DON’T LOOK NOW, BUT YOU’VE BEEN PHONE-JACKED!
By Kevin McNamee, Security Architect and Director of Alcatel-Lucent’s Kindsight Security Labs
In the last blog, “Android phones playing “I spy” at home and at work,” I looked at the rising trend in spyphone malware, which can turn an ordinary Android phone in to a cyber-espionage tool to track a victim’s location, download personal information and contacts, intercept and send messages, record conversations and take pictures without them knowing. For individuals it can lead to identify theft and fraud. In the BYOD context, it can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.
Last week, USA Today, VentureBeat, and CNN Money caught up with me at the Black Hat security event in Las Vegas to see a demonstration of how spyphone software can be injected inside a fully functioning version of a popular game like “Angry Birds” without the owner’s knowledge. When the infected application is installed on an Android smartphone or tablet, the attacker takes complete control of the device.
The open nature of the Android operating system makes Droid owners prime targets for hackers. Anti-virus alone is not enough to stop all malware. It needs to be complemented by a network-based approach to security. Thus service providers can play a value add-added role for subscribers by deploying security software on their networks to spot malicious and unusual device activity and immediately notify device owners with instruction on how to remove the threat.
Watch below the Kindsight video (2’46) on ‘How To Build a SpyPhone.’