![Page 1: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/1.jpg)
BYOD is now BYOT Current Trends in Mobile APT
Jimmy Shah, Senior Director of Research
![Page 2: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/2.jpg)
All rights reserved to Zimperium, INC.
Who AM I?
Jimmy Shah
• Sr. Director of Reseach at ZIMPERIUM - Enterprise Mobile Security
• Antivirus Researcher(Symantec, McAfee, AVG) • Involved with Mobile Malware and threats
since SymbOS/Cabir(ca. 2004)
Blog: MOBILE MALWARE DETECTION Email: [email protected] Twitter: @shah_jim
![Page 3: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/3.jpg)
All rights reserved to Zimperium, INC.
Agenda
• Introduction to Advanced Persistent Threats(APT)
• The Real Mobile Threat Landscape
• How is it switching over to Mobile?
• Examples
• Bypassing Mitigations/Security
• Summary
![Page 4: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/4.jpg)
April 24th, 2014
Introduction to Advanced Persistent Threats(APT)
![Page 5: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/5.jpg)
All rights reserved to Zimperium, INC.
Introduction to Advanced Persistent Threats(APT)
![Page 6: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/6.jpg)
All rights reserved to Zimperium, INC.
APT friendly Exploits & Vulnerabilities (PC)
Client Side
Server side: MS08-067 (Conficker), Shellshock, Netbios, SMB, Heartbleed, etc.
![Page 7: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/7.jpg)
April 24th, 2014
The Real Mobile Threat Landscape
![Page 8: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/8.jpg)
All rights reserved to Zimperium, INC.
Next-generation attacks Attackers are targeting mobile devices.
The Changing Threat Landscape
4.3M+ Sensors Reporting daily
![Page 9: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/9.jpg)
All rights reserved to Zimperium, INC.
• Most devices are running outdated OS• Lots of vulnerabilities
• We carry them with us everywhere • Always connected• Contain sensitive data
• Lack of effective security solutions!
The Low Hanging Fruit
![Page 10: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/10.jpg)
April 24th, 2014
How is it switching over to Mobile?
![Page 11: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/11.jpg)
All rights reserved to Zimperium, INC.
APT Friendly Exploits in Mobile
• Widespread
• + Kernel/Root Exploit
• Targeted
• | | + Kernel/Root Exploit, MITM,Push-SMS, etc.
• Cellular Network Attack Vectors • Location Tracking, Call Forwarding, etc
![Page 12: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/12.jpg)
April 24th, 2014
Examples
![Page 13: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/13.jpg)
All rights reserved to Zimperium INC.
Widespread - App Surveillance
![Page 14: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/14.jpg)
All rights reserved to Zimperium, INC.
Targeted - Airport/Hotel Scenario
Intercept Traffic
Scan (IPv4/IPv6)
Target discovery
MITM
Rogue AP
Rogue FemtoCell / Basestation
Modify Traffic
SSL Strip
Browser Attack
Code Injection
Elevation of Privileges
OS / Kernel Exploit
Infected
![Page 15: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/15.jpg)
All rights reserved to Zimperium, INC.
Targeted Attack - Spear-Phishing Scenario
![Page 16: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/16.jpg)
April 24th, 2014
Infection Points
![Page 17: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/17.jpg)
All rights reserved to Zimperium, INC.
Spreading in the Mobile Era
• Rogue AP
• SMS
• Using stolen Email client’s credentials
• Plug & Prey
• Juice Jacking
• Airdrop?
![Page 18: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/18.jpg)
April 24th, 2014
Payloads
![Page 19: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/19.jpg)
All rights reserved to Zimperium, INC.
Payloads
• Two types of payloads observed:• Apps
• Easier to detect
• Processes • Harder to detect
VS
![Page 20: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/20.jpg)
April 24th, 2014
Bypassing Mitigations/Security
![Page 21: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/21.jpg)
All rights reserved to Zimperium, INC.
Methods used in the wild
• Mobile Anti-Virus • Cloud Sandboxing • Sandbox restrictions • MDM / MAM Containers
![Page 22: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/22.jpg)
April 24th, 2014
How to detect?
![Page 23: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/23.jpg)
All rights reserved to Zimperium, INC.
• Persistent filesystem modifications
• Disabling security restrictions
• Spying on other sandboxes: Email App, Facebook, Whatsapp and others
• Spying on information: SMS, Call log
• Active Spying: Camera, Pictures, Call Recording
![Page 24: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/24.jpg)
April 24th, 2014
Summary
![Page 25: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/25.jpg)
All rights reserved to Zimperium, INC.
Mobile
!=PC
Credit: Flickr user - intelfreepress/
![Page 26: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/26.jpg)
All rights reserved to Zimperium, INC.
• Mobile attacks becomes more sophisticated and powerful and can cause a real damage to the corporation’s assets.
• Protecting mobile in BYOD world from various types of attack vectors requires:• Correlation of security events • Anomaly detection techniques • Mobile expert knowledge
• BYOD devices are fragmented to different versions of OS; A true solution must work on all common devices.
ZIMPERIUM’s z9 engine was developed from the ground up for mobile to combat the unique challenges of protecting iOS and Android devices in the organization. Contact us to request a demo
Summary
![Page 27: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/27.jpg)
All rights reserved to Zimperium, INC.
Questions?
![Page 28: BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT](https://reader031.vdocuments.net/reader031/viewer/2022030310/58f026b11a28ab89188b465b/html5/thumbnails/28.jpg)
Thank you!
All rights reserved to Zimperium LTD.