Enterprise Mobile Security. Managing App Sideloading Threats on ios



Similar documents
Enterprise Mobile Threat Report

BYPASSING THE ios GATEKEEPER

Enterprise Apps: Bypassing the Gatekeeper

APPLE WITHOUT A SHELL IOS UNDER TARGETED ATTACK Tao Wei, Min Zheng, Hui Xue & Dawn Song FireEye, Inc., USA

Administrator's Guide

Future of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate

Tutorial on Smartphone Security

Deploying Management and Security Agents to Mobile Devices. Deploying Mgmt and Security Agents

TrustDefender Mobile Technical Brief

Cloud Services MDM. ios User Guide

Kaspersky Security 10 for Mobile Implementation Guide

IT Resource Management & Mobile Data Protection vs. User Empowerment

SECURING TODAY S MOBILE WORKFORCE

Getting Started Guide: Getting the most out of your Windows Intune cloud

Secure Your Mobile Workplace

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

How To Protect Your Mobile Device From Attack

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Telstra Mobile Device Management (T MDM) Getting Started Guide

Whitepaper. Mobile Security. The 5 Questions Modern Organizations Are Asking

Whitepaper. Mobile Security. The 5 Questions Modern Organisations Are Asking

Cisco Advanced Malware Protection for Endpoints

Deploying iphone and ipad Security Overview

Mobile Device Management

Protecting Android Mobile Devices from Known Threats

Kaspersky Security for Mobile

Kaspersky Security for Mobile Administrator's Guide

ios 8 Security and Privacy Changes

iphone in Business Mobile Device Management

IT Resource Management vs. User Empowerment

The ForeScout Difference

Security Intelligence Services.

Google Identity Services for work

ForeScout MDM Enterprise

Codeproof Mobile Security & SaaS MDM Platform

Colligo Briefcase Enterprise. Administrator s Guide

Feature List for Kaspersky Security for Mobile

Enterprise Mobility Report 12/2014. Creation date: Vlastimil Turzík

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

User Manual for Version Mobile Device Management (MDM) User Manual

Mac in the Enterprise

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

Cyber Security: Beginners Guide to Firewalls

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Engage ios App Administrator s Guide

Remote Managed Services

Technical Whitepaper. Secure Docs

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

End User Devices Security Guidance: Apple ios 8

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Windows Phone 8.1 in the Enterprise

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Zenprise Device Manager 6.1

Cloud Services MDM. Control Panel Provisioning Guide

ZNetLive Malware Monitoring

Mobile Device Management Version 8. Last updated:

D. L. Corbet & Assoc., LLC

... Mobile App Reputation Services THE RADICATI GROUP, INC.

ipad in Business Mobile Device Management

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Mobile Devices Using Without Losing

TIPS FOR USING OS X 10.8 MOUNTAIN LION

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune

ENTERPRISE APPS: BYPASSING THE IOS GATEKEEPER. Ohad Bobrov Avi Bashan

ios Education Deployment Overview

Spyware Doctor Enterprise Technical Data Sheet

Transforming Retail through Mobility: Best Practices

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

The safer, easier way to help you pass any IT exams. Exam : 9L OS X Server Essentials 10.8 Exam. Title : Version : Demo 1 / 6

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Advanced Configuration Steps

A Guide to Consumerization & Building a BYOD Policy June 2012

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

Norton Mobile Privacy Notice

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Feds: You have a BYOD program whether you like it or not

Zenprise Device Manager 6.1.5

Kony Mobile Application Management (MAM)

Enterprise Mobility as a Service

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

MOBILE SECURITY: DON T FENCE ME IN

Guidance End User Devices Security Guidance: Apple ios 7

Deploying iphone and ipad Mobile Device Management

Vodafone Secure Device Manager Administration User Guide

Cisco Advanced Malware Protection for Endpoints

Endpoint protection for physical and virtual desktops

ManageEngine Desktop Central. Mobile Device Management User Guide

Cisco Advanced Malware Protection

Manage Mobile Devices

Lockup: A software tool to harden ios by disabling default Lockdown services

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Transcription:

Enterprise Mobile Security Managing App Sideloading Threats on ios

I. Introduction II. The Path to App Sideloading Through rigorous app review Apple has lowered the risk of downloading malware from its App Stores to near zero. Companies, however, increasingly rely on an appdistribution mechanism called enterprise provisioning that allows them to distribute apps to employees without Apple s review as long as the apps are signed with an Apple-issued enterprise signing certificate. Unfortunately, attackers have managed to hijack this app-distribution mechanism to sideload apps on non-jailbroken devices, as demonstrated in the recent Wirelurker attack. Organizations today face a real security threat that attackers will continue to abuse enterprise provisioning and use it to sideload malware, especially since: 1) The widespread prevalence of legitimate, enterprise-provisioned ios apps in the workplace has conditioned employees to seeing (and ignoring) the security warnings triggered on devices when installing these apps. With minor social engineering, many employees would likely accept and install a sideloaded app. Signing Certificates Apple offers two types of signing certificates for app distribution outside of their App Stores and both types allow users to install and execute signed apps on non-jailbroken devices: 1) A developer certificate, intended to sign and deploy test apps to a limited number of devices. 2) An enterprise certificate, intended to sign and widely deploy apps to devices within an organization. To obtain these certificates you must enroll in one of Apple s two ios developer programs. Table 1 on the following page summarizes the enrollment requirements for each program and their app provisioning restrictictions. Both types of signing certificates expire after a year, whereupon developers can apply for new ones. Apple can also revoke certificates if it learns of abuse and an app signed with an expired or revoked certificate will no longer run on an ios device. 2) Sideloaded apps have unrestricted access to the device, including APIs that Apple otherwise prohibits. These private APIs can empower sideloaded apps with a wide range of dangerous capabilities, such as the ability to install or launch additional code or collect location data without notification. This whitepaper examines the technical underpinnings that enable app-sideloading and also highlights Lookout s unique approach to managing this emerging security threat on ios devices. lookout.com v2.0 2

Table 1: ios Developer Program Characteristics Developer Program Cost Enrollment Requirements Certificate Issued Provisioning Limit Device Provisioning Requirements ios Developer Program 1 $99/year - Valid credit card - Valid Apple ID Developer Certificate 100 devices Devices must be manually authorized via their UDID 2 ios Developer Enterprise Program 3 $299/year - Valid credit card Enterprise - D-U-N-S number 4 Certificate Unlimited devices 5 None Provisioning Profiles To run an enterprise or developer-signed app, an ios device must first install a file called a provisioning profile. Figure 1a: Download Security Notice 6 Provisioning profiles contain the signing certificate and the app ID, verifying that the app s developer is registered with a valid ios developer account. To streamline the installation process, developers increasingly embed provisioning profiles inside apps. When a user attempts to download an app outside the App Store that contains a provisioning profile, their ios device will alert them (see Figure 1a at right), asking them to confirm the download. Their device will alert them again (see Figure 1b on the following page) to confirm they trust the developer behind the provisioning profile. When a user trusts a developer their device will then automatically trust any apps that use the same provisioning profile in the future and will not trigger additional security alerts for those apps. 1 See: https://developer.apple.com/programs/ios/ 2 UDID: Unique Device Identifier 3 See: https://developer.apple.com/programs/ios/enterprise/ 4 D-U-N-S Number: a unique, nine-digit identification number issued by Dun & Bradstreet that attests to a company s physical address. 5 While Apple contractually requires organizations to only distribute enterprise-signed apps to their employee devices, outside of a signing certificate expiration or revocation, enterprise-signed apps can be installed on an unlimited number of ios devices. 6 Image source: https://support.apple.com/en-us/ht204460 lookout.com v2.0 3

Many companies today deploy enterprise-provisioned apps using a Mobile Device Management (MDM) service. Devices under MDM management can have multiple enterprise-provisioning profiles installed. In addition, an MDM profile does not prevent devices from downloading enterprise-provisioned apps from third parties as long as those apps are signed with a valid enterprise certificate. Figure 1b: Installation security notice III. The App Sideloading Threat The fundamental challenge with the app sideloading threat is that a sideloaded app and a legitimately-provisioned app look much the same to an ios device since both use Apple-issued signing certificates as depicted in Figure 2 below. Figure 2: Enterprise App Provisioning (A) vs. App Sideloading (B) lookout.com v2.0 4

When it comes to signing certificate abuse, developer certificates make for a less practical attack vector since an attacker would also need to obtain the UDIDs of target devices. Enterprise certificates, however, do not have this constraint since an enterprise-signed app will run on any ios device provided the user accepts the security notices, even on non-jailbroken devices. To obtain an enterprise certificate through their developer program, Apple requires applicants to provide a D-U- N-S number as proof that they have a legally registered business. Unfortunately, motivated attackers can circumvent this requirement by registering legal entities themselves. With minimal effort, for example, an attack can register a new business online via a variety of legal services and then use this registration to obtain a valid D-U-N-S number, and thereby, an enterprise certificate. In 2013, for example, it came to light that mobile development services company, MacBuildServer, was openly signing any third party apps with its own enterprise certificate 7. Although Apple promptly revokes a certificate when it learns of signing abuse (which occurred in the case of MacBuildServer) it s difficult to keep tabs on this problem. Security researchers, for example, recently documented more than 1,000 ios apps available for public download outside the App Store using enterprise and developer certificates 8. Ultimately, attackers have taken notice of enterprise provisioning abuse as a viable means to sideload ios malware. Table 2 below documents two recent ios attacks that abused enterprise provisioning and sideloaded surveillanceware on non-jailbroken devices: Attackers that can t be bothered with this effort can also reuse enterprise certificates issued to other parties. Table 2: Recent Sideloaded ios Threats That Abused Enterprise Provisioning ios Threat Year Description XAgent 2015 XAgent is ios surveillanceware that collects a range of sensitive data from compromised devices including SMS, contacts, photos, and GPS locations; it can also remotely activate voice recording on compromised devices. 9 Wirelurker 2014 Wirelurker is ios surveillanceware delivered via USB connections to infected OS X devices. Wirelurker can capture contact lists and SMS messages from compromised devices. 10 7 Apple Slams The Door On Super Mario. ReadWrite. July 2013. http://readwrite.com/2013/07/17/apple-slams-the-door-on-super-mario 8 Enpublic Apps: Security Threats Using ios Enterprise and Developer Certificates. Zheng, Min, Hui Xue, Yulong Zhang, Tao Wei, and John C.S Lui. April 2015. http://www.cs.cuhk.hk/~cslui/publication/asiaccs15.pdf 9 XAgent iphone Malware Attack Steals Data without Jailbreaking. Mac Observer. February 2015. http://www.macobserver.com/tmo/article/xagent-iphone-malware-attack-steals-data-without-jailbreaking 10 Malicious Software Campaign Targets Apple Users in China. The New York Times. November 2014. http://bits.blogs.nytimes.com/2014/11/05/malicious-software-campaign-targets-apple-users-in-china/?_r=0 lookout.com v2.0 5

IV. Lookout s Approach to App Sideloading Protection To protect an organization from sideloaded apps, Lookout s platform automatically analyzes apps delivered from outside the App Store and determines whether they can run on the device or not. Figure 3 below demonstrates this approach in greater detail, in the following processes: 1) An attacker distributes an enterprise (or developer) signed app to employee devices via email attachments, webpage links, or USB cable. 2) An employee downloads and installs the app after accepting the standard device security notices. 3) Before the app is executed, Lookout sends a range of security telemetry about the app to the cloud where it is instantly analyzed and Lookout then immediately alerts the user if the app is not approved by their organization. 4) The analysis performed in the cloud includes app metadata analysis to determine the app s source as well as analysis of the app s signing certificate to determine if it s authorized for use within the organization. 5) Lookout s remedial actions include not only an immediate user alert to remove the app, but also an alert to Lookout s admin console. Where organizations have integrated their MDM service, Lookout can also alert the MDM to enforce device policy (e.g. shutting down network access). Figure 3: Lookout s Approach to App Sideload Protection lookout.com v2.0 6

Lookout s approach to app sideloading detection offers more comprehensive protection when compared to existing security approaches. Advanced threats can fool app reputation and app behavioral analyses by replacing legitimate apps with undetectable, trojanized versions (e.g. Masque Attack) or by suppressing undesirable behaviors. In each case, Lookout s platform would not be fooled by these evasive maneuvers since it would block the threats based purely on their unauthorized distribution method. This novel approach to sideload detection, combined with Lookout s advanced threat and jailbreak detection capabilities, better positions Lookout to detect ios threats, including novel ios attacks. In summary, Lookout s unique approach lowers the risk of a sideloaded attack to almost zero. To evade this approach an attacker would need to compromise the enterprise or developer certificates that belong to the target organization. Otherwise, if an attacker uses their own certificate or even a third-party certificate to sign a sideloaded app then Lookout will detect this threat. lookout.com v2.0 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information