Roy Tuvey, President and co-founder of Wandera, explains how even 4G networks can be compromised by hackers.
With new Android vulnerabilities being exposed on almost a daily basis, mobile security is rising up the agenda. CBR spoke to Roy Tuvey, President and co-founder of Wandera, to find out more about the landscape.
CBR: Has Stagefright been a watershed for mobile security?
I think there’s a lot more activity that’s been publicised recently on Android, but I think it’s worth noting that the evolution of the mobile threat landscape is attacking all platforms.
There was very recently something that was well-publicised around this MASK attack that’s targeting the iOS platform. Internally in our Wandera team there’s a lot of focus on man-in-the-middle attacks that are targeting iOS. There’s already some discussion of the potential vulnerabilities of Windows 10.
So I do think it’s something that’s happening across platforms. But in terms of Android, I think there is a growing realisation on the part of enterprise customers and individual consumers that mobile devices are vulnerable and exposed to attack.
I think there’s been quite a lot of talk about Android being less secure than iOS. There was talk a few years ago around some of the app stores on Android that don’t have the same kind of protections that you might expect from iOS.
We’re not sure it’s a watershed, it’s just another announcement that exposes some of the vulnerabilities. I think it’s worth noting in the case of some of these attacks, it’s not actually identifying threats in the wild. It’s just exposing vulnerabilities that if attackers wanted to focus on they’d be successful.
I think if we step back a second, all of the data particularly from an enterprise perspective that is being provided to these devices to enable the workforce to make them more productive. It’s just very logical and obvious to anyone that hackers are going to try and compromise these devices and get access to this data.
Obviously, the more that we have events like Stagefright, the more the focus is on specific vulnerabilities and what’s going to happen.
CBR: Is iOS getting more attention from hackers recently?
Definitely. There’s a number of areas in which mobile devices differ from the old desktop environment. Number one is that they’re always connected to either 3G, 4G networks or wi-fi.
There have been well documented cases in the US when the phone is automatically connecting to 3G or 4G and the cell tower is a rogue spoof cell tower and so your cellular traffic is being rooted via a rogue host that is pretending to be a carrier.
Far more prevalent are wi-fi attacks. If you take your phone into Starbuck’s or wherever you’re going, iOS has a setting to save on battery that’s very different to the way that desktops and laptops connect to the internet. If you’ve connected to a network before it will automatically connect you.
That means that if someone is sitting in one of these hotspots pretending to be Starbuck’s, they can connect your device automatically to their network. They can then do a man-in-the-middle attack and intercept traffic.
That’s something iOS is vulnerable to; it’s possibly more vulnerable to that than Android because of the way its probe works.
Also applications that are deployed and installed are threats even on Apple. We all know that Apple carries out credential checks for apps to be loaded. But it’s looking at factors such as usability; it’s not doing very detailed security checks in the back-end.
We’ve identified lots of applications that are sending user information in the clear, unencrypted, that could be vulnerable to interception.
It’s fair to say that Android, because it’s more vulnerable and has less sandboxed architecture, is more vulnerable than iOS.
CBR: How do they impersonate 4G or 3G networks?
If you take the wi-fi example, we actually do a demo in our offices here where you can buy a router off the internet called a Pineapple. It comes with software pre-packaged that enables you to impersonate a wi-fi network and you can set one of these things up in an airport or Starbucks.
Then you as a user when you come in and log on it gives you a captive portal page, saying click here to sign up to the wi-fi. Basically, if you do that, you can connect through to something that’s a rogue wi-fi. So that’s a very low-cost, easy option for someone to do. It means they have to program it the right way, enter into all the normal wi-fi you might connect to and hope to catch you.
In terms of the rogue cellphone towers, that’s something that’s much more complicated. It’s been identified in a number of instances in the US, where it’s masquerading as a cellphone tower to intercept. It’s more complicated and obviously needs to be much bigger as well because it’s carrying mobile traffic.
There have been a number of documented cases already. It’s certainly more rare, but an example of things going on. The one message of all of this is that it’s really nascent; it’s assumed that we’ve all got mobile phones and we’ve had them forever. These devices are very new.
The rate of change of these different types of threats is very fast. If you fast-forward a year or two, it will be where it was in desktop-land where you were hearing about new threats on a daily basis.
