This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Targeted attack reveals flaws of mobile device management software

Share this article:

Mobile device management software is only as secure as the device it is on, and both are easily intercepted.

Speaking to SC Magazine, Lacoon Mobile Security CEO Michael Shaulov demonstrated a technique of delivering a mobile remote access Trojan (mRAT) to both Android and iPhone devices that allows for total interception of the device and the mobile device management software and its apparently secure content.

In a demonstration, Shaulov showed that dropping a targeted attack with the mRAT will allow access to the microphone, geolocation and contact details. Shaulov said: “The software for this can cost £29 and there is a huge amount of software available.

“We found that in Israel in October 2012, one in every 1,000 infected users was with an mRAT and for a targeted threat it is quite scary.”

In the attack, a link is sent by SMS claiming to be a game that is packaged with the malware. This malware, once downloaded, exploits a vulnerability in the phone to get root access to the device that allows all communication to be seen by a third party and if they want, listen to all conversations, which are downloaded to an email account of the attacker's choosing.

Shaulov also warned that if an infected device were to be connected to a network-connected device, this could cause others to be infected too.

In terms of bypassing the mobile device management software, Shaulov said that if the victim is running such an application then it can be intercepted. “All encrypted emails and documents are placed here and it doesn't matter which vendor technology you use, they all work in the same way,” he said.

“All data is encrypted, all communication is encrypted and if the device is jailbroken or rooted then the mobile device management software will not work and alert the administrator.”

He explained that mobile device management software will not be able to detect this, and the console can be bypassed as the malware has a higher privilege than the software. “It will work on every container wrapper,” he said.

“The mobile operating system has a sandbox and the attacker can do whatever they want. The secure container is as secure as the operating system itself. The mobile device management software has static policies and can be bypassed and it doesn't provide visibility or assess risk in real-time.”

To mitigate the problem, Shaulov recommended building layered protection, be able to assess risk in real-time, be able to do behavioural analysis and understand the vulnerabilities in every platform. In this test, a leading mobile device management software was used, along with a Samsung Galaxy S3 and an Apple iPhone 4.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.