This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack reveals flaws of mobile device management software

Share this article:

Mobile device management software is only as secure as the device it is on, and both are easily intercepted.

Speaking to SC Magazine, Lacoon Mobile Security CEO Michael Shaulov demonstrated a technique of delivering a mobile remote access Trojan (mRAT) to both Android and iPhone devices that allows for total interception of the device and the mobile device management software and its apparently secure content.

In a demonstration, Shaulov showed that dropping a targeted attack with the mRAT will allow access to the microphone, geolocation and contact details. Shaulov said: “The software for this can cost £29 and there is a huge amount of software available.

“We found that in Israel in October 2012, one in every 1,000 infected users was with an mRAT and for a targeted threat it is quite scary.”

In the attack, a link is sent by SMS claiming to be a game that is packaged with the malware. This malware, once downloaded, exploits a vulnerability in the phone to get root access to the device that allows all communication to be seen by a third party and if they want, listen to all conversations, which are downloaded to an email account of the attacker's choosing.

Shaulov also warned that if an infected device were to be connected to a network-connected device, this could cause others to be infected too.

In terms of bypassing the mobile device management software, Shaulov said that if the victim is running such an application then it can be intercepted. “All encrypted emails and documents are placed here and it doesn't matter which vendor technology you use, they all work in the same way,” he said.

“All data is encrypted, all communication is encrypted and if the device is jailbroken or rooted then the mobile device management software will not work and alert the administrator.”

He explained that mobile device management software will not be able to detect this, and the console can be bypassed as the malware has a higher privilege than the software. “It will work on every container wrapper,” he said.

“The mobile operating system has a sandbox and the attacker can do whatever they want. The secure container is as secure as the operating system itself. The mobile device management software has static policies and can be bypassed and it doesn't provide visibility or assess risk in real-time.”

To mitigate the problem, Shaulov recommended building layered protection, be able to assess risk in real-time, be able to do behavioural analysis and understand the vulnerabilities in every platform. In this test, a leading mobile device management software was used, along with a Samsung Galaxy S3 and an Apple iPhone 4.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).