Weekly Mobile Security News Roundup

This week’s summary highlights just how varied and dynamic mobile security is becoming. New motives for using malware are appearing and demand attention. Additionally, it’s becoming apparent that the borders between private and work-related use of a mobile device are disappearing.

  • Apple IDs targeted in phishing scam through hacked Electronic Arts servers
    The servers of video game publisher Electronic Arts have apparently been compromised, with a new phishing page set up with the intend of stealing Apple ID usernames, passwords, and credit card information.

    The server hosted an outdated calendar that had several vulnerabilities and was likely the way the hackers got into the system to set up the phishing site. The site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify their details. Following the submission, the victim is redirected to the legitimate Apple ID Web site.


    Why is this Significant?
    This is one where the message between the lines is much more important, from a mobile stand point, than the attack itself. While there haven’t been any documented victims (yet), this is quite a substantial operation against the biggest game developer in the world – aimed at acquiring what is essentially an all-access key to millions of mobile devices. With the convergence of different medias and devices becoming a way of life, it’s important to remember that this also means more access routes that need protecting.

  • Wal-Mart is the latest fortune 500 company that has mobile app security problems
    Along with Walgreens, Starbucks, Facebook & Delta Airlines, Wal-mart’s iOS app has also been exposed as having severe security flaws. Evidence suggests that Wal-Mart’s app exposes user passwords, account names and email addresses, as well as geo-location details.

    Besides leaving much of the user data unencrypted, Walmart also leaves users at risk when using the app on public WiFi.


    Why is this Significant?
    Nobody is accusing Walmart of having malicious intentions. They are, however, guilty of irresponsible security testing practices. With most users relying on the reputations of large companies when using their official apps – security levels can be expected to be much higher. Consumers need to demand this level from their providers, while the app provider should place security measures to avoid re-runs of all too familiar security issues they’ve handled in the PC and Web world.

  • All Android devices believed to be vulnerable to a new security flaw
    A new class of security vulnerability that may potentially affect all of the almost one billion Android devices worldwide has been discovered by a security research team.

    The ‘Pileup’ flaw is hidden within the Android Package Management Service (PMS) that handles the many updates to Android OS. This allows malware installed on an Android device to grab new privileges whenever an update occurs and steal sensitive user data.

    The twist? The attack isn’t aimed at a vulnerability in the existing OS version. Instead, it exploits the flaws in the updating mechanism of the “future” OS, which the current system will be upgraded to. The attacker can strategically claim a set of carefully selected privileges or attributes only available on the higher OS version.

    The research goes on to conclude that an unprivileged attacker, even when confined by the most restrictive sandbox permissions system, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG.

    Why is this Significant?
    The almost unlimited opportunity to exploit the flaw. There have been 19 official Android version updates since September 2008 – one every three months. Additionally, phone providers create versions for multiple carriers and countries, with Samsung so far releasing more than 10,000 different Android versions worldwide. This brings attackers to create a new method hiding their malware.

  • Google embarking on a major effort to make Android attractive to enterprises
    According to industry rumors that are yet to be authenticated, but do make a lot of sense – Android is due to receive a major update that will allow it to finally provide office-grade security levels.

    Based on reports, the new build of Android will allow apps to implement their own form of authentication. In other words, some apps could require biometrics (i.e fingerprint scanning) or elect to save their data onto secure chips. Another potential feature is improved remote management which will allow a company to control which apps are installed on a device and initiate a device data wipe if required.


    Why is this Significant?
    With Samsung pushing Knox (its own security service) at every opportunity and Google’s annual developer’s conference, I/O, scheduled for mid July – this is a very logical prediction. With Apple and Blackberry currently holding most of the enterprise market, Google have their work cut out for them. With so many malware issues and vulnerabilities due to underlying design faults, a substantial Android makeover may have a significant impact on mobile security.

  • Researchers predict Ransomware attacks will begin to target mobile devices in the near future
    Ransomware is a type of malware used to remotely encrypt the data on a victim’s device with criminals subsequently demanding a cash fee to unencrypt the files.

    This type of attack is not new, having targeted PCs for several years, but is becoming more common. CryptoLocker, a ransomware attack used in 2013, is estimated to have infected a quarter of a million computers worldwide in just under three months of activity.

    It is expected that cyber criminals will now begin to focus such attacks more on mobile devices, following the first appearances of Android-based ransomware in mid-2013. With smartphones being such an integral part of life and BYOD becoming the norm in many enterprises, this type of mobile attacks is more than likely to gain traction


    Why is this Significant?
    With businesses holding much of their data on remote or Cloud based servers, one might perceive them to be less vulnerable than private users. However, with BYOD and the expanding integration between a user’s private and work files and directories – this is definitely a mobile security trend worth paying attention to.

  • New iOS malware uses Cydia Substrate to steal advertisement promotion fees
    A malicious dynamic library, acting as a plugin of the Cydia Substrate framework, replaces the developer ID (or promotion ID) of popular iOS advertisement SDKs in all of the applications running on the infected devices. In doing so, the malware hijacks the promotion fees.

    Cydia Substrate is a popular runtime instrumentation framework for jailbroken iOS devices. It is commonly used by community developers to develop powerful tools or apps that can modify system functions or the iOS interface.

    Currently targeting mainly Chinese ads, this is the first documented iOS malware based on Cydia Substrate that has spread in the wild.


    Why is this Significant?
    Mobile Substrate is an essential part of most Cydia apps – and therefore ever present in millions of devices. Designing malware that uses the foundations of Cydia’s framework opens up a vast new range of options for attackers to choose from when attempting to target a device. Jailbroken apps may not be the only dangerous part of jailbreaking – in this case, it’s the jailbreak itself.