Serious Threat or FUD Machine? The Mobile Security Debate

hiya good afternoon I'm Dan Hoffman with Juniper Networks appreciate everybody taking their time this afternoon to hear a little bit about mobile security and such yeah certainly I'd imagine everyone in this room has a smartphone or tablet or probably both right and we use them all the time it's real interesting it that when anytime you bring up mobile security you usually get a couple different responses some of the responses is yeah it's a problem we gotta address that and that's fine others are yeah I've never really thought about it other people say you're just lying you're just scaring people and trying to do all that so this is really about you know what let's just

get to the facts let's just say what's actually going on what do we really need to look at what needs to be addressed and then you all can make your own decisions that's really the goal of what this is so if we look at the mobile security debate that's out there there's been some pretty harsh things that have been not said if you work for a company selling worries protection for Android women or iOS you should be ashamed of yourself well I'm not if you read a report from a vendor that tries to sell you something based on protecting the Android rim or iOS from viruses there are also likely as not to be scammers

and charlatans that gets that's a little personal actually you know funny though do you know what I wouldn't say justified but there's certainly a lot of that going on I can tell you as a person that's worked in security research for a long time who also does go to sales meetings and things that nature that doesn't sell you don't sell security by coming up and trying to sensationalize things you really don't you may get a little bit of attention and get your name out there but a back you back for you just as much as it is so I don't understand why people say oh you're just trying to do this a lot of it is

research data and it gets kind of funny because they say well of course you say that you make each our malware software for for mobile devices and do security solutions for mobile devices of course you're going to say that ok but it's also what we do it's also data it's not like anybody's trying to scare anybody unnecessarily really isn't we've been looking at our mobile devices and and security for about nine years you want a tough sale try selling you time on our solutions from mobile devices in 2005 right it just wasn't happening and he also couldn't lie about it people knew was a coming threat and things were going on so gets a little

interesting couple things that happen recently you know this comes across as being a little bit socialize millions download a new Trojan discovered in Android Market they made kind of a big news and then a security camp company had a recant itself you know a lot of debate went on that oh here's another example of security companies just say just trying to scare people into using the voices well you know what I doubt highly that that was actually two things so many maybe jump the gun a little bit but awesome mr.singh these things going on and what I hope you get out of this presentation is to say all right I get it I see what's going on there you can make

your own decision based upon the data and then act accordingly the information I'm going to share with you is data that with that we get from our customers and our research okay it's gonna be very objective data I'm going to lay it out on the table for you any questions that you have about in any opinions that you have feel free to just pop right in and shout out a question that really really hope you take advantage of that so where we get our data when we do our research from we get it from system application source such as the Android Market we get it from third-party application stores around the world android markets great for

android everybody knows it but it's not the only place where people install applications from there's also known website repositories where where people are store malicious applications and the hacker websites we get samples from partners and customers and if we find something zero-day we take advantage of it so what we do is we take all this data and we process it and then we make it available yes we try to make better security products out of it because that's what we do that's the company that we are we're also obtained data and when number be able to present it to you something that I found interesting not offensive because I didn't take it personally but a charlatan means really

if you look at the definition is somebody who who essentially is speaking more than what they're qualified to speak about well I can tell you the data we're going to present you today wasn't just kids in their basement coming up with some ideas or some executive trying to make some money off of security this is people who are well skilled in security military security backgrounds and and so forth and you know what we do this security so we're not it's not salespeople coming up with these numbers it's actually what's taking place if we look at what are the threats are in anytime I talk about security people say oh you have viruses on your mobile phone

we know what that's part of it but that's not the only risk to mobile devices and you really need to take a holistic approach when you're looking at both understanding to the threats as well as mitigating the threats look at know where people you know viruses worms Trojans spyware adware you guys all know that well what is it really to mobile devices well what it really comes down to is it's not so much the viruses and the worms its Trojans and spyware pretty easy to understand too right you can't surf the internet listen to commercial on a radio or TV flip through a magazine to whatever without somebody saying download applications to your mobile device do it

you'll be productive entertained you'll be cool you'll be fashionable do it well you know what not every application is nice that's not hard to understand right you put an application up there it does something somebody doesn't know what it is what it's going to do it's malicious in nature and so forth that's not inconceivable to think that happens and that's really what we're talking about when we're talking about mobile malware it's really an exercise in analyzing applications that often what people are doing with them so kind of keep that in mind if somebody says well there's no viruses on mobile devices what do you mean by viruses are you being literal virus that works in the

traditional sense or he's saying there's bad things that happen to mobile devices that are application related because if it's the latter there actually are and I think you'll get that out of this presentation there's also the threat though even if you're not buying into the whole malware store you have mobile devices a couple of the categories of tax right direct attacks and this could be anything from malicious SMS messages of which every platform has been susceptible to or virtually every platform attacking network devices browser-based attacks all that kind of good stuff something you need to be aware of something that you need to be able to address let's also not forget about loss and theft very conceivable

right even at a conference such as this you leave your phone or your tablet somewhere you all get that you all know that well that's a threat right gets it on threats and mobile devices you could lose it then what do you do I'd also data communication interception I would speculate strongly that the devices that you all have right now I have Wi-Fi capabilities and if you have a why ever wanted connection sometimes you just have to go for Wi-Fi or all those same types of sniffing and man-in-the-middle attacks and all but all the good stuff still affect mobile devices right because that's it does matter what the device is it's it's a Wi-Fi on vulnerability big

problem then it also gets into the category of exploitation misconduct what are people doing with their devices fine you don't have some fancy highfalutin hack but it's somebody just transferring money out of an organization from it is a teenager being bullied or sexting or doing something like that with it it's about monitoring what's happening with the devices so if you look at kind of the threats categorically what's going on it's more than just well I don't you can get a virus on the new Droid device that's not really the point the point is take a look at your mobile devices find out what the vulnerabilities are and understand where they are we're going to talk about each

of these really in pretty good detail here all right so let's start with malware cuz this is the big one okay I can tell you as a guy that that ran a security research team and a product team to make mobile malware back in you know non we're years ago there wasn't a lot of threats out there and we didn't say that there were necessarily work and even if you look at these numbers now some people would say well that's not a lot but again you got a look at what the threats really are at the end of 2010 we had in our library this is not signatures this is how many malicious applications we had we hadn't on our

bird just over 11,000 so this was the end of 2010 okay this was after 9 years worth of research okay doing all the things that we said before scanner scanning getting all this great information from a lot of different places where people have been doing this a long time knowing where to look okay at the end of 2011 is that over 28-thousand okay that's a pretty significant jump is that just because we discovered one day that we repository that we didn't have no it's not it means that the threat is actually growing it's mean people are writing applications that are not nice that's what it means that's what mobile map no where it actually means

oh great great question so the question is what is the sample size whoa I was heading relative I'll give you an example our our repository right now is dog to give you the 2011 numbers it's our twenty eight thousand four hundred seventy two that's what we had at the end of 2011 that was after looking at seven hundred ninety thousand applications it's it's applicant so the question is who I was just applications these were applications that would be installed on a mobile device okay so you know whatever the percentage is is that a high percentage it's a low percentage is it more is it less it is it's what it is okay so somebody says there's no

malware well there is and we're gonna get very specific yes

a fantastic question the question was do you differentiate between what's actually malicious and maybe something that's let's say suspicious or just notable right from a privacy perspective yeah we do and that's I'll tell you that's a very big gray area there so I'll get to give you how we do it as a team kind of how we look at things those things that are not nowhere there's things that are look it's it's part where it hides itself it changes in the name of the application it tries to hide processes all that kind of good stuff right it's there's an intent of of something that somebody needs to know about but if it's a weather application that can make an

outgoing phone call without the users knowledge isn't that a little weird right yeah we note that and we actually categorize that as suspicious so we're able to say look here's bad everything else is okay and by the way you have this comic application that can send premium SMS messages in the background does that make any sense to anybody right this is just malicious this does not include suspicious so you know can I can tell you scary rising suspicious is you know quantifying that it's a good idea to do it it's such a gray area because it means so many things to other people and to put it up there and be so subjective that it would be you know a

lot of debate okay great questions and please keep it up yes sir

yeah it's all I understand if I kind of rephrase the question a little bit yeah what was this just found or was it installed or what's going on real hard to data to get really a very difficult data to be able to obtain I would say the people in the best position to be able to do that other people with the repositories over the stores to say this is how many people downloaded how many people did it right that's kind of a good way of getting it those numbers aren't really disclosed unfortunately but it's a it's a challenge for us to get it just fraud a thought out so a lot of the threats we can say well how many

devices that are downloaded that depends where they downloaded it from and they have that data and how for us to get it yes sir

sure so the question was is any any proof or evidence that something happened and then what was the impact yes we do we do get unfit that the device has been exported we've reference in the past and its is what it is we generally see an infection rate across our customer base and by and that's because that's where data from right where a security company and our customer base includes larger service providers in the world large enterprises consumers its parents teenagers it's really a good I think statistically a very good sampling and from that we generally see an infection rate of between 2 to 3% it could vary a little bit but that's what we see the with that

I can tell you that we've seen in enterprise and this was a global enterprise very large who has seen infection rates between 5 to 6% that was odd but it is what it is yes sir

it's great so it has another price that yes this happened and this is the fact that I've had on that we haven't yeah and you know I think there's a couple different reasons for that one is uh I think knowing then an event happened is part of it how do you even know if you don't you're not looking forward how do you know that it actually happened a loss the device maybe you can quantify a little bit better than ice cream malware but sometimes it's hard to be able to quantify and also we get asked that a lot we don't have a lot of companies at least be publicly announcing that kind of stuff I will tell you though that I'm

going to give you a specific example and I'll note some feedback we got from service providers in this respect I'll be very specific in terms of scope on that yes sir

yep absolutely the question is any data on downloading from say the Android Market as opposed to a third-party app store and yeah we do what I'm gonna go over that in pretty good detail though in terms of the amount of malware samples I saw this for admittedly two reasons one is to show we're not the only one seeing arise so you can see for example juniper we have twenty thousand four hundred seventy two applications we do malicious okay that can pretty close to that two others and I didn't come up here to throw anybody under the bus but this is their publish numbers so it's a threat not happening or reimagining it or all those

pretty far behind all those I think are pretty far behind and again I didn't want to throw anybody under the bus so I didn't want to put on there I also have the saltshaker up there which means take it with a grain of salt you know there's a lot of ways to categorize and quantify and you know it is what it is right but just something to keep in mind if you look at Android comparatively a lot of growth in Android I'm going to give me very specific on numbers here with it with Android as well over 13,000 malicious applications we found for Android okay it's a lot that's a lot of applications I think if you

look at and this is there was actually a study and an analysis done on free anti-malware applications of which you can download a plethora from the Android Market right now if you wanted to how good did they work and it came to conclusion that they really don't work too well well if you look at this statistic there where we have over 13,000 and they have 400 samples that they publish that they have pretty too big difference you get what you pay for right it's security right so again shows we're not the only one seem to rise in Android malware either so it gives you a foundation where I can give you numbers all day long our banking them up no and

here's somebody else seeing something pretty similar

I'm so can you repeat the question I didn't hear

yeah you know it the question was as would we consider path which would take information in store when we consider that malicious or not and basically what our methodology on that is there's a difference between a privacy issue let's say any malware issue and it's fun I had a similar conversation right before this session started and it was look if you download applications hey I downloaded this cool free app but I don't want them to get anything out of it I'm not gonna give up my location or dad or and I don't want to see any ads I just want cool apps that I can download for free no you give something up right somebody's got to get some fun out of it

the key is that knowing what you're giving up so if I download a cool game I'm cool with that I want to know my new location I maybe I even let it know what I buy online I don't know whatever whatever anybody's comfortable with that's ok it's about knowing what's going on how we address that is we tried the best we can to subjectively admittedly in our minds think if it's malicious a lot and I'll give you an example so if it were to hide itself I'll get you install an application it renames itself and it shows a different icon we consider that malicious if it's a game that happens to collect some of your personal information and send it to

somebody else depends if it's taking your emails yeah if it's taking some other stuff you know depends on a case-by-case scenario really but in an instance where we wouldn't consider it malicious we would then flag it as suspicious and then the end user can make their old there any easier or I should say or the administrator can make your own subjective opinion all right so I kind of break this out by operating system here if you look at the end of 2010 you can see the majority of the malware that we got was j2me and Symbian in fact almost all of it if you look at Android less than 1% of all the malware samples we had or from

Android ok one year later meeting at the end of 2011 almost half of what we saw was for Android was this because we stumbled upon a site we weren't looking at before to collect data no it's not it came from all those places this was a growth that we saw it wasn't just that we started looking for it it's not that we just magically found something that we didn't see before we're just noting the scroll that is what it is so it's a pretty notable change in the dynamic you also look at market share Symbian was huge I mean huge in the world now come almost completely disappearing in terms of new device sales anyway that has an effect

on what people are doing you know I keep going back to you know we've been doing this for a long time if you look at a Windows Mobile when you look at Symbian there's actually compared to please some pretty good exploits out there actually Symbian some really cool exploits and you can completely take control over phone by sending an SMS message to there and there was a lot of phones affected by that that's a big deal right you can see how the threats kind of shrink because simian devices are kind of fading away look at this year so what are the types of different malware that we see we're going to be specific or give you guys some concrete examples

that are here so if we look at for example the pie chart that's on the left over 63% all of them out what we see is spyware takes information sent this is somewhere else could that cross over into a privacy issue as the previous question alluded to yeah is it malicious as a privacy it gets money it really does but just in terms of spyware meaning we're hiding our application we're being clandestine we're trying to not be found on the device and that's the intent over 63 percent we see is what it does and that gets really to me that gets in concerning from a security perspective which in some ways addresses part of the

question that was before you know so has anything ever happened because of that's fine you have this data but has anybody experienced any data loss and quantified and then determine what the impact is well how do you know you're being affected by it if you don't have something looking for it do you know I would speculate quite strongly actually I'd be very impressed if anybody could say you know what an eye on the price every device that checks email and those different things we know everything about it we have control over and we know that's free from malware and it hasn't been exported and it's off to snuff with configuration then and only then it accesses our corporate data I'd

be pretty impressed if you did that I think you'd be very alone and being able to do that as well so that's a problem you got people downloading applications that's able to take things off of the device and you're not looking for it how do you know what's going on so this isn't how much does that happen how do you quantify that very difficult but to think that it's not happening that the it isn't a target that people aren't strong enough to do it I don't think that's the answer either if we break it out a little bit and we look at the pie chart that's on the right with Android you can see that 56% of all the mo way

that we see frame droid are fake installers and I'll get into that in detail a little bit and then 44 percent is the RUS which a lot of it really almost all about is spyware so fake installers is a problem I'll go into a little bit of detail in a moment here looking a couple more numbers look at the increase in Android this got real interesting real quick okay last summer in the June timeframe we had about 400 samples of Android malware by the end of the year you can see from October November and December it really started to skyrocket and this wasn't all we hired another guy and he found a website where we got to cut this data from this

was hey we're seeing it it's starting to happen and I can tell you the growth numbers since then since December every pretty much on line with that it's a lot it's growing a lot

you know what it is it's more of it's more it's applications right so people are writing applications are they they kind of stealing information from others yeah they kind of our and I'm going to get a Lancer that more directly in a couple slides and we start talking about specifics but it's a good question if you look at the rise in e to it and then if you look I'd mention a little bit early in terms of market share a lot of market share I mean it's a cool device and and by the way I have a Google device right now I'm running Android my wife my son my mom she also has an iPad that I bought for four but

you know I'm not a tiny tour I'm just saying here are the threats that there uses of Isis but let's be realistic about what's going on and this is what we're seeing that is a global market share so if we look at 2011 towards a couple notable events and this gets you know what I think we're in many respects definitely and let's say the infancy to adolescence of mobile malware even though we've been doing it for a long time it's starting to come together there's quite a few very interesting events that took place last year if you look in the January time frame with our Jamie provides a sign of complexity to our comm at bot net like

capabilities okay did it happen was there tens of millions of devices under the control well no but the foundation was there and you know what it's gonna is it gonna happen I think so when hard to say but the capabilities were we're certainly there draw dream I think was really the first time where people said all right look there was a malware incident we know what infected devices somebody actually attempted to quantify the number of devices it was and it said 50,000 I can tell you right now I don't have a lot of faith in that number for a lot of different reasons but somebody somewhere said it was 50,000 and people kind of liked when it sounded that that was a

problem this is the case and this goes back to a question that was asked earlier we work with service providers part of what we do when we analyze malware says just like what you guys would do reverse engineer what's it doing where is it going if it's by where it's a client going somewhere right there's that and if you can identify that headend IP address or URL or whatever you can scan your network if your service provider it's a big network and see everything over there you're with me so we will take that information and share it with our service provider partners and it's pretty interesting data so they had nobody publicly came out and gave

numbers but I can tell you that the places were found that had it on there you know was it a million no but it was out there and it really got their attention they're saying wow so if you're a service abroad imagine this what is your biggest asset it's your network it's your network that's what differentiates you that's what your customers use if you can't protect that if you can't control the data that's on there you're in bad shape and this was an example of where that there was a whole lot of control that was put there you'll get some of these other our adrd that in a February time frame that was actually cool because I don't think a

lot of people caught on to this but it would send HTTP requests on command so hey send any you know Bruce stop off volume up routes and traffic numbers that's great but I see that and it screams distributed denial of service attack right I mean that's that's pretty you know that affects service of writers enterprises everybody that could be a bad thing and then it goes on through things such as odd droid kung fu and others which will be really quite interesting and then it starts getting into September with droid deluxe this guy this was particularly interesting me because this would take credentials off a mobile device and send them somewhere else that's the you know that starts

changing the game a little bit right that's not cool at all and it happened and it was out there and then of course how you look at November it has iOS code signing for mobility so what I'm surprised I didn't hear anybody say yeah and maybe you're thinking it is well that's great you've been talking about Android what about iOS what about Apple they certainly have a lot of devices right and I'll tell you right now it's a it's an interesting position I think the security market is with Apple if you want security really on your devices you're really dependent on them okay and I'm not gonna bash them but I'm gonna certainly tell it how it is I live by

come from a military background it's trust but verify I trust you but let me verify it right now I think there's a whole lot of blind trust being put into a lot of different places on mobile devices and that's feedback I get from other people it's not bashing it is what it is prove it what's going on give me the number show me what's going on and I think you know it's funny I get asked all the time with what's better Apple or Android I use both I have iPads I've you know looks like you guys I got everything just a party but you can get am I scared to use it either no I'm not but I'll

tell you what I'd rather know what's out there and be able to do something about it than not and I think with uh you look at these this it doesn't scare anybody but who seems you can do to protect yourself there's solutions out there that can protect it I think it's important to recognize that yes sir we do we do I don't have immunity so the question was do we have any statistics on exploits for that specifically attack our jailbroken devices yes we've seen that sports on that it opens up the door I don't have them handy but we do have that and actually for anything that I'm not able to provide to you as much as

I'm trying to give really good statistics and so forth and now I know as much as I can is I even go to our Juniper down that sly security and then we have a bunch of articles we have a bunch of good stuff on there we can do do searches for information such as that yes sir yes you know that we do we don't get four in terms of malware we're not getting a lot of valuable numbers out of that if you look at android market how we're able to do that just the architecture or both Android devices case compared to Apple devices how other app store works and so forth we can as an example scan the

Android Market and pull down all the applications and analyze them and have it be automated and cool and efficient or good stuff you can't keep do that on Apple it's actually well we haven't figured out a way to do it yet so if somebody has it let me know but I didn't utilize part of your question

so the question is how we analyzing the malware I would say that depending on what it is I will be analyzed by either looking at the code or loading it I mean just like you guys would want to do let me load on the device and see what actually happens emulator aside we generally don't use emulators for analysis a lot

oh good point I know we're not just looking at the traffic we're looking at when we can we look at the actual code that's in there we have actually a team of reverse engineers that are go in and work their magic to say all right if I can't figure out what the actual code is doing I mean literally look at it and see what's going on the reactions are doing it you actually raised a really key point there which is other than singing the traffic that's going in and out it's kind of hard to see what's going on but that's actually a super super key point if you look at the biggest things that the biggest threats

that we see right now it's spyware and it's premium SMS Trojans spyware Aspire premium SMS Trojans is where you install an application and behind the scenes it's going to send a premium SMS message to come to charges like to call in a 900 number right she picks up on your he picks up on the other side of the phone and then you charge a dollar seven bucks or whatever same kind of thing the bottom they'll be coming to nominator with that is communication okay so your point oh that's all you can look at but that's a big part of it but it's not all we can look at we look at that we install it and see what it does and I'm

not gonna say that we don't you ever use emulators but nothing beats taking the device load and not and seeing what's going on all right so what is a fake installer we saw a lot of growth in this right we saw that that fifty six percent or so of event or exploits are faking saws what are they well they're kind of interesting so imagine that you write a software program and people like it and they download it and you put it on the Android Market and it's free and you make money off of advertising or not are you just happy doing that okay then imagine somebody takes that repackages that puts it on a different market and

says I'm gonna charge people for this you will probably not be happy about that that you defrauded as a consumer you wouldn't be happy about it either because you're being defrauded you're being told I have to pay money to download this when I can go here to download it for free is that malicious we think it's malicious we think people should care about that we think people are being defrauded we think we can detect it we can't protect against us and so forth that's what it does what actually you see here is a is a fake installer that was for the Opera Mini browser right fine product while we were finding this on websites where they said

oh you want to download this you need to send us it said there's three premium SMS messages and then you'll get the right to download it and install it that's bad the people who wrote it wrote the browser and getting anything out of that and the consumer is being defrauded just not a cool situation right it's not a good thing to do is that overtly malicious to enterprises and they need to start yelling and screaming know what it's not you know something want to know about stop right yeah absolutely absolutely so looking at so we talked a lot about the malware it's our pardon before I get into the next doc said me hey let me just kind of open up any any

other guy I appreciate firstly though all the questions it's good that's what this is all about any other questions about the malware before we kind of shift gears a little bit here

yeah yeah so the question is is do we find malware and apps that cost money and so forth yeah we don't

so the question is is are we working with service Roy to partners to look at applications that only send requests through the carrier network or bad stuff through the carrier network oh yes we work with them very closely as closely as you might expect a company like us to and and I'm not being sales to here but look junipers a networking company we have networking stuff in everywhere right so yeah we talk to them the answer is yes but we don't want it just to that we actually have open exchanges like you would think we would with them that only goes to the ah I wouldn't say that only goes through specific carrier networks

okay it's a smart idea yeah nothing's coming to mind that we've come across but no good idea we should somebody should do that 56 I believe

you know I'll buy that two very distinct ways so the question is the fake installers when our enterprise is going to care about it right when is it's like say all right look just has cost some money we need to worry about it I I think a lot of it has to do with cost containment and all that and you know but it's not just the cost of the premium does sms that's an that's a our I'm sorry for from the from the fake installer it's the cost part of it but it's also but customer service kind of part of it as well if you look at it from a service providers perspective think about it's a little different if I

have a problem with my laptop I'm gonna go to a lot of different places but AT&T Verizon or Sprint probably isn't one of them my phone that's what I'm gonna go for any problem I have I'm calling them I'm such talkin is a typical typical user would so you start seeing enterprises and consumers worried about fake installers you know I don't have a magic answer to that audience would be as good as mine to be honest with you I will say this though when you start looking at things that cost money and who answer who picks up the phone on the end that's who actually gets a charge on that a phone call to a service provider can

cost depending on who you talk to what's going on $7 to $17 okay for a $3 of fake installer or $3.00 worth of premium SMS messages that's the cost that really adds up considerably and that's why service providers saying look I need to protect my network my customer service team and everybody else from this you know bad stuff happened is bad too but let me just do that so you know a man your guess is as good as mine

yeah we do so question is do we have statistics on time and exportations as opposed to just downloading applications yes I would say that the the concept of suricate is way lower I mean rail or however I will say this it's in our report I don't see if I can get it it's something like 3% or 0.3 percent a very small fraction of this malware actually takes advantage of an exploit to do something and when we see that usually rooting like it'll root it and then do something yeah yeah yeah

yeah yeah and I think you see that in the PC when people borrow code and borrow pieces of it and yeah I think you see that I think where you see that a little bit maybe even more as a privacy part of it right but absolutely from a security I you know I don't want to say developers are lazy but you save time by borrowing code we won't do it right and you know who knows how good that is so yeah and that's something that we're gonna continue everything you see if I can put some some the kind of death on everything else everything the work that's been done in terms of exporting PCs and so

forth really carries over fairly okay to mobile devices so the trends I think are going to be pretty similar on that and we're and we're kind of seeing that now you know we look at right after all the big Melissa and I love you and all that other stuff how the attacks kind of went stealthy after that and I remember Melissa I would it was not I was a sysadmin at the time was not cool they were kind of went stealthy after that fine I'm not girlfriend did me wrong I want to make money now and Eve that's happening on mobile so it's kind of her past that people aren't saying hey I want to be well-known as a person who

does a mobile threat however you know that can happen yes

you know it's uh I don't think I dispute that I would you did that so the question was you know could be piracy or a you know it can be categorized a lot of different ways and and that's why we think it's important to break it down just to be honest right fifty six percent is fake installers we think it's a malicious application doing something intending to defraud people create an argument be made that it isn't I think that argument could be made but then our numbers would go down then but that's why we break it up commander right all right talk about loss and theft a little bit than being conscious of the time

here I found these statistics actually pretty cool so basically what we did you know we do eat and mention a service providers enterprises and consumers will get data on what they do so we have anti-theft capability well how did people use it we found that just under seventeen percent of people use our locate device this means I don't know where my devices or I'm testing to see if I can find out where my devices and show me where it is in an online map about seventeen presented it that was pretty consistent with with over years that was pretty good lock and unlock or strikingly similar right Justin or seven percent people would say I lost my

device I know it's in wherever in San Francisco with a lock and go get it what have you so those on lock and unlock those no Miranda sworn all that staggering what really caught my attention were the last two most notably the wipe so if you go back four or five years ago I lost my blackberry no problem I'll wipe and get you new one right this is kind of changing a little bit as I read these statistics to say hey you know what I lost my device I'm gonna go get it I'm gonna recover it not replace it and when you see wipe less than 1% of our cause of our customers using wipe that's

not a lot that's good I think that's great I think that's an awesome number right and then the scream is is if you are having to vibrate or what-have-you and it's somewhere around here but you don't know exactly where you can have it I said I have a louder audible signal or scream as it were and then you can go find it

so the question is is we think it's to do the employee of the phone you know yeah it could be either it could be either you know we actually have a funnel control product that you do that with kids right you know I can only speculate though I'm more I think it is more with the lost device but that's just my feeling and it's on vibrate yeah yeah so let's start but beeping really loudly and which it people use it I've honestly used it I've honestly used it to find my son's tablet so and I wasn't even home I was like in New York or somebody so it's kind of funny and it was in my office Wi-Fi sniffing not

going to spend a lot of time on this but look it's Wi-Fi dad is flying over it the same vulnerabilities on anything else goes it goes to tablets and smartphones it's a fact of life okay this is a snow 5d this one's actually a couple years old on here but it's still there you know you're looking at kind of cool things like face sniff and all those data modeler it's pretty cool you know it works on now it'll work on mobile devices too we tested it realize that it's out there if you're an enterprise and you got data going over Wi-Fi realize that protect it do we got to do with it real quick kind of start

wrapping this up talk a little bit about Google's bouncer so a couple weeks ago Google announced that they are analyzing applications within their Android Market I think it's a good thing good for them to be able to do that I don't think it I I think it's a step in the right direction debate could be said whether or not it's a responsibility they're doing it I think that's fine a couple of things to keep in mind I think from a consumer perspective as well as an enterprise and government perspective is well a lot of the growth for seniors in any Android Market so if you're scanning into a market that's great but that's not where we've seen a lot of the growth

a question was raised you know how much is coming from where right and I can tell you we don't have Hardcore numbers back from Google as far as what we have that they've seen on their market but I would speculate rather strongly that the vast majority is coming from third-party stores and not the Android Market okay that being said we know there are things on the Android Market that we considered malware you know how much that's an eater we actually need to get back from them and they're good company their hearts in the right direction and you know if and when we get it we can public share it we both but the thing is this

is it's great that they're scanning the android market all the markets are not as secure just they're not okay and we vote that by the statistic we're looking at another thing that to keep in mind is our star standard meaning us as I would say security folks it's higher than then those would be for not bad reasons not because we're cooler or whatever it's just they have customers or developers that sometimes they have to give the benefit of the doubt to is this malicious I don't know we're gonna assume not until something bad happens were the opposite hey this is you know that's at least flag it as suspicious and kind of go from there

and then also is you guys still take that holistic approach great scan the market that's cool what happens do you lost this old devices when the end what happens when the connect over Wi-Fi and what our users doing with it it's just one piece of the puzzle that's good that it's there it's not a bad thing last thing I'll talk about is how do you how do you actually protect yourself against an attack what actually needs to be put into place and I think it's I think there's a lot right but I think at least from my own personal perspective you can be broken out in three different areas I'll use Droid dream as a real classic

example here so just as you have anti-malware and security applications on your pcs put on your mobile device not that out of a concept to understand okay we joy dream we got at zero day which was I tell you as a guy who responsible security research team we felt pretty good about that that word that that we got that we also shared just because the nature of the company that we are that we happen to be we share that information with already s teams they write their signature so we can see it when it goes across a carrier network or an enterprise network that's cool catch it on the device catchin in the network this probably sounds very

strikingly similar to what you'd want to do on your PCs which again what you do to protect your pcs you also want to do it for your mobile devices and then the whole that part of it only a lot secure devices to connect to the network and so forth right so that's kind of a that multi-tiered approach you can take this is how you do it with pcs right same kind of thing this isn't brain surgery yep

so the question is reliability of scanning and isn't any more reliable than with PCs I would actually say at this point it is and and and that could change tomorrow it really can the reason I think it is is we're not seeing a lot of cases where people are needing are changing their mobile malware to bypass security okay if you think about PC malware there's a lot of it for a lot of different reasons all right it's out there it's good it's working open ow we're being detected now we got to change it so we're not detected and this constant cycle trying to get around security fixes and security detections we're not seeing that yet in mobile moer because not a

whole lot of people are looking for it frankly and plus they're still really remember this is kind of the infancy and adolescent infancy I would even say mobile security in that regard and don't need to change it good question

a MIDI yeah absolutely

yes I points it for those you may not be able hear it in those that are streaming i'm with you on a lot of them and i really am so yeah we do steps that can hip now so three key points that I got at the research is is more than the attacks that we're seeing so far yeah I would agree we did see a real big change though when you know how we saw that spike could go up at the in Android towards monetization to your point there's a lot of research and fake installers as how people can make money so that's what they're doing in and it's easy same improvements a - you know how much money

can be had out of that I think we'll see but that to me that was saying alright enough research my mom with me so we kind of started to see that he had a couple other points in there - well but one is patching is about patching so we really talked prior to the show he said you know what there's of these devices are yeah they're always connected they're always on but you're not always receiving the security updates in the security patches and and so forth I got two things just uh well maybe one thing to say about that yeah it's a problem it's like on a PC you don't fix the vulnerability and then you don't have to

worry about the export right amen right Oh

you know what it's that it absolutely is that knew so many players you have the device manufacturer you have you have the operating system vendor you have the service provider and all these people who controls the updates it's a man it's it's a mess I'll tell you right now I've had conversations how do you do updates and who's in charge of it and people go whoa you know they kind of take that step back before they're gonna let office I you know any other quote yes sir

we are those are taking place and when I look I would say if you had asked me over the last three years where I see a growth area that's gonna be it's gonna be in a browser I would I would say from there there are some we actually documented a couple of them in our report and there's all the researchers who have done it we do see that and actually I'm a little surprised we're not seeing more of that happening part of the conversation we had earlier was a lot of devices vulnerabilities in the browser or let's just say in third-party applications that are under bites or applications on the device to use as a

mount amount to exploit that's gonna happen why hasn't that happened you know maybe it doesn't we haven't found it maybe it's because it's just easier to just write an application and somebody will download it you need to take advantage of it you know I don't know but but absolutely positively an area I think two years from now we'll be having a different story out maybe even sooner yes sir

interesting point so the point was in toward drawing the parallels between the two when people say all right I'm really gonna to do an in earnest to do that stop looking at PCs for text go to mobile devices because that's where everything is you know an argument could I'm with you I think an argument could be made that the mobile device is actually more personal used for email and made more intimate maybe not I think that crossover I think it I got I think it's happening now just because of what's occurring I can tell you right now if I lost my laptop it'd be unfortunate it is encrypted so I you know that all that kind of good stuff

it'd be unfortunate I will actually probably be actually probably from there wouldn't be a bad thing the way my phone that's what I care about is because that's so the oh my god when I play my credit card it's with my phone because I travel a lot when I do email it's on there when I update Facebook it's on there when I take pictures of my children it's on my phone so you know what does a lot that goes on in there and I think we are could have seen that shift I really feel been doing this for a long time we're seeing that shift towards mobile devices and you know this is gonna be a super

interesting year so hopefully next year we have a similar session we'll say a all those good questions we had what actually happened what is gentleman does not work they have two minutes gentleman does not work for Jennifer that's not a planted question so what do we do to protect it it's basic you know oddly you know if it's actually there so we do the end point I was running there when we talked about the threats of malware direct attack data communication interception we actually have product capabilities that mesh with that that's what we do sure so we have the anti-malware capability analyzing the applications and files and all that kind of good stuff seeing what's bad what's malicious

suspicious and what's okay so we had that part of it we have the firewall capabilities on mobile devices kind of protect against direct attacks SSL VPN to protect data flying through the air bunchy anti-theft capabilities we touched upon a lot of them lock wipe locate backup restore that kind of stuff and it turns exploitation into misconduct monitor what's on the device and they can get everything from applications installed to what people are doing what pictures are taking on the devices and so forth that's on the device and then of course we have our our edge stuff with it with an ACK and secure access as well as I'm Network products so we take that holistic kind

of look at that and I mean that puts us in a pretty cool position I'm sorry no it wouldn't it wouldn't and it gets into the whole area of privacy and suspicious and otherwise and our mantra is let to user know what's going on for in that case like that and they make they make a decision what's going on that's all huge that man let's week long another hour about that

oh we don't

I'm not gonna get into specifics on that but let me just say this that detecting there are certain limitations with detecting things on any platform or mobile device and that's where it does different pcs you have many ways to detect things on a PC on a mobile device it's a lot different what you have available and to really do a super good job at it sometimes it's not possible so just so somebody says we have this capability of doing it doesn't necessarily mean they're actually doing it in a good way it's just okay I got with you yeah all right we are I really appreciate it guys great questions I had a bunch of questions at the end but you

all asked them so that was good anything else you have afterwards let me know really appreciate it thank you very much [Applause]