Search the Community
- Tech Cafe
- The New Network
- Security Now
- Industry Solutions and Trends
- Partner Watch
- Community Talk
- Automation & Programmability
- SDN and NFV Era
- Packet-Optical Technologies
- Silicon and Systems
- Data Center Technologists
- Business and Finance
- Basic Cable
- Juniper German Blog
- Juniper France Tech Blog
- Government Trends and Insights
- Information Experience (iX)
- Your Business Edge
- All Things APAC
- AR Voices
- Corporate Social Responsibility
- Customer Stories and Successes
- Security Incident Response
- Application Acceleration
- Community Feedback
- Configuration Library
- Contrail Platform Developers
- Day One Tips
- Ethernet Switching
- Identity & Policy Control - SBR Carrier & SRC
- Intrusion Prevention
- Junos Automation (Scripting)
- Junos Space Developer
- ScreenOS Firewalls (NOT SRX)
- SRX Services Gateway
- Training, Certification, and Career Topics
- Wireless LAN
- Ambassador Program
- Ambassador Program
There has been a dramatic increase in attacks aimed at smartphones, tablets, and even "smart TVs", mostly targeting the Android ecosystem. Unlike Apple's iOS, Android allows users to use alternate app stores and to "sideload" arbitrary apps onto a device. There are entire marketplaces of "cracked" apps -- unauthorized versions of paid apps distributed for free -- and many thousands more apps that offer malicious payloads in addition to their advertised functionality.
In this post, we'll look at a recent example of a "locker", an application that takes control of a device and demands a ransom payment. Unlike typical PC ransomware, lockers don't encrypt a device's storage, but simply take over the display in a way that is nearly impossible to exit, rendering the device unusable. This particular sample purports to be an app for a popular pornographic site.
Launching the app shows a brief installation screen.
This is followed by an official-looking demand stating that "suspicious files have been found", and that the device is locked until a $500 penalty is paid.
A typical user will find it nearly impossible to exit from this malicious app. To see how the malware authors accomplish this, we first note that the app requests a wide range of permissions.
The highlighted permission, SYSTEM_ALERT_WINDOW, allows the app to display a notification that covers the entire screen and cannot be dismissed. In addition, the app runs a simple service in the background to restart itself when the device is rebooted and in case of crash or termination.
The app gathers information about the user and attempts to take a picture of the victim using the device's front-facing camera. This information is displayed, followed by a sequence of graphic and disturbing pornographic images that were purportedly discovered on the user's device.
Despite this allegation, which is accompanied by the text of various laws concerning illegal pornography, these images are actually part of the malware itself. Here, in the decompiled app's resources, we find these pornographic images among assorted icons and logos:
The app solicits a ransom payment via a OneVanilla prepaid debit card.
In the app's decompiled code, we can see that the application verifies that the credit card entered by the victim has the appropriate prefix for a OneVanilla-issued card:
The app is written in Java, which can often be decompiled back to something similar to the original source code. However, the malware authors appear to have used an automated tool to obfuscate the code and make it more difficult to analyze. Here is the snippet of code that uploads the credit card information to a server controlled by the malware distributor:
Removing the base64 encoding, we start to see hints of the operation in the form of ASCII strings:
With additional manual deobfuscation, we find the code that uploads the credit card information as a parameter in an HTTP GET request:
This GET request failed in our research environment, possibly because the server had already been discovered and taken offline, but we can see the full URL with the credit card number in the app's cache:
Despite the failure, we are told that our "request will be processed in 24 hours":
No information about the device itself was uploaded with the ransom payment. Aside from the credit card number, the malware authors have no way to associate the payment with a particular victim, and there does not appear to be any mechanism to remotely disable the locker.
Sky ATP supports both static and dynamic analysis of Android apps and applies the same machine learning deep-analysis pipeline as for Windows executables, documents, and media files:
Users can avoid most Android malware by downloading apps only from trusted sources. In the event of infection, the locker can be safely stopped and removed by booting into the device's safe mode and manually uninstalling the app:
- SKY ATP
The history of networking has shown that the need for performance only increases over time. You don’t have to look too hard to find proof; just look at the massive performance increases we’ve seen in connection rates and concurrent connections for key Web and data center protocols like TCP.
This trend is showing no signs of slowing, with mobile adding dramatically to the current performance explosion. Mobile data traffic is expected to grow at a CAGR of around 45 percent between 2013 and 2019, resulting in a 10-fold increase over that time span. Smartphone subscriptions are the main driver behind this mobile data traffic growth; as more and more companies embrace “bring your own device” (BYOD) strategies to reduce capital expenses and increase productivity, millions of mobile devices will be connected to corporate networks over the next several years.
The resulting influx of mobile traffic, all of which will need to be inspected at wire speeds, will strain network capacity and place unprecedented demands on network performance and stability. Fortunately, Juniper’s SRX5800 can keep networks secure and performing flawlessly under huge loads.
The SRX5800 redefines scalability, integrating security services with a record-breaking 100 million concurrent sessions and firewall performance of 2 Terabits per second to meet the needs of the world’s most demanding networks. If you’re looking for blazing fast speeds for your mobile data traffic, or if you want high-bandwidth data transfers without compromising the security posture on your network, the SRX5800 delivers…and then some.
Want to learn more about the record-shattering SRX5800? Get the facts in the infographic below, and share the link online.
With connected devices outnumbering humans globally, and the advent of new innovations such as the Internet of Things (IoT), operators are rapidly looking to take advantage of new tools and resources to migrate their legacy mobile networks to a 5G and IoT-ready cloud architecture.
I’m pleased to announce that our latest Design and Architecture Center provides mobile cloud architects, operators and engineers with aggregated, multi-media rich content for designing their networks -- all in a centralized location. We’ve taken it one step further by providing guidance for five mobile architecture scenarios that address a variety of use cases.
The Mobile Cloud Network Design and Architecture Center complements our existing one-stop shop resource portals for those designing and deploying networks in Data Center, Enterprise Campus and Branch, Service Provider Edge and Software-Defined Secure Networks.
Thank you for your ongoing partnership.
We look forward to hearing your feedback and what new resources you would like to see in our Mobile Cloud Design and Architecture Center.
It’s always interesting to connect with enterprise security experts and IT peers alike. Last week was no exception at RSA 2014 when I was invited to join a panel discussion hosted by Trusted Computing Group. Moderated by security expert Victor Wheatman, the “Mobile Device Security: Fact or Fiction” panel [47min 43 sec] captured several view points on mobile security.
“Keeping the wheels on” was a term Victor use to kick off the panel. He went on to describe MDM as “keeping the bad guys out, letting the good guys in, the dealing with all the necessary operational aspects to keep the enterprise and the devices secure” via a commercially reasonable security solution.
It goes without saying, security is critical for an enterprise to protect its IP as well as maintain obligations with partners and customers. BYO- is all about the end user experience, and yet, there tends to be a significant gap between what an employee wants to do, an organization’s risk appetite, and what is feasibly and commercially reasonable.
As VP of Information Technology at Juniper Networks, my team oversees IT infrastructure and end user services for approximately 9,500 colleagues globally. My participation on the panel provided a case study of enterprise best practices. When we started down the BYO-x journey at Juniper, there were many questions we had to answer, so we started with the user experience first, and then moved onto policies and a framework. As Juniper’s CIO Bask Iyer has shared via his CIO Perspectives blog, “For IT, there are three BYOD-related issues we must solve: user convenience, cost and security.”
From the start of this BYO-x journey for Juniper IT, we have had to answer a number of questions---below is a sampling of those questions I covered during the panel:
- How to enable secure productivity with employee-owned technologies?
- How to aid colleagues to take calculated and informed risks?
- How to evaluate a user’s tolerance of security measures?
- How to make those vocal, technically savvy colleagues part of the discussion and solution
- How to raise security awareness on a daily basis via a variety of vehicles?
- How to make security policies straightforward and related to a user’s role?
- How to develop a security policy and then deliver a secure mobile solution for colleagues?
- How to develop a framework that meets your stakeholders’ needs?
- Which stakeholders need to be included (colleagues, HR, legal, execs)?
- How to ensure our security policy will actually map to our reality, not what we think it should be?
I invite you to watch the panel and participate in the discussion on line.
For many enterprises, their mobile security strategy starts and ends with MDM (Mobile Device Management). Realizing the shortcomings of MDM in a BYOD environment, some organizations are dabbling with MAMs (Mobile Application Management solutions). For those of you who are not familiar, MAMs are solutions that use containerization techniques such as app-wrapping, file virtualization, etc., to isolate and protect corporate applications from personal ones. MAMs take a more BYOD-friendly approach by focusing on the data/applications versus the device. MAMs have their own set of challenges, but that’s probably a topic for another blog post.
My point here is that many organizations believe (or are led to believe) that implementing an MDM/MAM solution is the end game to mobile security and BYOD strategy. If only this were true. Don’t get me wrong, these solutions do play a significant role towards enabling security, but there is one important aspect that people are missing. Despite these measures, a device can get compromised while it’s on the enterprise network outside the span of control of these MDM/MAM solutions, leading to a security breach.
“How?” you may ask.
Think of a scenario where a user is connected to the corporate network from a MAM-enabled BYOD device. Let’s assume the user intentionally or unintentionally ends up downloading malicious software (e.g., a malware app) to the device. The security controls of the MAM solution would not extend to the malicious application. The malicious application could spread malware on the network or potentially attack other nodes on the network.
This may sound a bit exaggerated, but it’s not impossible. And just because something hasn’t happened yet doesn’t mean it won’t. Don’t you agree? If you do, then put on your thinking cap and ask, “What could be a solution for this?” And feel free to chime in with your thoughts.
What an event! As Mobile World Congress, which had record-breaking attendance this year of over 100,000 attendees from over 200 countries, has wrapped up, I have had a chance to reflect on the many insightful meetings we had last week with customers, partners and analysts. In fact, we had our best year ever in terms of number of meetings, with over a 30% increase from last year - which had set the record at the time. From this benchmark alone, the show was a huge success for us! More importantly, it shows the trust that the industry has placed in Juniper to help lead network operators through unprecedented transformation.
The entire week there seemed to be a consistent excitement in the air around industry hot topics such as 5G, Internet of Things (IoT), Mobile Edge Computing (MEC) and virtualization/cloud. The venue in general provided so many excellent opportunities for conversation on mobile innovation, transformation and growth, that I returned from Barcelona even more energized than ever about the prospects for the industry and Juniper’s leadership role in it.
I also noticed that Juniper created nice buzz at the show with customers and analysts following our recent partnership announcements with Affirmed Networks and NEC. The new partnership with Affirmed Networks will focus on helping mobile operators quickly and profitably embrace next-gen, NFV-based architectures and reshape the way mobile networks are built. To learn more about this exciting new partnership, read the solution brief here. Also, our expanded strategic global alliance with NEC is expected to deliver the very latest NFV-based solutions to our customers.
Going into MWC 2016, I was excited about the many opportunities we would have to showcase our overarching theme, which highlights how Juniper, as the industry leader in network innovation, helps its customers “Build more than a network.” The message, which emphasizes the fundamental business value and enhanced customer experience that a Juniper-provided intelligent, secure infrastructure can bring to mobile network operators, was well received at the show.
Further emphasizing our “Build more than a network” theme and show messaging in a creative way, Juniper sponsored the co-creation of a Graffiti Wall with MWC organizers between Halls 3 & 5, with new sections being painted each day by a local artist over the first three days of the show. See the video below for the time-lapsed video showing the painting of this wall.
During the show, I was proud to see the great job that the Juniper team did in communicating our differentiated solutions and the business value we bring in the areas of MEC/NFV, IoT and Secure Networks. Juniper also had a strong presence at the booths of our customers and strategic alliance partners, including supporting Vodafone’s VPN+ multi-vendor demo and joint demos with NEC, NetCracker and IBM. In addition, Juniper led a session at a Fierce Wireless executive luncheon event entitled Answering the Big Question: When will Deploying SDN and NFV Payoff for Operators?
In summary, if MWC is any indication of what we can expect in 2016, I expect it will be a dynamic and exciting year for Juniper, our partners and our mobile customers globally!
J-Net Mobile FAQ
How do I access J-Net on my mobile device?
Just point your mobile device browser to the same URL that you currently use to access J-Net on your desktop – forums.juniper.net. You do not need to install any applications since J-Net mobile is a web browser UI that automatically detects mobile clients.
I have a high resolution screen on my mobile device, can I still view the dekstop version of the community on my mobile device?
Yes, simply click on the word "Full" on the bottom of the screen under "Version: Mobile | Full"
What mobile devices can I use to access J-Net?
You can use any mobile device to access J-Net. However, the user experience is optimized for devices which use a WebKit browser. For Blackberry and Windows Mobile users, you may want to download Opera Mini for a better mobile browsing experience. Please see the last section of this FAQ for additional details on device compatibility and suggested browsers.
Why isn't the sign in page optimized for mobile devices?
Currently J-Net utilizes Juniper's shared single sign-on UI, and this interface has not been optimized for mobile browsers. You will still be able to log into J-Net via this page. We will update the community if there are plans to optimize this page for mobile devices in the future.
What functions can I use on J-Net Mobile?
J-Net Mobile is intended to provide you with a fast and simplified user experience when you need to access J-Net away from a PC. This means while key funtions are available, you cannot perform all functions that are available on the desktop version of the community. Key features included in J-Net Mobile are:
- Sign in/out of community
- View boards, threads, and messages
- Create new threads
- Reply to existing threads
- Mark messages as read/unread
- Give Kudos
- Send and receive private messages
- Search the community(forums, blogs, users)
- Follow other members (add to friends); See who is following you
- Change certain mobile settings:
- Turn on/off private messages
- Subscribe to topics I post to
- Create a mobile specific signature
- View your profile
- View existing bookmarks
If I post on the mobile version will it update on the main site?
Yes – the mobile version is simply a different UI for the community. Any posts, replies, and PMs that you send will be visible on the desktop version of the community as well.
Do you plan to add any more features and functionalities toJ-Net Mobile in the near future?
There are no immediate plans to add additional functionalities to J-Net Mobile. However, we are always looking for ways to improve J-Net, and your feedback and suggestions are always welcomed. If you have specific feedback on additional functionality you would like to see on J-Net Mobile, please post in the Community Feedback and Direction board or send me a PM.
What should I do if I experience technical issues using J-Net Mobile?
If you have any technical issues using the mobile UI, please post your questions in the Community Feedback and Direction board. Other members and J-Net moderators will be able to help you, and we will be able to document and submit any potential technical issues to our platform vendor.
Device compatibility chart
This table shows some of the known device and browser combinations that are supported and provide the best mobile experience:
WebKit, Opera Mini 5 Beta
HTC, Windows Mobile 6
IE Mobile, Opera Mini
Please note that this is not a complete list and our platform vendor is constanlty refining the platform and adding new devices/browsers to the compatibility list. If you have other mobile device/browser combinations with problems viewing the mobile community, we suggest that you download and use Opera Mini as your browser to get the best mobile experience.
Not really, but I am a huge soccer fan, it is one of my many passions in life. With the World Cup ending recently with Germany as the world champions, it’s only natural to recognize the global interconnectivity that was at hand. This year’s World Cup beat the Super Bowl in terms of Facebook’s most popular sporting event. According to Mashable.com “A total of 88 million people generated more than 280 million Facebook interactions (posts, comments, and likes) during the Sunday final game.” This surpassed the 2013 Super Bowl XLVII between the Baltimore Ravens and San Francisco 49ers. That game generated 245 million interactions. Even with the explosion of social media due to the 30 minute blackout that took place in the middle of the game, the overtime win for Germany in the World Cup final proved superior. Regardless of what event is taking place or being observed worldwide, it is inevitable to see how interconnectivity is affecting life.
We can see not only in terms of comradery on the field or in the stands, or in the living rooms of viewers at home, but also in the network. From Lionel Messi’s four spectacular goals, to global discussion on Luis Suarez, or the heartwarming pictures of a saddened Brazilian fan who gives his replica trophy to a German fan as a sign of congratulations and peace after they defeated Brazil; the significance remains that these moments and photos have been made accessible through the global network.
That being said, this vast interconnectivity of global people gives insight to the current demand for a mobile driven future. Although technology in the network has come a long was and is the most versatile it has ever been, it’s time for more.
With over 500 million photos being uploaded and shared per day, over 100 hours of video being uploaded to YouTube every minute, 48 million Waze users, and over 1.1 billion globally active Facebook users, there is greater network “traffic” than ever before. There is a 1.5x yearly growth of mobile internet traffic alone serving over 1.5 billion global smart phone users. The era of the internet is changing and with that goes the network.
This high demand can create an overload of content which can become a problem in the backhaul. Juniper believes that there is a need for a “new” backhaul network that leverages SDN principles to manage future network demands.
The characteristics of that new backhaul network is that:
- It needs massive scaling: Prominent analysts and mobile experts are predicting that mobile data will grow by 1000x within next decade (QCOM, NSN, SKT, …). This growth can be handled by (a) more spectrum, (b) higher spectral efficiency (c) higher cell density. By assuming uniform spread across all three dimensions of scale it is easy to see that cell density needs to grow at least 10x. Most of this growth will be in the form of small cells. Bottom line is that backhaul network needs to scale by an order of magnitude.
- It is becoming unpredictable: Data dominant usage of mobile network creates demand unpredictability. The only thing certain about traffic forecasts are that they are very uncertain. For converged operators the unpredictability is even more prominent.
- It needs to create new revenue streams: Within Telco2.0 paradigm, the operators would like to monetize the carriage of OTT content through their network. The ability to monetize is directly related to the quality of the content being offered. The benefit of an all IP architecture is that the service delivery locations need not be centralized at large data centers. The rich high quality content cab be cached and distributed within the access and backhaul networks. Similarly other value add services such as security, analytics can also be pushed closer to the edge of the network
The characteristics above imply that new design principles need to be adopted to handle the requirements of the “new” backhaul network. With a newer and more virtualized Backhaul network, an increase in customer satisfaction and new revenue sources will result from the rise of significant quality enhancement for delay sensitive services. Juniper Mobile Backhaul Solution implements the vision of the “new” backhaul network – “A seamless network that is built on IP with SDN control plane features for service agility and enrichment”.
So much has changed from the World Cup in 2010 to this past 2014 World Cup... we can only imagine what is to come in the World Cup 2018. What will connectivity look like then? Will we be on a completely virtualized network? Check back in 4 years to find out! In the meantime you can read more about this topic in the backhaul POV paper.
Introducing another new Security & Mobility Now blogger! Please meet Erin K. Banks, senior technical marketing manager for virtualization security at Juniper Networks.
What did you want to be growing up? Did you see yourself where you are now?
I literally have no idea what I wanted to do growing up. I think I just wanted to enjoy every moment and my experiences. My father pushed me into an engineering degree. At that time, I do recall wanting to work in the audio field, specifically Bose because I adore music. Let’s just say that I always wanted to be a kid and clearly I have achieved that goal.
What led you to Juniper?
Chris Hoff led me to Juniper. I wanted the perfect job and he had it, so I took it. I couldn’t be happier. The ability to work with Security and Virtualization every day was incredibly exciting and I just knew the people at Juniper were some of the best.
Tell us about your blogs? What do you write about?
I have a personal blog, “Common Denial,” and I have always written about . . . wait for it . . . security and virtualization. I know, such a shock, but it is what I love.
What do you like to do when you are not working? What’s your passion?
Travel… At this time, I have slept in all states in the United States, except for TWO… so right now I am trying to get to those states.
I am also trying to go to every baseball park in North America and see a game. I love to travel everywhere and experience the world. I can’t wait!!
I also just signed up for my fourth marathon so clearly I will be training for that in the rest of 2014. #PewPew