Scribd
Upload
126 views

Mobile Device Security: Somesh Sawhney Sales Director - META & India Rohit Sinha Technical Director - META & India

The document discusses mobile device security and attack vectors. It covers introduction to mobile security threats, common mobile attacks like malware and phishing, and how mobile devices are now endpoints. It also discusses mobile forensic analysis to detect compromised devices.

Uploaded by

Karan Ojha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
126 views

Mobile Device Security: Somesh Sawhney Sales Director - META & India Rohit Sinha Technical Director - META & India

The document discusses mobile device security and attack vectors. It covers introduction to mobile security threats, common mobile attacks like malware and phishing, and how mobile devices are now endpoints. It also discusses mobile forensic analysis to detect compromised devices.

Uploaded by

Karan Ojha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Mobile Device Security

Somesh Sawhney Rohit Sinha


Sales Director – META & India Technical Director – META & India

Zimperium Confidential All Rights Reserved © 2020


Agenda
• Introduction to Mobile Security
• Mobile Device Attack Vectors
• Zimperium MTD Solution
• ZecOps Mobile Forensic
• Demonstration of Targeted Attack & Impact of Device Compromise

Zimperium Confidential All Rights Reserved © 2020


Mobile Device – The New Endpoint

Work Entertainment

SMARTPHONES APPS

Information Financial/Digital
Commerce

STORAGE WIFI NETWORK

Zimperium Confidential All Rights Reserved © 2020


State Sponsored Attacks

Zimperium Confidential All Rights Reserved © 2020


iOS and Android are not Safe

Zimperium Confidential All Rights Reserved © 2020


Common Answers & User Perception
• What can happen from Mobile Device
• Mobile OS are not vulnerable
• My device cannot be compromised
• I don’t think any cyber attacks can happen or does happen
through mobile device
• I use Apple device, so I am safe
• I have MDM and it is protecting me
• My Consumer Mobile Apps are safe, I don’t see a Risk

Zimperium Confidential All Rights Reserved © 2020


Attack Vectors

Device Network Phishing


Attacks Malicious
Attacks Sites Apps

Zimperium Confidential All Rights Reserved © 2020


L6-7 – APPLICATION + PRESENTATION
APPS USER BROWSER, EMAIL
Data
• AV/Malware (Ransomware, • Social Engineering • Known Browser CVEs

Application
Trojans, Adware, Spyware) • Lack of Security • Attachments (PDF,
• Access Abuse (Unsecured Awareness DOC,XLS)
Apps and Privacy Risk) • False sense of security • Spear phishing Emails
• Repackaged Apps • Session Hijacking
• 3rd Party Lib / Back Door • Man In The Browser
L5 – SESSION
• Time Bombs • Fake SSL Certificates
MULTIMEDIA CONTAINERS
Keys • Download & Execute (SSL Decryption)
• Stagefright (24 CVEs) • SSL Stripping • Unlocked Containers
• 11+ Threat Vectors (MMS, • VPN, Micro VPN
Browser, Downloads,
Email, Facebook App,
Gallery, etc.) SMS, MMS
L4 – TRANSPORT • Ransomware • Spear phishing SMS
• Malicious MMS RECON SCANS
Segment, Datagram • Stagefright (24 CVEs)
• IPv4, IPv6 Scans
• TCP, UDP Scans
• ARP Scans

Network
L3 – NETWORK WIFI
OS / KERNEL
Packet • Rogue AP
• OS Exploits • ARP MITM
• Kernel Exploits • ICMP Redirect
• Malicious Profiles (iOS) • ICMP Double Direct
• Network Configuration • SSL Striping
Attacks (DNS, Proxy, • Session Hijacking
Gateway) • Fake SSL Certificates
L2 – MAC / DATA LINK • Over The Air (OTA)
updates (like Swift Key) NFC, BLUETOOTH RADIO
Frame
• Remote Device • NFC Proxy • Rogue Cell tower /
Management • Malicious Bluetooth Femtocell
• Shared Lib Injection • MITM
• Persistent File System • Location Tracking
Modifications
USB

Device
L1 – PHSYICAL
• Malicious Chargers
Bit • Juice Jacking
• Key Loggers
• Shared Lib Injection
• Unsecured Memory Cards

Zimperium Confidential All Rights Reserved © 2020


Compromise Forensic Analysis

Returned from abroad? Are you being tapped?


Pre and Post travel inspections in Confirm if you were attacked, when,
near real time. and how.

Suspicious behavior? Phone is compromised?


Identify suspicious processes and Inspect your mobile devices in near real time
applications. and find out if you are at risk.

Agentless Mobile Threat Hunting Privacy Rapid investigation &


Above & Below iOS Friendly analysis in minutes
(no software on the phone)
Sandbox
(no access to PII) (vs. months manually)
including kernel space logs!
Zimperium Confidential All Rights Reserved © 2020
Zimperium MTD – Real Time Threat Detection

RISK THREAT
REMEDIATION REPORTING
IDENTIFICATION DETECTION

Device Risks Device Compromises MDM Actions Detailed Forensics


• Vulnerabilities • Rooted Device • Wipe Data
• No Device Encryption • Elevated Privileges • Terminate Access
• Jailbreaks • System Tampering
SOC Integrations
• SIEMs
• Unmanaged Profiles Block Phishing Site • EDRs
Phishing Sites
App Risks
• Insecure Apps
Network Threat Hunting
• Sideloaded Apps
Malicious Apps • Disable WiFi
• Disable Bluetooth
• Network Sinkhole
Network Risks Network Attacks
• Reconnaissance Scans • MITM Attacks
• Unsecured WiFi • Rogue Access Points Samsung KNOX
• Prevent App Install
• Uninstall App

Zimperium Confidential All Rights Reserved © 2020


ZecOps Gluon - Digital Forensic & Incident Response

iPads Risk & compromise assessment


Digital forensics reports

System Logs
Extraction Threat Intelligence

Responsible vulnerability
iPhone disclosure and full disinfection

Zimperium Confidential All Rights Reserved © 2020


Zimperium Confidential All Rights Reserved © 2020
Demo
Let’s see all this in Action

Zimperium Confidential All Rights Reserved © 2020


How you were Compromised - Attack Kill chain

Target discovery Intercept Traffic Social Engineering Connect to Device Privileges Elevation Compromised

Scan (IPv4/IPv6), Phishing MITM, Phishing Malware, Phishing Exploit Device OS / Kernel Exploit Data Theft

Locally and
1 2 URL Redirect 3 Deliver Hacking Tool 4 Deliver Exploit 5 File Sys Manipulation 6 from the Cloud

Zimperium Confidential All Rights Reserved © 2020


Thank you

For Demo in your organization, please contact:


Somesh Sawhney
Email – [email protected]
(Mobile &Whatsapp): +971-555632265

Zimperium Confidential All Rights Reserved © 2020

You might also like