ANDROID SECURITY
- 1. If you haven’t heard… the world has gone mobile.
- 2. Attackers follow opportunity Credit: Google
- 3. Data has been leaking for a while Credit: Forbes
- 4. Account logins & passwords Email VPN Social networks Banking & shopping Services / resources Internet & VPN Cellular sms (premium charges) Documents Email & attachments File storage services Monitoring Microphone Camera GPS/location Mobile Device Data & Assets
- 5. Communications Networks Cellular WIFI Bluetooth NFC Malicious Apps Physical Access USB SIM Dock/Accessory Connector Lock screen Other QR Code Attack Surface
- 6. Type complex words here No Thanks
- 7. Malicious Pokemon Go app Source: infosecuritynews. 15 sept 2016
- 8. Malicious apps in google play store Source: infosecurity news , 16 sept 2016
- 9. Fake Android apps Credit: AndroidCentral.com
- 10. Fake apple apps
- 11. • Hosted on Apple/Google stores, missed by reviews • Jailbreak markets • Third-party app stores • Enterprise app stores & app distribution services Malicious App Sources
- 12. Android sandbox & security layers Credit: Google
- 13. QuadRooter • Vulnerability exposes 900M devices • Affects Qualcomm chipsets from manufacturers ranging from HTC to LG to OnePlus to Google, which contracts with other makers for its own Nexus devices. • It’s serious; compromised devices would give bad actors root access, meaning they could collect any data stored on the phone, control the camera and microphone, and track its GPS location.
- 14. Mitigations: • Prefer vendors that patch! • Android: disable installation from unknown sources • Stick to trusted app sources/markets
- 15. Data Theft via Physical Access Malicious USB Chargers (“Juice Jacking”) • Free power charging station is really an exploit host
- 16. USB Debug Access • Commercial phones with ADB debugging access on by default • Blu Dash 4.5 (Android 4.2.1) • HTC One (original Android 4.1.2) • ADB debugging access gives you shell access
- 17. Mitigations: • Android: turn off ADB debugging • Newest IOS, Android prompt you to trust the USB connection • MAM, EMM, VDI, containers add extra layer of data security
- 18. Data Theft via WiFi Networks Non-Secure HTTP Traffic • Mobile devices & apps sends lots of plaintext traffic - This is all observable, subject to MITM • Interesting data seen in the clear - Android device ID - IMEI - GPS lat/long • MITM attack vectors - Android webview javascript callback - IOS SSL verification error
- 19. Mitigations: • Purge old prior networks from mobile device wifi list - Security apps can automate this - Android: Bluebox Wifi Cleaner • Turn off radios (Bluetooth, Wifi) when not using them - Bonus: saves battery! - Android: Kismet Smarter Wi-Fi Manager • Use device VPN & app VPNs to protect traffic on untrusted networks - Some capabilities exclusive to MAM, EMM, and containers
- 20. Going Forward Fact: More vulnerabilities will continue Challenge: keep data safe; Quick detection and recovery
Editor's Notes
- #8: Researchers have discovered a rogue Pokémon Go app on the Google Play Store that has been downloaded over 500,000 times, and infected over 6,000 Android smartphones. The app, called Guide for Pokémon Go, can seize root access rights on Android devices and use that power to install and uninstall apps and display unwanted adverts. It was first discovered by researchers at Kaspersky Lab, who notified Google. The app has now been removed from the Play Store.
- #9: This data includes: The user’s contacts, including name, phone number, email, and times contacted; all user accounts on a compromised device; precise location, including latitude, longitude, network ID, and location area code; free internal and external memory; Device IMEI, IMSI, MCC, MNC, phone type, network operator, device and Android information; and details of installed packages, Lookout researchers outlined in a blog.
- #14: It’s like giving someone the keys to your house, then holding the door open for them while they make off with the jewels.
- #18: Virtual desktop infrastructure (VDI) is the practice of hosting a desktop operating system within a virtual machine (VM) running on a centralized server. MDM MDM stands for mobile device management and consists of configuration and policy management tools that are implemented using application programming interfaces (APIs) released by mobile operating system providers such as Apple, Google and Microsoft to control and manage mobile devices. The typical functionality of an MDM software includes: Hardware and application inventory Configuration of security policies such as password policy, device encryption, WiFi settings, detection of jailbroken devices and so forth Execution of actions such as partial or remote wipe, remote lock, device location mapping and passcode clearing Access to self-service portals to enable users to protect personal and enterprise data MAM MAM stands for mobile application management software, which can apply policy controls to and provision mobile applications, both internally developed apps and apps that are commercially available in stores such as the Apple App Store and Google Play. MAM solutions usually have an enterprise app store that enables application control and delivery to mobile devices. MAM solutions provide control over mobile applications either through app wrapping or the use of a software development kit (SDK). EMM EMM stands for enterprise mobile management and typically consists of the following capabilities: Mobile device management Mobile application management Mobile content management Mobile content management products provide a secure container that enables enterprise data to be secured while preserving the mobile experience on the mobile device, whether it’s corporate supplied or employee owned. Users can access their email, contacts, calendars, apps, documents and web browsing from within the secure container installed on their mobile device.