Mobile Security: The Upcoming Epidemic

Why Mobile security?

We are increasingly storing personal and professional data on our Smartphones these days.  And, as we predicted in our blog  Wanna Crypt: Not the first and definitely not the Last, we are likely see more cyber-attacks specifically on smartphones which carry sensitive data with little or no security. This blog briefly touches upon the aspect of mobile security and some of the key precautionary measures

Cyber-threats, including those targeting mobile devices, are directly linked to the cyber-crime. Although such criminal acts are perpetrated in virtual environments, their victims lose real and virtual assets, such as personal data, money and privacy. A successful attack can expose confidential information such as know-how, intellectual property, user data and process intelligence.

Here are few facts from which we can understand the role of mobility in our life.

  • Mobile Money: Mobile is new wallet/bank account
    • In 92 countries around the world, mobile money has enabled financial inclusion and has advanced economic growth by giving businesses the means to expand.
    • Globally 30000 transactions per minute or more than 43 million transactions per day.
    • During the year 2016 alone, there were 556 million registered mobile money accounts globally out of which 174 million were active on a 90-day basis.
    • As per GSMA $269 Billion was processed as Mobile money transactions in 2016
    • Today, there are 53 mobile money providers who have partnered across national borders, allowing customers to send money through 46 corridors spanning 21 countries.
  • Social Media: Gateway to our Personal life
    • In 2016, Facebook recorded 1.86 billion monthly active users (MAUs) while 1.74 billion of those MAUs were mobile users.
    • There are more than 350 million photos uploads on Facebook each day.
    • WhatsApp recorded 1.2 billion MAUs as of Feb 2017 while Instagram shows 700 Million MAUs as of April 2017

It’s clear now that smartphone security is necessary, well the question is from what it need to be secure: Wanna Crypt and Petya (Ransomware) not limited to PC

.

  • As per the Q1 2017 Kaspersky Lab report:
    • There has been a rise in attacks involving mobile ransomware from the “Trojan-Ransom.AndroidOS. Egat.family”
    • Trojan-Banker.AndroidOS. Asacub mobile banker attacked more than 43000 mobile devices and this is 2.5 times increase compared to last quarter. 97% of all attacked users were in Russia and were mainly distributed via SMS.
    • Trojan-Ransom shows a growth of 254% QoQ with a total share of 16.4% in new mobile malware.
  • Back in 2012 a fake-token Android trojan, that pretends to generate mobile token but it intercepts and steals SMS messages containing Mobile Transaction Authentication Numbers (MTAN), which are automatically generated by a bank and sent to a user’s mobile device to validate an online transaction. It reappeared in March 2016 and still attacking mobile payment apps and ride sharing app such as Uber
  • Other Malware:
    • Judy, a malware found on Google Play’s app store is an auto-clicking adware which was found in 41 apps developed by a Korean company.
    • All these apps have 4.5 – 18.5 million downloads, indicating the fact that the malware spread across 8.5 – 36.5M users.
    • Flash Guide, Viking Horde, skinner and dress code: These are other malware previously found on Google play.

Apart from the above, there are few more, which are not only a threat now but are likely to increase rapidly in near future:

  • Android Trojans: Android Trojans is not a new term in the world of cybercrime, and their presence has been known since the beginning of Android. In terms of installed base, Android covers almost 70 % of smartphones and more than 80 % of Android is potentially vulnerable to Android Trojans. This is because a large portion of the user base gives less weight or is unaware of the need for phone security. In the future, Android will form up to 78 % of smartphone base and with the current trend, Android Trojans are likely to grow at a CAGR of 2x from 2012 to 2020.

  • Cryptocurrency Mining Malware: Bitcoin became a buzz word because of it is one of the fastest growing amongst other Cryptocurrencies like Ethereum, Litecoin, and Monero etc. These Cryptocurrencies are generated by mining. In simple terms, mining is the process by which miners record and analyse a bunch or block of crypto currency transaction to create an alphanumeric number “Hash”. As of July 5th, 2017, every time a miner successfully creates 2822 Trillion Hash, they get a reward of 1 bitcoin. Hence, multiple miners compete to do this, using software written specifically to mine blocks. As mining requires heavy CPU/GPU usage most miners typically use a PC. However recent developments in hardware specifications have made smartphones fully capable for mining. For example, the ARM Cortex-A9 CPU in the Samsung Galaxy SII is capable of 1.3 MHash/s. Hence enslaving of smartphone for mining through Cryptocurrency Mining Malware is becoming a rising threat.
  • Data Security:
    • In terms of global perspective, this has become a new concern for most of the countries’ governments like USA, India, Australia etc. In past, Huawei was banned by the US, UK, Australia, and India as the company’s handsets posed a threat to national security due to its alleged ties to various Chinese governmental agencies.
    • However, In September 2014, Huawei faced a lawsuit from T-Mobile, which alleged that Huawei stole technology from T-Mobile. In May 2017, a jury agreed that Huawei committed industrial espionage in the United States, and was ordered to pay $4.8m in damages.
    • As per the report of US House Intelligence Committee in 2012:
      • “Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our [US] systems.”
      • One of the today’s biggest security concern revolves around the “fact” that foreign (Chinese) smartphone brands are accruing and transmitting data to their respective governments. This is further bolstered by the “fact” that the Chinese government invests heavily in some of these smartphone brands.
    • In 2009, officials in the Indian security establishment had barred BSNL from procuring infrastructure equipment from Huawei and ZTE, citing worries that these could be embedded with spy gear. Again, in August 2017, the Government of India issued a notice to 21 mobile makers providing a detailed instruction on how to secure data and ensure its safety and security.

Industry’s take on Mobile Security and future solution:

  • The embedded security chip is the key to the smart device as software encryption on operating system level is more exposed to security risks. Embedded Security is a hardware security chip, called the Trusted Platform Module (TPM) that integrates the core elements of trust into the subsystem. The TPM is bound to a single platform and is independent of all other platform components (such as processor, memory and operating system). The TPM uses a root key protected in silicon to enhance native operating system file and folder encryption and lay the foundation for authentication of TPM-enable IoT devices/ PCs/Smartphone to the network. Back in 2016, Gionee launched M6 with similar features.
  • The iris authentication module will allow for the biometric security feature to be embedded into phones. Few devices like Samsung Galaxy S8 and Galaxy S8 + already incorporated this feature.
  • The Qualcomm Mobile Security provides multilevel security by combining a hardware-level solution with next-generation software for robust biometrics security with the features:
    • Camera Security: Apart from the eye-based authentication, it also isolates the data received from the camera and securely stores it in hardware.
    • Hardware Token is designed to provide authentication for a security-focused, hardware-based validation process. This process can provide next-generation authentication for banking and payments.
    • Qualcomm has five types of processor dedicated to mobile security and two of these are equipped with Trusted Execution Environment (TEE) features. It is a secure area of the main processor that provides a higher level of security. An isolated execution environment provides security features such as integrity of Trusted Applications along with confidentiality of their assets.
  • Spreadtrum uses Intel Virtualization Technology to support a multi-domain security system architecture and security for smart devices, provides hardware assist to the virtualization software and improving security.
  • On 31st Aug AMD officially released its Ryzen Pro CPU and Mobile versions of the Ryzen Pro are expected to launch in the first half of 2018. It will include the chips that are designed for optimal security with inbuilt cryptographic and security technologies to combat security threats. Software security standards include secure boot, fTPM (firmware Trust Platform Module) and Advanced Encryption Standard (AES).

The world of Technology is evolving and will continue to reach greater heights in the future. At the same time, cyber criminals are creating newer and more complex malware that may lead to breaches at cloud and transmission level. While mobile devices are vulnerable and the most accessible point for such attacks, it only makes more sense to increase security at the hardware level in these devices. As discussed, in the future chip level security protocols will be one of the means to effectively protect the device and the data within. Moreover, chip level security will both secure the device and also prevent any breach from further spreading into a larger ecosystem.