Mobile Malware Attacks and Defense
eBook - ePub

Mobile Malware Attacks and Defense

  1. 440 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Mobile Malware Attacks and Defense

About this book

Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices.* Visual PayloadsView attacks as visible to the end user, including notation of variants.* Timeline of Mobile Hoaxes and ThreatsUnderstand the history of major attacks and horizon for emerging threates.* Overview of Mobile Malware FamiliesIdentify and understand groups of mobile malicious code and their variations.* Taxonomy of Mobile MalwareBring order to known samples based on infection, distribution, and payload strategies.* Phishing, SMishing, and Vishing AttacksDetect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.* Operating System and Device VulnerabilitiesAnalyze unique OS security issues and examine offensive mobile device threats.* Analyze Mobile MalwareDesign a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware.* Forensic Analysis of Mobile MalwareConduct forensic analysis of mobile devices and learn key differences in mobile forensics.* Debugging and Disassembling Mobile MalwareUse IDA and other tools to reverse-engineer samples of malicious code for analysis.* Mobile Malware Mitigation MeasuresQualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.- Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks- Analyze Mobile Device/Platform Vulnerabilities and Exploits- Mitigate Current and Future Mobile Malware Threats

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Mobile Malware Attacks and Defense by Ken Dunham in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2008
Print ISBN
9781597492980
eBook ISBN
9780080949192
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Chapter 1. Solutions in this chapter:

  • Understanding Why Mobile Malware Matters Today
  • An Introduction to MM Threats
  • An Introduction to Mobile Security Terminology
  • Summary
  • Solutions Fast Track
  • Frequently Asked Questions

Introduction

Explosive growth in the mobile market of smartphones, personal digital assistants (PDA), and similar integrated devices like an iPhone has become evident since the turn of the century. Concurrent with this emergent growth in the mobile media market is the development of mature cyber-criminal fraud operations and the spread of the first mobile malware (MM) in the wild.
Since at least 2000, select security experts have predicted gloom and doom about pending future attacks against smartphones and other mobile devices. In large part, they were wrong, not understanding all of the elements necessary to create the perfect storm for malicious attacks against mobile media. It takes more than technology vulnerabilities to result in exploitation—criminals testify to this fact on the Windows platform today! With a global explosion of mobile solutions and services, assets are increasingly integrated into this emergent medium. Criminals are already exploiting it for financial gain. The problem will certainly get worse before it gets better as this new market matures for an increasingly mobile society globally.
This is the first book of its kind addressing malicious attacks against mobile devices. Some conferences now focus significantly on new devices and how to exploit, analyze, and manage these new solutions. With the rapid change of technology, continually strained technology staff capabilities, and a very mature global criminal market, the time is now to act upon mobile security. This book takes you through the foundational aspects of mobile security and mobile malware and equips you with the necessary knowledge and techniques to successfully lower risk against emergent mobile threats.

This book's contents do include discussions of exploits and attacks. Handle all data with caution and use ethical and legal guidelines to respond to the media in the book. We've done our best to sanitize all weaponized data and cripple any code that script kiddies might want to abuse for illegal or unethical actions.
This book has been organized with a technical content flow that progresses from easy to more difficult. The first five chapters are easier to read for the nontechnical individual. Chapter 6 introduces higher mathematical models for working with phishing identification and mitigation and more complicated vishing attacks. Chapter 7 onwards dives into a wide range of technologies, exploits, and deep analysis of mobile malware (MM). Most importantly, each chapter is somewhat modular in design to support the geek in you, particularly when you need to look up reference material quickly in the book.

Understanding Why Mobile Malware Matters Today

The advent of mobility and consumer convenience cannot be denied. Historic days of talking about a network perimeter are seriously antiquated and no longer applicable to an increasingly networked world utilizing multiple operating systems, devices, and mobile solutions.
Risk, a function of the likelihood of a given threat and the ability for it to exercise damage or losses related to assets, has never been higher for the mobile market. Take, for example, an executive on the go who requires a BlackBerry for corporate calls, Web surfing, e-mail access, and even the ability to view e-mail attachments. If his device is attacked, his ever-important black book of contacts may be compromised or used in targeted attacks against individuals known to him. Corporate e-mails may be leaked and company data used by competitors or hackers looking to sell that data for a price. Ongoing monitoring of a compromised device could also lead to additional problems and data loss. For a busy executive on the go, security for the mobile device has now become mission critical for daily security operations. Any of the preceding security breaches could result in significant drops in consumer confidence and public stock values, significant lawsuits over identity theft or data loss, or competitors gaining the edge by leveraging stolen data from the executive.

Security works best when it is promoted from the CEO down to the security staff. Leverage case studies and anecdotal data clearly communicate the components of risk to executives to build buy-in with mission-critical staff. By regularly communicating internal risks, activities, and external risks, executives are best able to make informed decisions, placing a value upon computer security. This is especially true as it relates to brand name and consumer confidence, where executives don't want to see their name or the company name in the press due to a security incident.
Consumer security also matters to large enterprise networks. Financial institutions are working hard to gain the trust of consumers to perform mobile banking and similar services through their mobile solutions. Their work is paying off, with some surveys revealing nearly double the adoption and use rate by younger adults under the age of 35. In Asian and European locations, cell phones are starting to replace traditional landlines, and in some locations, such as Italy, the mobile device penetration rate is of over 90 percent. As each consumer begins to perform mobile banking, purchase multimedia for entertainment interests, and use mobile devices for productivity, a suite of products and services are quickly being implemented to cash in on the opportunities. Significant global assets now exist within the mobile market, ripe for the picking by a mature criminal underworld already adept at fraud in a traditional Windows operating system.
System administrators and forensic experts now face the need to be trained in, and properly implement, maintain, and respond to mobile security products within an enterprise environment. Several notable cases have already emerged where executives and others have been investigated for illegal actions performed through mobile devices. Forensic analysts need to know how to properly maintain chain of custody in order to investigate and analyze mobile device content. With a surge of new devices and solutions on the market, this is no easy task.
Many administrators are generally familiar with malicious code but are unaware of the details regarding MM. Understanding the history of MM to date, and the general capabilities of each primary family, is an essential element in preparing system administrators in their management of security for such products, in addition to assisting forensic analysts. The advent of Cabir source code spread by a group called 29A significantly changed the landscape of MM development as we know it today. Symbian is now the most widely targeted operating system by MM in the wild. Developments and attention paid to newer operating systems, such as the iPhone, are now on the front burner for many in whitehat, grayhat, and blackhat communities.

Notes from the Underground…

Cabir Source Code

The source code for Cabir was spread privately for several months prior to the January 1, 2005 distribution by 29A. Distribution of source code greatly increases the likelihood of modifications and new codes related to the original distribution. If source code for a new threat emerges or is sold or developed through hacker-for-hire relations, the risk of attack increases significantly.
Traditional attacks like phishing, and newer twists like vishing, also impact mobile security. Mobile media adoption is huge when it comes to “texting” with others, not to mention brief phone calls and e-mail...

Table of contents

  1. Brief Table of Contents
  2. Table of Contents
  3. Copyright
  4. Technical Editor
  5. Contributing Authors
  6. Acknowledgments/Contributors
  7. Chapter 1. Introduction to Mobile MalwareSolutions in this chapter:
  8. Chapter 2. Visual PayloadsSolutions in this chapter:
  9. Chapter 3. Timeline of Mobile Malware, Hoaxes, and ThreatsSolutions in this chapter:
  10. Chapter 4. Overview of Mobile Malware FamiliesSolutions in this chapter:
  11. Chapter 5. Taxonomy of Mobile MalwareSolutions in this chapter:
  12. Chapter 6. Phishing, SMishing, and VishingSolutions in this chapter
  13. Chapter 7. Operating System and Device VulnerabilitiesSolutions in this chapter:
  14. Chapter 8. Analyzing Mobile MalwareSolutions in this chapter:
  15. Chapter 9. Forensic Analysis of Mobile MalwareSolutions in this chapter:
  16. Chapter 10. Debugging and Disassembly of MMCSolutions in this chapter:
  17. Chapter 11. Mobile Malware Mitigation MeasuresSolutions in this chapter:
  18. Glossary
  19. Glossary: Glossary of TermsNumbered TermsABCDEFGHIJKLMNOPRSTVWX
  20. Index