Time
3 hours 58 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
Let's dig in the model one mobile Lance gave in architecture
00:04
in this module will take a look at mobile risks in the mobile landscape,
00:08
become familiar with IOS and android architectures, identify attack service's and finally test our knowledge out of it.
00:15
To understand mobile malware, we need to become familiar with the devices it runs on
00:20
as of May 2019. It's clear from the graph that Android is the clear favorite when it comes to choosing a mold platform. They come in with around 75% of the market share now. This could be somewhat surprising due to the popularity of Apple products. However, this percentage likely reflects Android Os being an open source platform
00:40
and that it supported on so many devices.
00:43
If we compare that to Apple IOS, they own about 23% of the market.
00:48
This could be because Apple IOS will only run on Apple hardware, and it's considered mostly close sores.
00:54
Also, Apple products tend to be more expensive than android devices, in some cases, which could make them less attracted to consumers.
01:00
Lastly, I chose to include Windows and BlackBerry, which make up about 1/4 of a percent of mobile platforms.
01:08
If I were to give this course a five years ago, we probably would have covered malware for these platforms. But given that the market share for devices supporting Windows and BlackBerry are somewhat negligible, we won't be covering malware for those platforms in this course.
01:23
With that said, if you're curious about now, where for these devices there are a lot of resource is online, and I'll include some links for you in the supplementary of materials.
01:33
When we look at the device market in the US, we get a slightly different story
01:37
in the U. S. I. O. S leads the Hansa market with Android slightly behind.
01:41
Based on the data we've seen so far, what type of malware platform do you think Attackers are focused on the most?
01:47
Well, if you answered Android, you would have been right. From our perspective, Android makes up a little less than half of all now, or infections. That's a staggering number. At 47% it's even more than Windows PCs, which make up about 36%.
02:01
What's more, in 2017 Google blocked over 700,000 malicious applications from the Google Play Store
02:08
now. Although Ghoul doesn't officially released data for denied applications based on some third party estimates, we can suspect the rejection rate in 2018 could be over one million.
02:20
Apple also has their share rejections. They block about two million APS per year. Although that may sound like a lot, it's important to know an app may not just get tonight because it's malicious. But rather the APP doesn't adhere to a specific set of security requirements.
02:36
What specific requirements you ask? Well, don't worry. Hold that question for now, as we will explore this topic a bit further when we dive into each architecture.
02:45
So with Mobile Mauer on the rise, you may be asking yourself, why has it become so popular in the past few years? Well, in short, mobile devices offer a set of unique challenges. First, do the physical size of the device it could be lost or stolen in data stored within the device could be compromised.
03:01
Additionally, because of the size of the device, developers are often making security trade offs to make
03:07
a more dynamic application or user experience.
03:10
Also, mobile devices have access to a location, data, videos, audio call, locks, contacts, physical sensor data and even biometric data, all of which usually gets stored and even transmitted with mobile applications.
03:24
As far as mobile applications are concerned, it's important to remember devices nowadays use a smaller version of the platforms that we use on our larger home devices. Typically, these mobile applications and operating systems are developed in the same software languages such as Java, for example. Thes languages are susceptible to many of the same vulnerabilities and attacks that are home devices suffer from,
03:45
such as exploits, spyware, trojans, worms,
03:47
viruses and other forms of malware that will be examining throughout the course. Lastly, our mobile devices are always connected. So whether it's to our mobile carriers 45 g network Bluetooth there WiFi Each network has a unique set of vectors for remote expectation, data leakage or even interception.
04:05
Although this list doesn't include all device challenges, we can begin to gain a clearer understanding of why mobile devices are an attractive target to an attacker and to identify some mobile risks. But before we do that, let's have a quick information security review. We will do this because we want to put more context specifically on mobile risk
04:26
and had more clarity to terms that are often confused to their meaning. So for our discussion in mobile risk is a potential of loss or harm
04:33
to our business or ourselves. That was caused by a mobile device
04:39
to derive in a risk or determine if a potential risk exists. We must quantify our risk by taking summation of the threats, vulnerabilities and assets.
04:48
So in our case, what do you think our asset is? Well, all the answer seems simple. You may have said our device. It's important to remember that the asset is not only the device itself but also includes any data on the device data contained within mobile applications in any type of network. Resource is
05:05
now while performing Mauer analysis. You want to keep in mind that Mao author could be attempting to utilize or compromise your assets in some way.
05:15
Next, we have our vulnerability, so a vulnerability is some type of flaw that could be exploited in some way. This flaw could be present within the hardware or software, the device or even a fall. That's the results of the user changing a security configuration on their device.
05:30
Keep in mind again. Malware authors commonly attempt to exploit vulnerabilities in hardware, software
05:36
and configurations to further compromise devices.
05:41
And lastly, we have our mobile device threats. Ah, threat is an attempt to damage or disrupt our mobile devices in some way. The keyword to focus on here is attempt
05:51
so commonly the terms, risk and threat are somewhat confused and used interchangeably. But to clarify, we can think of a threat as a type of attack being implemented during the attempt to compromise and mobile device here. In our examples, if a threat such as a malicious application
06:09
were to take advantage of a vulnerability such as insecure data storage,
06:14
we know that there's a potential for loss of data, which would be our risk
06:19
before we move on. Let's look at another example. So let's say we open an email on our company phone. The phone has a link to a website where we download the newest chat application. Let's say,
06:31
after some days of running the application, we find out our phone is running real slow and we can't access any other application or the corporate VPN. So in our case, what is the threat of vulnerability and risk.
06:46
While the threat comes in the form of fishing and social engineering, this is the attempt to compromise the vulnerability in some way. But wait, what is our vulnerability in this case?
06:57
Well, it depends. So because of vulnerability is a flaw in the system, we could say that our system is security awareness training. Now, though, I might have taken some liberties with the definition of the word system, trying to keep in mind that a piece of malware may not always use a conventional method
07:14
or exploit a widely known flaw to compromise the device.
07:18
So now that we know what the threat invulnerability is, can you tell me what risk there is? Well, we've already stated that we had no access to our device or network European. We could classify this as an outage or a disruption of service is now, although we're talking about the event after the fact,
07:36
but looking at the loss of harm the event caused,
07:40
we can see what the risk is and use this information to prevent further events from happening in the future.
07:46
So I hope that served as a great review of some information security concepts. If you're a new two mobile Mauer analysis or information security. A good exercise few might be to pause the video and write up a list of mobile assets, threats and vulnerabilities, and see what potential risks you might encounter while performing that were analysis.
08:03
I'm sure once you get thinking, you'll be able to come up with a pretty good list
08:07
and good ideas to probably keep them aside, because we'll be talking more about mobile threats and vulnerabilities and expanding our list when we die. Vinto Analyzing Mobile Mauer

Up Next

Mobile Malware Analysis Fundamentals

In the Mobile Malware Analysis Fundamentals course, participants will obtain the knowledge and skills to perform basic malware analysis on mobile devices. Participants will perform these tasks by learning and implementing tools and techniques while examining malicious programs.

Instructed By

Instructor Profile Image
Brian Rogalski
CEO of Hexcapes
Instructor