Q&A with Phil Harris, Head of Mobility (AMA), Check point Software

In August this year, Morgan Culbertson, a Carnegie Mellon University student pleaded guilty to creating Dendroid– malicious software designed to infect 450,000 Android-based smartphones.

Once infected, the malware would allow anyone to remotely control the phones, take pictures, spy, record calls, intercept text messages and otherwise steal information loaded on the phones. All of these would take place without the owner’s knowledge or consent.

The reports this week of 50 smartphone users in Singapore being hit by malware targeting mobile banking customers once again demonstrates the risk in the security chain which mobile devices present to both users and enterprises.

Mobile devices, more specifically smartphones, have emerged as the leading cyber security threat for personal users and businesses.

72 percent of IT providers cited securing corporate information as their top mobile security challenge and 67 percent identified managing personal devices storing both corporate and personal data as their second biggest challenge, in a research conducted by Check Point.

Why is this so and what can users, both personal and businesses do to protect ourselves from becoming the next victim, and what can be done if our smartphone has been breached?

Phil Harris, Head of Mobility (AMA) in Check Point Software, responsible for mobility solutions for Check Point across Asia Pacific, Middle East & Africa answers some burning questions asked by personal users and businesses alike.

Q: Why is there a rise in cyber security breaches in recent years?

One reason attacks are growing rapidly is that hackers and their methods have matured. Expert hacking skills are not required anymore. Anyone with sufficient money and malicious intent can rent or purchase malware to launch a seriously damaging, mobile cyber attack. It has become a lot simpler and easier to steal data. Criminals are using personal information to commit identity theft or sell it to those who will use it for that purpose.

Q: What makes smartphone an attractive target for hackers?

With a total of 3.6 billion unique mobile subscribers at the end of 2014 (The Mobile Economy 2015, GSM Association), smartphone adoption has reached critical mass in developed markets, accounting for 60% of all connections making them an enticing new opportunity for criminals.

As users cram tons of personal information into their phones and use them at work, hackers are pouncing on cracks in the underlying technologies to steal and compromise vital data assets. According to the Check Point 2015 Security Report, there is a 50 percent chance any network with more than 2,000 connected devices will have at least six mobile devices infected by malware.

Hackers are borrowing conventional attack methodologies from the wired world to extend access into corporate networks via vulnerabilities inherent in today’s smartphones.

Q: What happens when a hacker deploys a malware on my smartphone?

A smartphone, in many ways, is the first, true internet-of-Things device. It is interactive, feeding data back and forth. For many businesses today, smartphones are indispensable, so a malware infection would cause significant damage. When a hacker deploys a malware on your smartphone, and you access your corporate servers, you open a door to all your company data.

For personal users, the smartphone is used for many purposes including financial transactions and banking service. The recent case of malware comes in the form of a trojan that steals financial information from mobile devices in Singapore. The malware gets downloaded via scam advertisements URL and is a tweak on an existing financial infostealer called “GMBot”.

Once downloaded and installed, the malware requests permission to bind with the device administration service to avoid being removed. It then hides itself from the user, and waits for commands in the form of SMS messages from a C&C server.

The malware uses popup windows masquerading as login windows of financial apps such as the Singaporean bank POSB, or as familiar apps such as Whatsapp trying to trick the victims into handing it sensitive data such as phone number, mobile banking user ID and pin and credit card information.

The malicious app sends retrieved data to servers in Poland and Romania, interestingly, before starting its malicious flow the app verifies that the locale is not .RU. The main difference between the new malware and its ancestor the GMBot is a function triggered by SMS command that starts an info-stealing activity against the following targets: AU_Commbank, AU_NAB, AU_Westpac, AU_Stgeorge, NZ_Westpac, NZ_BNZ, NZ_ANZ, AU_Gomoney, Paypal, CreditDetails, AT_DK, AT_DKB, ATRGB, AT_BankAustria, SG_DBS, SG_POSB, SG_OCBC.

Q: What can businesses do to secure mobile devices and protect themselves?

Do not download or install any applications on your mobile devices unless they are from official sources (Apple App Store or Google Play Store).

Look for a right solution. A right solution must be power efficient and not interfere with normal smartphone usage. It does not disrupt operations. It should automatically identify data leakage flows and catch the malware before the actual exploit take place. For example, asolution with a light, software client to isolate the app, and then examines it in the cloud for malicious behavior will meet this criteria.

Q: Who is responsible for the security of the smartphones in your company?

Recent high profile hacking incidents are a wake-up call for CEOs and CIOs. It is a realization that without security, modern companies cannot operate. It is no longer a responsibility simply held by the IT department. C-levels executives have to establish a security framework which defines how employees respond, and with an audit processes in place to ensure maximum protection. When done right, no matter where the threat comes from, staff performance will not be inhibited.