A Brief History of Smartphone Insecurity

Wednesday, April 20, 2011



With the rapid adoption of smartphones and other mobile devices by consumers, news feeds are awash daily with reports that warn of of the mounting threats to mobile device security.

Cyber criminals were quick to pick up on the trend, and the result has been a significant shift in exploit strategies from those aimed at PCs to the targeting of mobile devices, particularly smartphones.

As consumers and businesses become more and more dependent on the use of mobile devices in the course of their daily activities, from accessing secure corporate networks to mobile banking and ecommerce activities, the targeting of mobile devices will also grow more intense.

Brad Reed of Computerworld has an excellent article that traces the brief history of smartphone insecurity, listing the top smartphone vulnerability exploits of the last five years.

A summary of the mobile security events detailed by Reed are as follows:

August 2006: Researcher creates first-ever BlackBerry Trojan

  • Security researcher Jesse D'Aguanno began poking holes in RIM's Teflon by creating the world's first piece of Trojan malware for BlackBerry devices. D'Aguanno showed how he embedded the malware into a harmless-looking tic-tac-toe game. Once the game was downloaded, the malware worked with a separate piece of code to launch attacks on enterprise networks...

January 2009: RIM patches PDF vulnerability

  • RIM announced that "multiple security vulnerabilities" existed in some versions of the enterprise servers' PDF distiller. The vulnerabilities could allow hackers to send users emails containing a "specifically crafted PDF file" that could cause memory corruption and "possibly lead to arbitrary code execution"...

November 2009: iPhone users get Rick Rolled

  • The first-ever iPhone worm began forcibly changing users' iPhone wallpaper to a picture of much-loathed '80s singer Rick Astley. The worm was mostly a harmless prank, but it was a sign of more sophisticated and dangerous iPhone worms to come... 

November 2009: iPhone worm goes after banking codes

  • The worm was apparently created by Dutch hackers and used a command-and-control strategy that is frequently used in PC-based botnets to steal data from infected devices. The worm only struck jailbroken iPhones...

December 2010: First-ever Android botnet malware surfaces

  • Researchers discovered the "Gemini" malware that could be downloaded off third-party Android application websites. The code was wrapped in legitimate Android applications whose developers didn't realize their apps were being used to spread malware...

March 2011: DroidDream causes havoc on Android Market

  • Google remove around 50 malware-infected applications from its Android Market and that it had activated an Android app kill switch that would remove the malicious apps remotely from user devices if they had already been downloaded...

April 2011: Skype springs leaks

  • Security research blamed "sloppy coding" for a vulnerability that could let hackers swipe key information from Android-based smartphones, including users' email addresses, contact lists and chat logs... 

To read the complete story behind each of the mobile vulnerabilities Reed has outlined, refer to the complete article at Computerworld:

Source:  http://computerworld.co.nz/news.nsf/security/smartphone-security-follies-a-brief-history

Possibly Related Articles:
PDAs/Smart Phones
Blackberry iPhone Trojans malware Mobile Devices Smart Phone Headlines Android
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.