What is Threat?
Threat is defined as to impose injury, give pain, damage, or other hostile action to anyone in the world.
Threats that Affect Android Devices
Malicious programs that are detected and spread widely on Android smartphones can be classified into the following types.
- SMS Trojan
- Data leakage
- Malware and Spyware
- Viruses and Trojans
- Browser Exploits
- Phishing and Grayware apps
- App advertising module
- Vulnerability attack tool (exploit kit) used to acquire root access rights for smartphones
Some malware was found in the App Store. Throughout 2012, Kaspersky Lab has detected several malicious programs on the Google Play Store and Amazon Appstore.
Android Devices that Continuously Exposed to Attacks
Of the mobile device malware detected by Kaspersky Lab in 2012, 99% were designed to target the Android platform.
In the same year, Kaspersky Lab’s Internet security experts analyzed more than 35,000 malicious programs for Android devices.
There is a reason for the proliferation of malicious programs for Android.
- Android is the most popular operating system (OS) for new smartphone applications, with a market share of over 70% worldwide.
- It is an OS developed based on open-source software, and any application can be easily created. There are also many unofficial app stores.
All these situations affect the security of your Android device.
Mobile Threat Defense
Based on this idea, a security solution called “MTD (Mobile Threat Defense)” is rapidly gaining attention among companies these days. Until now, mobile device security measures have focused on “MDM (Mobile Device Management)” and “EMM (Enterprise Mobility Management)”, but these measures have been lost devices. Although it was possible to prevent information leaks due to theft and theft, it was not always effective against external threats such as cyber-attacks.
In a telework environment, corporate employees will be able to do their jobs by using not only PCs but also various client terminals such as smartphones and tablet terminals in the right places according to their work styles. However, until now, corporate client security has always been a PC-specific measure. In order to protect yourself from the damage of cyber-attacks in the coming telework era, it is necessary to apply the same security measures as PCs to mobile devices.
On the other hand, MTD has functions to deal with various security risks as shown below, and by linking with existing MDM and EMM solutions, it is equivalent to what has been done for PCs and servers so far. It realizes the security measures of.
- Malicious apps and app tampering
It quickly detects behaviors that clearly deviate from normal application behavior, such as connecting to malicious sites, escalating account privileges, and inserting irrelevant libraries, and prevents damage from cyber-attacks.
- Side Load App
So-called “sideload apps” that are downloaded and installed from sources other than the legitimate app store are known to contain many security vulnerabilities, some of which are clearly malicious code. May be embedded. Identifying and detecting these apps is also one of the important roles of MTD.
- System Tampering
Many attacks targeting mobile devices allow fraud by removing security restrictions set by device manufacturers. Therefore, in the unlikely event that such system tampering occurs, it is extremely important to detect it as soon as possible.
- Utilization of OS and device vulnerabilities
New vulnerabilities in mobile devices and their operating systems are being discovered and reported daily. MTD checks if these vulnerabilities remain on the device and prompts the user to apply the hotfix if it has not been applied.
- Physical USB Theft
It is also common to use a USB connection to physically access a mobile device and launch an attack. Therefore, MTD must be able to reliably visualize and detect USB connections.
- Authority Promotion
An attacker can first break into a device with normal user access and then elevate to a privileged user such as root to gain access to any information or break into other systems. Therefore, if a regular user account attempts to be promoted to root on the device, you need to be sure to detect it.
- Device Rooting
There are usually certain restrictions on the actions and permissions a user can perform on a mobile device. However, you can get rid of that limitation by using informal methods called “rooting” and “jailbreaking”. However, the price is that it carries a great deal of security risk, so it is one of the important roles of MTD to detect rooting and jailbreaking and avoid the risks associated with it.
- Phishing Attack
In recent years, phishing attacks targeting mobile users have frequently been damaged through SMS and SNS. Preventing the damage of these attacks is also one of the important roles of MTD.
- Untrusted Profile
Attacks that send malicious profiles to mobile devices over the network have also been popular for some time. MTD can be used to prevent these malicious profiles from being applied to the device.
- Network Interception
Mobile devices used outside the secure corporate Internet always carry the risk of information leakage due to eavesdropping on network traffic. With MTD, these risks can be avoided in advance.