Mobile phones will become an increasing menace to network security that could drop malware onto protected devices when they dock to sync or plug into USB ports to charge, security experts say in a Georgia Tech report.
Compromised phones will infect computers they may plug into for otherwise legitimate reasons, much the same way malware such as Stuxnet found its way onto laptops via thumb drives, according to the "Emerging Cyber Threats Report 2012" released at the Georgia Tech Cyber Security Summit 2011" today. It was presented by the Georgia Tech Information Security Center and Georgia Tech Research Institute.
The report warns that "mobile phones will be a new on-ramp to planting malware on more secure devices." The document cites an anonymous industry source saying that "... someone who just needs to charge his phone can introduce malware as soon as it's plugged into a computer within that location."
Other problems include the differences between laptop browsers and those used on phones. The latter display address bars fleetingly, leaving little time to observe the safety status of sites being visited, the report says. "If a user does click on a malicious link on a mobile browser," the report says, "it becomes easier to obfuscate the attack since the Web address bar is not visible."
Finding information about SSL certificates a site may be using may be difficult if the information is available through the browser at all, the researchers say.
Touch screens on smartphones may make users more susceptible to clicking on links that seem legitimate but mask malicious sites beneath them, which could lead to drive-by downloads of malware.
Patches and updates for mobile phones are woefully infrequent, the report says. "While computers can be manually configured not to trust compromised certificates or can receive a software patch in a matter of days, it can take months to remediate the same threat on mobile devices -- leaving mobile users vulnerable in the meantime."
Meanwhile, the authors say that bot masters will find more ways to make money off their zombie machines beyond using them as spam or DDoS engines. For example, a downloader controlled by a bot master could infect machines with reconnaissance malware that profiles the user of the machine for marketing purposes. The information can be sold and resold until a legitimate business buys the information as part of a lead-generation effort, the report says.
Or alternatively, the zombies could be queried for personal technical details as a way to design a long-term stealthy attack to compromise data. Botnet operators will work more to create bot armies that they lease to others for whatever purpose they have in mind. "Infrastructure and information sharing will also occur more regularly between botnet operators and other malicious actors," the report says.
Sign up for CIO Asia eNewsletters.