At Black Hat, Mobile Devices Under The Microscope

  /     /     /  
Publicated : 22/11/2024   Category : security


At Black Hat, Mobile Devices Under The Microscope


Security researchers find growing numbers of security vulnerabilities in smartphones



BLACK HAT USA 2011 -- Las Vegas -- Its often said that hackers target the industrys most popular platforms and applications. As the smartphone phenomenon changes both consumer and corporate environments alike, then, its not surprising that both hackers and security researchers were drawn to mobile devices here at this weeks Black Hat conference.
The Black Hat conference featured an
entire track
-- five sessions -- on mobile vulnerabilities, each of which offered a look at newly discovered security flaws in devices, such as BlackBerrys, iPhones, and especially Androids.
The mobile environment is becoming increasingly attractive to malware authors, said Neil Daswani, CTO of anti-malware service provider Dasient, in his presentation on mobile malware. And the opportunities are only growing.
Harry Sverdlove, CTO of security software vendor Bit9, agreed. Mobile is the wild, wild west for hackers right now, he said. As mobile devices become the endpoint, that will become the most vulnerable spot.
Earlier this week, researchers from Lookout Mobile Security published the findings of a
study
that indicates Android users are two-and-a-half times as likely to encounter malware today than they were six months ago.
And at the show, a group of presenters from Lookout offered a look at the slow pace of security patching among Android-compatible device makers, and how that slow patch cycle could be exploited by attackers.
In 2010, there were no [Common Vulnerabilities and Exposures] posted for mobile devices, noted Lookouts Tim Strazzere. In 2011, there have already been six CVEs accepted.
And smartphone vendors are not helping by dragging their feet on security patching, the Lookout researchers said. While patches for emerging mobile device threats, such as Exploid and Rage Against the Cage, sometimes take 30 weeks or more, a few Android-compatible device makers have issued no security patches at all.
Daswanis
presentation
demonstrated the ability of malware authors to deliver their payloads using drive-by downloads from legitimate markets or applications, without needing to bait users into downloading a Trojan.
Currently, most mobile attacks are Trojans, Daswani says, but now [that] we know that drive-by downloads are possible, we expect things to shift in that direction.
Daswanis research also indicates that some 8.4 percent of Android applications studied are leaking personal information.
A session entitled Hacking Androids for Profit promised previously unreported vulnerabilities in the popular devices, but the session was postponed.
While the Android was the focus of most of the Black Hat sessions, Stefan Esser outlined vulnerabilities in the iPhones iOS kernel that could be open for exploit.
The iPhone user land is locked down very tightly by kernel-level protections, Esser said. Therefore, any sophisticated attack has to include a kernel exploit in order to completely compromise the device.
Esser outlined ways that attackers could use previously disclosed iOS kernel vulnerabilities to exploit uninitialized kernel variables and create buffer overflows, among other exploits. He released a tool that allows users to selectively deactivate some iOS kernel security patches.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
At Black Hat, Mobile Devices Under The Microscope