際際滷

際際滷Share a Scribd company logo

Accessibility Clickjacking, Devastating Android Vulnerability

Download as PPTX, PDF
S
Skycure

View recorded webinar - http://get.skycure.com/accessibility-clickjacking-webinar Accessibility Clickjacking, a vulnerability discovered by Skycures Mobile Threat Defense Research Team, is a method hackers may use to gain complete control over an Android device, including acquiring elevated privileges and exposing the content of all apps on the device. It can compromise container solutions and is extremely difficult to detect.

1 of 22
Downloaded 13 times
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 1 HOW TO PROTECT YOUR ORGANIZATION FROM A DEVASTATING NEW ANDROID VULNERABILITY Brian Duckering, Head of Product Marketing, Skycure
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 2 Meet Your Speaker Brian Duckering Head of Product Marketing Skycure
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 3 Quick Housekeeping There will be time for Q&A at the end Ask questions using the GTW chat pane The webinar is being recorded All attendees will receive a copy of the slides/recording Join the discussion #MobileThreatDefense
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 4 Old Endpoint vs. New Endpoint IPS IDS FIREWALL USB SECURITY DLP DATA ENCRYPTION WIRELESS SECURITY APPLICATION CONTROL AV
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 5 Mobile Threat Landscape Physical Network Vulnerabilities Malware
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 6 What is Accessibility Clickjacking? Android Malware & Vulnerability Discovered by Skycure Research Labs March 2016 Undetectable (other than by Skycure) Invisible to the end user Affects all except Marshmallow OS Compromises container solutions Exploitation method Tricks the user into granting unlimited rights to view and control the device 95.4% of all Android devices in use today
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 7 How it works Leverages 2 otherwise benign Android features: Accessibility Services Designed to facilitate interaction with the device for the vision impaired Accesses ALL textual information Graphic Overlay Allows apps to draw over other apps and pass touches to the lower app
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 8 Consequences of Accessibility Clickjacking Grants hacker ability to View/steal ALL textual information Message, Mail, Docs, etc. Container (MAM) data Gain admin access Encrypt device and change passcode Ransomware
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 9 Android Version Distribution and Vulnerability Version Codename API Distribution Vulnerable to Accessibility Clickjacking? Android Protection Measures 2.2 Froyo 8 0.1% Yes No protection 2.3.3 - 2.3.7 Gingerbread 10 2.6% Yes 4.0.3 - 4.0.4 Ice Cream Sandwich 15 2.2% Yes 4.1.x Jelly Bean 16 7.8% Yes 4.2.x 17 10.5% Yes 4.3 18 3.0% Yes 4.4 KitKat 19 33.4% Yes 5.0 Lollipop 21 16.4% Yes Restrict pass- through clicks for the OK button5.1 22 19.4% Yes 6.0 Marshmallow 23 4.6% No Require manual activation of pass- through clicks Source: Android.com, May 3, 2016 Froyo Marshmallow Ice Cream Sandwich Gingerbread OS Distribution Jelly Bean KitKat Lollipop
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 10 Accessibility Clickjacking Live Demo
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 11 Accessibility Clickjacking Remediation 1. Upgrade to the latest OS 2. Install apps from reputable stores We recommend Google Play Turn off 3rd party app installation Use a secure app installer 3. Install a Mobile Threat Defense Solution TURN THIS OFF
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 12 Vulnerabilities Malware Network Can Traditional Solutions Catch AC? Traditional Mobile Malware Analysis Server-side analysis only Signature/Static/Dynamic Too Little, Too Late! Ideal Solution Is Holistic 3-layer strategy Leverage MDM functions Automated enforcement Device Server Crowd Wisdom Physical
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 13 Holistic Defense Against Malware Predict Reputation analysis what it is - App, Developer, Store, Detect Behavior analysis what it does - What is the app doing? - How is the app doing it? Protect Proactive protection how to stop it
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 14 Skycure Malware Analysis Modules Source Analysis Package Segmentation Gradual Analysis
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 15 Skycure Malware Analysis Modules Source Analysis Package Segmentation Gradual Analysis Signatures Analysis Static Analysis Dynamic Analysis
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 16 Skycure Malware Analysis Modules Crowd Wisdom helps to understand the Entire Attack Flow Source Analysis Package Segmentation Gradual Analysis Signatures Analysis Static Analysis Dynamic Analysis Legitimate App Profiling Repackage Detection Attacker Profiling
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 17 Vulnerabilities Malware Network Skycure Mobile Threat Defense Holistic Defend against all attack vectors Deep, layered analysis Patented Unique analytics, detection, remediation Public Respects user/corporate privacy Future proof and stable Minimal CPU/battery impact Device Server Crowd Wisdom Physical
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 18 Skycure Solution Overview Physical Network Vulnerabilities Malware 24x7 detection and protection Network, device and app analysis Multi platform Seamless experience Privacy Minimal footprint End-User App
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 19 Physical Network Vulnerabilities Malware Policy enforcement Risk-based management Enterprise integrations Security Visibility IT Satisfaction Management 24x7 detection and protection Network, device and app analysis Multi platform End-User App Seamless experience Privacy Minimal footprint Skycure Solution Overview
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 20 Skycure Solution Overview Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware Policy enforcement Risk-based management Enterprise integrations Visibility Security Visibility IT Satisfaction Management 24x7 detection and protection Network, device and app analysis Multi platform Seamless experience Privacy Minimal footprint End-User App 1 Million+ Global Threats Identified https://maps.skycure.com Crowd Wisdom Millions of monthly tests - apps & networks Skycure Research No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut Threat Aggregator Dozens of threat feeds from 3rd parties Legitimate Services Attackers & Threats
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 21 Is your organization vulnerable? 2 Step Enterprise Trial Process Step 1 Download Skycure Public App (Recommendation: 5-20 devices) Step 2 Review Skycure Assessment Report in 4 weeks What do we usually find? NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLED PERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATS PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES EVERY ORG with 200+ employees had iOS malware of Android devices
Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 22 Next Steps TRIAL Request a FREE 30 day trial! https://www.skycure.com/trial 1-800-650-4821 sales@skycure.com

More Related Content

Accessibility Clickjacking, Devastating Android Vulnerability

  • 1. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 1 HOW TO PROTECT YOUR ORGANIZATION FROM A DEVASTATING NEW ANDROID VULNERABILITY Brian Duckering, Head of Product Marketing, Skycure
  • 2. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 2 Meet Your Speaker Brian Duckering Head of Product Marketing Skycure
  • 3. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 3 Quick Housekeeping There will be time for Q&A at the end Ask questions using the GTW chat pane The webinar is being recorded All attendees will receive a copy of the slides/recording Join the discussion #MobileThreatDefense
  • 4. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 4 Old Endpoint vs. New Endpoint IPS IDS FIREWALL USB SECURITY DLP DATA ENCRYPTION WIRELESS SECURITY APPLICATION CONTROL AV
  • 5. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 5 Mobile Threat Landscape Physical Network Vulnerabilities Malware
  • 6. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 6 What is Accessibility Clickjacking? Android Malware & Vulnerability Discovered by Skycure Research Labs March 2016 Undetectable (other than by Skycure) Invisible to the end user Affects all except Marshmallow OS Compromises container solutions Exploitation method Tricks the user into granting unlimited rights to view and control the device 95.4% of all Android devices in use today
  • 7. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 7 How it works Leverages 2 otherwise benign Android features: Accessibility Services Designed to facilitate interaction with the device for the vision impaired Accesses ALL textual information Graphic Overlay Allows apps to draw over other apps and pass touches to the lower app
  • 8. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 8 Consequences of Accessibility Clickjacking Grants hacker ability to View/steal ALL textual information Message, Mail, Docs, etc. Container (MAM) data Gain admin access Encrypt device and change passcode Ransomware
  • 9. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 9 Android Version Distribution and Vulnerability Version Codename API Distribution Vulnerable to Accessibility Clickjacking? Android Protection Measures 2.2 Froyo 8 0.1% Yes No protection 2.3.3 - 2.3.7 Gingerbread 10 2.6% Yes 4.0.3 - 4.0.4 Ice Cream Sandwich 15 2.2% Yes 4.1.x Jelly Bean 16 7.8% Yes 4.2.x 17 10.5% Yes 4.3 18 3.0% Yes 4.4 KitKat 19 33.4% Yes 5.0 Lollipop 21 16.4% Yes Restrict pass- through clicks for the OK button5.1 22 19.4% Yes 6.0 Marshmallow 23 4.6% No Require manual activation of pass- through clicks Source: Android.com, May 3, 2016 Froyo Marshmallow Ice Cream Sandwich Gingerbread OS Distribution Jelly Bean KitKat Lollipop
  • 10. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 10 Accessibility Clickjacking Live Demo
  • 11. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 11 Accessibility Clickjacking Remediation 1. Upgrade to the latest OS 2. Install apps from reputable stores We recommend Google Play Turn off 3rd party app installation Use a secure app installer 3. Install a Mobile Threat Defense Solution TURN THIS OFF
  • 12. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 12 Vulnerabilities Malware Network Can Traditional Solutions Catch AC? Traditional Mobile Malware Analysis Server-side analysis only Signature/Static/Dynamic Too Little, Too Late! Ideal Solution Is Holistic 3-layer strategy Leverage MDM functions Automated enforcement Device Server Crowd Wisdom Physical
  • 13. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 13 Holistic Defense Against Malware Predict Reputation analysis what it is - App, Developer, Store, Detect Behavior analysis what it does - What is the app doing? - How is the app doing it? Protect Proactive protection how to stop it
  • 14. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 14 Skycure Malware Analysis Modules Source Analysis Package Segmentation Gradual Analysis
  • 15. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 15 Skycure Malware Analysis Modules Source Analysis Package Segmentation Gradual Analysis Signatures Analysis Static Analysis Dynamic Analysis
  • 16. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 16 Skycure Malware Analysis Modules Crowd Wisdom helps to understand the Entire Attack Flow Source Analysis Package Segmentation Gradual Analysis Signatures Analysis Static Analysis Dynamic Analysis Legitimate App Profiling Repackage Detection Attacker Profiling
  • 17. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 17 Vulnerabilities Malware Network Skycure Mobile Threat Defense Holistic Defend against all attack vectors Deep, layered analysis Patented Unique analytics, detection, remediation Public Respects user/corporate privacy Future proof and stable Minimal CPU/battery impact Device Server Crowd Wisdom Physical
  • 18. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 18 Skycure Solution Overview Physical Network Vulnerabilities Malware 24x7 detection and protection Network, device and app analysis Multi platform Seamless experience Privacy Minimal footprint End-User App
  • 19. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 19 Physical Network Vulnerabilities Malware Policy enforcement Risk-based management Enterprise integrations Security Visibility IT Satisfaction Management 24x7 detection and protection Network, device and app analysis Multi platform End-User App Seamless experience Privacy Minimal footprint Skycure Solution Overview
  • 20. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 20 Skycure Solution Overview Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware Policy enforcement Risk-based management Enterprise integrations Visibility Security Visibility IT Satisfaction Management 24x7 detection and protection Network, device and app analysis Multi platform Seamless experience Privacy Minimal footprint End-User App 1 Million+ Global Threats Identified https://maps.skycure.com Crowd Wisdom Millions of monthly tests - apps & networks Skycure Research No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut Threat Aggregator Dozens of threat feeds from 3rd parties Legitimate Services Attackers & Threats
  • 21. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 21 Is your organization vulnerable? 2 Step Enterprise Trial Process Step 1 Download Skycure Public App (Recommendation: 5-20 devices) Step 2 Review Skycure Assessment Report in 4 weeks What do we usually find? NUMBER OF DEVICES WITH MALICIOUS APPS INSTALLED PERCENTAGE OF DEVICES EXPOSED TO NETWORK THREATS PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES EVERY ORG with 200+ employees had iOS malware of Android devices
  • 22. Title of Presentation DD/MM/YYYY息 2016 Skycure Inc. 22 Next Steps TRIAL Request a FREE 30 day trial! https://www.skycure.com/trial 1-800-650-4821 sales@skycure.com