ZIMPERIUM FAQs

When a security event is generated from one of your devices, the event information including relevant forensics are uploaded into your zConsole. This data can be pulled down to your environment and placed in a directory that your SIEM system polls for data import. The data is presented in JSON format, which provides an easy way for any SIEM system to be able to digest the event and associated forensics.

The Syslog Pull Module (SPM) is a bash script which runs cURL commands to access your Zimperium zConsole information securely. The output of the cURL command are your security events in JSON format. This cURL output is stored directly into a file.

The SPM should be run in crontab to pull events. It is important to note the following:

The SPM automatically generates a new file for each request to the zConsole server.

The SPM cleans up old files (configured currently to clean up files older than a week).

Requests are made over HTTPS.

To pull these events down to your environment so that they can be imported in to your SIEM server, Zimperium Support needs to perform a one-time configuration and provide you with security parameters required. Please open a ticket at support.zimperium.com for these details

Once you receive these details, please enter these details in one of the following sample scripts to create your SPM script (sample scripts attached),

Linux/Unix operating system -SIEM system supporting syslog format

Linux/Unix operating system -SIEM system supporting non-syslog format (JSON only)

Windows operating system -SIEM system supporting syslog format

For more details on the script and options for changing the density of logging (Verbose vs. Concise), Severity of Threats reported (Normal, Low, Elevated, Critical) please refer zConsole-SIEM Integration guide

1. Where can i download the latest zANTI version?Please download the latest version of zANTI from here https://s3.amazonaws.com/zANTI/zAnti3.19.apk

2. zANTI Login FailedThe latest version of zANTI does not require Email/Password.

Users can directly start using zANTI. Please download the latest version of zANTI from here https://s3.amazonaws.com/zANTI/zAnti3.19.apk

3. How to Signup as Beta Tester?Currently wedon'thave zANTI beta release for testers. But still you can fill up the form below to be a part of zANTI beta testing program and if selected, we will contact you directly.

https://docs.google.com/a/zimperium.com/forms/d/1jXtwrE2dMKZBl8YfMeJvqzIjJ_n_IwLTXppePdWNHHI/viewform

4. What are the zANTI Supported Devices?We would recommend to use Nexus 5/6 device or Samsung S4/S5/S6. zANTI does not support Zenfone or any Intel x86 devices.

5. How can i get Zetasploit?We are no longer offering Zetasploit.

6. What languages does zANTI Support?zANTI will automatically switch the language depending on the selected device language. To manually change the language, Please Tap on the zANTI logo on the top left corner and Tap "Set Language".

7. Why doesn't my MAC Changer work?MAC Changer will only work on specific android versions/devices.

8. How can i purchase zANTI Premium version?zANTI is free to download. Currently, We do not offer premium version.

9. Why MITM (Man-in-the-Middle) failed to start?Please don't select the target as Gateway IP or Entire Network. This will fail. But if you select any other device on the network, it should work fine.

10. Where can i download zANTI Tutorials?Please download the zANTI Tutorials here https://www.dropbox.com/s/jkpc7s4295kwz9b/zANTI%202.0%20Community%20Tutorials.pdf?dl=0

No, zIPS can be downloaded from the public app stores and installed on the device.

zIPS provides users with information about app activity on their device when performing checks on the operating system, network connections and downloaded and installed apps.

Within the "Activity Monitor" section of the app you can now see an activity summary for the scans and security checks zIPS silently performs on the device. This allows you to quickly and easily understand how your apps, network connections, data and personal information are protected from compromise.

Please watch the video below to understand how end users can activate zIPS when an MDM is used.

https://youtu.be/drMuSDThPkk

No, zIPS does not access the user data for an application on the device. zIPS only looks at the application metadata and application binaries. zIPS uses this information to determine whether the app is malicious and capable of leaking sensitive information.

If zIPS determines that the application is harmful it will notify you on the device.

Yes. Zimperiumintegrates with leading Enterprise Mobility Management providers to deploy and offer superior protection ensuring devices safely connect to corporate resources. Zimperiumcombines machine learning threat detection capabilities with the MDM policy management delivering on-device protection from known and unknown threats. Read more..

Zimperiums z9 technology and mobile threat defense is available for Microsoft Enterprise Mobility + Security deployments. Customers using Intune can receive threat intelligence from mobile devices and implement the risk-based conditional access policies popular with Intune deployments. Read more..

Zimperium Mobile Threat Defense (zIPS) is an enterprise class, on-device security engine for Android and iOS devices that protects your mobile device against harmful WiFis and malicious apps. Developed for mobile devices, Zimperium uses patented, behaviour-based analytics on the device to detect threats in real time.

Yes, zIPS detects it !Click here to understand how zIPS can help.

zConsole access is only provided to Enterprise zConsole admins that are responsible for maintaining the platform.

If you are not an admin and are a zIPS user then the credentials you used for zIPS will not work for zConsole. This is by design.

If you are a zConsole Admin are not able to remember your password, please go the zConsole URL and click the "Forgot Password" button to retrieve your password.

If you are looking for zConsole access then please reach out to your Help Desk for further instructions.

Support Portal registration is currently restricted to Enterprise Customer Support representatives who are responsible for supporting the platform within an organization. If you are part of the Enterprise Customer Supports, please reach out to your Zimperium Platform Administrator. They will send us a request on your behalf.

Once we receive the request, we will create the necessary access and notify you immediately.

Security events can be securely pulled from the zConsole using the script defined in our SIEM Integration Guide.

This guide contains a bash script, which can be run as part of a crontab where it will access the zCloud server at regular intervals over HTTPS and retrieve the events in JSON format. These events are then saved as files locally on the customer machine from which the bash script is executed. The files can then be imported into the customers SIEM system using the SIEM native JSON capabilities or syslog. The advantage of this approach is that it does not require the customer to perform any networking changes or expose any secure resources to the network. The script is a starting point and the customer can update it as needed. However, if an inbound syslog connection is preferred, this can be configured as well.

Please login to the Support Portal to access the user guide under the Product Documentation section

To implement either of the above for event information, contact your Zimperium Customer Success team.

At this time the native language support has been updated to now include the following :

English

German

Japanese

Traditional Chinese

Korean

Hebrew

Spanish

Each release of the product typically contains new feature and fixes. The detailed list of both these items can be found within Release Notes section.

Please login to the Support Portal and click on the URL below for Release Notes.

URL : https://support.zimperium.com/hc/en-us/categories/115001847648-Release-Notes

1. Install Xcode from MAC Appstore.

2. Open Xcode, Select Window > Devices and Simulators

3. Select the connected iPhone from the left sidebar. Click View Device Logs

4. Select All the Logs in the This Device Tab and Right click to Export Logs

5. Please zip and share the logs exported to support for further investigation.

If you are prompted from VPN while installing zIPS then it means your Enteprise zIPS Administrator has enabled the VPN feature on iOS.

This feature allows zIPS to block all network access or block/allow network access to specific IPs if you connect to a harmful network. When you connect to such a network you will alerted by zIPS on your device and will not be able to connect via this network. You can restore your network connectivity by moving to a different Wi-Fi or a cellular network.

iOS Prompt Screenshot Post Installation Screenshot

Submitting a feature request on the Support Portal is simple. Please follow the steps below.

Steps to Follow

1. Login to the Support Portal.

2. Please click on "Create Case" on the top right corner.

3. Select form called "Support Ticket"

4. Select Case Type as Feature Request

5. Enter info and submit the case.

A Customer Success representative will review the ticket and reach out to you for any additional clarifications needed.

The status of the case will be updated as the Feature Request moved through the Product Management process.

Please Note

-Test Duration : Battery tests for mobile devices need to be run for 24 hours to get an accurate understanding of avg. battery consumption by the app. This allows the readings to correctly take into account a typical usage of the device by a user.

- On Android Devices : When zIPS is started for the first time it runs a comprehensive check to ensure the device is safe. So within the first hour the battery statistics will give the perception that battery usage is high. But accurate readings can only be captured after the app has been running for atleast 24 hours on the device.

Consider the case on the following screenshot attachment :

First, some definitions :

Usage : Time that the phone was used (i.e. not asleep)

Standby : Total time the phone was without charge, including time on deep sleep (i.e. when the screen is off).

zIPS Percentage : Is the percentage of the total battery that was used by zIPS.

Using the data from the above screenshot as an example, here is how the battery consumption for zIPS can be calculated :

Device Battery Usage = 100-53=47%

zIPS Battery Usage = 0.21 x 47% = 9.87%

Battery Usage by zIPS per hour = 9.87 % / 16.25 hrs = 0.60% per hour

Zimperium conducts several Webinars each month. The topics cover a wide range of areas such as Zimperium Product Innovation, Mobile Threat Trends, Mobile Ecosystem and several others.

To get a complete list of our upcoming Webinars please click the link below.

https://www.zimperium.com/resources/webinars

Yes. The default authentication used to allow access to zConsole is via a user ID and a Password. For organizations with a higher security requirement, Zimperium provides authentication using a second factor such as a text message, Google Authenticator or email.

To use one of these two-factor methods, contact your Customer Success liaison and ask them to enable 2FA (Two-Factor Authentication).

Detailed documentation regarding this feature available within the zConsole Guide within the Support Portal.

zConsole supports three languages today and is expanding these as needed. The current language can be changed by clicking on the current selected language in the top bar and selecting the required language.

Current supported languages for zConsole:

English

Japanese

Hebrew

Yes, the zConsole does support groups/labels similar to EMM solutions. When the zConsole is integrated with EMM/MDM solutions, it mimics the groups within these solutions.

Once the groups are created within the zConsole you can apply configurations to groups of users/devices for the Threat Response Policy and the Privacy Settings. In addition, Administration Roles can be associated with specific groups, allowing for greater control of Administrator access.

Groups can be used in the zConsole when an MDM integration is implemented with an MDM vendor that supports groups. During the MDM setup process, zConsole will recognize when an MDM supports groups and provide the Administrator an opportunity to setup one or more zConsole groups that correspond to the MDM groups. This screen is used to provide a hierarchy of which group to use in zConsole when a user/device is in more than one group being used for synchronization.

Any users added locally to zConsole will be defined in the Default Group group. This cannot be modified at this time.

Yes, the zConsole can be integrated with your SIEM solution.

Security events can be securely pulled from the zConsole using the script defined in the Zimperium SIEM Integration Guide. This guide contains a bash script, which can be run as part of a crontab where it will access the zCloud server at regular intervals over HTTPS and retrieve the events in JSON format. These events are then saved as files locally on the customer machine from which the bash script is executed. The files can then be imported into the customers SIEM system using the SIEM native JSON capabilities or syslog. The advantage of this approach is that it does not require the customer to perform any networking changes or expose any secure resources to the network. The script is a starting point and the customer can update it as needed. However, if an inbound syslog connection is preferred, this can be configured as well.

To implement either of the above for event information, contact your Zimperium Customer Success team.

The on-device solution does not require an internet connection to detect an attack. Therefore, detection and alerts are immediate. On-device detection is much more effective and can protect event when offline. Other security solutions that depend on an internet connection can be disabled by an attacker and render the solution ineffective

zIPS only collects threat and device information in the event of an attack. This information is used to make the device owner aware and help take steps to remediate the problem.

To further protect user privacy, zIPS does not view, store or send any information such as user location, contacts, email, SMS or browser traffic flowing through your mobile device.

The privacy policy for zIPS is set by your Enterprise Admin. If you have further questions please reach out to you help desk.

Zimperium's Privacy Policy can be viewed at the URL below.

https://www.zimperium.com/privacy

Zimperiums new Site Insight feature protects users against phishing by detecting harmful links found in text messages, social media apps and emails.

zIPS will proactively warn and protect mobile users from web-based threats when browsing the web or if they were to click on a link in text messages, social networking sites/apps or emails so that I can minimize the risk to our company, as well as provide our users with the safest connected experience.

When you navigate to a bad site / risky URL zIPS will proactively prompt you that the site you are trying to access is dangerous and that you should not proceed. This visibility will allow you to make an informed decision and securely browse the web.

Here is how it looks :

Googles Android for Work provides an environment to separate your business app data from your personal app data. Applications in the Work profile of Android for Work run in a separate protected workspace vs the personal side of the device. For example, the Android for Work Contacts app has different contacts then the personal Contacts app. Applications running in the work profile can only see other applications and processes in the work profile.

When implementing zIPS on a device with Android for Work, there are three supported configurations:

Running zIPS in the Work profile of the device.

Monitor apps installed in the Work profile.

Monitor Network behavior on the device.

Monitor abnormal behavior on the device.

Running zIPS in the Personal profile of the device.

Monitor apps installed in the Personal profile.

Monitor Network behavior on the device.

Monitor abnormal behavior on the device.

Running zIPS in the Work profile and zIPS in the Personal profile. This provides the best protection.

Monitor apps installed in both the Personal and Work profile.

Monitor Network behavior on the device.

Monitor abnormal behavior on the device.

If you would like help with your Android for Work implementation please reach out to your Customer Success representative.

Yes. Zimperiumand AirWatch provide complete enterprise mobile security delivering sophisticated threat protection for managed mobile devices. The integrated solution secures devices against known and unknown threats to ensure corporate data, identities and applications are not compromised by mobile attacks or operating system vulnerabilities. Read more..

Download the guide below to learn how it works.

AirWatch Integration Guide

Yes. Zimperiumand MobileIron provide complete enterprise mobile security delivering sophisticated threat protection for managed mobile devices. The integrated solution secures devices against known and unknown threats to ensure corporate data, identities and applications are not compromised by mobile attacks or operating system vulnerabilities. Read more..

Click on the below below to learn how it works :

MobileIron Integration Guide

Yes. Zimperiumfor BlackBerry delivers continuous and real-time threat protection to mobile devices. It secures devices against known and unknown threats to ensure corporate data, apps, and networks are not compromised by an advanced mobile attack.

Together, BlackBerry and Zimperiumenable enterprises to manage and secure iOS and Android devices against mobile cyberattacks. Zimperiumcontinuously detects and analyzes threats, and provides BlackBerry with the visibility to enact risk-based policies to remediate against these attacks.

The integrated solution provides IT Security Administrators with a way to safely enable BYOD and strike the balance between empowering mobile worker productivity, while at the same time securing mobile devices against advanced threats. Read more..

Download the guide below to learn how it works :

BlackBerry Integration Guide

Yes. The app communicates with the server periodically and runs in the background. zips will alert you only in case of threats and as per the alerting policy set forward by your administrator.

As part of Zimperiums drive to enforce strong mobile security, z3A Advanced App Analysis continually evaluates mobile app risk across company employees and their devices.It provides intelligent insight into your employees apps. You can see which apps in use are safe or risky, and set security policies to reduce that risk. Read more..

Please reach out to your Zimperium Sales Representative for a trial. If you do not have a representative at please click on the link to submit a trial request. A Zimperium representative will reach out to you shortly.

Contact Us

Yes. Please click on our blog URL below for more details.

Detecting KRACKAttack

Yes. Please read our official blog to understand how zIPS can helps keep you safe.

Detecting DoubleLocker Ransomware

When integrated with an EMM (Enterprise Mobility Management) or MDM (Mobile Device Management) solution, zIPS automatically authenticates the user and logs him/her in.

Yes. Please reach out to your Customer Success or Sales representative for more details.

Yes. We have videos on our Youtube channel to help customers learn about the the platform. Please click on the URL below to navigate to our YouTube Channel.

Click here : Z YouTube Channel

For public apps obtained from the app stores, updates will be automatically available on user devices when a new app is published to the public stores.

For private apps (MDM version) directly uploaded into you MDM/EMM solution, you Customer Success liason will notify you once a new version is available.

Yes. Zimperiumintegrates with the leader in Android security, Samsung KNOX, and is available on the KNOX Marketplace. KNOX customers benefit from Zimperiums leading threat detection capabilities to protect Android devices against cyber-attacks. Adding Zimperiums mobile threat defense to KNOXs MDM and containerization offer enterprises unparalleled security against todays advanced threats.

Please contact your Customer Success liason. They will provide the access necessary and send a confirmation email.

The Zimperium Handset Alliance enables communication between researchers, mobile network operators, mobile application developers and device vendors to improve Android security and patch procedures. Read more..

Much like a doctor can diagnose an illness by analyzing the symptoms your body is exhibiting, zIPS can detect both known and unknown threats by analyzing the behaviour of your mobile device. By analyzing slight deviations to the mobile devices operating systems statistics, memory, CPU and other system parameters, the detection engine can accurately identify not only how the attack occurred but also recommend actions to take to help keep your data and mobile safe.

What is zIPS?

Zimperium Mobile Threat Defence (zIPS) is an enterprise class, on-device security engine for Android and iOS devices that protects your mobile device against harmful WIFIs and malicious apps. Developed for mobile devices, Zimperium uses patented, behaviour-based analytics on the device to detect threats in real time. The app has also been optimized for battery consumption to ensure a great user experience.

Isnt my antivirus app sufficient?

No, signature-based technologycan'tkeep pace or protect against unknown or dynamic threats. It protects for known malware and it can take days to update the databases. Itwon'tprotect you against mobile network attacks and device exploits either.

What about my privacy?

zIPS only collects threat and device information in the event of an attack. This information is used to make the device owner aware and help take steps to remediate the problem. To further protect user privacy, zIPS does not view, store or send any information such as location, contacts, email, SMS or browser traffic flowing through your mobile device.

How does zIPS work?

Much like a doctor can diagnose an illness by analysing the symptoms your body is exhibiting, zIPS can detect both known and unknown threats by analysing the behaviour of your mobile device. By analysing slight deviations to the mobile devices operating systems statistics, memory, CPU and other system parameters, the detection engine can accurately identify not only how the attack occurred but also recommend actions to take to help keep your data and mobile safe.

Are there any other benefits to this on-device protection solution?

Yes, since the solution is on-device, it doesnt require an internet connection. So the detection and alerting is real-time and no latency is introduced. This also means that a device can be protected in airplane mode and when roaming unlike security solutions that depend on an internet connection and that attackers can easily take down when a device has been compromised.

Why Should I Care?

Today we use our mobile your mobile for both personal and work related activities. 90% of our mobile usage is attributed to infotainment apps, productivity apps, e-commerce apps and search engines. But a third (3.3 million apps) of the apps available to us today are malware capable of stealing your personal, banking and enterprise data from your device. This risk is further amplified when you habitually connect to free Public Wi-Fis for faster connectivity and better mobile experience. Hackers are well aware of these behaviours and lurk in popular places to exploit your mobile device.

What happens when there is an attack or threat detected on my device?

In the event of an attack zIPS first alerts you on your device via a notification. Upon clicking the notification, you will be able be taken into the app to see additional information regarding the threat and and remediation actions you can take to help remain safe. The threat information is also reported to your Enterprises Security Group to ensure they can help keep other users and the enterprise safe from similar threats.

What are some key features of zIPS?

On Device Protection; doesnt need internet connectivity

Protection from Malicious Apps

Protection from harmful WIFIs

Protection from known and unknown threats (Mobile Handset Protection)

Recommendations and decisions when malicious activity is discovered.

Who can I contact to get more information about zIPS?

https://www.zimperium.com/zips-mobile-ips

I have an iOS device. Am I still vulnerable?

iOS devices have been proven to be vulnerable time after time. All the major OS versions had publicly available jailbreaks within days of the updates making them significantly more vulnerable.

What is the typical battery usage for zIPS?

zIPS consumption on average ranges between 0.3% to 0.8% per hour depending on your usage throughout the day.

I have an iOS device, is my device protected if I swipe off the App?

Yes. The app communicates with the server periodically and runs in the background. zips will alert you only in case of threats and as per the alerting policy set forward by your administrator.

What happens when there is an attack or threat detected on my device ?

First zIPS sends automated alerts to both the Security Group and the device in the event of an attack. Further remediation actions on the device will automatically occur as defined within Enterprise Threat Management Policy.

I forgot my password to log into zIPS, how can I reset it? (Applicable for manual login)

Please contact your Administrator (Email/Phone) to obtain username/password. Shortly after you will receive a new password in your inbox.

How do I activate the App?

Customers not using MDM : Click on the zips App icon on your device to open the App. Enter your username & password to login. You should see the app screen refresh with the message You are protected Device is Safe

Customers using MDM : Click on the zips App icon on your device to open the App. The app should auto log you in and You should see the app screen refresh with the message You are protected Device is Safe. User does not have to enter username or login.

Whyisn'tthe application asking me for my login?

The application is configured for Auto-Login via MDM/EMM. Please reach out to you MDM Administrator for more information.

What is my Username and Password?

Please contact your Administrator (Email/Phone) to obtain username/password.

I forgot my password to log into zIPS, how can I reset it?

Please contact your Administrator (Email/Phone) to obtain username/password. Shortly after you will receive a new password in your inbox.

How to calculate the battery usage of zIPS on iOS?

Consider the case on the following screenshot attachment :

Definitions :

Usage : Time that the phone was used (i.e. not asleep)

Standby : Total time the phone was without charge, including time on deep sleep (i.e. when the screen is off).

zIPS percentage : Is the percentage of the total battery that was used by zIPS.

Using the data from the above screenshot as an example, here is how the battery consumption for zIPS can be calculated :

Battery drain = 100-53=47%

Drain by zIPS = 0.21 x 47% = 9.87%

Drain by zIPS per hour = 9.87 % / 16.25 hs = 0.60% per hour

There are reports of an available exploit for CVE-2017-0785 but we have not yet validated that exploit is for BlueBorne. zLabs continues to research the BlueBorne vulnerability and will provide more information when it becomes available. For now, rest assured your devices are safe when running zIPS since it detects any indicators of compromise no matter what the input methods may be

BlueBorne is very similar to Stagefright. If an exploit is delivered and triggered on the device the attacker might chain it to root or modify the operating system to compromise the device. In doing so, the local exploit will trigger different threats on zConsole such as system tampering, EOPs and file system changes. Similar to Stagefright, the exploit codes (more specifically, the injected shell codes) for distinct platforms will be different and thus additional overheads need to create new exploit code for a new platform.

The detection occurs from the zIPS's standard ability to detect detect Jailbreak, EOP, file system changes and any other threat in the Threat Response Matrix. An attacker leveraging BlueBorne could deliver an exploit to compromise a device. zIPS will detect the indicators of compromise delivered via BlueBorne, Stagefright, Wi-Fi or any other device input methods.

Depending on our access to the device (eg Partners like Sirin, Samsung Knox, Blackberry, and MDM access,) we can kill processes, wipe devices or wipe containers when attacks happen. The remediations are set in your Threat Response Matrix.For both iOS and Android, zIPS can identify which mobile devices are compliant with the latest OS versions and security patches. Administrators can enable a policy to identify non-compliant devices based on the BlueBorne vulnerability. Once a vulnerable device is identified, administrators can send a customized notification to the device to upgrade the OS or disable Bluetooth.

No, signature-based technologycan'tkeep pace or protect against unknown or dynamic threats. It protects for known malware and it can take days to update the databases. Itwon'tprotect you against mobile network attacks and device exploits either.

Antivirus solutions covers signatures for Apps but is not capable of detecting attacks that are happening in other sandboxes.

Mobile AV cannot detect the following attacks:1. Malicious chargers / PCs2. Browser exploits3. Kernel exploits4. IPv4 and IPv6 attacks.

Customers not using MDM : Click on the zips App icon on your device to open the App. Enter your username & password to login. You should see the app screen refresh with the message You are protected Device is Safe

Customers using MDM : Click on the zips App icon on your device to open the App. The app should auto log you in and You should see the app screen refresh with the message You are protected Device is Safe. User does not have to enter username or login.