The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de
Introduction Security Evangelist at G Data: Privately owned - Established 1985 in Germany (Bochum) First Atari AV software Security solutions for end users and companies Personally Involved in the industry since 1989 Worked as Senior Consultant/Anti-Virus Expert for several CERT-organisations and commercial enterprises like Kaspersky Lab, Westcon(Noxs), etc Co-founder of EICAR Press officeratamtso
Some History: The olddays!
Some years ago Virus Spam Worm Trojan
Current threats...
The Number Game About 70.000 new threats per day => +70.000.000 Threats/Malware Under the Radar = Money is involved
Today s Networks Lack Boundaries Internal/External network Individual Users connect from multiple locations Managed/Unmanaged devices Individual devices operate both inside the network, and on public networks New Devices on the Network eg. Netbooks, Mobile devices, etc Internet Question: Who has an Android phone? iphone? Symbian? BlackBerry? Other? Network Telecommuters Contractors Mobile Users Wireless Users
Mobile threats... Going back to the roots The first incidents: Liberty Horse Trojan Sept 2000 Telefonica SMS Mailer Dec 2000 911 DoS SMS Mailer in Japan April 2001 Flooder sending not wanted SMS Aug 2001 Phage destroys files on Palm Sept 2001 Vapor Trojan Horse hides applications Oct 2001 GPRS hack into 2.5G US network devices Nov 2002 Nokia 6210 V-card Exploit Feb 25, 2003 Siemens %String Exploit March 2, 2003 AT&T SMS Trojan May 5, 2003 First Symbian based Trojan Sept 2003
Cabir Phone worm (2003) Only works on Series 60 mobile devices, Eg. Nokia 3650, 6600, N-Gage. Siemens, Samsung, Sendo en Panasonic UsesBluetooth too spread each 15-20 seconds You must accept the transmission You must accept the installation Long term: battery drain
Some known malware (2006) Total: 27 families (f), 170 modificaties(m) Symbian: Flexispy, Comwarrior, Windows Mobile: Brador and Duts Java 2 Micro Edition: RedBrowser => Not many mobile malware
Spyware the other wave eg. Flexispy
Huike 3D anti-terrorist Story
70% 60% Global Market Share of Mobile OS percentage for smartphones - 2007 to 2012 (e = expected) 50% 40% 30% 20% Symbian iphone Blackberry Win Mobile Android 10% 0% 2007 2008 2009 2010 2011e 2012e Source: Gartner
Fakeplayer Beginning of 2010 SMS Trojan Pornplayer SMS are send 3x (mostly) 8+ variants Different names/icon Different premium numbers http://skamv.wordpress.com/2010/11/02/kiss/
Geimini Attackin China Android trojan Infected hundreds of thousands of chinese Android smartphones Sended mobile data to servers Remote controlled as a botnet for calls and text messages
DroidDream Steals information Drops more malware Download code from the internet Misuses 2 vulnerabilities in the Android OS ( patched already) Download updates Apps released under the names Kingmall2010, we20090202 and Myournet with DroidDreamattached > Removed from the official Android Market, More than 50 Apps affected
DroidDream Google s removal tool Which is the real tool?
ZITMO Zeus In The Mobile Steals mtans Target = Spanish (online) banks Replication via PC by Zeus botnet
The Update Problem
Mobile Malware Situation... End of the year... > 800% increase = Android Malware
The Real Problem with Android The higher the marketsharethe more interesting it becomes for the cybercriminal > money How easier the distribution of the malware the more interesting it becomes for the cybercriminal > via several channels, not only via official online Apps Markets/Shops Uncontrolled=better/attractive. Android=Windows? The Permission problem Use of exploits are easy because updates of Android are not always easy to install More possibilities in the future: more entrance/backdoor possibilities to spread other malware into businesses and corporates
THE FUTURE Exponential rise of Malicious Apps => Mobile Malware Mobile malware targetting Social Media / Mobile Payments(NFC) / Banking Targetted attacks via Mobile Malware Under the radar of the public...
Another Secure Solution :-) Thank you! Questions? Twitter: @EddyWillems