BlackHat资料us-14-Brodie-A-Practical-Attack-Against-VDI-Solutions-WP.pdfVIP

Practical Attacks against Virtual Desktop Infrastructure (VDI) Solutions Daniel Brodie, Sr. Security Researcher Michael Shaulov, CEO Lacoon Mobile Security Introduction Enterprises are increasingly adopting Bring Your Own Device (BYOD) initiatives. In order to address the security and privacy concerns of mobility in the enterprise, security professionals together with IT, legal and even management teams measure how various processes, methodologies, and technologies weigh one against the other. The Virtual Desktop Infrastructure (VDI) technology is considered one such practical solution. Since VDI provides a remote workstation offering so that no data is stored locally on an endpoint device, it is touted as the security solution against data theft. While such a solution comes in handy when a mobile device is stolen, how does VDI scale when the device itself is compromised by a threat actor? With mobile devices acting as a penetration vehicle into the enterprise and its resources, and threat actors progressively threatening this platform, such a question must be raised. In fact, as this paper shows, device compromise is a real and practical threat that enterprises must take into consideration. In this paper, we examine the architecture of VDI and analyze its benefits and shortcoming as a security solution. Looking at both iOS-based and Android-based devices, we consider various attack vectors threat actors use to bypass the VDI solutions and efficiently glean sensitive and confidential corporate information. It is important to note that this article does not look at one VDI implementation as opposed to the next in terms of security. We do not test for vulnerabilities in im plementation or provide vulnerability exploits that threat actors can later use. Rather, all the attack vectors that we present leverage potential problems with any VD