F N thi t M iFrom Nothing to Massive –Android under Attack

Vi t Di Vicente Diaz Senior security analyst

It´s September so weIt s September, so we ...

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question 1Question 1

How many of you have a mobile phone?How many of you have a mobile phone?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question 2Question 2

Do you think you haveDo you think you havesomething valuablegin your mobile phone?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Question 2 (again)

Actually probably more things than you think

Question 2 (again)

…Actually, probably more things than you think

Sep 22, 2011 The Kaspersky Security Symposium, Munich

You probably don´t want everybody to see this

Question 3Question 3

Are there viruses for smartphones?Are there viruses for smartphones?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

User Awareness Very Low!User Awareness … Very Low!

How do you estimate the malware infection risk when surfing the web from different devices?

SMARTPHONE PC / NOTEBOOK

TABLET PC(N=132)

5.1 pts5.1 pts

SMARTPHONE(N=1618)

4.7 4.7 ptspts

PC / NOTEBOOK (N=1518)

6.0 6.0 ptspts

NO RISK OF EXTREMELY HIGHNO RISK OF MALWARE

INFECTION

EXTREMELY HIGH RISK OF MALWARE INFECTION11 22 33 44 55 66 77 88 99

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Source: Smartphone Users Study for Kaspersky Lab

My Mobile Was Compromised So What?My Mobile Was Compromised, So What?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Mobile Malware HistoryMobile Malware History

2000‐2004 2004‐2006Th b i i

2006‐2008Evolution

2008‐NowMonetizationProof of 

conceptsThe beginning (Symbian)

Evolution (J2ME)

Monetization(All platforms)

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Mobile Malware EvolutionMobile Malware Evolution

65% growth of threats in 2010 over 2009

Number of Modifications

160018002000

100012001400

400600800

Source: Kaspersky Lab

0200

jun.04

apr.0

5

jun.05

aug.05

oct.0

5

dec.05

feb.06

apr.0

6

jun.06

aug.06

oct.0

6

dec.06

feb.07

apr.0

7

jun.07

aug.07

oct.0

7

dec.07

feb.08

apr.0

8

jun.08

aug.08

oct.0

8

dec.08

feb.09

apr.0

9

jun.09

aug.09

oct.0

9

dec.09

feb.10

apr.1

0

jun.10

aug.10

oct.1

0

dec.10

feb.11

apr.1

1

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Source: Kaspersky Lab

Malware for Smartphones 2011Malware for Smartphones, 2011

6% 1% 1%

23%

AndroidSymbianWindows MobileiOS

69%

Blackberry

Source: Kaspersky Lab

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Example 1: SMS FraudExample 1: SMS Fraud

Trojan dials international premium-t b thrate numbers every month

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Example 2: Rick in Your iPhone Example 2: Rick in Your iPhone

• Jailbroken Iphones first worm

• Nice, we all LOVE Rick Astley, don´t we?• However …

Sep 22, 2011 The Kaspersky Security Symposium, MunichMobile World Congress

‘Mobile Malware Threatscape in 2011’

Example 3: Android Market 2011Example 3: Android Market 2011

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Main Reason?Main Reason?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

But Wait There’s MoreBut Wait, There’s More

Sep 22, 2011 The Kaspersky Security Symposium, Munich

Social Engineering AttacksSocial Engineering Attacks

• Dear Mr. Foo (attacker knows who you are)• I´m calling you from your YourBank local office in Chelsea (attacker knows where youoffice in Chelsea (attacker knows where you live and your bank). 

• In order to prevent fraud we need to check• In order to prevent fraud we need to check some details, first I need to ensure you are the holder of the credit card with numberthe holder of the credit card with number xxx‐xxx‐xxx‐xxx  (attacker knows your credit card)card). 

• Can you please tell me the number that th b k f d?

Sep 22, 2011 The Kaspersky Security Symposium, Munich

appears on the back of your card? …

Targeted AttacksTargeted Attacks

Sep 22, 2011 The Kaspersky Security Symposium, Munich

SummarySummary

• Malware is  targeting the most popular platformsg g p p p• Profit‐driven• Authors unpunishedp• Social engineering + lack of user awareness• Devices easily accessed/stolene ces eas y accessed/sto e

• How long does it take to jailbreak an iPhone?

• More and more valuable data on them• Contacts• Agenda• Geo‐location

Sep 22, 2011 The Kaspersky Security Symposium, Munich

RecommendationsRecommendations

L k• Lock your screen• Use security software

k d• Back up your data• Use encryption• Beware of what you install• Do not jailbreak/root your device• Do not connect to untrusted Wi‐Fi access points• Do not skip updates

AND• Do not assume your mobile is safer than your PC

Sep 22, 2011 The Kaspersky Security Symposium, Munich

[Vi t Di ][Vicente Diaz][vicente.diaz@kaspersky.com][ 34 681244756][+34 681244756][@trompi]