When someone I respect tells me that there's a security threat that really worries them, I pay attention. And when that worry is something that I hadn't really thought about before the conversation, well, it worries me even more.
Kevin Walker, CTO for security in Juniper Networks' development group, is someone whose opinion I respect. If you want to hear an example of why that's so, just listen to the radio show when he was my guest in early July. I had a chance to sit down with Walker at Black Hat and we had a conversation that touched on a broad range of topics but the thing that brought me up short was when he said, "You know what really worries me?" That's a phrase guaranteed to get my attention.
Walker then told me that ransomware on Android devices has him worried -- and he spelled out why in three broad strokes: a perfect storm of enormous reach, an undisciplined app ecosystem and a payment system easily exploited for ransom payment makes the world of Android ripe for criminal picking.
Android's enormous reach was quantified in May when Google announced that there are more than 2 billion Android devices in use each month. While many people point out the fragmented nature of the Android ecosystem, Walker notes that there are many commonalities between the different versions of the operating system -- commonalities than an attacker can exploit to create as many victims as possible.
The Android ecosystem's "unstructured" nature extends to the market for Android apps. No significant formal vetting system for apps before distribution means that it is possible for a malicious app to be published on Google Play or a third-party app market and downloaded by thousands upon thousands of people before the wisdom of the crowd made the problem known. This has happened before, and the potential is certainly there for it to happen again. Unlike earlier outbreaks, though, there's a new wrinkle that makes Android devices even more attractive to ransomware attackers.
Google Pay is one of the current generation of mobile payment systems that promise faster, more convenient and more secure payment for goods and services. Walker imagines scenarios in which attackers demand rapid payment of a ransom or even set victims against one another for the most rapid payment: "The first person to pay the ransom gets their data back -- everyone else will lose everything." On-device payment mechanisms make rapid response possible.
Most of the analysts I spoke with at Black Hat consider ransomware to be a type of attack that is spectacular but not, in the grand scheme of things, as damaging as other malicious payloads. The scale of a possible Android ransomware attack could change that and turn ransomware into one of the highest priorities on everyone's security list.
- New Vulnerability Hits IoT Cameras
- Small Businesses Need Secure ISPs
- Petya Ransomware Takes the World by Storm