Threats to Mobile Devices
Possible attack threats to mobile devices • Network exploit • Hackers takes advantage of vulnerability or flaw of user’s web browser on mobile device in WiFi communication to attack victims. • Hackers send malicious code/data from malicious logic websites to victim’s browser after user browses the malicious page and the malicious code will take over the control to get all sensitive data on the victim’s device. • Social engineering • Hackers use hyped contents to attract, manipulate, or persuade people into revealing confidential information through deception such as phishing for the purpose of information gathering, fraud, or access rights.
• Malware • Virus hosted on a legitimate code, replicable spread worms, Trojan horses with action in purpose • Misuse available resource and service • Email/SMS spam or denial of service (A group of the attacking devices send volume data to one targets on the Internet to impact the target’s services) • Enterprise/private Data Loss • Work place data on a mobile device may be uploaded to home PC while synchronizing of entertainment downloading or Enterprise/private data loss due to stolen device • Data tamper • Intentionally modify/corrupt device data without the permission such as device’s contact list
Good practices protects mobile device from potential threats • Protect data loss due to mobile device loss with device ID and remotely remove delete all the apps, contacts, and confidential data right after if the mobile phone is stolen or lost • Type URL instead of copy and paste or click links to protect mobile phones from drive-by download attacks • Protect data privacy by data Encryption, don’t cache sensitive data • Disable Device Features as necessary such as Wi-Fi, Bluetooth, and infrared when they aren’t in use. Enabling the firewall, disable sharing
Good practices protects mobile device from potential threats • Isolate personal apps and corporate apps • Detect and Remove malware Apps • Download all mobile apps from trusted sources application providers and check the permission requests during installation • Install a mobile security application to protect the mobile device from attacks
Mobile device security protection Strategies Block the app’s attempt to act beyond granted permissions . 1. • Access Control with ID and resource access permission requirement • App signature: Each app is signed with the identity of its author and protect app from tampering. • Encryption : Encryption encode data for data protection in case of device loss or theft. • Isolation: Restrict any app to access the sensitive data on a device. Each Android app runs in its own virtual machine (process) which does not allows any access resource belong to other VM except special permission grant.
Android’s Security • Android’s Security is supported by encryption, signature, Isolation , and access control security protection Strategies. However there still are vulnerabilities for Android mobile devices. • The Android app signature system is to ensure that the app’s logic is not tampered with, enforce a user to recognize the identity of the app’s author. Although Android will only install and run a signed app, a certificate is not required by Google. Hackers can still use anonymous digital certificates to sign their malware and distribute them without any certification by Google which is required by Apple. • A hacker can create and distribute malicious app since people will not be able to track down to the source and add Trojan horses and malicious code to a existing legitimate app and then re-sign the updated version with an anonymous or fake certificate and distribute it. Its original digital signature is tempered and lost.
Mobile Walware Security Solutions • Popular Mobile Malware (malicious software) are: • Spyware – steals user information with user’s consent somehow. • Trojan horse – steals confidential information such as credit card • Adware - displays unwanted pop-up ads with/without theft of sensitive data • There are some malware that just degrade or disrupt device operations such as rebooting device and exhausting device power without financial profit purpose. • Due to small screen size of mobile device most apps don’t show the URL address on the device screen while accessing web which takes even more difficult for mobile device user monitor and determine the destination of app on web.
Spyware and Adware • Spyware secretly gathers confidential information about the mobile user and then relays this data to a third party. These may be advertisers or marketing data firms, which is why spyware is sometimes referred to as “adware” (short for advertising -supported software) that automatically delivers advertisements such as pop-up ads • It is typically installed without user consent by disguising itself as a legitimate app (say, a simple game) or by infecting its payload on a legitimate app. • Spyware uses the victim’s mobile connection to relay personal information such as contacts, location, messaging habits, browser history and user preferences or downloads. • Spyware gathers device information such as OS version, product ID, International Mobile Equipment Identitiy (IMEI) number, and International Mobile Subscriber Identity (IMSI) number
Trojans • Mobile Trojans program is disguised as something normal or desirable to infect user devices by attaching themselves to seemingly harmless or legitimate programs, are installed with the app and then carry out malicious actions. • Such programs have been known to hijack the browser, cause the device to automatically send unauthorized premium rate texts, or capture user login information from other apps such as mobile banking. • Trojans are closely related to mobile viruses, which can become installed on the device any number of ways and cause effects that range from simply annoying to highly-destructive and irreparable. • Malicious parties can potentially use mobile viruses to root the device and gain access to files and flash memory.
Phishing Apps • Mobile browsing of the internet is growing with smartphone and tablet penetration. Just as with desktop computing, fraudsters are creating mobile phishing sites that may look like a legitimate service but may steal user credentials or worse. • The smaller screen of mobile devices is making malicious phishing techniques easier to hide from users less sophisticated on mobile devices than PCs. • Some phishing schemes use rogue mobile apps, programs which can be considered “ trojanized ”, disguising their true intent as a system update, marketing offer or game. • Others infect legitimate apps with malicious code that’s only discovered by the user after installing.
Ransomware • Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. • The malware restricts user access to the device either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer. • Ransomware typically spreads like a normal computer worm (see below) ending up on a computer via a downloaded file or through some other vulnerability in a network service.
Rootkit • A rootkit is a type of malicious software designed to remotely access or control a device without being detected by users or security programs. • Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely • Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a rootkit continually hides its presence, typical security products are not effective in detecting and removing rootkits. • As a result, rootkit detection relies on manual methods such as monitoring computer behavior for irregular activity, signature scanning, and storage dump analysis. • Organizations and users can protect themselves from rootkits by regularly patching vulnerabilities in software, applications, and operating systems, updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.
Bot Processes • Mobile malware is getting more sophisticated with programs can operate in the background on the user device, concealing themselves and lying in wait for certain behaviors like an online banking session to strike. • Hidden processes can execute completely invisible to the user, run executables or contact bot-masters for new instructions. • The next wave is expected to be even more advanced, with botnet tendencies to actually hijack and control infected devices.
Mobile Malware Symptoms • While these types of mobile malware differ greatly in how they spread and infect devices, they all can produce similar symptoms. • Signs of a malware infection can include unwanted behaviors and degradation of device performance. Stability issues such as frozen apps, failure to reboot and difficulty connecting to the network are also common. • Mobile malware can eat up battery or processing power, hijack the browser, send unauthorized SMS messages, freeze or brick the device entirely.
Recommend
More recommend
