Weeks 9 & 10 - Mobile Security

These final weeks will pivot from personal computers to mobile devices. It is worth noting how new the technology is despise the overwhelming presence in today's society.
source: lecture slides, Defense Against the Dark Arts, CS373, Oregon State University

There are a couple of ways to get around the system's security. In iOS, jailbreaking can be done to run third party applications. In Android, the OS can be rooted which allows root access to the system. Android security has had enhancements with every new version of the operating system. The following timeline is outdated but it gives a nice overview of the beginning of mobile platforms.
source: lecture slides, Defense Against the Dark Arts, CS373, Oregon State University

Timeline of mobile malware:

The first botnet called YXES was detected in Symbian in 2009, the malware was passed via SMS
IKEE - first iIS malware detected in November 2009. It only targeted jailbroken iPhones.
FakePlayer was the first Android malware found in August 2010. It is a trojan distributed via SMS. Tapsnake was found around the same time and was the fist malware found in the app store Google Play.
Genimi was the fist Android botnet found in December 2010 in China, it was distributed in third party markets. It leaked device information and location coordinates and prompted the user to uninstall applications
PJAPPS was one of the first android malware that intercepted all SMS messages.
DroidDream was the most sophisticated piece of mobile malware when it was first detected. Because it was bypassing google security, google's reaction was to implement a remote kill switch. They remotely removed all of the affected applications from people's devices.

Comments

Post a Comment

Popular posts from this blog

Week 5 - Windows Internals

Image
This week we will be primarily focusing on rootkits. A rootkit is a piece of malware that conceals its activities and existence from the user. The ushering in of this new era of malware came into focus in 2006 when Sony released a disk to try and prevent copying of music. In this piece of software any file that started with $sys$ was hidden from the user. Attackers saw the potential of this and gained control of this method. The majority of rootkits operate in a 32 bit Windows environment however some rootkits target a 64 bit environment. Most rootkits are at the kernel level because at this level they have full access and control to the system. The slide below is a nice illustration what the computer architecture looks like and where rootkits are located. slide source from lecture, OSU CS 373 Definitions for this week: thread - the smallest unit of execution within an operating system. The slide below has a nice demonstration of how a thread is executed hooking - redirecting...
Read more

Week 1 - Introduction to Malware

This week we were introduced to the basics of malware. The first commercial anti-virus was released in the early 1990s where updates would be distributed monthly via floppy disks. An important component in current and future anti-malware is collaboration efforts between companies. If one company remains siloed in their efforts they can miss behavior that a different company may see from the same piece of malware. The primary vector for malware is users. Next is USB drives. Some basic definitions that were covered are: DGA - domain generating algorithm that creates lots of domain names that can be used as rendezvous points for command and control servers Malware - shorthand for malicious software viruses - these are a type of malware that are polymorphic and parasitic worm - this type of virus is not necessarily parasitic, the main purpose is to spread as quickly as possible trojan - backdoor and downloader means that the hacker is controlling the host machine remotely. Tro...
Read more

Week 4 - Software Vulnerabilities and Common Exploits

Image
There are two main components to hacking, finding "bugs" in the software that allows the user to interact with a program in an unintended way and configuration vulnerabilities (an example of a configuration vulnerability is a weak password). Hacking used to primarily focus on a company's perimeter systems (parts of the system that are exposed to the internet), but as defense against those types of attacks have been improved hackers are now targeting the internal systems aka the system's users. Memory corruption is a key area that attackers can examine to try and gain access to the system. The definition used by the lecturer this week is: "Accessing (reading/writing) memory (stack/heap) in an invalid (originally unintended) way which results in an undefined behavior (what we are looking to control)." There are four common categories of memory corruption: lifetime control, uninitiated memory, array index calculations, and buffer length calculations. A stan...
Read more