Mobile Malware

Published on January 2017 | Categories: Documents | Downloads: 38 | Comments: 0 | Views: 371
of 10
Download PDF   Embed   Report

Comments

Content

Running head: MOBILE MALWARE

1

Mobile Malware David Brehmer East Carolina University

Running head: MOBILE MALWARE Abstract Smart phones are the most widely used devices for communication. Companies such as

2

Apple and Google have capitalized on this and created mobile operating systems that are easy to use for the general public. This has given hackers a large playing field to administer their tactics. Malware has been around since the internet became popular among everyday users. Hackers have evolved and are now putting more focus on attacking smart phone users. This paper will identify the methods used by hackers along with possible prevention methods. Keywords: Malware, anti-virus, android, information security

Running head: MOBILE MALWARE Ever since the dawn of the internet, there have been hackers. People who want to cause harm or steal information. In today’s information age, hackers have gravitated to a new target: smart phones. One of the tools hackers use is malware. Malware and information security go hand in hand. There are hundreds of thousands of malware attacks every day. Personal data, as

3

well as corporate data, are no longer safe because of the alarming amount of malware circulating the internet. Malware is used to compromise or exploit a system in order for information to be stolen. Malware is not limited to a personal computer. Today’s smart phones, including iPhones, Androids, and Windows phones are susceptible. Malware has become one of the top methods cybercriminals use to obtain sensitive data from their targets. This paper will describe some of the most common attack methods cybercriminals use as well as how to detect these malicious programs. Recommendations will be given on how to better protect all devices from malicious software. In the United States alone, 61% of the population uses smart phones (Kerr, 2013). Google’s mobile operating system, Android, is by far the most widely used operating system, overtaking Apples iOS in 2012. Mobile internet access via smart phones has been on the rise, climbing nearly 15% a year since the first iPhone. According to Blue Coat Systems, social networking and recreational website usage is higher among mobile users than desktop users (Blue Coat Systems). While the majority of the heavy bandwidth access, consisting of services such as video streaming, are still being accessed via desktop computers, mobile devices are utilizing a greater amount of this internet use each year. Hackers are taking advantage of this trend. This paper will shed light on this subject by showing the flaws in mobile web use, detailing methods hackers most often use, and show how to limit or even prevent hackers from accessing valued information.

Running head: MOBILE MALWARE More and more people around the globe are gravitating to smart phones and tablets as their most used devices. On average, most users spend nearly 3 hours doing various web based activities on their phones. This is giving hackers a very large target base to focus their activities on. Mobile malware infections have increased 614% since 2011 (Juniper Networks, 2013). This

4

growth is statistically alarming. The majority of mobile web use on phones is social networking. This is a dangerous habitat to spend time in. While most people might not have sensitive data on their social networking profile, most hackers do not aim to gain access to the profile. Their objective is to redirect you away from social networks to their own web server, which will automatically install their malware. Perhaps the largest danger users’ face is themselves. Users routinely access common websites via their phones, such as Facebook and Twitter. Hackers wishing to infect them with malware simply need an uninformed user. Most common users would not notice the site redirection caused by the hacker and click what they need to see their account. With the amount of web based applications in use and the rise of cloud computing, this will only grow into an even larger issue. Put frankly, the lack of knowledge of the common user is the hacker’s best weapon. Hackers have many tools at their disposal. Some of the most common ways they access mobile devices is via downloaded applications. The top mobile device operating systems, Android, iOS, and Windows Phone, all have their own application store. Because of the popularity, this paper will focus on Android’s store, called Google Play Store. Google gives developers an SDK in order to make application development more streamline. However, Google does not require as many hoops to jump through to publish an application to their store as Apple does on the iTunes store. At the beginning of the Android life cycle, this was a major problem. Many of the applications published were malware infested. Google has made great

Running head: MOBILE MALWARE strides at fixing this issue. Unfortunately, the issue still remains. Perhaps the largest problem Google’s Android faces is also the main selling point: Android is open source. Anyone, such as Amazon, can build their own version. To compound this, anyone can create their own

5

‘application store’. In order for a user to install applications from a store other than Google Play, they must manually allow installations from unknown sources. This is a major security hole and a treasure trove for hackers. Once a user has allowed applications from unknown sources, any application can be installed, no questions asked. One study done by a group called Hak5, was able to install a malware key logger application in 10 seconds with a device called a rubber ducky (Hak5, 2013). This method required physical access to the phone, however, this is not always needed. Methods such as rouge access point are now making this a go to method. This method begins with the fact that smart phones automatically save wifi information of previously associated access points. This inherent trust is used by the hacker. The hacker creates a ‘fake’ access point with the access point information of common wifi hotspots, such as Starbucks. Smart phones that have wifi turned on will continuously search for a wifi to connect to. If the device thinks the fake access point is actually Starbucks, it will connect. Once the device is connected, and the user attempts to access any website, the hacker can inject a redirection that sends them to their own site which has the malware ready to be installed. This attack has been gaining major attention and has been covered in various security conferences. Another popular attack is via picture messages or MMS. Hackers have tools that allow them to combine a picture and a malware application into one file. The victim will only see the original picture but will actually be installing the malware in the background. The file can be sent via a picture message or even email.

Running head: MOBILE MALWARE

6

Today’s society is much more tech savvy than in the past. People are immersed in technology at a young age. A trend among some people who have a great love of technology is ‘rooting’ their Android device. Rooting involves breaking the phones security to allow the user ultimate control over their device. This can cause obvious security concerns to the novice user. The rooting process was once only done by the most experienced users, but now there are easy to use tolls that make the process as simple as one click. This is a very dangerous trend. According to APWG, the number of rooted Android devices has grown by 22% (Armin, 2013). Hackers have made great strides compromising Android devices but users that root their phones simply make the hacker’s job far too easy. If the hacker gains access to any part of a rooted phone, they will have the entire system. Another large issue for Android is the fact that it is open source, offering the source code up for free to anyone. Hackers can dig into the code to find vulnerabilities, they then use these exploits to compromise the system. One way they can do this is through a shellcode attack. The hacker injects the code into a vulnerable aspect of the stock Android browser, giving them an easy way to install malware. Most of the techniques that use this method exploit memory allocations via JavaScript or Adobe Flash (Chang, Venkatasubramamian, West, & Lee, 2013). Another vulnerable side effect of Android being open source is the different versions of the operating system. Unlike Apple, Android has many different phone manufacturers. These different manufacturers want different capabilities and not all versions of Android will fit the bill. Currently, there are nineteen different versions of Android. The following figure details the consumer base.

Running head: MOBILE MALWARE
Figure 1. Android Distribution

7

DISTRIBUTION
KitKat 4.4 3% Ice Cream Sandwich 4.0.3 - 4.0.4 15% Honeycomb 3.2 0% Jelly Bean 4.1.x 35% Other 62% Jelly Bean 4.2.x 17%

Gingerbread 2.3.3 2.3.7 19%
Froyo 2.2 1%

Jelly Bean 4.3 10%

According to Google, the most widely used version is Jelly Bean, and even that has 3 versions. This has been a large issue for Android since its inception. New versions patch security vulnerabilities found in previous versions. Android has released their newest, most secure version, KitKat. The problem remains, most older phones are unable to meet the minimum requirements needed to run KitKat. These phones, which take up a vast majority of the current circulation, will never see the update. Carriers such as AT&T and Verizon are only going to update a few of their current generation phones to the new KitKat. This is going to stick many users on the old Jelly Bean or even the less secure version, Gingerbread or Ice Cream Sandwich. KitKat has been live for 9 months and only 3% of current phones use the operation system. Android operating systems must go through a verification process on each service provider, they then add their own proprietary software before pushing the update to their customers. Sometimes this takes well over a year after the initial release by Android. This massive gap in plugging the existing vulnerabilities has undoubtedly been a main focus for hackers.

Running head: MOBILE MALWARE

8

Security experts have made many advances in malware detection in recent years but they are far from perfect. A recent study by the University of Pretoria in South Africa attempted to find an instance of malware on an Android device with widely used anti-virus software.1 They used the following applications in their study: AVG, Avast, Lookout, Android Antivirus, Norton, TrustGo, Sophos, Kaspersky, and Comodo. All devices were identical Samsung Galaxy S2s and had the same version of Android, Gingerbread 2.3. The malware used was an SMS Trojan. Shockingly, of the 9 anti-virus applications, only Avast found the Trojan. This simple test shows how far anti-virus still needs to go to better protect smartphones. Considering this study, anti-virus software alone will not protect smartphones. Other methods need to be used to better protect these devices. The first method and the most difficult will be to educate the users. The majority of the population that uses smartphones are not aware of their own risky behavior. A good start for Google would be to create an easy to use web based tutorial on smartphone security. This tutorial could explain such things as malware and viruses. It could also give detailed examples of what to look for and how to protect the device while using web based services. The second viable method, pushing security software developers to create better applications. Desktop anti-virus applications are leaps ahead of their Android counterparts. If developers were to focus more of the mobile world, perhaps they could find better ways to protect these devices. Lastly, Google could take a lesson from Apple and find a way to allow themselves to push updates over the air to Android devices. This would be a very difficult thing to undertake, but the end result could better protect devices. They might start this by setting guidelines for carriers to push particular updates in a faster fashion. With more business users

1

(Pieterse & Olivier, 2013)

Running head: MOBILE MALWARE

9

taking advantage of the ‘bring your own device’ policies that are becoming the norm, this would be a large selling point for carriers. Smartphone technology is advancing at a faster rate each year. Devices today are more powerful than laptops from 2 years ago. This evolution is only going to bring even more hackers to focus their attention on mobile devices in the future. Google, along with the major mobile phone carriers, need to face this fact and do their part in securing their devices. Users are the last line between malware and the device. Ultimately it is the user’s responsibility to understand the risks and to take action to prevent their own devices from being exploited.

Running head: MOBILE MALWARE

10

References
Armin, J. (2013). Mobile Threats and the Underground Marketplace. Lexington. Blue Coat Systems. (n.d.). Blue Coat Systems 2013 Mobile Malware Report. Retrieved from bluecoat.com: http://www.bluecoat.com/sites/default/files/documents/files/BC_2013_Mobile_Malware_ Report-v1d.pdf Chang, J., Venkatasubramamian, K., West, A., & Lee, I. (2013, August). Analyzing and Defending Against Web-Based Malware. ACM Computer Surveys, 45, 4, Article 49. Hak5 (Director). (2013). What's up with the Duck [Motion Picture]. Retrieved from http://hak5.org/episodes/hak5-1501 Juniper Networks. (2013). Juniper Networks Third Annual Mobile Threats Report. Sunnyvale: Juniper Networks. Kerr, D. (2013, June 5). Smartphone ownership reaches critical mass in the U.S. Retrieved from Cnet: http://www.cnet.com/news/smartphone-ownership-reaches-critical-mass-in-the-u-s/ Pieterse, H., & Olivier, M. (2013). Security Steps for Smartphone Users. Pretoria, South Africa: University of Pretoria.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close