Mobile Botnet: Rise of the Machine

One of the greatest threats for mobility customers is the presence of mobile botnets.
Their threat will soon outweigh the majority of large-scale malicious activities.  This is evident when evaluating existing fixed line botnets’ ability to hide within applications or services, execute commands and consume bandwidth.

Scott Totzke, RIM’s Vice President of Blackberry security announced his concern that Smartphones will soon become mechanisms used in large scale Denial of Service (DOS) attacks.  This reflects the serious attention by key mobile device manufacturer executives.

Behind the scenes, the mobile security industry has begun turning its focus toward thwarting these attacks by way of research and implementation of new innovative defense-in-depth mechanisms.

At the 2010 RSA Conference in San Francisco, mobility security researchers utilized traditional distribution mechanisms to prove the viability of botnets within mobility.  This was done by creating an inconspicuous application and distributing it through non-traditional application download sites that cater to jail -broken devices.  Within a matter of days, their experimental application successfully infected thousands of devices, providing a perfect platform for  Distributed Denial of Service (DDOS) attacks and cybercriminal theft activities.

Click to Enlarge

Click to Enlarge

Mobile Botnet Examples in the Wild

Beyond this proof of concept, two distinct cases of potential Smartphone botnets emerged in the wild.  The first incident, aimed at the Symbian platform, utilized a Symbian-certified application to infect its victims.  Although it did not directly demonstrate all botnet behavior – e.g.  the ability to remotely control the malware after installation – it did update the SMS template it uses when spreading.  It also  displayed the ability to steal the victim’s information by transmission to a malicious website in China.

The second case exploited an SSH default password on jail-broken iPhones.  Originating in the Netherlands as a simple extortion popup window used by a Dutch teenage hacker for profit, the exploit quickly evolved into a worm in Australia that succeeded in infecting an estimated 21,000 victims within about a week.  Directly following the exploits evolution into a worm, cybercriminal released a full-blown Botnet across Europe that specifically targeted customers of the Dutch online bank ING Direct.  Taking advantage of the same architecture utilized in the Australian worm, the evolved malware included command and control logic to place infected iPhones under the direct remote control of a Lithuanian botmaster.

An Ounce of Prevention

Realizing the potential future use of mobile botnets in an attack, a Washington D.C.-based nonprofit sponsored an exercise – Cyber Shockwave – to understand strengths and weaknesses in the government’s ability to respond to such an attack on the nation’s information systems. Utilizing prominent former top-level national security and administration government officials that included former Director of National Intelligence, John Negroponte, and former Director of Central Intelligence, John McLaughlin . The  council of ten experts engaged in a scenario that initiated with a massive cell phone botnet attack that eventually expanded to 600 million devices.

Although a large-scale attack of this nature will not likely surface in 2011 or 2012, it is important that the enterprise realizes the threat is real. As mobility continues toward standardized technologies and smartphone market saturation, AT&T and other progressive organizations are doing their part by continuing to invest resources to protect the future integrity of mobile services.

Doing our Part at AT&T

Having a long legacy of developing and managing network-based security solutions and services, including Botnet prevention, AT&T supports a defense-in-depth architecture for enterprise-class protection.

As a leading mobile carrier in the U.S., AT&T applies its network and security expertise in fixed and mobile environments to help companies safely extend the enterprise perimeter to expand mobile services.

By collaborating with leaders in the security space, AT&T is working toward an integrated end-to-end mobile security architecture to help decrease cost and complexity, while helping to protect sensitive corporate and customer information.

For more information on Mobile Botnet and Mobile Security visit AT&T’s online newsroom.

Have you experienced any botnets on your Smartphone?  What steps have you taken to prevent the threat of botnets?  This is a very important topic and your comments (below) will help others to be safer in this ever-present threatening environment.
The Networking Exchange Blog Team About NEB Team