Home > Uncategorized > Smartphone Attacks Are Increasing

Smartphone Attacks Are Increasing

Smartphones have become increasingly sophisticated over the years, and not surprisingly their functionality is built on top of operating systems that are starting to become more and more like mainstream operating systems commonly used today. Unfortunately, the presence of more functionality combined with more complete operating systems has resulted in a growing number of vulnerabilities. And the presence of these vulnerabilities has increasingly made cell phones the target of cyberattacks.

Last month users of jailbroken* iPhones in the Netherlands started seeing pop-up messages that informed them that their phones had been compromised and that malware had been installed on them. The messages directed the users to a Web site at which they could pay a five dollar ransom to get the malicious code deleted from their phones. The author of this code had found that that many of the jailbroken iPhones had the secure shell (SSH) program installed to provide secure network connectivity and that this program had a default password (“alpine”). He scanned the IP address range assigned to these phones for ones in which SSH was running and then used this program to install the malicious code in them. Fortunately, the perpetrator was caught and the money was returned to the victims.

Not long afterwards an Australian man developed a worm named “iKee.A” that exploited the same vulnerability in both jailbroken and non-jailbroken iPhones. Instead of demanding a ransom payment, this worm simply installed wallpaper showing a picture of the 1980s rock star Rick Ashley on iPhones that it infected and then attempted to infect other iPhones. About 21,000 of these phones were infected within one week of the worm’s release. Sadly, the author of this malware was not arrested; instead he was offered a job with a software company in Australia.

Shortly after iKee.A surfaced a new version of this malware started infecting iPhones. Named “iKee.B” (and nicknamed “duh”), this variant of iKee.A installed bots on iPhones that it infected. The perpetrator’s intention appears to build a massive botnet within Europe, although malware experts point out that the ability of this worm to spread is rather limited due to a number of factors.

The fact that new malware that targets smartphones is really nothing new. Anyone familiar with the proceedings of the recent Black Hat Conference in Las Vegas will know not only that exploit software that targets iPhones in particular is becoming more prevalent, but also that the perpetrator community’s interest in exploiting smartphone vulnerabilities is increasing dramatically.

Smartphones are not very secure by default. They are about as secure out-of-the-box as Windows NT systems were in the mid-1990s. They can be made to be much more secure with a few changes in configuration settings and default passwords as well as the installation of security software, which is now widely available at a reasonable price. But somehow smartphone users tend to completely overlook the need for security in these devices, leaving them wide open to exploitation such as by the malicious code described earlier in this posting. Let’s face it—if users do not secure their own computers, why would they give any thought to securing their smartphones?

Big trouble is brewing. Stay tuned—it’s going to get ugly.

* – Wikipedia defines jailbreaking as “a process that allows iPhone and iPod Touch users to run unofficial code on their devices bypassing Apple’s official distribution mechanism.”

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.