Mobile Device Threats
Smartphone penetration is approaching a peak, just nine years after its first launch. Statista predicts that by 2018 smart phones users will hit 46.4 million, with 65.8% of the population owning a smartphone. With such a large number of smart phones in use it is no surprise that infection rates of such devices have been steadily increasing, a recent report by Nokia found that the rate of infection on smart phones increased 83% from H1 of 2016 to H2.
Infections by Device
Whilst Android devices are still responsible for the majority of infections, it does not mean that iPhones are impenetrable, all operating systems have their own vulnerabilities and the more we rely on our smart phones the more likely that attacks will happen.
Key threats from 2016
The biggest security event of 2016 was the Mirai botnet and the DDoS attacks associated with it. Mirai was unique in that it recruited an army of IoT bots using a simple password guessing attack and then used these to launch three of the largest DDoS attacks in history.
The first reported attack was a 600Gbit/sec attack on Brian Kreb’s website in late September. This was followed a few weeks later with a 1.1Tbit/sec attack on OVH, a French web hosting company.
The Mirai source code was released to the hacker community on October 14th. A week later, on October 21st, there was a massive DNS flooding attack launched against DynDNS. This took out several high-profile web services that used DynDNS as their DNS provider, including Twitter, SoundCloud, Spotify and Shopify. In late November, a subsequent attack, attributed to a modified version of Mirai, disabled over 900,000 home routers in Deutsche Telecom’s fixed residential network, disrupting internet service for the affected users. In this case, while no routers were infected with Mirai, the attempt to infect the routers with the Mirai code caused the routers to crash.
The Mirai bot has two functions. The first is to spread by actively scanning for other victims. Mirai spreads by scanning the internet for devices that have an open telnet service running. When it finds one, it attempts to login using a brute force login attack based on common default passwords. While it is unusual for modern servers and network equipment to run telnet, many IoT devices appear to still use telnet for remote management and many were vulnerable to the password guessing attack. This enabled the Mirai operators to build large botnets very quickly.
iPhone – Trident & Pegasus
In August, Citizen Labs and Lookout did an exposé on Pegasus. This is a professional spyware application from NSO Group Technologies that sells for $25,000 on the dark web. The spyware uses a combination of phishing and three iPhone vulnerabilities (known as Trident) to exploit the phone remotely and launch a cyber-espionage attack against high profile individuals. It allows the attacker to take complete control of the phone, spy on social media and communication apps such as Gmail, Facetime, Facebook, Skype and WhatsApp. The spyware also monitors phone calls, SMS messages, call logs and allows remote audio and video recording. It has stealth protection and a built-in self-destruct mechanism. The victim is sent phishing e-mails and text messages with links to an infected web site. When they visit the web site, the first vulnerability is used against the Safari WebKit to obtain remote execution on the phone. Two subsequent vulnerabilities are then used to jailbreak the phone and obtain root access. The spyware component is then downloaded and installed. These zero-day vulnerabilities were closed by Apple prior to the disclosure. The lesson to be learned is that despite the measures taken to secure the Apple iPhone app ecosystem, the iPhone is still vulnerable to exploits and once jailbroken, is wide open to attack.
Ensuring your company is protected from such threats should be of an utmost priority, think how many of your employees have corporate data on an unsecured, unprotected device?
Mobliciti can secure your business from such threats, whether you need mobile threat prevention solution or identity & access management, we can provide it. Plus, if you don’t want the hassle of maintaining such technology we can do that for you. We’ll take the worry away from you but you still retain the control.