被引数量: 74
馆藏高校

斯坦福大学

哥伦比亚大学

麻省理工大学

哈佛大学

香港中文大学

Mobile Malware Attacks and Defense

ISBN: 9781597492980 出版年:2008 页码:436 Dunham, Ken Syngress_RM

知识网络
内容简介

Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices. * Visual Payloads View attacks as visible to the end user, including notation of variants. * Timeline of Mobile Hoaxes and Threats Understand the history of major attacks and horizon for emerging threates. * Overview of Mobile Malware Families Identify and understand groups of mobile malicious code and their variations. * Taxonomy of Mobile Malware Bring order to known samples based on infection, distribution, and payload strategies. * Phishing, SMishing, and Vishing Attacks Detect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques. * Operating System and Device Vulnerabilities Analyze unique OS security issues and examine offensive mobile device threats. * Analyze Mobile Malware Design a sandbox for dynamic software analysis and use MobileSandbox to analyze mobile malware. * Forensic Analysis of Mobile Malware Conduct forensic analysis of mobile devices and learn key differences in mobile forensics. * Debugging and Disassembling Mobile Malware Use IDA and other tools to reverse-engineer samples of malicious code for analysis. * Mobile Malware Mitigation Measures Qualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents. * Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks * Analyze Mobile Device/Platform Vulnerabilities and Exploits * Mitigate Current and Future Mobile Malware Threats

Amazon评论
Ramon

Security threats on mobile platforms are one of the key topics and main targets for the next couple of years, given the ubiquity and popularity of these devices, plus their advanced capabilities and use of sensitive application: micro payments, online banking and e-commerce, access to "the cloud", etc. This book is one of the few references, if not the only one (till very recently), focused on the multiple security aspects of the mobile ecosystem. As such, it constitutes a great historical reference about what mobile malware (referred as MM) and threats were until its publication, in late 2008. The book starts by introducing mobile malware, although it can be a bit confusing for the novice reader, as it mixes up attacks, tools and threats (most them Bluetooth based), and for example, WiFi is not even mentioned (yet). The next chapter (ch 2) provides an interesting overview on how mobile malware shows up in a terminal from a user perspective, including the most common behaviors and the kind of interaction expected from the user. It would be great to have a detailed explanation of the propagation method, as with CommWarrior, for all the samples analyzed in this chapter. The next three chapters (ch 3-5) are a really valuable historical reference about mobile malware, including its timeline, how it has evolved since 2000 till 2008, the types of threats, categorized by malware families, the most significant or famous specimens, such as Cabir in the Bluetooth side, plus an extensive taxonomy of mobile malware and threats based on the infection strategy, distribution and payload. Although some tables, with more than 400 references, could have been moved to an appendix to facilitate the reading, this set of chapters summarizes how mobile malware seriously started, back in 2004, and evolved over time. The comparison of different pieces of malware, and the extra analysis of the most relevant specimens, together with the technical details they used to survive, makes this section of the book a very good "encyclopedia". Then, the book reflects the influence of multiple authors, presenting different unconnected and independent chapters. The phishing, SMSishing and Vishing chapter moves out of the mobile space, covering lots of details about these threats on traditional environments, such as common web browser based solutions, and the usage and purpose of the network captures attached is still not clear to me. I still remember my surprise from a technical perspective when I read that the transmitted data between the client and the verification server could not be identified, as they were using an SSL connection: "What about using a HTTP(S) interception proxy?" Finally, it includes an extensive phishing academic research mainly based on Bayesian networks and a distributed framework, which on my opinion, is clearly out of the scope of the book. The more technical chapters come next; chapter 7 focuses on the core elements for the most widely used mobile platforms, their protection mechanisms and how they have been bypassed in the past, covering mainly Windows Mobile (WM), iPhone, Symbian, BlackBerry and J2ME (Java). It includes a extremely short summary on prevention and exploitation. This is complemented by the techniques, methods and tools available for the analysis of mobile malware (ch 8), the in-depth details for the disassembly and debugging of associated binaries (ch 10), plus the strategy and main constraints to perform a forensic analysis on this type of devices (chapters 8 and 9). This is by far the most relevant technical portion of the book. The book follows the old and useful Syngress layout tradition of adding a few common sections at the end of each chapter to reinforce the material covered: Summary, Solutions Fast Track, and FAQ. The first portion of the book (ch 1-5) will be an eye opener for a non-technical audience; highly recommended, together with the last chapter (ch 11) focused on the defensive side and how to mitigate all the threats covered along the book. The second portion for the book (ch 7-10) is focused on security professionals, mainly incident handlers and forensic analyst that need to deal with the technical aspects of mobile attacks and infections. Due to the new mobile threats and issues that turned up in 2009 for the advanced smartphone platforms (like iPhone or Android), and the trend for new and more dangerous specimens expected in 2010, a second volume or edition would be a must.

Ramon

2010年3月30日 在美国审核

作品图片
推荐图书