MOBILE MALWARE: WHY THE TRADITIONAL AV PARADIGM IS DOOMED AND HOW TO USE PHYSICS TO DETECT UNDESIRABLE ROUTINES

Black Hat USA 2013

Presented by: Markus Jakobsson, Guy Stewart
Date: Thursday August 01, 2013
Time: 10:45 - 11:15
Location: Roman 2

The traditional Anti-Virus paradigm focuses on signature-based and behavioral detection. These require substantial processing, which hurts the limited power resources of handsets. Also, carriers are reluctant and slow to deliver Firmware Over The Air (FOTA) patches, due to the rigorous testing they need to subject updates to, and the costs of over-the-air updates. A move to cloud-based screening fails to recognize that not all threats will be propagated over the backbone, may obfuscate themselves in transit; or fight back (as rootkits do) to evade reporting or use of techniques such as the "Google kill switch".

Hardware vendors are evaluating security solutions with hardware support, such as TrustZone, but while this reduces the vulnerabilities, it still exposes an attack surface. Software-based attestation has been proposed by several research groups, based on various techniques that rely on the physics of the device (such as the speed of the bus, etc) to detect undesirable routines. These techniques typically require some hardware support on the devices, though, such as a trustworthy authentication (of the device to an external verifier) and a timer that cannot be manipulated by malware.

Markus Jakobsson

Markus Jakobsson is a security researcher and serial entrepreneur. He is the founder of the security startups RavenWhite and Fatskunk. He is Principal Scientist at PayPal, and has in the past held positions as Principal Scientist at Palo Alto Research Center, Principal Research Scientist at RSA Security, Member of the Technical Staff at Bell Labs, Associate Professor at Indiana University, and Adjunct Associate Professor at New York University. He is a visiting research fellow of the Anti-Phishing Working Group, where he serves on the Wireless Device Fraud Working Group. Markus also serves on the technical advisory boards of Cellfony and Lifelock. His research is focused on socio-technicial fraud and malware; he has contributed to the knowledge of phishing, crimeware, mobile malware and efficient cryptographic protocols. He is author/editor of “The Death of the Internet” (Wiley, 2012), “Crimeware: Understanding New Attacks and Defenses” (Symantec Press, 2008) and “Phishing and Countermeasures” (Wiley, 2006). Markus is the inventor of more than a hundred U.S. patents and patent applications, and has published more than hundred articles. He received his PhD in computer science from University of California at San Diego in 1997.

Guy Stewart

Guy Stewart, (VP of Engineering). With over 25 years industry experience and a proven track record of technology execution and delivery, Guy has successfully led engineering teams at multiple early stage startups – setting technical strategy and building these engineering teams from the ground up. As Director of Global Security Products at Standard Microsystems, Guy worked with industry leaders to define and build custom silicon with hardware level security. He has designed, built, and successfully deployed solutions still in use today at locations around the world, with uses ranging from military applications to collaborative music authoring tools used by musicians. Guy is an expert in security and distributed systems. He graduated from the University of Texas, Austin, with a BS in Computer Science.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats