As 2014 inches to an end, Zimperium Mobile Security Labs researchers are actively preparing to stay one step ahead of attackers in the ever changing mobile security threat landscape. Due to the growing mobile device market, and the recent wave of attacks like Shellshock, Poodle, WireLurker and DoubleDirect, the Zimperium Mobile Security Labs team predicts that 2015 will be the year that previously undetected mobile attacks go mainstream. This means every business needs to implement a complete Enterprise Mobile Security defense, or risk opening themselves up to threats that wreak havoc across an entire organization. Below are our top mobile security predictions for 2015.
Prediction 1: The year of mobile spear-phishing, don’t get hooked
2015 will be the year of mobile spear-phishing. Spear phishing is a targeted phishing attack against specific individuals within an organization, where hackers attempt to trick them into divulging credentials, usernames or passwords, or installing malicious software. This form of attack has been the attack technique of choice for years on traditional PCs, but is now experiencing a resurgence as a result of widespread mobile penetration.
With the rise of client-side attacks and the fragmentation of mobile devices in organizations mobile spear-phishing is inevitable. We can expect attacks to be delivered using popular software like browsers and PDF readers, and carried out through e-mails and SMS. Next time you get a link file from an unknown sender, think twice before opening it on your phone!
Prediction 2: Fake femtocells, basestations and access points will drive targeted attacks
Smartphones are far more vulnerable to attacks than PCs since they are constantly connecting to unknown environments. Attackers will increase the usage of fake femtocells / basestation throughout 2015 to perform targeted attacks on these vulnerable devices. Attackers will capitalize on the fact that smartphones are designed to connect to cellular towers with the best signal first, so carefully selecting which WiFi network to connect to will not protect the user from attacks carried through the cellular network.
Prediction 3: Mobile vulnerability chaining will lead to a rise in APTs
With the recent security additions to smartphones, attackers will bundle multiple vulnerabilities to carry out attacks. While this concept is not new – we expect to see more attacks chained in 2015 to achieve persistence on the targeted devices. Mobile APTs are on the rise and it is likely that we will see the following scenarios during 2015:
1. Mobile Chained Network Attacks: Rogue APs / Femtocell / Basestation + SSL Stripping
2. Mobile Chained Network & Host Attacks: Rogue AP / Femtocell / Basestation + Client Side Vulnerability + Kernel Exploit
3. Mobile Chains Host Attacks: Spear-phishing email / SMS + Client Side Vulnerability + Kernel Exploit
We also expect to see attacks being launched from compromised cell phones as a second phase of the attack.
Prediction 4: New WiFi standards and cellular offloading will lead to serious threats for mobile devices
New Wi-Fi standards such as 802.11ac (Waves 1 and 2), 11ad, 11aq and 11ah will enable Wi-Fi to provide mobile data offloading, namely the use of complementary network technologies for delivering data originally targeted for cellular networks. We expect a new kind of sophisticated attack vector to emerge exploiting such new standards. As cellular offloading becomes more popular, a compromised 3GPP WiFi network will become a serious threat for mobile devices. Hackers will be able to perform a man-in-the-middle (MITM) attack against a compromised 3GPP WiFi network attack by easily interrupting, redirecting and intercepting mobile traffic (voice, SMS, etc.). All this will happen in clear text from unsuspecting victims with cheap and accessible hardware.
Prediction 5: 2015 will be the year of the first massive Apple security breach in the enterprise
More than 500 million iPhones have been sold to date, and Apple’s estimated user base is around 400 to 450 million handsets. A majority of executives today use iOS devices as their primary phone or tablet. As Apple moves from being a consumer leader to a true enterprise player, we expect hackers to direct more energy into targeting this lucrative market with advanced mobile attacks. In fact, they already are. WireLurker malware made headlines earlier this month, for infecting more than 100,000 iPhones — including those that were not jailbroken. While Apple may have a more secure app store than Android, iOS devices are just as vulnerable to mobile spearphishing, browser, profile, and network attacks.
Given the number of Apple’s new enablement features, more is likely to come. For example, iCloud Drive allows users to seamlessly synch corporate data between a Mac and iOS device. This new feature will introduce new threat vector for attackers. ApplePay also poses new risks with NFC and payment system attacks, and the company’s entry into the wearables market expands the sheer number of devices it has to protect from tethering-based attacks.
Prediction 6: ICMP redirect attacks will increase as a popular way to compromise mobile devices
In 2014 Zimperium Labs confirmed the interception of network communication using ICMP Redirect, a man-in-the-middle (MITM) technique used in the wild. These malicious attacks steal credentials and deliver malicious payloads, compromising not just the victim’s device, but also the corporate network. ICMP redirect packets are used by routers to notify the hosts on the network that a better route is available for a particular destination. Attackers will use ICMP redirect packets to launch a MITM attack that redirects a victim’s traffic to the attacker’s device. The growth of mobile devices will lead to a significant rise in network attacks on wireless networks. And since most mobile devices still accept ICMP redirects by default, we expect to see an increase in MITM attacks on mobile devices in 2015.
Prediction 7: Near Field Communications (NFC) & wearable devices are cool – not yet a threat to the Enterprise
Near Field Communications (NFC) & Wearable Devices will continue to receive a lot of media attention for being cool – but we don’t expect this popular trend to pose a major threat to the enterprise in 2015. Hacking a wearable device would require physical interaction – which attackers just aren’t ready to pull off on a large scale next year.
Prediction 8: Attacks on cloud assets will increase by 3x next year
We expect iCloud, GoogleDrive and other cloud services to become far more of an active target for hackers in 2015. 2014 was just the beginning with celebrity exploits and personal information being stolen from mobile devices. The risk will widen to the enterprise, of course, due to cloud technologies becoming more widespread. Hackers will start to use those attack vectors to target higher profiles, such as company’s executive staff members, journalists and civil protesters.
2015 may be the year of mobile spear-phishing and APTs, but it can also be the year that your organization takes serious measures to protect itself. Ultimately, any work activity on a private device carries the threat of a security breach. Businesses need to find the right balance of protection, governance, and user flexibility, and implement comprehensive policies across the organization to ensure employees comply.
For help adopting an Enterprise Mobile Security strategy, contact Zimperium today for a free demo.
A special thank you to the Zimperium Security Labs Team for their research efforts in compiling our 2015 Mobile Security Predictions. We would like to recognize Simone Margaritelli (@evilsocket), Christy Philip Matthew, Eran Goldstein, Moshe Vered, Patrick Murray and Zuk Avraham (@ihackbanme).
Zimperium is the leader in enterprise mobile security. The Zimperium Mobile Security System delivers enterprise-class protection for Android and iOS devices against the next generation of advanced mobile threats. Developed for mobile devices, Zimperium uses patented, behavior-based analytics that reside on the device to protect mobile devices against network- and host-based threats wherever business takes them. Founded in 2010 by mobile security experts, Zimperium is backed by Sierra Ventures and Samsung. Headquartered in San Francisco, Zimperium manages its R&D center in Tel Aviv, Israel.