This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack reveals flaws of mobile device management software

Share this article:

Mobile device management software is only as secure as the device it is on, and both are easily intercepted.

Speaking to SC Magazine, Lacoon Mobile Security CEO Michael Shaulov demonstrated a technique of delivering a mobile remote access Trojan (mRAT) to both Android and iPhone devices that allows for total interception of the device and the mobile device management software and its apparently secure content.

In a demonstration, Shaulov showed that dropping a targeted attack with the mRAT will allow access to the microphone, geolocation and contact details. Shaulov said: “The software for this can cost £29 and there is a huge amount of software available.

“We found that in Israel in October 2012, one in every 1,000 infected users was with an mRAT and for a targeted threat it is quite scary.”

In the attack, a link is sent by SMS claiming to be a game that is packaged with the malware. This malware, once downloaded, exploits a vulnerability in the phone to get root access to the device that allows all communication to be seen by a third party and if they want, listen to all conversations, which are downloaded to an email account of the attacker's choosing.

Shaulov also warned that if an infected device were to be connected to a network-connected device, this could cause others to be infected too.

In terms of bypassing the mobile device management software, Shaulov said that if the victim is running such an application then it can be intercepted. “All encrypted emails and documents are placed here and it doesn't matter which vendor technology you use, they all work in the same way,” he said.

“All data is encrypted, all communication is encrypted and if the device is jailbroken or rooted then the mobile device management software will not work and alert the administrator.”

He explained that mobile device management software will not be able to detect this, and the console can be bypassed as the malware has a higher privilege than the software. “It will work on every container wrapper,” he said.

“The mobile operating system has a sandbox and the attacker can do whatever they want. The secure container is as secure as the operating system itself. The mobile device management software has static policies and can be bypassed and it doesn't provide visibility or assess risk in real-time.”

To mitigate the problem, Shaulov recommended building layered protection, be able to assess risk in real-time, be able to do behavioural analysis and understand the vulnerabilities in every platform. In this test, a leading mobile device management software was used, along with a Samsung Galaxy S3 and an Apple iPhone 4.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

4% of Googlebots are fake and can launch attacks

4% of Googlebots are fake and can ...

Admins' fear of damaging their SEO gives malicious search engine bots a 'VIP pass' into sites.

Brit Lauri Love faces more US hacking charges

Brit Lauri Love faces more US hacking charges

Lauri Love, a 29-year-old British man from Stradishall in Suffolk, has been charged by a US court with hacking into multiple US government computers and stealing more than 100,000 employee ...

More questions than answers as BBC outage fuels DDoS talk

More questions than answers as BBC outage fuels ...

The British Broadcasting Corporation was hit by a prolonged outage on its website and iPlayer video-on-demand service (VOD) last weekend, raising questions about the cause and whether it was subjected ...