Smartphones increasingly vulnerable from hacking and spying through malware attacks, holes in hardware, Geolocation devices and cameras

Rajesh Uppal September 19, 2018 Cyber Comments Off on Smartphones increasingly vulnerable from hacking and spying through malware attacks, holes in hardware, Geolocation devices and cameras 741 Views

Today, mobile devices are coming under increasing attack. The number of mobile malware is rapidly on the rise with malicious activities, such as stealing users data, sending premium messages and making phone call to premium numbers that users have no knowledge. Ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to organizations and individuals in 2018 and beyond, Trend Micro said in a report released in Feb 2018.

Mobile malware attacks rose to 42.7 million incidents in 2017, up from 40 million in 2016. The risks are especially high for the public sector. The security website DarkReading reports that government ranks second for the highest number of mobile malware attacks, behind only the financial services industry. “Five or six years ago, everything was targeting the laptop, but smartphones have more data, more features, and more capabilities,” says Yeongjin Jang, a Ph.D. candidate in Georgia Tech’s College of Computing. “So the attackers are trying to get access to these devices through various means.”

Almost half of information workers today are using bring-your-own laptops, 68 percent are using their own smart phones, and 69 percent are bringing their own tablets at work, according to Forrester’s annual security survey. “Obviously, the risks are high, especially when you look at all the corporate data that’s held on these devices, such as customer information, intellectual property, contracts, competitive data and invoices,” not to mention the potential access to corporate networks themselves, says Chris Sherman, Forrester senior analyst.

In keeping with past trends, a vast majority of the threats affected Android devices and those downloading mobile applications from unofficial third-party stores. . However, the problem is not only vulnerabilities in the software, but specifically holes in the hardware. Meltdown and Spectre, the serious security holes in processors, which are also present in mobile devices, have again demonstrated how important a speedy security process is so that users receive new updates quickly. This is because the majority of cyber attacks exploit security holes that are already known.

The geolocation features on smartphones, fitness trackers and other devices could create security risks by revealing their location the Pentagon said in August 2018 therefore US military is prohibiting its deployed personnel from using them. These geolocation capabilities can expose personal information, locations, routines, and numbers of department personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” it said.

The decision follows concerns raised in January when an Australian researcher’s analysis of data posted by Strava, a fitness tracking app, on activities of its users revealed locations of American forces in Syria and Iraq. Strava posted heat maps showing movements of people exercising while wearing fitness tracker devices and publicly sharing the time and location of their workouts via the app. Outlines of US outposts in Syria and Iraq could be seen in the maps because many US military personnel used fitness tracking devices, while few local people own them, according to media reports.

Multimedia security particularly Smartphone camera has also come under threat. Attackers can implement spy cameras in malicious apps such that the phone camera is launched automatically without the device owner’s notice, and the captured photos and videos are sent out to these remote attackers. Researchers have also utilized computer vision techniques to analyze recorded videos and infer passcodes from users’ eye move-ments. Several video-based attacks targeted at keystrokes have been proposed. Even worse, according to a survey on Android malware analysis, camera permission ranks 12th of the most commonly requested permissions among benign apps, while it is out of the top 20 in malware. The popularity of camera usage in benign apps and relatively less usage in malware lower users’ alertness to camera-based multimedia application attacks.

These vulnerabilities could be exploited by adversary countries therefore the U.S. government and its agencies are warning against using devices made by Huawei and ZTE, claiming they may represent a security threat. US service members will no longer be able to purchase ZTE and Huawei phones on military bases, according to a new Defence Department directive that cites security risks posed by the devices. “Huawei and ZTE devices may pose an unacceptable risk to Department’s personnel, information and mission,” Pentagon spokesman Major Dave Eastburn said in a statement. “In light of this information, it was not prudent for the Department’s exchanges to continue selling them to DoD personnel.” Mobile Internet modems and other wireless products are also included in the ban.

Mobile Ransomware

The new and noteworthy mobile security trend has been the emergence of new mobile threat tactics such as ransomware (a type of malware that locks users out of their mobile devices in a pay-to-unlock-your-device ploy) and an increase in threat sophistication. DeathRing poses as a ringtone app and then surreptitiously downloads fake SMS content to infected devices, in a possible attempt to capture victim login credentials by impersonating trusted entities like banks via SMS. Notably, DeathRing appears to come pre-installed on certain devices, suggesting its authors were able to infiltrate the device supply chain and inject their malware into factory-shipped devices.

In 2017, Trend Micro’s Mobile App Reputation Service (MARS) analyzed more than 468,830 unique mobile ransomware samples. That number represented a 415% increase in new ransomware from 2016, according to the security vendor. Mobile ransomware detections were highest in China, which accounted for nearly one-third of all detections, followed by Indonesia, India, and Japan.

The most pervasive mobile ransomware in 2017 was SLocker, an Android file-locking malware tool that alone accounted for more than 424,000 of the unique samples that Trend Micro analyzed during the year.

Rising Mobile banking threats

Ransomware was not the only mobile threat. In 2017, the number of unique mobile banking malware samples that Trend Micro spotted increased 94%, to 108,439. With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more-sophisticated capabilities into their mobile banking malware. “They blended in with legitimate processes — or masqueraded as one — to stay under the radar, steal more than just credit card data, and bypass security mechanisms,” Trend Micro noted.

According to online security company QuickHeal, there’s a new threat that masks itself as Flash Player. Unfortunately, this targets about 232 banking apps, including apps in India. In a post on its official blog, QuickHeal mentions about the Android.banker.A9480 malware. The post goes on to mention that it steals your login credentials for your bank as well as hijack the SMS feature on your phone. In addition, it can also upload your contacts and text messages to a rogue server.

Explaining the modus operandi, the post describes that the malware works by distributing itself as a fake Flash player. Once the victim has installed the malware on their device, it takes administrative control. Even disabling or killing the process wouldn’t help solve the problem. The only option left for the user is to enable admin privileges.

Among the tasks that the malware undertakes in the background is scan the user’s device for among 232 applications including banks and cryptocurrency applications. If any of the applications are detected on the device, the user would receive a notification. Once the user clicks on the notification, a fake login screen is displayed. The user then enters the credentials to login, which is captured to eventually steal crucial financial information.

Android major target for attack

On the Android platform, Quick Heal Security Labs detected over one million Android malware in 2017. The proliferation of fake apps and downloading of apps from third-party stores were the biggest mobile security concerns in the previous year. Towards the end of 2017, it observed cryptocurrency mining to have spread from personal computers to smartphones where attackers targetted gaming, adult entertainment and browsing related apps.

They attempt to infect the systems by slipping into the Google Play app store or by convincing users to download and install applications from third-party stores and untrusted sites.

2017: 700,000 malicious apps on Google Play

In the past year alone, Google and AV providers discovered over 700,000 apps that violate the guidelines of the Play store. This constitutes an increase of 70 percent compared to 2016. Among the malicious apps were copycats – apps with unacceptable content and malware which pose as legitimate apps.

The statistic shows that malware apps can creep into the store despite Google’s numerous security features. Users should therefore make sure they install a security app on their device. This can detect applications with malicious functions in good time. The security app should include a virus scanner that checks the Android device and all apps for Trojans, viruses and other malware.

Rooting malware: no surrender

For the last few years, rooting malware has been the biggest threat to Android users. These Trojans are difficult to detect, boast an array of capabilities, and have been very popular among cybercriminals. Their main goal is to show victims as many ads as possible and to silently install and launch the apps that are advertised. In some cases, the aggressive display of pop-up ads and delays in executing user commands can render a device unusable.

Rooting malware usually tries to gain super-user rights by exploiting system vulnerabilities that allow it to do almost anything. It installs modules in system folders, thus protecting them from removal. In some cases – Ztorg, for example – even resetting the device to factory settings won’t get rid of the malware. It’s worth noting that this Trojan was also distributed via the Google Play Store – we found almost 100 apps there infected by various Ztorg modifications. One of them had even been installed more than a million times (according to store statistics).

Globally, some 73 percent of smartphone users have Android (source: Statcounter). However: only about 1 percent of all Android users have the latest version, Android 8. Over half are using Android 6 and 7 (“Marshmallow” / “Nougat”), and a quarter are still on version 5 (“Lollipop”) (Source: Android).

Android is the clear forerunner among experts when it comes to security holes. Developers and researchers alone discovered 841 vulnerabilities among the various versions of the Google operating system in 2017. However, this leading position is explained by the fact that Android is an open source project, and therefore plenty of people have the opportunity of working on it and researching it. However, the problem is not only vulnerabilities in the software, but specifically holes in the hardware. Meltdown and Spectre, the serious security holes in processors, which are also present in mobile devices, have again demonstrated how important a speedy security process is so that users receive new updates quickly. This is because the majority of cyber attacks exploit security holes that are already known.

With the release of Android 8.0 (Oreo), Google introduced Project Treble. With this, Android developers are pursuing the goal of distributing updates to users faster and more sustainably.

Apple has kept iOS closed source and strictly controls what is allowed in its store, but that doesn’t mean iOS is immune. By focusing on iCloud, for example,vandals grabbed intimate photos taken by celebrities with their iPhones and uploaded to the cloud. According to experts at the US-CERT, the reuse of flawed code and vulnerable libraries are two major causes of app vulnerabilities.

AT&T warns against the huge security risk of lost device and recommend the installation of mobile security software that typically encrypt communications and provide a firewall, as well as spam and malware filters, use of autolock and remote wipe feature. Further backing up the data to the cloud and to installing apps only from well-known and reputable vendors and to check online reviews before downloading. You can also consider Cloud-based mobile device management (MDM) that offers “set-and-forget” features that can be especially useful to small businesses.