Claud 2013/05/31 12:15
This is an excerpt from a presentation delivered at The Cloud Beijing Salon on May 18, 2013. The views expressed in this article are my own and do not represent my own business or other organizations.
One, the introduction
Vulnerabilities in mobile clients are currently underappreciated. From the user’s point of view, the three aspects of mobile software security, anti-virus, software vulnerability and software copyright, can not be well distinguished. Even security enterprises, security organizations and institutions, and security researchers often abuse the word “mobile security” in the mobile field, narrowly defining it as whether there is malicious behavior in mobile applications; Most importantly, software developers don’t care much about security vulnerabilities in their software, partly because the so-called Attack Surface is too narrow compared to traditional Web systems or servers, partly because of commercial competition and rapid iterative feature development. However, given the current spate of targeted attacks, mobile software vulnerabilities will become increasingly important in the next wave of attacks. The combination of mobile software vulnerabilities and targeted attacks is an inevitable trend, and it has already happened.
Second, targeted attacks
The characteristics of targeted attacks include: the attacker has the most advanced experience, capabilities, tools and manpower to launch a comprehensive and covert attack on the identified target over a long period of time and with precision in order to achieve the known target and gain greater benefits from the real world perspective. The typical example of this kind of attack is the Stuxnet series of attacks. The U.S. government’s series of attacks on Iran’s nuclear power plants, which successfully halted Iran’s nuclear weapons production, are classic techniques. In terms of the process, targeted attacks involve a process of identifying targets, collecting information, long-term infiltration and carrying out attacks, in which social engineering, software and system vulnerabilities, malicious codes and other means are combined.
3. Characteristics of mobile platform
Compared with PC platforms, mobile terminals are significantly different in several aspects. These differences will become new targets for attack. From the perspective of communication, mobile terminals have 2G/3G/LTE and other mobile communication channels, WiFi network connection, USB data connection, Bluetooth device connection, NFC near field communication, PC network sharing, etc. These communication channels enable mobile terminals to be: 1) almost always online; 2) Connected office network and home network; 3) Connected to the real world. From the social perspective, mobile terminals often contain contacts, SMS, call, SNS data, identity data and calendar information. Mobile devices have almost become the symbol of identity, and this identity is very easy to be forged. From the perspective of geography, the mobile terminal contains the current rough and accurate geographical location, including the historical record of geographical location, including the search query record of LBS application. Combined with calendar information, time information, communication records, etc., it can accurately locate the next step of an individual’s journey. From the perspective of mobile office, mobile terminals have become standard office facilities. Mail, VPN, Wifi and enterprise applications have been very mature. Therefore, mobile platforms can provide more useful help than PC for targeted attacks in the determination of targets, information collection, cross penetration and other aspects.
4. Android platform vulnerabilities
In Android 2.1-2.3 system, there have been a number of general rights raising vulnerabilities; After 4.0.4, there were targeted loopholes for certain models such as Samsung and MOTOROLA. The two problems ignored are: (1) the vulnerability of some software with root or system permission may cause the attacker to obtain the attack effect similar to the right raising; Second, it is not too difficult to mine the vulnerabilities of specific models’ drivers and customized systems. For the system and third-party libraries, webView, Flash Player and other components have appeared a large number of vulnerabilities, even remote execution vulnerabilities. The 1day problem of third-party libraries has long been ignored. The application software vulnerability problem is more serious, domestic and foreign mainstream Internet enterprises have mobile client security vulnerabilities, most of which can lead to local data leakage or server data leakage. In the case of targeted attacks, the definition of client vulnerability is obviously not applicable.
Five, the case
The cases of targeted attacks on mobile terminals are as follows: 1. Ssucl infects a PC using the automatic running feature of the USB device from the mobile terminal, installs a microphone driver on the PC, listens to voice messages on the PC, and sends voice messages back. At the same time, it also reads all files sent back from the SD card, which involves the alleged security vulnerability of plaintext storage outside the application software. 2. Less than a month after Xuxian Jiang discovered the vulnerability of local arbitrary SMS number and content structure in the pre-installed SMS software of Android system, we have found the malicious code that actually uses this vulnerability. 3. Chuli malicious code targeted attacks on political organizations, checked the installed software information in mobile phones, targeted vulnerabilities mining and released vulnerability exploiting codes. 4. In the middle of April 2013, Wuyun Platform continuously reported five rights raising vulnerabilities of Huawei mobile phones.
Six, scheme
In terms of anti-virus, active defense, MDM, device encryption, system hardening, sandbox, etc., targeted attack schemes on mobile platforms all have various deficiencies. However, these schemes have the following problems: 1. It is difficult to detect and prevent vulnerability exploitation. 2. It is difficult to resist seemingly ordinary information collection. Are difficult to counter targeted, covert attacks
Seven, conclusion
In the combination of targeted attacks and mobile platforms, the vulnerability of mobile platforms will become more and more important, and bring corresponding technical challenges and opportunities.