Practical Attacks against MDM Solutions (and What Can You Do About It)

Transcription

1 Practical Attacks against MDM Solutions (and What Can You Do About It) SESSION ID: MBS-R02 Michael Shaulov CEO and Co-Founder Lacoon Mobile

2 Agenda Your Data Exploits to target enterprise data on mobile devices Your information Point & Click mrats to target business activity Your Life Mobile device Trojans as a Service (M-TaaS) to target it all Hacking ios devices? 2

3

4

5

6 6

7 E2o 7

8 8 Part 0. Why Hack Enterprise Mobile Devices?

9 By 2016, 65% of smartphones and tablets will be used in BYOD environments IDC Research

10 Mobile Devices: an Attractive Attack Target Snooping on corporate s and application data Infiltrating internal LANs Eavesdropping Extracting contact lists, call and text logs Tracking location 10

11 11 Enterprise Mobile Data Protection. Solutions?

12 Enterprise Security and Data Protection Solutions Mobile Device Management (MDM) Secure Containers Wrappers VDI

13 MDMs, Secure Containers & Wrappers 3 features Encrypt business data Encrypt communications to the business Detection Jailbreak/ Rooting of devices Self-Defense Apps

14 14 Part 1. Your Data

15

16 12 Hours 1000USD 16

17 17 Attack Demo Android

18 Step 1: Attack the Device

19 Step 2: Install a Backdoor / aka Rooting Administrative Every process can run as an administrative (root) user if it is able to trigger a vulnerability in the OS Vulnerability Each Android device had/ has a public vulnerability Exploit Detection mechanisms don t look at apps that exploit the vulnerability 19

20 Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage 20

21 Step 3: Bypass Containerization Jo, yjod od sm r,so; Storage 21

22 Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an Storage Memory 22

23 Step 3: Bypass Containerization Jo, yjod od sm r,so; Hi, This is an Exfiltrate information Storage Memory 23

24 How Many Privilege Escalation Exploits in the Wild? Date Name CVE / Bug # Affected Devices 12/2012 Exynos CVE Most Samsung Devices (Galaxy S2/3, Note ) 6/2013 MasterKey 1 CVE All devices 8/2013 MasterKey 2 # All devices 11/2013 MasterKey 3 # All devices 11/2013 V-Root CVE All devices, bypass SEAndroid 24

25 25 Part 2. Your Information

26

27 Point n Click Free (0 USD) 27

28 Mobile Remote Access Trojans (mrats)

29 AndroRAT Point n Click mrat Generator Injects polymorphic mobile remote access Trojan to any Android application Released as Open Source on Nov Forked many times Available on many dark forums 29

30 30 AndroRAT Demo

31 Part 3. Your Life

32 Mobile Device Trojans as a Service (M-TaaS)

33

34 Read the Manual 60 USD Per Year 34

35 Commercial Mobile Surveillance Tools 35

36 36 mspy Demo

37 Survey: Cellular Network 2M Subscribers Sampling: 650K Infection rates: June 2013: 1 / 1000 devices

38 Survey: Cellular Network 2M Subscribers Sampling: 650K

39 39 Attack: iphone

40 Step 1: Attack the Device

41 Step 2: Install a Backdoor Use the Jailbreak Perform the hooking to the secure container Remove any trace of the Jailbreak 41

42 Step 2: Install a Backdoor Community Jailbroken xcon 42

43 Step 3: Bypass Containerization Load malicious dylib into memory Hook using standard Objective- C hooking mechanisms Get notified when an is read Pull the from the UI classes 43

44 44 Mitigation

45 Current Solutions in Use to Protect Mobility

46 Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC 46

47 Mitigation: Current Controls Mobile Device Management (MDM) Multi-Persona Wrapper Active Sync NAC 47

48 Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligen ce Vulnerabil ity Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment 48

49 Detection: Adding Behavior-based Risk Malware Analysis Threat Intelligen ce Vulnerabil ity Research Application Behavioral Analysis Device Behavioral Analysis Vulnerability Assessment 49

50 Thank