Saturday, April 13, 2013

Infosecurity - Mobile malware gets serious – RATs can bypass sandboxes and encryption

Lacoon Mobile Security has announced details of its latest research undertaken in partnership with global mobile network providers. It sampled 2 million subscribers and found that 1 in 1000 users have been infected with a mobile RAT. Detailed figures have not been released, but 52% of the infections involve Apple's iOS devices, while 35% involve Android handsets.

"Infection of smartphones with mRAT requires the spyware to install a backdoor through the rooting of Android or the jailbreaking of Apple devices," says the announcement. The implication from this – which cannot be verified from the details so far released since it isn't clear whether the sampled devices were randomly selected or focused on rooted devices – is that there are huge numbers of jailbroken Apple devices; and around 1 in every 2000 iOS devices has a RAT installed. Jailbreaking almost always requires owner participation.

Once installed, the latest mRATs can bypass mobile device management (MDM) defenses. "MDM solutions create secure containers that separate business and personal data on the mobile. The concept is to prevent business critical data from leaking out to unauthorized individuals," explained Ohad Bobrov, CTO and co-founder of Lacoon Mobile Security. "However, our research team demonstrated that mRATs do not need to directly attack the encryption mechanism of the secure container, but can grab it at the point where the user pulls up the data to read it." That is, the RAT is able to access data either before it is encrypted or after it has been decrypted.


No comments:

Post a Comment