YOU ARE AT:DevicesMobile security concerns include IoT, 'cryptojacking'

Mobile security concerns include IoT, ‘cryptojacking’

A new report from Allot Communications details the impacts when a mobile phone’s processing power is hijacked for crypto currency mining, while other security researchers found vulnerabilities in diameter signaling that put mobile networks at risk.

Allot, in its Telco Security Trends report for the second quarter of 2018 (pdf), identified consumer IoT device vulnerability as an ongoing major concern, concluding that  on average, a connected device will get infected within 42.5 seconds” of being connected to the internet. Allot set up simulated consumer IoT devices and exposed them to the internet to come to that conclusion, with the simulations with two IoT “honeypots” conducted over six weeks.

“The results were alarming,” Allot reported. “Immediate successful attacks on the
devices peaked at a rate of 1,000 per hour.”

Allot said that over the past two years, it has identified several characteristics of the threat landscape, including the fact that often, vulnerabilities that are exploited are common and well-known — but consumers don’t patch their smartphones or use security technologies. While Google “has tightened Android OS to make it harder to get superuser rights,” Allot said, “cybercriminals counter this action by achieving the same result with admin sights.” Consumer IoT devices, meanwhile, are being co-opted in order for cybercriminals to recruit them into botnets whose services can be sold to buyers who want to generate distributed denial of service attacks.

“The level of creativity employed is akin to the startup community,” Allot concluded. “The cybercrime industry is in touch with, and takes advantage of, new and changing consumer trends.”

In terms of smartphone mobile security, Allot looked at data from four mobile operators in Europe and Israel over four months in late 2017 to early 2018, with 7 million subscribers protected. The company said that on average two protections were activated per user per day. The period coincided with increased interest in crypto currencies, and crypto mining malware was the leading security threat during the period, Allot said — where a device’s processing power is hijacked to help mine crypto currency. Allot tested the impacts of such “cryptojacking” on a Sony Xperia M2.

“The effect on the phone was a spokie in CPU usage to 99%, dramatic overhearing of the batter and the phone became unresponsive,” Allot said, although it noted that such a sharp impact is not always the case because the malware can be configured to reduce its impact so that the phone doesn’t become entirely useless as a result of the malware’s parasitism.

While direct attacks on end users such as ransomware were the least common type — about 1.4 attacks per 1,000 users per month, Allot said — they “represent a scarier, frontal attack on the subscriber.”

Diameter signaling vulnerabilities identified

In a separate report, security researchers from Positive Technologies concluded that one in three 4G LTE mobile networks are vulnerable to fraud attacks on operators, due to security risks in diameter signaling.  LTE incorporates diameter signaling as opposed to earlier generations of cellular technology which relied on SS7, which also had known vulnerabilities, and the researchers were interested in comparing the two.

The Diameter Vulnerabilities Exposure Report for 2018 (pdf) relied on simulation of attacks as well as audits of 15 telecom operators in Europe and Asia, 80% of which had customer bases of more than 40 million subscribers.

Positive said that diameter signaling attacks can be used to gain subscriber information or network information; to intercept subscriber traffic; or for fraud or denial of service.

“Most detected flaws were related not only to misconfigured or vulnerable network equipment, but also to fundamental issues in the diameter protocol itself, requiring additional security measures,” according to the report. The company conducted similar research in 2018 on SS7-based legacy networks, in order to compare the security of SS7 to diameter. Positive actually found that diameter did a better job of protecting against fraud then SS7, with around a third of diameter networks vulnerable versus almost 80% of SS7-based networks — but that was the only area of improvement that the company found, and it concluded that diameter is actually more vulnerable to giving up network information than SS7.

ABOUT AUTHOR

Kelly Hill
Kelly Hill
Kelly reports on network test and measurement, as well as the use of big data and analytics. She first covered the wireless industry for RCR Wireless News in 2005, focusing on carriers and mobile virtual network operators, then took a few years’ hiatus and returned to RCR Wireless News to write about heterogeneous networks and network infrastructure. Kelly is an Ohio native with a masters degree in journalism from the University of California, Berkeley, where she focused on science writing and multimedia. She has written for the San Francisco Chronicle, The Oregonian and The Canton Repository. Follow her on Twitter: @khillrcr