Mobile Security Weekly – Three New But Classic iOS and Android Attacks

This week’s issue includes three classic mobile security issues that shine a spotlight on iOS and Android attacks. Far from the type of news enterprises want to see, these are new ways mobile device users can be attacked and/or robbed. This new vulnerability, new SMS worm and large-scale social engineering campaign aren’t the kinds of attacks that are unheard of, but they prove attackers simply aren’t slowing down.

Samsung’s Find My Phone Feature Opens Another Door to Attackers

A new zero-day flaw that allows hackers to lock a large range of Samsung device by taking advantage of the lost device feature has just been published. Worryingly, it already seems that phones could be remotely locked, unlocked, or made to ring.

The Remote Controls feature on several Samsung mobile devices doesn’t validate the source of lock code data received over a network. This makes it easier for attackers to implement what’s known as a DoS (Denial of Service) attack remotely, essentially locking the victim’s screen with an arbitrary code.  The vulnerability, which has been posted on the US National Vulnerability Center’s website works by triggering unexpected Find My Mobile network traffic

Why is this Significant?

This attack could be used by hackers that just want to cause destruction, but it could also be incorporated in a ransomware attack. The latter option isn’t unheard of. Several months ago, an attacker using the handle “Oleg Pliss” locked a whole lot of iOS devices, then demanded a ransom to unlock them.

Koler Android Ransomware Can Now Spread via SMS

Android users now need to be wary of a new strain of malware. Worm.Koler spreads via text message and holds the victim’s infected mobile phone hostage until a ransom is paid. Koler was first spotted in May when the malware began to be distributed through certain pornographic websites under the guise of legitimate apps.

Koler locks the victim’s mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography. There is a now new variant that allows the malware to spread via text message spam, and attempts to trick users into opening a shortened URL, essentially turning Koler into an SMS worm.

Why is this Significant?

Koler is capable of displaying localized ransomware messages on a user’s mobile device from at least 30 countries, including the United States. The vast majority of infections have actually been seen in the US, with a smaller number also found in several Middle Eastern countries.

iMessage Spam Campaign is Flooding US Mobile Networks

China-based counterfeiters have initiated a massive campaign of selling fake designer goods using Apple iMessage instead of using the more conventional spam emails. iMessage has now been hit with the single largest US mobile spam campaign this year.

It seems the campaign, which has been going on for months, was large enough to account for more than 80 percent of all reported mobile messages in the US. Thousands of fake, low quality, designer items have bought by innocent customers. The registrants of these imposter domains were all of Chinese origin with IP addresses and names from China. Preliminary analysis of the various email domains associated with the Apple IDs projecting the spam also revealed that many were from popular Chinese webmail sites.

Why is this Significant?

Although not inherently a mobile security issue, there are several important points. Sending vast quantities of messages using iMessage offers a means to generate a list of actively used iPhone phone numbers that spammers can then resell to other criminals (thanks to received/read receipts that iMessage automatically displays). Another point is that this platform could easily be implemented as part of a malware attack in the future.