Warning: Cellphones will become a way to attack otherwise protected devices

Bot masters will find more ways to make money off their zombie machines beyond using them as spam or DDoS engines

Mobile phones will become an increasing menace to network security that could drop malware onto protected devices when they dock to sync or plug into USB ports to charge, security experts say in a Georgia Tech report.

Compromised phones will infect computers they may plug into for otherwise legitimate reasons, much the same way malware such as Stuxnet found its way onto laptops via thumb drives, according to the "Emerging Cyber Threats Report 2012" released at the Georgia Tech Cyber Security Summit 2011" today. It was presented by the Georgia Tech Information Security Center and Georgia Tech Research Institute.

ONLINE SECURITY: Father of SSL says despite attacks it has lots of life left

The report warns that "mobile phones will be a new on-ramp to planting malware on more secure devices." The document cites an anonymous industry source saying that "... someone who just needs to charge his phone can introduce malware as soon as it's plugged into a computer within that location."

Other problems include the differences between laptop browsers and those used on phones. The latter display address bars fleetingly, leaving little time to observe the safety status of sites being visited, the report says. "If a user does click on a malicious link on a mobile browser," the report says, "it becomes easier to obfuscate the attack since the Web address bar is not visible."

Finding information about SSL certificates a site may be using may be difficult if the information is available through the browser at all, the researchers say.

Touch screens on smartphones may make users more susceptible to clicking on links that seem legitimate but mask malicious sites beneath them, which could lead to drive-by downloads of malware.

Patches and updates for mobile phones are woefully infrequent, the report says. "While computers can be manually configured not to trust compromised certificates or can receive a software patch in a matter of days, it can take months to remediate the same threat on mobile devices -- leaving mobile users vulnerable in the meantime."

Meanwhile, the authors say that bot masters will find more ways to make money off their zombie machines beyond using them as spam or DDoS engines. For example, a downloader controlled by a bot master could infect machines with reconnaissance malware that profiles the user of the machine for marketing purposes. The information can be sold and resold until a legitimate business buys the information as part of a lead-generation effort, the report says.

Or alternatively, the zombies could be queried for personal technical details as a way to design a long-term stealthy attack to compromise data. Botnet operators will work more to create bot armies that they lease to others for whatever purpose they have in mind. "Infrastructure and information sharing will also occur more regularly between botnet operators and other malicious actors," the report says.

Read more about wide area network in Network World's Wide Area Network section.

Tags smartphonebotmobilitysecurityattackbotnetmobile solutionszombiemalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?