Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile Security

7/28/2017
03:41 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

Mobile Worries for a Security Pro

The most worrying security problem for one security pro is something that sits in the palm of your hand.

When someone I respect tells me that there's a security threat that really worries them, I pay attention. And when that worry is something that I hadn't really thought about before the conversation, well, it worries me even more.

Kevin Walker, CTO for security in Juniper Networks' development group, is someone whose opinion I respect. If you want to hear an example of why that's so, just listen to the radio show when he was my guest in early July. I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, "You know what really worries me?" That's a phrase guaranteed to get my attention.

Walker then told me that ransomware on Android devices has him worried -- and he spelled out why in three broad strokes: a perfect storm of enormous reach, an undisciplined app ecosystem and a payment system easily exploited for ransom payment makes the world of Android ripe for criminal picking.

Android's enormous reach was quantified in May when Google announced that there are more than 2 billion Android devices in use each month. While many people point out the fragmented nature of the Android ecosystem, Walker notes that there are many commonalities between the different versions of the operating system -- commonalities than an attacker can exploit to create as many victims as possible.

The Android ecosystem's "unstructured" nature extends to the market for Android apps. No significant formal vetting system for apps before distribution means that it is possible for a malicious app to be published on Google Play or a third-party app market and downloaded by thousands upon thousands of people before the wisdom of the crowd made the problem known. This has happened before, and the potential is certainly there for it to happen again. Unlike earlier outbreaks, though, there's a new wrinkle that makes Android devices even more attractive to ransomware attackers.


Want to learn more about the tech and business cases for deploying virtualized solutions in the cable network? Join us in Denver on October 18 for Light Reading's Virtualizing the Cable Architecture event – a free breakfast panel at SCTE/ISBE's Cable-Tec Expo featuring speakers from Comcast and Charter.

Google Pay is one of the current generation of mobile payment systems that promise faster, more convenient and more secure payment for goods and services. Walker imagines scenarios in which attackers demand rapid payment of a ransom or even set victims against one another for the most rapid payment: "The first person to pay the ransom gets their data back -- everyone else will lose everything." On-device payment mechanisms make rapid response possible.

Most of the analysts I spoke with at Black Hat consider ransomware to be a type of attack that is spectacular but not, in the grand scheme of things, as damaging as other malicious payloads. The scale of a possible Android ransomware attack could change that and turn ransomware into one of the highest priorities on everyone's security list.

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28048
PUBLISHED: 2021-04-14
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-28157
PUBLISHED: 2021-04-14
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.
CVE-2021-26030
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2021-26031
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2021-27710
PUBLISHED: 2021-04-14
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system funct...