ƦHBSHMFSGDK@QFDRSMTLADQNES@QFDSR possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target. According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access. Add to the equation too that the Android operating system has been implemented on many disparate de-vices Once jailbroken, any iOS app from any app marketplace can be installed on the device designed – not just by those myriad approved vendors. by Apple in their proprietary store. A popular This distributed implementation alternative app market is Cydia, but many others exist. These markets offer a scenario has fragmented Android’s variety of legitimate apps, however, they also contain hundreds of seemingly native security model, which has re-sulted innocuous in a apps variety that of hide openings malicious that functionality. Users downloading these apps can be unknowingly infecting their own devices with iRATs. cyber attackers can exploit.
- 2. Currently no mobile AV exists to protect against these threats. The problem is exacerbated by the fact a jailbreak can easily be hidden from Mobile Device Management (MDM) solutions. For example, popular forums, such as xCon, freely provide methods to circumvent MDM detection. What’s needed is a way to accurately detect when a device has been jailbroken and the ability to identify surveillance behavior. Protecting Android Mobile Devices from Known Threats Android OS – A Popular Target for Hacks Stolen iOS Enterprise or Developer Certificates These attacks use distribution certificates to ‘side-load’ an application (with malware), which means it doesn’t have to go through the Apple app store’s validation process and can be downloaded directly onto the device. Apple provides two different 3rd-party certificate types - developer and enterprise – to try to maintain the integrity of the apps in their store. Developer certificates allow developers to test their apps before they go public in the app store, while enterprise certificates provide organizations the opportunity to establish their own in-house marketplace for dedicated apps. Behind the scenes, iOS validates that each app is signed by a trusted certificate before allowing it. Problems occur when an attacker is able to obtain – by stealing or buying on the black market – a certificate for their malware. They can then lure the user to download their seemingly harmless app and unknowingly infect their device; because the app is accompanied by the certificate, it is validated and easily installed without any iOS barriers. Common Android Vulnerabilities This method has already been seen in use. In mid-2013, a rogue Chinese site used an enterprise certificate to distribute pirated iOS-based apps. It has also been revealed the FinFisher iRAT used a developer certificate in its exploitation. Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal It is simply not possible for Apple to monitor the installation of every developer and enterprise application and certificate, so it comes data down and security to having at risk. a solution They that can automatically detect and block or remove iOS apps that are using stolen or fraudulent certificates. can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected. These attacks leverage the permissions of a profile to circumvent typical security mechanisms to provide the ability to do virtually Here are anything. some of The the profile most is common an extremely sensitive optional configuration Android file that can vulnerabilities redefine different that mali-cious system programmers seek to exploit. functionality parameters, such as mobile carrier, MDM and network settings. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, @MCCNMNSMDBDRR@QHKXQDƦDBS@Ʀ@V in Android’s design and implemen-tation. BETTER at work. Contact us BETTER Mobile Security 110 Fifth Avenue New York, NY 10023 +1 877-710-5636 info@better.mobi In the tech industry, it’s a truism that hackers focus their attention on af- ƦHBSHMFSGDK@QFDRSMTLADQNES@QFDSR possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target. According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access. Malicious iOS Profiles Add to the equation too that the Android operating system has been implemented on many disparate de-vices A user may be tricked into downloading a malicious profile and, by doing so, designed by myriad vendors. unknowingly provide the rogue configuration the ability to re-route all traffic from the mobile device to an attacker-controlled server, further install rogue apps, and even decrypt the device communications. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that Any changes to a profile need to be flagged and carefully considered, even when cyber attackers can exploit.
- 3. seemingly innocuous – at one time LinkedIn introduced an iOS app that made changes to the device’s profile to reroute all email through their servers (They discontinued it three months after introduction due to the controversy over it’s capabilities.) To prevent data exfiltration, a solution needs to be in place that can not only detect rogue or altered profiles, but also block and remove them to eliminate the threat. Protecting Android Mobile Devices from Known Threats Android OS – A Popular Target for Hacks A MitM attack occurs when the device connects to a rogue WiFi hotspot. Since all communications are passed through the attacker-controlled network device, they can eavesdrop and even alter the network’s communication. MitM attacks have always been a concern for wireless devices, however, the prevalence of smartphones in an individual’s personal and business life has made mobile devices much more attractive targets for this form of attack. Unfortunately, the typical alert and warning signs that individuals are used to seeing on PCs and laptops are much more subtle in their mobile counterparts. For example, the limited screen size of many mobile devices often hides a portion of the URL from the user, so they do not validate that the browser the URL is pointing to is actually the intended one. The best way to prevent these types of attacks is through the use of a VPN to encrypt and isolate the communications. Ideally the VPN would be triggered only when rogue hotspots and other risk factors are detected to maximize the user experience. Common Android Vulnerabilities Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal WebKits enable web browsers to correctly render web pages for a user in a mobile environment. Attackers will exploit vulnerabilities in a Webkit to execute scripts of their own. They are commonly used by attackers as a springboard for the remote infection of the device. data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected. An example of a WebKit was the popular iOS4 jailbreaking technique, named JailbreakMe. It took advantage of flaws in the Safari browser to enable users to jailbreak their device when they visited a dedicated website. Here are some of the most common Android vulnerabilities that mali-cious To prevent malicious WebKit exploits requires a solution that can identify suspicious behavior and correlate activity with events on the device and network and then stop any data being sent to the attacker. programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, @MCCNMNSMDBDRR@QHKXQDƦDBS@Ʀ@V in Android’s design and implemen-tation. BETTER at work. Contact us BETTER Mobile Security 110 Fifth Avenue New York, NY 10023 +1 877-710-5636 info@better.mobi WiFi Man in the Middle (MitM) In the tech industry, it’s a truism that hackers focus their attention on af- ƦHBSHMFSGDK@QFDRSMTLADQNES@QFDSR possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating WebKit Vulnerabilities system is just such a target. According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access. Add to the equation too that the Android operating system has been implemented on many disparate de-vices Zero-Day Attacks and Backdoors designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted Zero-day attacks represent exploits of vulnerabilities that have been uncovered – but not yet released. With vulnerability researchers earning purportedly in a variety $500K of per openings vulnerability, that the race towards vulnerability exposure is in full throttle. cyber attackers can exploit.
- 4. Many times, these vulnerabilities lead to the silent installation of attacks, such as iRATs on a device through a remote exploitation technique. Once on the device, they may enable the attacker to steal passwords, corporate data and emails, as well as capture all keyboard activity (key logging) and screen information (screen scraping). They may also activate the microphone to listen in on conversations and meetings, or act as a botnet to steal contacts, text messages (SMS texts) and more. Protecting Android Mobile Devices from Known Threats Android OS – A Popular Target for Hacks AV solutions, which rely strictly on known attack patterns to detect attacks, are unable to provide protection against unknown attacks. Organizations need a solution that can identify any suspicious behavior from an app, a device or the network to find and mitigate the impact of zero-day mobile exploits. A BETTER Solution for iOS POS With BETTER Mobile Security’s Advanced Threat Protection, you can arm your POS devices like never before with real-time end point protection. Improve Security – Stop Advanced iOS Threats • Create policies so only the apps you trust can run on your enterprise systems including POS devices, workstations, fixed-function machines and servers. BETTER will prevent everything else from Common running. Android Vulnerabilities • Detect advanced threats and backdoor access with BETTER’s real-time sensors and Advanced Threat Indicators. Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They Demonstrate Ongoing PCI DSS Compliance • Meet app integrity monitoring and control and audit trail rules with continuous, real-time monitoring of apps, configuration can profiles also execute and certifcates. malicious BETTER code and will protect your critical apps and configuration run unwanted from unauthorized programs to changes. bend the • Enforce your policies whether the device device is online to or their offline. will. All of this can be • Focus only on those events that are relevant done to without your business the user and suspecting lower the cost of obtaining compliance data. that their device has been infected. Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. • BETTER can keep your operating systems in a compliant state after their end-of- It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, @MCCNMNSMDBDRR@QHKXQDƦDBS@Ʀ@V in Android’s design and implemen-tation. BETTER at work. Contact us BETTER Mobile Security 110 Fifth Avenue New York, NY 10023 +1 877-710-5636 info@better.mobi In the tech industry, it’s a truism that hackers focus their attention on af- ƦHBSHMFSGDK@QFDRSMTLADQNES@QFDSR possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target. According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access. Extend the Life of Your Systems Add to the equation too that the Android operating system has been implemented on many disparate de-vices life and eliminate: • Financial penalties and brand damage associated with failed audits, designed by myriad vendors. data breach, or non-compliance • The need to upgrade to newer operating systems • The high costs of extended support contracts and hardware upgrades • For PCI compliance, deploy Bit9 as a compensating control in lieu of regular operating system patches and updates no longer available. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted in a variety of openings that cyber attackers can exploit.
- 5. How Are We BETTER? Protecting Android Mobile Devices from Known Threats Android OS – A Popular Target for Hacks It’s simple. BETTER immediately protects your iOS POS platform from attacks without disrupting your day-to-day business. Prevention: Create policies for apps that you trust to run on your POS systems while preventing anything else from running. Advanced Device Control: Block apps such as Settings, iMessage and Email to prevent side loading of malicous apps or configuration profiles. Complete Audit Trail: Gain real-time intelligence about all of your devices and you can access reports on any asset for an audit, a pre-compliance assessment or security intelligence gathering. Application Integrity Monitoring: Continuous, real-time app and device monitoring protects your critical configuration files from unauthorized changes from the baseline to meet integrity monitoring and control as well as audit trail rules. Gain Critical Visiblity: Free your organization from the hassles of not knowing what’s happening on any devices at any time. Common Android Vulnerabilities Once an attacker gains access to a device’s operating system, they can gain elevated privileges to monitor user activity, thereby putting per-sonal data and security at risk. They can also execute malicious code and run unwanted programs to bend the device to their will. All of this can be done without the user suspecting that their device has been infected. Here are some of the most common Android vulnerabilities that mali-cious programmers seek to exploit. It should be noted that many of these vulnerabilities are inherent to mobile and Wi-Fi devices in general, @MCCNMNSMDBDRR@QHKXQDƦDBS@Ʀ@V in Android’s design and implemen-tation. BETTER at work. Contact us BETTER Mobile Security 110 Fifth Avenue New York, NY 10023 +1 877-710-5636 info@better.mobi In the tech industry, it’s a truism that hackers focus their attention on af- ƦHBSHMFSGDK@QFDRSMTLADQNES@QFDSR possible, resulting in a perception that market giants are riddled with vulnerabilities. Google’s Android op-erating system is just such a target. According to an IDC study, Android possesses an 81.1% share of the smartphone market. Numbers that high are irresistible to hackers – which is why Android devices need to be protected from unauthorized access. Add to the equation too that the Android operating system has been implemented on many disparate de-vices designed by myriad vendors. This distributed implementation scenario has fragmented Android’s native security model, which has re-sulted All trademarks and registered trademarks contained herein are property of their respective holders. Rather than identifying a trademark by symbol with every occurrence, names and logos are used in an editorial fashion, with no intention of infringement of the respective owner’s property. in a variety of openings that cyber attackers can exploit.