Page 7 - CDM Cyber Warnings November 2013
P. 7
about their smartphone ‘my life is in there?’ And with the advent of digital wallets and a financial
services industry rapidly gearing up to make electronic payments commonplace this sentiment
is going to become even more widespread.
But how many villains, criminals and hackers who specialize in malware creation are aware of
this? A lot, that’s for sure. And they’re already working hard in the mobile sphere. Stolen data
is a currency and there’s a roaring trade on the dark web in identity theft information, whether its
credit/debit card details, passwords, names and addresses and banking information - especially
banking information. In fact ‘live’ PayPal accounts in particular seem to be extremely popular,
with prices that vary according to how much is in the account, from $1,000 to $10,000 and
upwards. As a striking aside, the people who the PayPal accounts belong to, don’t even know
they’ve been hacked, that us until the day they go into their account and discover it’s been
emptied.
We’re probably all aware of the potential attack vectors aimed at mobile devices. From
operating system and application flaws, to unsecured WiFi, rogue access points, near-field
communications and proximity-based hacking, much has been said and even more has been
written. However, security in the mobile arena, to date, has been a bit of a bogeyman. The
perception is that it’s used to scare people and doesn’t reflect the reality. We’re much like the
PC users of yore, who dismissed the idea of their computers becoming infected with viruses.
However, unlike then, we’re actually beginning to see a tsunami of malware aimed at mobile
devices.
One of the most common, and which many have fallen victim too, is premium SMS scams. I
have a friend who was regularly receiving monthly mobile bills that averaged £50 above his
rough estimates. He didn’t pay too much attention and just assumed that he had made more
calls than he thought. But one day he decided to read his bill carefully (how many of us do
that?) and discovered that he was paying between £2.50 and £3.00 every month for reversed
billed texts. A quick totting up revealed he was £50 out of pocket every month.
The malware that initiates these scams is often unwittingly downloaded via a rogue app that
looks legitimate, for example, a purported Angry Birds upgrade or a free game. So far, we’ve
seen many examples of this type of malware. In fact, it’s become something of an epidemic.
Some sources estimate that around 500,000 Android malware files have been detected to date.
Increasingly, this malware incorporates code that is camouflaged so detection becomes more
difficult. Perhaps two of the most well known are Android Backflash and the BadNews bug
7 Cyber Warnings E-Magazine – November 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
