Emerging Threats in the Mobile Environment: Part Two

As some of the smallest devices in the mobile computing space, smartphones are more prone to loss and theft than other devices. But the threat posed by someone else gaining physical possession of a device is not what will cause the most risk in coming years. Rather, it’s the electronic possession and subsequent control a hacker can wield over such devices, the applications that work on them, and the networks that connect them.

Understanding the New Mobility Risks

As we discovered in Securing the Mobile Enterprise (Part 1), expanded access to applications and emerging application services are creating multiple new entry points for malicious activity, each with its own set of vulnerabilities. Simultaneously, hackers are creating more innovative delivery mechanisms to exploit the increased amount of security threats

This is especially true of the most popular malicious mechanism yet: the mobile botnet.  Bot originators can infect unprotected smartphones via viruses or worms sent by email, through compromised applications and websites or in “drive-by” downloads – bot-laden applications that unsuspecting users authorize and download onto their devices without understanding the potential damage.

Once there, mobile bots are able to run automated attacks on the smartphone and the network it uses to connect. The primary mission of most bots is a denial-of-service (DoS) attack: Disrupting or denying user access to networks and computing resources and the services they deliver to employees, partners or customers.

Attack of the Mobile Botnets

To demonstrate the viability of botnets as security threats, two mobile security researchers created an inconspicuous application and distributed it through application download sites that cater to jail-broken devices.

Within days, the application successfully infected thousands of devices, providing a perfect platform for a distributed denial of service (DoS) attack and cybercriminal theft activities.

Mobile bots are not confined to security researchers; they’ve made their debut in the real world. In the Netherlands, a smartphone bot exploited a secure shell (SHH) default password on jail-broken smartphones. Though the bot originated as a simple extortion popup window used by a teenage hacker for profit, the exploit quickly evolved into a worm in Australia that infected an estimated 21,000 victim devices within a week.

Cybercriminals also released a full-blown botnet across Europe, targeting the customers of a Dutch online bank. Taking advantage of the same architecture utilized in the Australian worm, the evolved malware included command and control logic that placed infected smartphones under the direct remote control of a Lithuanian botmaster.

Advanced botnets can seek, destroy and steal data. By finding unprotected smartphones to use as entry points, these bots hide within applications and then execute on hacker demand.  Without adequate security features to help protect against these bots, criminals can potentially steal serial numbers, login IDs and financial data, as well as intellectual property a company relies on to drive innovation and remain competitive. While no massive DoS attack has taken place yet, researchers agree that – with the increase in mobile bandwidth and the ever-evolving ingenuity of hackers – the potential is there for botnets to launch large-scale attacks on corporate networks and even government networks.

Securing the Mobile Enterprise (continued)… Mobility Threats Part 3

In the next entry, we will continue our focus on understanding these new enterprise mobility risks by exploring the final primary threat that occupies a researcher’s time: Mobile Originated (SMS/MMS) Spamming.

The Networking Exchange Blog Team About NEB Team