Firm warns of hacker threat to mobile gadgets

The types of hacking attacks used against computers are heading for smartphones
Cyber security veterans behind startup CrowdStrike will demonstrate at the RSA conference on Wednesday that the types of attacks used against computers are heading for smartphones.

Cyber security veterans behind startup CrowdStrike will demonstrate at the RSA conference on Wednesday that the types of attacks used against computers are heading for smartphones.

Former McAfee George Kurtz and Dmitri Alperovitch, who has researched major cyberespionage operations, have figured out how to take over smartphones using booby-trapped text messages.

"The reality is that those attacks are probably already in the wild and no one has discovered them," Alperovitch, the author of reports on cyberespionage operations Aurora, Night Dragon, and Shady Rat, told AFP.

Hackers could send a worded like a warning from the that the account will be canceled if the smartphone user doesn't click an enclosed link to resolve the matter.

Clicking the link then triggers the installation of that lets a hacker control the smartphone remotely.

"We can monitor and record all calls, get all inbound and outbound SMS messages... basically take over the phone," Kurtz said.

"Imagine sitting in a board meeting and someone accesses your phone and listens remotely."

A hacker could even track a smartphone user's whereabouts using a handset's location-sensing capabilities.

Tricking to click on links or to open rigged email attachments has been a longtime technique used to infect computers.

When it comes to smartphones, experts have mainly focused on the potential for makers of "apps" to program in nefarious tasks such as stealing data.

"When we look around we see people worried about malicious apps," Kurtz said. "We think the real issue is in those phones."

Kurtz and Alperovitch have been operating freshly-launched CrowdStrike in "stealth mode," but it has gotten $26 million in backing from global Warburg Pincus.

Relentless waves of that appeared to be the work of states inspired the researchers come up with a different way of taking on the threat.

"Most companies are focused on detecting malware, and there are millions of pieces of that, with new ones coming all the time," Kurtz said.

"It really is akin to focusing on the bullets in the gun as opposed to the shooter... We think most companies have an adversary problem, not a malware problem."

CrowdStrike is building tools to figure out who is behind attacks, how they move after invading systems and what they are out to steal or accomplish, according to the researchers.

"You can't know how best to fight a war without knowing who the enemy is, and it is the same thing in cyber space," Alperovitch said, describing China and Russia as the most prominent threats.

CrowdStrike plans to have a security product to market in the second half of this year.

"At the end of the day it is another guy sitting at a keyboard somewhere going after your data," Alperovitch said. "You don't have a malware problem, you have a people problem."


Explore further

Cyber-security expert finds new flaw in smartphones

(c) 2012 AFP

Citation: Firm warns of hacker threat to mobile gadgets (2012, February 29) retrieved 14 October 2019 from https://phys.org/news/2012-02-firm-hacker-threat-mobile-gadgets.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more