CrowdStrike CEO to reveal 'major mobile vulnerability' at RSA
CSO - A significant vulnerability affecting all versions of the Webkit mobile browser could give malware complete control of your phone. The malware could listen in on your conversations, view through your camera and record everything in your email and messages. It can also track your locations at the time. George Kurtz, CEO of the new security company CrowdStrike, has told CSO he'll demonstrate how the vulnerability works at a presentation at RSA Wednesday.
According to Kurtz, the new vulnerability affects all Android, iOS and newer BlackBerry devices. It does not affect devices running Microsoft Windows Phone 7. Kurtz said this means virtually every smartphone and tablet in use globally shares this vulnerability. Worse, security software currently available for mobile devices won't detect such malware and won't protect against it.
Kurtz is perhaps best known for his revelations regarding the Chinese Shady Rat operation that compromised US government and defense contractors in 2011. Kurtz discovered the Chinese cyber attacks on the US while he was CTO at McAfee. He left that company after the Intel acquisition.
In his interview with CSO, Kurtz said that he compares the use of malware to the use of a gun. If someone is shooting at you, it makes more sense to take out the shooter rather than to stop the bullets, especially since the shooter can change the type of bullets he's using at any time. He said that users of malware can do the same thing and change the method of attack at any time.
Kurtz added that mobile devices are the next battlefield. "One of the things we talk about is the nation-state activity," Kurtz said. "We believe that this scenario is happening today. It's happening on mobile devices."
Kurtz said his company has been able to repurpose Chinese malware so it can take advantage of the Webkit vulnerability and take control of any mobile device. He said he's been able to control the camera and microphone on a mobile device, read email and text messages, and use the device to record what's happening around it. "It's the ultimate spy tool," he said.
Kurtz said the malware can be distributed by simply getting a user to click on a link that takes them to an infected website. Simply visiting the site would infect the device, and allow the remote operator of the malware to send data to a site anywhere in the world. "SMS messages could be a potential point of infection," Kurtz said.
For now, until the vulnerability is fixed, there's little anyone can do to prevent infection by the malware he describes, except to know not to click on links. In addition, he said it's important to make sure that software on mobile devices is kept updated, something that's not always possible on Android devices because of the fragmented update situation in the Android world.
Until security managers know that the mobile devices in their organizations have been updated, he said the best they can do is train users not to open links, and to be aware of what's installed on the devices. He also suggested disabling Android's ability to load applications from anywhere.
Kurtz will be present his findings Wednesday, at 10:40 a.m.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.
- Agile Masking Transforms Data Security Most data masking products can create masked data copies but not distribute or update them, resulting in projects that fail to live up...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!