The Mobile Malware Problem

Transcription

1 The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de

2 Introduction Security Evangelist at G Data: Privately owned - Established 1985 in Germany (Bochum) First Atari AV software Security solutions for end users and companies Personally Involved in the industry since 1989 Worked as Senior Consultant/Anti-Virus Expert for several CERT-organisations and commercial enterprises like Kaspersky Lab, Westcon(Noxs), etc Co-founder of EICAR Press officeratamtso

3 Some History: The olddays!

4 Some years ago Virus Spam Worm Trojan

5 Current threats...

6 The Number Game About new threats per day => Threats/Malware Under the Radar = Money is involved

7 Today s Networks Lack Boundaries Internal/External network Individual Users connect from multiple locations Managed/Unmanaged devices Individual devices operate both inside the network, and on public networks New Devices on the Network eg. Netbooks, Mobile devices, etc Internet Question: Who has an Android phone? iphone? Symbian? BlackBerry? Other? Network Telecommuters Contractors Mobile Users Wireless Users

8 Mobile threats... Going back to the roots The first incidents: Liberty Horse Trojan Sept 2000 Telefonica SMS Mailer Dec DoS SMS Mailer in Japan April 2001 Flooder sending not wanted SMS Aug 2001 Phage destroys files on Palm Sept 2001 Vapor Trojan Horse hides applications Oct 2001 GPRS hack into 2.5G US network devices Nov 2002 Nokia 6210 V-card Exploit Feb 25, 2003 Siemens %String Exploit March 2, 2003 AT&T SMS Trojan May 5, 2003 First Symbian based Trojan Sept 2003

9 Cabir Phone worm (2003) Only works on Series 60 mobile devices, Eg. Nokia 3650, 6600, N-Gage. Siemens, Samsung, Sendo en Panasonic UsesBluetooth too spread each seconds You must accept the transmission You must accept the installation Long term: battery drain

10 Some known malware (2006) Total: 27 families (f), 170 modificaties(m) Symbian: Flexispy, Comwarrior, Windows Mobile: Brador and Duts Java 2 Micro Edition: RedBrowser => Not many mobile malware

11 Spyware the other wave eg. Flexispy

12 Huike 3D anti-terrorist Story

13 70% 60% Global Market Share of Mobile OS percentage for smartphones to 2012 (e = expected) 50% 40% 30% 20% Symbian iphone Blackberry Win Mobile Android 10% 0% e 2012e Source: Gartner

14 Fakeplayer Beginning of 2010 SMS Trojan Pornplayer SMS are send 3x (mostly) 8+ variants Different names/icon Different premium numbers

15 Geimini Attackin China Android trojan Infected hundreds of thousands of chinese Android smartphones Sended mobile data to servers Remote controlled as a botnet for calls and text messages

16 DroidDream Steals information Drops more malware Download code from the internet Misuses 2 vulnerabilities in the Android OS ( patched already) Download updates Apps released under the names Kingmall2010, we and Myournet with DroidDreamattached > Removed from the official Android Market, More than 50 Apps affected

17 DroidDream Google s removal tool Which is the real tool?

18 ZITMO Zeus In The Mobile Steals mtans Target = Spanish (online) banks Replication via PC by Zeus botnet

19 The Update Problem

20 Mobile Malware Situation... End of the year... > 800% increase = Android Malware

21 The Real Problem with Android The higher the marketsharethe more interesting it becomes for the cybercriminal > money How easier the distribution of the malware the more interesting it becomes for the cybercriminal > via several channels, not only via official online Apps Markets/Shops Uncontrolled=better/attractive. Android=Windows? The Permission problem Use of exploits are easy because updates of Android are not always easy to install More possibilities in the future: more entrance/backdoor possibilities to spread other malware into businesses and corporates

22 THE FUTURE Exponential rise of Malicious Apps => Mobile Malware Mobile malware targetting Social Media / Mobile Payments(NFC) / Banking Targetted attacks via Mobile Malware Under the radar of the public...

23 Another Secure Solution :-) Thank you! Questions?