The New Battlefront of Mobile Malware
August 28, 2013 No CommentsKeep your desktops close and your mobile devices even closer.
This seemed to be one of the strongest messages coming out of the Black Hat 2013 security conference in Las Vegas: That the little mobile friend wedged in your pocket could prove to be a serious adversary in the event that it gets compromised by a network of hackers. And it seems more and more hackers are devoting time to exploiting security flaws in smartphones and tablets.
Black Hat 2013 took an in-depth look at pervasive mobile threats targeting smartphones and tablets and what, exactly, companies are doing to combat these latest threats.
Mobile security vendors are innovating to address mobile threats in ways that are almost completely different from security software found on most desktops and laptop systems, according to an article on CRN.com.
Throughout the two-day Black Hat briefings, security researchers shared ways to hack into Android devices, take over an iOS device in less than 60 seconds, or sniff and decrypt cellular traffic by hacking into microcell devices. Security researchers say the message is becoming increasingly clear: The ecosystem for mobile threats is very likely to be vastly different than that on desktops and mobile devices, necessitating a different defensive approach.
Apple devices were not immune to being hacked. In a Black Hat session, three researchers, Billy Lau, Yeongjin Jang and Chengyu Song, demonstrated a way to hack into Apple iPhones and iPads by exploiting several design weaknesses. The researchers used a power brick to carry out the attack. Once an iPhone or iPad is plugged into the power brick, the device is stealthily compromised.
The bulk of the mobile threats being detected are currently targeting Android devices but, over time, Apple devices could see increased threats if cybercriminals can make a business case for attacking the devices, said Richard Henderson, security strategist for Fortinet’s FortiGuard Labs. Henderson said Fortinet has seen a 30 percent increase in mobile malware over the past six months.
“We’re seeing a significant amount of malicious applications with adware and spyware capabilities,” Henderson said. “Ransomware is also now turning to mobile devices.”
The tactics to detect malware continue to advance as well. A few years ago, doing malware analysis required a significant investment for both highly skilled people and gear to figure out what malware was doing and to profile it. Now we’re seeing folks offering up Web-based services to do the same thing, and open-source initiatives to leverage Big Data analytics to decipher patterns across large data sets to isolate bad behaviors.
Patrick Burke is a writer and editor based in the greater New York area and occasionally blogs for Rackspace Hosting