Awareness : Security Awareness Tips

Surfing the Internet on your Smartphone? - Be Wary of Security Threats

The first known drive-by attack to target mobile phones has been discovered. Compromised websites are targeting Android devices with a suspicious mobile application called “NotCompatible”. Until now, mobile drive-by attacks using compromised websites have only been theoretical. A drive-by download is a program that is automatically downloaded to your computer/phone/tablet without your consent or knowledge.

In this particular attack, when a user visits a compromised website from an Android device, their web browser will begin downloading an application. After downloading, the device will display a notification prompting the user to click in order to install the downloaded application. In order to actually install the application to a device the “Unknown sources” setting (commonly known as “sideloading”) must be enabled. If this is not enabled, the installation will be blocked.

San Francisco-based mobile security firm Lookout Inc. said, “A device infected with NotCompatible could potentially be used to gain access to protected information or systems, such as those maintained by enterprise or government.” The concern is that some apps can be used to collect sensitive data and perform unauthorized activity.

However, Android users are not the only ones who should be on guard when it comes to malware. Any smartphone, including iPhones, that have been “jailbroken” are susceptible to malware infection. The term “jailbreaking ” refers to the trend in which users bypass the software restrictions mobile device makers and carriers build into smartphones and tablets. Jailbreaking or rooting a device enables users to gain administrator-level privileges and use the hardware to run unauthorized applications and perform non-sanctioned functions, like Wi-Fi tethering. For iPhones, this allows the installation of apps not reviewed or distributed through Itunes, Apple’s App Store. As part of the bring your own device (BYOD) phenomenon, it’s common for users to bring their jailbroken devices into the enterprise environment. That’s all it takes for an attacker to use such a mobile device as a pivot point, often via a rogue mobile app, to side-step firewalls and other defenses right onto the enterprise network.

The emphasis is on iOS and Android platforms because of their ubiquity and because they are the ones most commonly jailbroken: Research In Motion Ltd.‘s BlackBerry platform is essentially impossible to jailbreak, and Windows Mobile devices only account for a fraction of the market.

When a user jailbreaks his phone some manufacturers cancel their warranty. Carriers have also been known to stop providing services for jailbroken devices. The main purpose of adding limitations, restrictions and firewalls into products, is to counter the threat of hackers.

In May 2012, Apple released iOS 5.1.1 update for the iPhone, iPad and iPod touch addressing three vulnerabilities. This update addresses a Safari vulnerability involving a URL spoofing issue that could be used by a malicious website to direct users to a spoofed site while displaying a different domain in the address bar. It also resolves a WebKit vulnerability that allowed hackers to inject script into pages viewed in the browser. Now that the update has been released, hackers will begin reverse-engineering to learn how the vulnerabilities worked and use that information to target people who haven’t installed the update. To download the update directly from your iDevice go to (Settings > General > Software Update).

Fortunately, there are steps employers and employees can take to deter or detect jailbreaking when it has happened and contain the business risk:

  1. Keep mobile devices and apps up to date
  2. Employees should not jailbreak devices used to access corporate networks
  3. Where practical, configure Android devices to disallow side loading (see Settings / Unknown sources).
  4. Assess the integrity of mobile devices used for business during device enrollment and periodically thereafter. Installing a mobile device management (MDM) agent can detect a jailbroken device. Also, query installed apps and compare them to blacklists to see if side-loaded apps are present.
  5. Push notifications can be used to inform users when a jailbroken device is detected, and provide instructions to remedy their device.

Administrators should subscribe to the vendor’s alerts to keep up to date on any security developments and look to install a mobile-based anti-malware app such as McAfee Inc.‘s VirusScan Mobile for Android, Symantec Corp.‘s Norton’s Smartphone Security, Lookout Mobile Security (available for iPhone and Android) or Intego VirusBarrier (iPhone and iPad).

Administrators are now able to enforce password policies across devices through Microsoft Exchange. Android phones can also be reset to factory defaults in order to secure data in case the phone is lost or stolen. However, there are still features that cannot be remotely disabled such as the camera and Bluetooth.

Acceptable-usage policies should state that users with enterprise-owned devices can only install applications approved by the IT department and should avoid opening files, emails, SMS messages and IM’s if they’re from an unknown source.

For more information:

Posted: June 19, 2012