-=PCTechTalk=- An article worth reading by all....

• From: LARRY SOUTHERLAND <larrysoutherland@xxxxxxxxxxxxx>
• To: thebullhornsbest@xxxxxxxxxxxxxxx, "the_bullhornbest@xxxxxxxxxxxxxxx" <the_bullhornbest@xxxxxxxxxxxxxxx>, Puters_N_Such@xxxxxxxxxxxxxxx
• Date: Wed, 17 Dec 2014 21:19:44 -0800

http://www.cso.com.au/article/562561/android-new-battleground-software-vulnerabilities/?utm_medium=www.cso.com.au&utm_source=article_body_related_article



Android – The new battleground for software vulnerabilities

Author: Emmanuel Carabott, Security Research Manager, GFI Software

Emmanuel Carabott (CSO Online) on 16 December, 2014 10:37

    0 Comments
    5Like
    6Tweet
    0share
    +1
    print
    email

With over one billion Android devices activated, the platform’s popularity has 
inevitably caught the attention of malware creators. The opportunity to target 
such a huge audience and get more bang for the buck is not easily dismissed nor 
will it be any time soon.

There is another reason. Most smart phone users still consider the device to be 
a ‘phone’ and not a fully-fledged system that can almost do everything a 
desktop PC can. As a result users tend to ignore the security implications when 
using mobile phones. They are making a huge mistake because in some cases 
mobile phones pose a greater security risk than a desktop computer.

What security risk do mobile phones pose?

If, for argument’s sake, you’re an attacker who wants to steal confidential 
data to make a profit, your biggest challenge is gaining access to company’s 
system. Over the years, different methods have been used. Infected pen drives 
were left lying about in parking lots. Victims were lured to infected websites. 
Emails were sent with infected payloads.

These attack vectors are well-known to companies and measures are put in place 
to neutralise them. Businesses are aware that email and websites are prime 
targets for the bad guys and therefore they have invested in technology to 
prevent any weaknesses being exploited and breached. More and more employees 
know enough about security that USB drives can be infected. They are less 
likely to check out a USB drive they found in the parking lot on their work PC, 
let alone on their personal machine.

But is this level of awareness the same among mobile phone users? Do you think 
that employees realise that a mobile phone is, at the end of the day, not very 
different to a USB drive when they plug it into their PC to charge it or copy 
files to and from the device?

Brand Post Audits and Certification Not Enough When Managing Identity
More from NetiQ

Furthermore, how many businesses provide wireless Internet in the office, and 
users are quick to connect to the network so they can access the Internet? If 
one user’s mobile phone has malware running on it, then the bad guys have a 
beachhead from where they can execute code or gain deeper access to the 
network. A sniffer running on that phone can potentially collect credentials 
sent in plain text on that network segment, including email credentials, 
telnet, FTP, basic web authentication and others.

Basically, Android-targeting malware could be a route into a network for 
attackers.

Where do we stand today?

With every new technology, the discussion will often turn to how it will be 
misused and exploited by cybercriminals. Most of the initial discussion is 
theoretical – security researchers theorising how the new technologies in 
question might be targeted and exploited.

Is this the case with the Android platform as well? Yes and no. Yes, in that so 
far we aren’t aware of attacks or if any have taken place it was on a small 
scale and not of concern, for now. No, because malware already exists and some 
applications have the same functionality as ‘normal’ malware would. 
Android.Backdoor.Ssucl.A, for example,will infect Android phones and create 
three files in the root of the SD Card: autorun.inf, folder.ico and 
svchost.exe. It will exploit the autorun bug to install a backdoor on those 
machines that the infected android phone is connected to and is switched from 
charging to storage mode. It’s pretty much the same type of attack employed on 
that malicious USB drive left in the parking lot.

Read more Mobile malware making Australians trust mobile devices less over time

Then there are applications like the dSploit utility which, among other things, 
allows the harvesting of unencrypted credentials through Wi-Fi. We might not be 
there yet but the tools to perform these attacks are under development.

What does all of this mean to you?

As with any platform smart phones need to be protected and secured. Most of the 
Android platform security is focused on the play store system and the phone’s 
application segregation. Their vetting process is the first and “last” line of 
defence for a large number of devices. Why “last”? It is true that the system 
tries to limit what an application can do and it’s also true that the device 
will ask the user to give permission to an application to do specific functions 
– but does any of this really help? I don’t think so, and that’s why I hesitate 
to even consider this an actual and effective last line of defence.

While Android applications are restricted in what they can do, they have full 
control the moment the phone is rooted (a process designed to unlock 
administrative access to user programs – by default this is disabled) and the 
malware then has administrative access. You don’t even need the malware to do 
the actual rooting because end users are likely to do so themselves.

Rooting their device allows them to run some applications that add some cool 
functionality to the phone (such as full backup functionality or even providing 
actual drive shares on phones that only support MTP file transfers).

Read more Over 9,000 PCs in Australia infected by TorrentLocker ransomware

You also find users installing custom ROM and all but one, as far as I am 
aware, come pre-rooted. On the only ROM that doesn't come pre-rooted, it only 
takes a click to perform the rooting process. On a genuine, unmodified Android 
phone, the rooting process is just not that simple.

We’re not talking one or two devices here: the most popular custom ROM has over 
10.7 million users. This is probably a very conservative number as it only 
reflects the number of users who by choice reported their usage of that 
particular custom ROM.

The Android system also notifies the user what functionality an application 
intends to use. The user has to approve that access. The problem is that even 
for a professional it’s hard to distinguish if some of the functionality is 
legitimate and can be trusted or if it’s a malicious application or a 
legitimate application infected with malware.

The Google play service, for example, has access to your personal info, 
messages, location, phone calls / system tools. From a security perspective, 
most of that access should be a big ‘no, no’. Why would any application need 
access to your SMS or phone calls? I am pretty confident that every Android 
phone has Google play installed.

Some warnings do not work, even professionals ignore them; and they will not 
work because it is impossible to say if the permission requested is going to be 
used legitimately or not. Because most users will just click okay, permissions 
are abused and many applications request more access to information than they 
really need.

What needs to be done?

A mobile phone should to be treated no differently than any other computer 
system. Users need to be educated that there are risks using these devices and 
to follow best practices. This is the only way to protect and secure the 
device. While an official Android installation has a lot of security features 
in place to limit damage caused by malware, it is not fool proof because users 
can install other distributions which lack the same security measures. Users do 
so because they want more out of the device and are not restricted to apps in 
the play store.

Greater effort is required to secure unofficial implementations that have a lax 
security model. We should also be wary how phones interact with the network and 
with a host machine as this could be a popular malware infection vector and a 
foothold into the organisation.

Today there’s little difference between taking a phone to the office and 
connecting a laptop to the network. That is why security policies and 
procedures should be updated to reflect this development.

Read More:

    Executive involvement boosts organisational confidence in IT security, Dell 
finds
    Cyber crime in financial institutions


---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything 
below it) and adjust the subject line as necessary.

To subscribe, unsubscribe or modify your email settings:
//www.freelists.org/webpage/pctechtalk
OR
To subscribe to the mailing list, send an email to 
pctechtalk-request@xxxxxxxxxxxxx with "subscribe" in the Subject. To 
unsubscribe send email to pctechtalk-request@xxxxxxxxxxxxx with "unsubscribe" 
in the Subject.

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx

To join our separate PCTableTalk off-topic group, send a blank email to:
pctabletalk+subscribe@xxxxxxxxxxxxxxxx
---------------------------------------------------------------

Other related posts:

• » -=PCTechTalk=- An article worth reading by all.... - LARRY SOUTHERLAND

1. Home
2. pctechtalk
3. Archive
4. 12-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---