Mobile Worries for a Security Pro

The most worrying security problem for one security pro is something that sits in the palm of your hand.

When someone I respect tells me that theres a security threat that really worries them, I pay attention. And when that worry is something that I hadnt really thought about before the conversation, well, it worries me even more.
Kevin Walker, CTO for security in Juniper Networks development group, is someone whose opinion I respect. If you want to hear an example of why thats so, just listen to
the radio show when he was my guest
in early July. I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, You know what really worries me? Thats a phrase guaranteed to get my attention.
Walker then told me that
ransomware on Android devices
has him worried -- and he spelled out why in three broad strokes: a perfect storm of enormous reach, an undisciplined app ecosystem and a payment system easily exploited for ransom payment makes the world of Android ripe for criminal picking.
Androids enormous reach was quantified in May when Google announced that there are
more than 2 billion Android devices
in use each month. While many people point out the fragmented nature of the Android ecosystem, Walker notes that there are many commonalities between the different versions of the operating system -- commonalities than an attacker can exploit to create as many victims as possible.
The Android ecosystems unstructured nature extends to the market for Android apps. No significant formal vetting system for apps before distribution means that it is possible for a malicious app to be published on Google Play or a third-party app market and downloaded by thousands upon thousands of people before the wisdom of the crowd made the problem known.
This has happened before
, and the potential is certainly there for it to happen again. Unlike earlier outbreaks, though, theres a new wrinkle that makes Android devices even more attractive to ransomware attackers.
Want to learn more about the tech and business cases for deploying virtualized solutions in the cable network? Join us in Denver on October 18 for Light Readings
Virtualizing the Cable Architecture event
– a free breakfast panel at SCTE/ISBEs Cable-Tec Expo featuring speakers from Comcast and Charter.
Google Pay is one of the current generation of mobile payment systems that promise faster, more convenient and more secure payment for goods and services. Walker imagines scenarios in which attackers demand rapid payment of a ransom or even set victims against one another for the most rapid payment: The first person to pay the ransom gets their data back -- everyone else will lose everything. On-device payment mechanisms make rapid response possible.
Most of the analysts I spoke with at Black Hat consider ransomware to be a type of attack that is spectacular but not, in the grand scheme of things, as damaging as other malicious payloads. The scale of a possible Android ransomware attack could change that and turn ransomware into one of the highest priorities on everyones security list.
Related posts:
New Vulnerability Hits IoT Cameras
Small Businesses Need Secure ISPs
Petya Ransomware Takes the World by Storm
— Curtis Franklin is the editor of
SecurityNow.com
. Follow him on Twitter
@kg4gwa
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mobile Worries for a Security Pro