In the last years, the usage of smartphones has been growing at a steady pace. According to a study conducted by eMarketer (http://tinyurl.com/qcjkkj8), the number of smartphone users will total 1.75 Billion in 2014, which represents almost one quarter of the world population. This number will grow to 5.13 billion by 2017, which is very impressive if we take into account that the previsions for the world population indicate that by 2050 the total population will be 9.6 billion. This means that by 2017, the smartphone users will largely surpass 50% of the world population.
This increase in usage, has driven manufactures to compete between themselves to get the biggest quota of market. To achieve this goal, they are producing smartphones with impressive capabilities. These capabilities are such that, OS manufactures are developing full versions of their systems to work in these small devices (example: Ubuntu for Android http://tinyurl.com/cwh26wa).
For most users, the smartphone is used, aside from normal communications, as a means to access the internet. This access is done either using the web browser or through applications that can be downloaded and installed using stores like Google Play or App Store. According to a research conducted by PewInternet (http://tinyurl.com/lzzsc9z) in 2013, 90% of the North American population own a smartphone, 63% of those, access the internet on the device and, 34% mostly, only use the smartphone as a mean to access the internet.
In many companies, the smartphone is used as tool to work. This way, users are always reachable, they can read their email and consult information from anywhere. The increase in usage of the device, also drains the battery more quickly. To “combat” this “issue”, users tend to charge their phone at work, and most of the times, they connect the smartphone to the computer to do this. So suddenly, computers in controlled networks may have an uncontrolled access to the “outside” world, which can pose a new threat.
In the last couple of years, more and more cases of information theft are happening (Orange case: http://tinyurl.com/qcdw8up, PS Network outage: http://tinyurl.com/3pplxq2, Ebay: http://tinyurl.com/p2vknhc). One particular case that we would like to mention is the one that occurred on AT&T (http://tinyurl.com/m5sg2qf), where employees of a third party provider have accessed and stolen client confidential information from the company. Although with different attack vectors, the fact remains that client information is being targeted and stolen from controlled and protected environments. With this, we arrive at our first case.
By using an internet enabled smartphone connected to a computer in the company’s network, malicious users can access confidential information (depending on the accesses of the user) and send it through an uncontrolled gateway. This theft may not even be noticed if the information that is stolen is part of the BAU (business as usual) of that user. However, users can participate in information theft without realizing it.
The increase in smartphone interest has also attracted the attention of not so well intended people. Since the beginning of the year, several new mobile malwares have been appearing. Among them, maybe the most noteworthy are:
- The ransomware malware family (example: Cryptowall http://tinyurl.com/kc9n9gp). These malwares encrypt the files of the devices using some type of cryptography (symmetric or asymmetric) and then asks for a ransom in order to provide the decryption key.
- The BadLepricon malwares (http://tinyurl.com/o64axe8), which check if the devices are connected to a charger and are idle to start mining for cryptocurrency.
- The Oldboot family (http://tinyurl.com/nllf97c), which is considered the most advanced mobile Trojan ever produced. The latest version was dubbed Oldboot.B and, is able to install apps silently, inject malicious modules in the system processes, prevent Antivirus from removing installed malware, steal data present in the device, receive commands from C&C (command-and-control) servers, encrypt files in the system, among other capabilities. In order to avoid detection, Oldboot.B uses advance techniques like stenography to hide its files.
- The Android.Claco, which downloads two files to the device's SD card root directory (one executable and one autorun file). Once the device is connected to a computer in USB mode, if the computer has the autorun functionality enabled, the executable file will be automatically executed. So, rather than targeting the smartphone itself, Android.Claco uses it as a mean to target the computers to which the smartphone will be connected.
The way in which smartphones are infected by malwares varies from one malware to another. For example, in the case of Cryptowall, the users are tricked into downloading the malware via advertisement in very high profile public domains such as Disney, Facebook and so on. BadLepricon and Oldboot are disguised as normal applications that install the malware in background. A different approach is the one used by Trojan.Droidpak (http://tinyurl.com/kz4svsb), which is a Windows Trojan that waits until a smartphone is connected to the computer to infect it with a malware of its choice. From these facts, we have the conditions to present a scenario where the user participates in data theft without realizing it.
In this second scenario, a smartphone is infected with malware that targets the user’s computer to steal information. Although there aren’t reports of such malware, from the examples that we have, it is very easy to imagine a malware that, when connected to a computer tries by every means to drop an executable payload. This payload will then monitor the computer in order to steal information. Once it has completed its purpose, all it needs to do is to send the result back to the creator (or C&C servers). This operation, can be done undetected by using the alternative connection provided by the device connected to the computer.
Well, this last paragraph may seem very “strong”. However, if we take into account that this information may be financially more valuable than targeting smartphones to mine cryptocurrency or to ask a ransom from the user, this may be a scenario that we will see in the near future.
Currently, companies have the “link” between a smartphone (and other such devices) to the user’s computer as an assumed risk. In light of the presented scenarios, the question that they should ask is: Should we keep assuming this risk?
0 comentários :
Post a Comment