Hacking Team gives us incontrovertible proof of targeted mobile threats
- 15 August, 2015 05:43
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
The data from the recent Hacking Team breach provides yet another example of governments actively using targeted malware. While state-sponsored hacking has been going on for some time, a new wrinkle is emerging.
There is clear evidence that governments around the world are actively targeting both iOS and Android devices. And contrary to early coverage of Hacking Team, this breach also revealed the group possessed an Apple enterprise certificate, which allows apps signed with that certificate to be installed on any iOS device, jailbroken or not.
Hacking Team is an Italian company that sells so-called "surveillanceware" to various governments--ranging from free democracies to oppressive regimes--around the world. Its software claims to capture Skype, message, location, social media, audio, visual, and more data and is marketed as "stealth" and "untraceable." While Hacking Team has long been known to be a vendor of such software, the recent hack, which revealed its customer lists, emails and other internal data, confirmed the software's capabilities and the breadth of countries acquiring it.
Recent reports have suggested that because there have been few public episodes of targeted attacks against mobile they are not occurring. Insiders, however, have known that advanced, targeted mobile attacks have been going on for years. This breach provides hard evidence that targeted attacks against mobile devices are indeed occurring.
Why would governments target mobile? Mobile devices typically store sensitive personal and company data, have access to protected company networks, and carry sophisticated sensors (e.g. GPS, microphone, camera). The information accessible to mobile devices is, in many cases, greater than on PCs. Indeed, attacks against mobile devices are not simply a theoretical risk, the Hacking Team revelations provide a rare glimpse into the international surveillance technology trade, where nation states are actively purchasing malware.
Now that we know that a significant number of governments in the world are actively seeking to compromise iOS and Android devices, it's time to re-evaluate how we address the risk of mobile attacks.
Mobile security solutions deployed today are focused on preventing accidental data leakage and setting security policies, not preventing malicious attacks. Now that it has become easy for attackers to acquire malware capable of targeting mobile devices and gathering a tremendous amount of data, security professionals and IT managers must utilize threat detection and protection tools alongside existing device and app management solutions to adequately address real-world mobile risks.
In a recent analysis of 25 Fortune 500 companies, my company, Lookout, found that approximately 5% of Android devices on their networks encounter one or more pieces of serious malware each year. In the case of targeted threats, a single compromised device is enough to compromise the organization as a whole.
We now know that countries around the world have both the intent to compromise iOS and Android devices and access to the technology to do so. With this incontrovertible evidence of targeted mobile threats, we need to realize that the problem is not insurmountable. Now is an appropriate time for us to put the same amount of effort into securing our mobile devices as we do our PCs and server infrastructure.