Firm warns of hacker threat to mobile gadgets

Feb 29, 2012 by Glenn Chapman
Cyber security veterans behind startup CrowdStrike will demonstrate at the RSA conference on Wednesday that the types of attacks used against computers are heading for smartphones.

Cyber security veterans behind startup CrowdStrike will demonstrate at the RSA conference on Wednesday that the types of attacks used against computers are heading for smartphones.

Former McAfee George Kurtz and Dmitri Alperovitch, who has researched major cyberespionage operations, have figured out how to take over smartphones using booby-trapped text messages.

"The reality is that those attacks are probably already in the wild and no one has discovered them," Alperovitch, the author of reports on cyberespionage operations Aurora, Night Dragon, and Shady Rat, told AFP.

Hackers could send a worded like a warning from the that the account will be canceled if the smartphone user doesn't click an enclosed link to resolve the matter.

Clicking the link then triggers the installation of that lets a hacker control the smartphone remotely.

"We can monitor and record all calls, get all inbound and outbound SMS messages... basically take over the phone," Kurtz said.

"Imagine sitting in a board meeting and someone accesses your phone and listens remotely."

A hacker could even track a smartphone user's whereabouts using a handset's location-sensing capabilities.

Tricking to click on links or to open rigged email attachments has been a longtime technique used to infect computers.

When it comes to smartphones, experts have mainly focused on the potential for makers of "apps" to program in nefarious tasks such as stealing data.

"When we look around we see people worried about malicious apps," Kurtz said. "We think the real issue is in those phones."

Kurtz and Alperovitch have been operating freshly-launched CrowdStrike in "stealth mode," but it has gotten $26 million in backing from global Warburg Pincus.

Relentless waves of that appeared to be the work of states inspired the researchers come up with a different way of taking on the threat.

"Most companies are focused on detecting malware, and there are millions of pieces of that, with new ones coming all the time," Kurtz said.

"It really is akin to focusing on the bullets in the gun as opposed to the shooter... We think most companies have an adversary problem, not a malware problem."

CrowdStrike is building tools to figure out who is behind attacks, how they move after invading systems and what they are out to steal or accomplish, according to the researchers.

"You can't know how best to fight a war without knowing who the enemy is, and it is the same thing in cyber space," Alperovitch said, describing China and Russia as the most prominent threats.

CrowdStrike plans to have a security product to market in the second half of this year.

"At the end of the day it is another guy sitting at a keyboard somewhere going after your data," Alperovitch said. "You don't have a malware problem, you have a people problem."

Explore further: Better non-functional security tests for software

add to favorites email to friend print save as pdf

Related Stories

Cyber-security expert finds new flaw in smartphones

Feb 24, 2012

Just as U.S. companies are coming to grips with threats to their computer networks emanating from cyber-spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Smartphones under growing threat from hackers

Feb 17, 2010

Smartphones are under a growing menace from cyber-criminals seeking to hack into web-connected handsets, but the mobile industry has contained the threat so far, security experts said.

Malicious programmers focus on smartphones, tablets

May 04, 2011

Malicious programmers are always looking for new targets. While smartphones and tablets replace PCs as the gadgets we use for messaging, Web surfing and even doing business, some shady characters are starting to target these ...

Recommended for you

Better non-functional security tests for software

19 hours ago

The integration of digital expert knowledge and automation of risk analyses can greatly improve software test procedures and make cloud computing more secure. This is shown by the latest results of a project ...

'Grand Theft Auto V' to hit PS4 and Xbox One

Sep 12, 2014

Rockstar Games on Friday announced that the latest installment of its crime-themed blockbuster video game "Grand Theft Auto" will hit PlayStation 4 and Xbox One consoles in November.

What's at stake with Windows 9?

Sep 12, 2014

When Microsoft presents its first public glimpse of Windows 9 - it's expected to happen late this month or early next - a lot more than just an operating system is at stake.

For gamers, waiting can be the hardest part

Sep 11, 2014

When it comes to video games, are they better late than never? At this week's GameStop Expo, the video game retailer's annual consumer-centric event, more than 3,000 attendees had the chance to test drive ...

User comments : 0