April 27, 2017

Unpatched mobiles and trojanized systems

Organizations provide their end-users means of connecting to internal network resources, typically laptops with specific operating systems under the control of IT. As technology advances, access may also be allowed also to mobile devices apart from laptops, specifically mobile phones and tablets.
IT most probably tries their best in controlling the allowed devices, but eventually usage of allowed devices can spread in negative way.

Depending on the OS of these devices the attack surface can be high, which unfortunately for Android devices is quite big. This is because of the poor vulnerability management practices provided by the device vendors. For Apple and Microsoft products the patching is currently consistent, but with Android devices many vendors neglect the patching of the core operating system.

If all vendors would follow Google's patches for Android operating system there wouldn't be such a problem. However, millions of handhelds, apart from Nexus and Pixel branded devices, are typically vulnerable for many different kind of exploits.

Devices can be taken under attacker control, even only if the user happens to visit a malicious web page or receives a malicious SMS or email with evil content. Another avenue of infection is via installing applications, the user can install software that brings the malicious capability to the device, typically through a non-approved marketplace (but also the approved Google marketplace).

What I wrote above is old news. What I wanted to bring to your attention is that there is a new malware called MilkyDoor. An earlier version with similar capabilities was called DressCode. In essence, the malware turns the infected device into a gateway into any network the device is connected to. Organizations should take the threat very seriously and provide their workers with devices that get updated promptly. Also access to the market place should be possible to be limited by IT teams.

Here is the Trend Micro article about the MilkyDoor threat: http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/

No comments:

Post a Comment