Hacking

SPOTLIGHT ON SECURITY

Jailbroken Phones Targeted by Hacker Jammers

Smartphones hacked to run unauthorized programs or unlock features are being targeted by hackers and can pose a threat to enterprise networks, warned Marble Security.

Modifying a smartphone to enable unauthorized behavior — called “rooting” in the Android world and “jailbreaking” in the iOS realm — makes the mobile vulnerable to infected jammer software, the firm said.

After jailbreaking or rooting a phone, a user may not be able to use it at work because networks often contain security tools that reject modified phones. To skirt those security measures, a user will install jammer software to hide the fact that a phone is modified.

“A significant percentage of jailbroken and rooted phones have these jammers,” Marble Chairman and CTO Dave Jevans told TechNewsWorld.

“We’re starting to see them included in rooting and jailbreaking kits,” he added.

Evolving Threat

With organizations increasingly allowing employees to use their own devices to perform corporate chores, jammers can pose a serious threat to an enterprise.

Experience shows us that even just one compromised device eventually can lead to a massive breach, Jevans said.

While jammers aren’t a new phenomenon, their use is evolving.

“What we’re seeing is more of them and they’re getting more sophisticated,” Jevans observed. “They’re actually directly attacking MDM and other systems.”

MDM, or Mobile Device Management systems, have been installed by many organizations with BYOD — Bring Your Own Device — programs. Those programs can detect jailbroken or rooted devices and prevent them from coming onto the network.

That protection often can be defeated by a jammer, thus allowing jailbroken or rooted devices full connectivity privileges to a network.

Free Apps Have Security Costs

Because free applications for Android smartphones are so popular, developers often resort to building their programs around SDK frameworks provided by advertisers to generate revenues from an app.

Many of these SDKs have been rapped for collecting more information from a user’s phone than necessary to accomplish their goals.

That’s not the only downside to those SDKs. They also can expose a smartphone to man-in-the-middle attacks.

An SDK installed with an application “calls home,” looks for a new version of the SDK, and then downloads it to a phone. It does that to keep the SDK up to date.

“That’s where the security issue comes in,” Bogdan Botezatu, a senior e-threat analyst with Bitdefender, told TechNewsWorld. “It’s being done over HTTP without encryption.”

“Anyone listening to that communication can intercept the request to the home server and send malicious information to the phone,” Botezatu said.

Making matters worse, no verification of information is done at the phone’s end of things. “It just takes whatever’s delivered to it from the Internet,” Botezatu added.

Phishing Paradigm Change

Phishing ain’t what it used to be.

That’s the verdict handed down last week by Websense in a special report on phishing.

“Long gone are the days when users are faced almost exclusively with banking phishing,” Websense Senior Research Manager Carl Leonard told TechNewsWorld.

“Phishing has become more targeted,” he added.

In the past, phishers were content with the low success rates they achieved from massive mailings. “Now they can get higher rates of return through spear phishing,” Leonard noted. “They can get high rates of return because the content they send to their targets is very tailored and appealing to them.”

The Websense report also identified the five most common subject lines found in phishing emails. They include an invitation to connect on LinkedIn, a mail delivery failed message, a “dear bank customer” letter, an “important communication!” message and a “return to sender” notification.

Breach Diary

  • Dec. 9. Trend Micro releases security forecast for 2014 predicting one major data breach a month will occur next year.
  • Dec. 9. Microsoft announces its online users will be able to see logs of their activity and lock down their accounts if they see suspicious activity.
  • Dec. 9. AOL, Apple, Facebook, Google, LinkedIn, Twitter, Yahoo and Microsoft issue joint statement asking governments of the world to reform their surveillance laws and practices and ask the United States to lead the way for reform.
  • Dec. 9. Southern University School of Medicine acknowledges personal and medical information of almost 1,900 patents is at risk from theft of a laptop in October or November from the private office of a physician at the university’s Memorial Medical Center.
  • Dec. 10. News reports reveal NSA uses cookies collected by companies like Google to identify targets for offensive hacking operations.
  • Dec. 10. FireEye reports a Chinese hacking group infiltrated computer systems and spied on attendees during the G20 Summit held in September.
  • Dec. 10. Trusteer releases survey of 755 IT practicitoners by Ponemon Institute showing organizations experienced an average of nine advanced persistent threats in the last year and the average time to discover an APT was 225 days.
  • Dec. 10. Los Angeles Gay & Lesbian Center reveals its notifying some 59,000 current and former clients that their personal information may have been compromised during a series of attacks by hackers on the organization’s computer systems over a two month period.
  • Dec. 11. Arxan reports 100 percent of the top 100 paid Android apps and 56 percent of the top 100 paid Apple iOS apps have been compromised in some way.
  • Dec. 11. Boston Globe reports hundreds of attendees at two conventions held in the city in the fall are complaining that their credit card numbers are being used to make unauthorized purchases across the country. Source of the data theft is being investigated by local law enforcement authorities.
  • Dec. 11. SailPoint reports in annual survey of 400 IT leaders that 50 percent of them experienced situations where workers tried to access company data or applications after employment termination.
  • Dec. 11. Kaiser Permanente acknowledges it’s notifying nearly 50,000 patients that their personal information may have been compromised when a USB drive containing the data went missing from the organization’s Anaheim Medical Center in California.
  • Dec. 11. University of Connecticut Health Center acknowledges medical records of 164 patients may have been compromised when an employee inappropriately accessed the records. Institution says it had no evidence that the information accessed by the employee was misused or misappropriated.
  • Dec. 12. Microsoft joins board of directors of the FIDO Alliance, a group developing an alternative to onliine authentication using passwords.

Upcoming Security Events

  • Dec. 18. Security Predictions. 1 p.m. ET. Webinar sponsored by WatchGuard. Free with registration.
  • Dec. 19. The InfoSec Year in Review. 2-3 p.m. ET. Black Hat Webcast Series. Free with registration.
  • Jan. 20-21, 2014. Suits and Spooks. Waterview Conference Center, Washington, D.C. Registration: Sept. 20-Oct. 20, US$415; Oct. 21-Dec. 1, $575; after Dec. 1, $725.
  • Jan. 27-29. CyberTech 2014. The Israel Trade Fairs & Convention Center, Tel Aviv. Registration: Until Jan. 1, $350; Jan. 2-26, $450; on-site, $550.
  • Feb. 6, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • Feb. 9-13. Kaspersky Security Analyst Summit. Hard Rock Hotel and Casino Punta Cana, Domincan Republic.
  • Feb. 17-20, 2014. 30th General Meeting of Messaging, Malware and Mobile Anti-Abuse Working Group. Westin Market Street, San Francisco. Members only.
  • Feb. 25, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • March 20-21, 2014. Suits and Spooks Singapore. Mandarin Oriental,5 Raffles Ave., Marina Square, Singapore, and ITU-IMPACT Headquarters and Global Response Center, Cyberjaya, Malaysia. Registration: Singapore and Malaysia, by Jan. 19, $415; after Jan. 19, $575. Singapore only, by Jan. 19, $275; after Jan. 19, $395.
  • March 25, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • March 25-28, 2014. Black Hat Asia. Marina Bay Sands, Singapore. Registration: by Jan. 24, $999; by March 21, $1,200; by March 28, $1,400.
  • April 8, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • April 11-12, 2014. Women in Cybersecurity Conference. Nashville, Tenn.
  • April 29, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • May 20, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 3, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 5. Cyber Security Summit. Sheraton Premiere, Tysons Corner, Va. Registration: $250; government, $50.
  • June 24, 2014. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • Sept. 18. Cyber Security Summit. The Hilton Hotel, New York City. Registration: $250; government, $50.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels