Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile Security

7/28/2017
03:41 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

Mobile Worries for a Security Pro

The most worrying security problem for one security pro is something that sits in the palm of your hand.

When someone I respect tells me that there's a security threat that really worries them, I pay attention. And when that worry is something that I hadn't really thought about before the conversation, well, it worries me even more.

Kevin Walker, CTO for security in Juniper Networks' development group, is someone whose opinion I respect. If you want to hear an example of why that's so, just listen to the radio show when he was my guest in early July. I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, "You know what really worries me?" That's a phrase guaranteed to get my attention.

Walker then told me that ransomware on Android devices has him worried -- and he spelled out why in three broad strokes: a perfect storm of enormous reach, an undisciplined app ecosystem and a payment system easily exploited for ransom payment makes the world of Android ripe for criminal picking.

Android's enormous reach was quantified in May when Google announced that there are more than 2 billion Android devices in use each month. While many people point out the fragmented nature of the Android ecosystem, Walker notes that there are many commonalities between the different versions of the operating system -- commonalities than an attacker can exploit to create as many victims as possible.

The Android ecosystem's "unstructured" nature extends to the market for Android apps. No significant formal vetting system for apps before distribution means that it is possible for a malicious app to be published on Google Play or a third-party app market and downloaded by thousands upon thousands of people before the wisdom of the crowd made the problem known. This has happened before, and the potential is certainly there for it to happen again. Unlike earlier outbreaks, though, there's a new wrinkle that makes Android devices even more attractive to ransomware attackers.


Want to learn more about the tech and business cases for deploying virtualized solutions in the cable network? Join us in Denver on October 18 for Light Reading's Virtualizing the Cable Architecture event – a free breakfast panel at SCTE/ISBE's Cable-Tec Expo featuring speakers from Comcast and Charter.

Google Pay is one of the current generation of mobile payment systems that promise faster, more convenient and more secure payment for goods and services. Walker imagines scenarios in which attackers demand rapid payment of a ransom or even set victims against one another for the most rapid payment: "The first person to pay the ransom gets their data back -- everyone else will lose everything." On-device payment mechanisms make rapid response possible.

Most of the analysts I spoke with at Black Hat consider ransomware to be a type of attack that is spectacular but not, in the grand scheme of things, as damaging as other malicious payloads. The scale of a possible Android ransomware attack could change that and turn ransomware into one of the highest priorities on everyone's security list.

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.