Hackers using multiple attack vectors to breach mobile phones

These compound security threats are designed to extract money from mobile users, with a secondary effect of damaging the reputation of mobile networks, the report found.

“2010 is the point at which the mobile threat has taken a step change in terms of the level of complexity and severity for cellular operators….We are seeing the emergence of what we term the ‘compound threat’, which takes advantage of multiple execution paths within an operator’s network”, Gareth Maclachlan, chief operating officer of AdaptiveMobile, told Infosecurity.

According to report, which is based on analysis of AdaptiveMobile customer’s network traffic, one of the most dangerous compound threats to emerge to date involves monitoring mobile users’ access to banking sites and harvesting log-in details through a combination of routes. The method uses existing PC malware that has been redesigned to record or forward conversations on smartphones.

One version of this malware is Zeus Mitmo, which combines a Zeus infection of the PC with a infection on the mobile phone installed through a bogus SMS, supposedly from the bank.

There are also 411-type spam attacks that are on the rise globally where users receive an SMS prompting a reply in response. In the most coordinated of such attacks, users also receive a matching email from criminals further validating the scam, the report explained.

Maclachlan explained that the SMS attacks have become much easier as the availability of unlimited messaging for mobile users has expanded. “It becomes very cheap to run these sorts of attacks.”

Another compound threat noted in the report is a device that sends email spam over mobile networks. The spam results in mobile devices becoming infected with malware and impacts the reputation of the mobile operator’s network.

Yet another mobile threat seeks to trick the subscriber into dialing a premium rate number. This threat uses malware, SMS and voice calling to make money from the attacks.

“What this means for cellular operators is that it is important for them to focus on putting trust into their network, recognizing that if subscribers don’t trust the charges that are made against their bills or the applications they are downloading, mobile operators are going to become no more than a bit pipe….Whereas, if they take advantage of their relationship with the subscriber, they have an opportunity to act as a guarantor within the mobile network, so that subscribers know that the sites they are accessing and the applications they are downloading are legitimate and that they are protected from exploitation of their privacy or credit”, Maclachlan said.

Mobile operators can turn the mobile security threats into a revenue source by serving as a network guarantor, he added.

What’s Hot on Infosecurity Magazine?