Share

Related Links

  • Lacoon Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Mobile security market set to hit $1.88 billion
    Mobile malware has advanced to a new level of sophistication as smart devices continue to gain ground, in turn driving an uptick in the mobile security services market.
  • Mischiefware remains the primary threat to the mobile user
    The Blue Coat 2013 Mobile Malware Report draws its data from 75 million users worldwide, and provides a detailed overview of the current mobile threat.
  • Malware monetization settles into four main vectors
    When it comes to malware, threats are coalescing into four typical methods that cybercriminals are using today to extract money from their victims, according to Fortinet Labs. The research also showed increasing activity in mobile malware variants of the Android Plankton ad kit, as well as in hacktivist web server vulnerability scanning.
  • 99% of mobile malware targets Android
    The fact that Android malware is an escalating issue comes as no surprise, but a recent analysis of its sheer 'market share' of the mobile malware universe is noteworthy.
  • Mobile malware up 2,180% in 2012
    The rise of mobile malware is becoming an industry meme, and no wonder: As mobility starts to permeate every aspect of consumer and business lives, malware vectors are increasing.

Top 5 Stories

News

Mobile malware gets serious – RATs can bypass sandboxes and encryption

12 April 2013

Mobile remote access trojans are becoming increasingly sophisticated and increasingly successful – new research suggests that 1 in 1000 smartphones have mRATs installed.

Lacoon Mobile Security has announced details of its latest research undertaken in partnership with global mobile network providers. It sampled 2 million subscribers and found that 1 in 1000 users have been infected with a mobile RAT. Detailed figures have not been released, but 52% of the infections involve Apple’s iOS devices, while 35% involve Android handsets.

“Infection of smartphones with mRAT requires the spyware to install a backdoor through the rooting of Android or the jailbreaking of Apple devices,” says the announcement. The implication from this – which cannot be verified from the details so far released since it isn’t clear whether the sampled devices were randomly selected or focused on rooted devices – is that there are huge numbers of jailbroken Apple devices; and around 1 in every 2000 iOS devices has a RAT installed. Jailbreaking almost always requires owner participation.

Once installed, the latest mRATs can bypass mobile device management (MDM) defenses. “MDM solutions create secure containers that separate business and personal data on the mobile. The concept is to prevent business critical data from leaking out to unauthorized individuals,” explained Ohad Bobrov, CTO and co-founder of Lacoon Mobile Security. “However, our research team demonstrated that mRATs do not need to directly attack the encryption mechanism of the secure container, but can grab it at the point where the user pulls up the data to read it.” That is, the RAT is able to access data either before it is encrypted or after it has been decrypted.

Once it has got the data, the RAT simply sends it on to its command-and-control (C&C) server. “The reason mRATs pose such a danger,” he added, “is that, while the software may be installed on a single device, it can be used to target the whole organization for espionage purposes.” Lacoon is warning that mRATs can eavesdrop on calls and listen in on board meetings, steal text messages and voice recordings, track the location of key executives, and snoop on corporate emails and application data.

“While MDMs do offer static compliance and policy enforcement some protection,” says Lacoon, “organizations need to understand that they do not offer complete protection.” Lacoon will be demonstrating a live attack technique aimed at bypassing popular MDM solutions later this month at Infosecurity Europe in London.

Meanwhile, what remains a puzzle is how so many iOS devices can be jailbroken. A call to Lacoon for clarification was not answered in time for publication. Graham Cluley of Sophos is puzzled. “It's ‘theoretically’ possible to jailbreak” a device remotely, perhaps social engineering would be involved, but he suspects that the RATs concerned are typical ‘spousal and parental spy’ RATs. “In that scenario, the ‘attacker’ probably does have physical access to the device (while their partner is in the shower, out at the tennis club, whatever) and can easily jailbreak it and install a ‘keylogger’.”

This doesn’t lessen the theoretical threat to business, but it is obviously harder to get spousal spy software onto a business phone via local jailbreaking. The '1 in every 2000' figure will surprise many.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×