Mobile cyber-sec solutions only good for two years: Gartner
Smart device malware proliferation demands frequent change in threat assessment, says analyst
If you put a mobile security solution in place you need to be ready for a rip-and-replace within two years, a Gartner Inc cyber-sec analyst told enterprise ICT security stakeholders in Dubai today.
Gartner Security and Risk Management Summit 2014, held for two days this week in Raffles Hotel, Dubai, covered a number of areas specific to enterprise-level ICT security strategies.
Mobile security is causing escalating concern among regional organisations, as the Gulf is home to some of the world's largest smart device penetration rates. Ballooning smartphone and tablet ownership is exposing private technology infrastructures to wild and vulnerable ecosystems that cannot be policed.
"The advice I give to all clients is to be really, really tactical about what you do for mobile security," said Gartner analyst Dionisio Zumerle in his "Mobile Security Threats and Trends in 2014" seminar. "If you are putting a solution in place today, it has to be [only] for the next 18 to 24 months, meaning in 24 months you have to be ready to dismantle it."
Zumerle singled out two of his "favourite" attacks for specific mention. FROST stands for "forensic recovery of scrambled telephones" and involves putting a handset in the freezer so its volatile memory stays fresh for longer, facilitating brute force attacks. The second "attack" was displayed in video footage for delegates. It showed a physical robot looming over a captured smartphone, continually punching in random passwords.
Continues on next page>>
Zumerle chose those attacks because, by his own admission, they "made me smile", but the point of his address was to highlight that an effective enterprise mobile security strategy must incorporate the answer to a simple question: "What attacks are a threat to my organisation?"
Robots and freezers are not the first images that spring to mind when trying to secure devices against digital brigands. Top of Zumerle's pile of malware packages that are a genuine threat to organisations and end users, is Eurograbber. This starts with a routine malicious link that steals banking credentials, from any device, but goes a step further by installing malware on a smartphone or tablet that reconfigures the device to forward all SMS messages to the malware source. The digibandits now have access, not only to logon credentials, but to SMS messages from the victim's bank that contain one-time passwords. Two-factor authentication has just been subverted.
"Eurograbber is a sort of man-in-the-mobile attack," said Zumerle. "In 12 months, small amounts from a large number of victims [netted criminals] EUR36m."
Zumerle also highlighted the dangers of third-party apps, which could be backwards-engineered, reconstructed and then counterfeited on app stores. He also pointed out that the danger of apps did not just come from such a specific scenario. Apps could also be risky if their vendors used outsourced infrastructure to deliver their services.
"If you look at the freezer attack or the robot that punches in the passwords and you go to management and say ‘we need a mobile security tool because there's an Android-in-the-freezer attack', that's not really going to work very well," said Zumerle. "But if you speak of Eurograbber; this something that is worth the attention of the enterprise."