Wednesday 25 January 2017

Cybersecurity: Smartphone Ransomware Is a Looming Threat

Envisage turning on your smartphone to send a text and finding this threatening notice instead:

“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc. . . We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family."

This is the message, word for word, found recently by Oren Koriat and Andrey Polkovnichenko, a pair of mobile cybersecurity analysts at Check Point, a security firm in California. The smartphone on which it appeared was an Android model that had been compromised by smartphone ransomware.

Ransomware has become a ubiquitous threat to personal-computer users. Criminals remotely access a victim's computer and lock all the files using encryption software, offering to unlock the data in exchange for a payment. The first ransomware attack on a phone occurred in 2013, according to the Check Point researchers, but until now has been confined to small numbers of victims, primarily in Eastern Europe. Now, the company says, the threat has gained a toehold in the United States.

Malware Hidden in a Google Play Store App

Koriat and Polkovnichenko found the software, which they dubbed Charger, embedded in an app called Energy Rescue, which purports to make a phone battery last longer. "The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions," the company said in a statement. "If granted, the ransomware locks the device and displays a message demanding payment."

The payment demanded was 0.2 bitcoin, or about $180 at the current exchange rate. (The phone was being used for business and didn't contain much personal data; the owner chose to replace the phone rather than pay.)

The most disturbing part of the attack might be that the app was downloaded from the Google Play store. Android phones can use apps from other sources, but security experts usually recommend that users stick to the Play store to take advantage of the processes Google uses to check the software for safety.

"The main issue here is the fact that such a severe threat managed to penetrate Google's security and enter Google Play, Google's official app store," says Daniel Padon, another member of Check Point's research team. "Most malware that manages to enter Google Play has only slim malicious traits, while Charger is about as malicious as can be. As mobile ransomware try to keep the pace with their cousins in the PC world, we are likely to see more efforts of this sort, endangering users around the world."

Padon added that this malware was particularly sophisticated, using a number of innovative tactics to evade detection by Google.

Google commended the security firm for catching the Charger threat so early. "We appreciate Check Point’s efforts to raise awareness about this issue," a Google spokesperson says. "We’ve taken the appropriate actions in Play and will continue to work closely with the research community to help keep Android users safe."

From Russia With Malice

Ransomware attacks on mobile phones are still relatively rare.
One well-known case involved users of pornography apps in Eastern Europe who were targeted by ransomware called DataLust, Check Point says. In those cases, the ransom was set at 1,000 rubles, or about $15. 

There's evidence that Charger, too, comes from Eastern Europe—beyond the clich├ęd bad grammar of the ransom note. "Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus," Koriat wrote on Check Point's website. "This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries."

Ransomware attacks are joining a growing list of threats to mobile phone security. Malware called Gooligan was in the news in December after it was discovered loading unwanted apps onto smartphones as part of a mobile-marketing scam. A disturbing aspect of that crime was that copies of the malware were uploaded to victims' Google accounts. That way, if the victim restored a phone to its factory settings, then downloaded photos and other data backed up in the cloud, the phone would be reinfected.

“The bad guys are always looking for ways to monetize attacks, and sometimes it's ransomware, sometimes it's theft of IP [intellectual property], sometimes it's ad fraud, and sometimes it's botnets for denial of service,” says Jason Hong, an associate professor of computer science at Carnegie Mellon University. “Basically, what we've seen on desktop computers, but now migrating over to smartphones.”

How to Protect Yourself From Ransomware Attacks

There are a few ways a consumer can try to stay safe from this threat, Check Point experts say. 

1. Be careful about clicking on unknown links, whether in emails or texts.

2. Download apps only from Google Play. Yes, Charger slipped through Google's defenses, but the company's app store remains a much more trustworthy source for Android apps than third-party sites.

3. Keep your device updated with both the latest operating system and the newest versions of mobile apps, in which known vulnerabilities have been fixed. If you're really concerned, consider using an iPhone. Android phones are more vulnerable to attack, some researchers say, because of the open-source nature of the operating system. Apple can quickly push security updates to all iPhones; Google doesn't have that control over most Android devices, other than its own Nexus and Pixel phones.

Culled from: Yahoo News

No comments: