Official Mobile Security & Innovative Technologies Blog
This blog is managed/edited by Eric Everson. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and the markets therein.
Thank you for taking the time to review my blog; I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a full-time graduate student and mobile industry researcher. As a mobile security expert and innovative technologies leader, I am glad to answer any questions you may have: EricEverson@Hotmail.com
Wednesday 1 April 2009, 3:56 PM
Conficker Not Targeting Microsoft Windows Mobile Devices
Conficker Not Targeting Microsoft Windows Mobile Devices
Author: Eric Everson, MyMobiSafe
With the digital security world buzzing today due to the recent mutations of the infamous Conficker virus, many mobile users are concerned that their Windows Mobile handset could be in jeopardy too. The reality is that this Conficker scare is actually just computer-based and so far we haven’t been able to identify any mobile-based variants that allow this threat to bleed into the mobile industry.
Despite the advances in sophistication that the Windows Mobile Operating System has undergone, the reality is that the computer-based Windows environment remains much more robust. This differentiation leaves Windows Mobile devices much less at risk for this type of attack. What many media outlets have done to create awareness has actually created an environment of confusion for many users. At a high level while you do not want your system to get infected by the Conficker virus, it’s not a malware designed to destroy your computer either.
Overall, this malware has been designed to create a gateway between your computer and those behind Conficker so that an environment conducive to spamming and data theft is established. This is nothing like the viruses of days past that are completely malicious in nature and destroy everything in their path. Conficker to most digital security experts marks a new shift in the sophistication and direction of mobile malware. Rather than creating destructive havoc, the Conficker platform is more specifically designed to create a “black market” tool for e-commerce. Unfortunately the very existence of Conficker confirms the reality of that hackers stand to make significant profit by developing tools that target your digital information.
While a number of threats do attempt to exploit vulnerabilities within the Windows Mobile environment, so far Conficker is not a threat that mobile users should fear. As Windows Mobile can be a cornerstone of small businesses on the go, it seems that for now Conficker is one less thing to worry about. I appreciate the flood of emails on the topic and I’ll try my best to reply to everyone as soon as I can. The interest in this threat from a mobile industry perspective sheds new light on the importance of the mobile environment of digital security. I expect to see many of the digital security companies gain a renewed interest in mobile as a result of this high-profile security threat.
As always, I’m working to keep you informed on the latest developments in mobile security. Feel free to post your comments or send me email… on a day like this I’ll do my best to keep my Inbox from getting too backlogged.
Your mobile security guru,
Eric E – The MobileTech
Eric Everson – Founder MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, MyMobiSafe
With the digital security world buzzing today due to the recent mutations of the infamous Conficker virus, many mobile users are concerned that their Windows Mobile handset could be in jeopardy too. The reality is that this Conficker scare is actually just computer-based and so far we haven’t been able to identify any mobile-based variants that allow this threat to bleed into the mobile industry.
Despite the advances in sophistication that the Windows Mobile Operating System has undergone, the reality is that the computer-based Windows environment remains much more robust. This differentiation leaves Windows Mobile devices much less at risk for this type of attack. What many media outlets have done to create awareness has actually created an environment of confusion for many users. At a high level while you do not want your system to get infected by the Conficker virus, it’s not a malware designed to destroy your computer either.
Overall, this malware has been designed to create a gateway between your computer and those behind Conficker so that an environment conducive to spamming and data theft is established. This is nothing like the viruses of days past that are completely malicious in nature and destroy everything in their path. Conficker to most digital security experts marks a new shift in the sophistication and direction of mobile malware. Rather than creating destructive havoc, the Conficker platform is more specifically designed to create a “black market” tool for e-commerce. Unfortunately the very existence of Conficker confirms the reality of that hackers stand to make significant profit by developing tools that target your digital information.
While a number of threats do attempt to exploit vulnerabilities within the Windows Mobile environment, so far Conficker is not a threat that mobile users should fear. As Windows Mobile can be a cornerstone of small businesses on the go, it seems that for now Conficker is one less thing to worry about. I appreciate the flood of emails on the topic and I’ll try my best to reply to everyone as soon as I can. The interest in this threat from a mobile industry perspective sheds new light on the importance of the mobile environment of digital security. I expect to see many of the digital security companies gain a renewed interest in mobile as a result of this high-profile security threat.
As always, I’m working to keep you informed on the latest developments in mobile security. Feel free to post your comments or send me email… on a day like this I’ll do my best to keep my Inbox from getting too backlogged.
Your mobile security guru,
Eric E – The MobileTech
Eric Everson – Founder MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Thursday 26 March 2009, 3:07 PM
CanSecWest Security Conference: $10K to Hack Your SmartPhone
CanSecWest Security Conference: $10K to Hack Your SmartPhone
Author: Eric Everson
Admittedly I was not in attendance at this year’s CanSecWest Security Conference, but as CNet.com confirms big money was being offered to hackers to exploit mobile devices.
According to the article, “That innocent-looking mobile phone you use to call your mother and check e-mail represents the next frontier for malicious hackers, though it eluded researchers who stood to earn $10,000 for exploiting a smartphone at the CanSecWest security conference this week. TippingPoint Technologies, which sponsors a Pwn2Own hacking contest each year at the event, was offering the prize money for each successful exploit of an iPhone, BlackBerry, and phones running Google's Android, Windows Mobile, and Symbian operating systems.”
Masqueraded as “research” apparently we don’t have enough problems with mobile hackers, thus prize money is now being attached to hacking Mobile Operating Systems (MOPS). Having been in the mobile security industry since 2005, I found it interesting to see the apparent divide between the skill levels of computer- versus mobile-based hackers from this event. Despite the prize money the computer-based hackers merely fumbled in the streamlined MOPS environment and were ultimately unsuccessful (at the CanSecWest event) at exploiting the security vulnerabilities of the mobile devices. This, as mobile-based hackers know, is due to the approach that was used, not because these mobile platforms are impregnable.
One other interesting tidbit from the CanSecWest event (mostly because it supports my long-held position on the matter) was when the founder of the event Dragos Ruiu noted, “"I carry two phones at any one time… and now, they are more capable computers." Is this further proof that mobile devices are displacing computer futures… you know where I stand, so I’ll let you decide.
Article In Ref: Mobile: The holy grail at security conference: http://news.cnet.com/8301-1009_3-10201356-83.html
Your friend and loyal researcher of mobile security,
Eric Everson – A.K.A: “The MobileTech”
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson
Admittedly I was not in attendance at this year’s CanSecWest Security Conference, but as CNet.com confirms big money was being offered to hackers to exploit mobile devices.
According to the article, “That innocent-looking mobile phone you use to call your mother and check e-mail represents the next frontier for malicious hackers, though it eluded researchers who stood to earn $10,000 for exploiting a smartphone at the CanSecWest security conference this week. TippingPoint Technologies, which sponsors a Pwn2Own hacking contest each year at the event, was offering the prize money for each successful exploit of an iPhone, BlackBerry, and phones running Google's Android, Windows Mobile, and Symbian operating systems.”
Masqueraded as “research” apparently we don’t have enough problems with mobile hackers, thus prize money is now being attached to hacking Mobile Operating Systems (MOPS). Having been in the mobile security industry since 2005, I found it interesting to see the apparent divide between the skill levels of computer- versus mobile-based hackers from this event. Despite the prize money the computer-based hackers merely fumbled in the streamlined MOPS environment and were ultimately unsuccessful (at the CanSecWest event) at exploiting the security vulnerabilities of the mobile devices. This, as mobile-based hackers know, is due to the approach that was used, not because these mobile platforms are impregnable.
One other interesting tidbit from the CanSecWest event (mostly because it supports my long-held position on the matter) was when the founder of the event Dragos Ruiu noted, “"I carry two phones at any one time… and now, they are more capable computers." Is this further proof that mobile devices are displacing computer futures… you know where I stand, so I’ll let you decide.
Article In Ref: Mobile: The holy grail at security conference: http://news.cnet.com/8301-1009_3-10201356-83.html
Your friend and loyal researcher of mobile security,
Eric Everson – A.K.A: “The MobileTech”
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday 11 March 2009, 7:10 PM
Mobile Malware: The JavaMite Evolution in Digital Security
Mobile Malware: The JavaMite Evolution in Digital Security
Author: Eric Everson, Founder MyMobiSafe.com
The landscape of digital security is evolutionary in nature. From one malware variant to the next, malware represents a means of interrupting digital norms. Occasionally there comes an evolution in technology that is so profound that it carries the ability to transcend all future developments. In such a paradigm shift, the digital landscape as we know it can become transcended to new heights. Such is the case for the latest form of mobile malware, the JavaMite.
As defined, “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” As an evolutionary form of mobile malware, this development stands to redefine the norms of mobile security. JavaMite malware has such a profound dynamic due to its overwhelming scalability given the modern mobile environment.
As upwards of 86% of handsets are Java-enabled this renders JavaMites as the most threatening class of mobile malware to surface – relative to its prospective mass industry epidemiology. Though currently there is not a JavaMite variant capable of mass market threat, this is exactly the medium that mobile malware could use to target unprecedented numbers of mobile handsets. The limitations that massive attacks face are primarily underpinned by handset processing capabilities, though there is no limit on the sophistications that JavaMites can embody.
In short, JavaMites are the newest form of mobile security threat to emerge and likewise represent the greatest opportunity for globalized attacks to mobile devices. Given the many formalities that have shaped the emergence of this unique mobile malware, JavaMites likely represent the basis of next generation mobile malware developments.
As we continue to rely on our mobile devices as a critical element of communication, JavaMites represent a paradigm shift in digital security for governments and businesses alike.
Keeping you informed,
“The MobileTech”
Eric Everson, Founder – MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, Founder MyMobiSafe.com
The landscape of digital security is evolutionary in nature. From one malware variant to the next, malware represents a means of interrupting digital norms. Occasionally there comes an evolution in technology that is so profound that it carries the ability to transcend all future developments. In such a paradigm shift, the digital landscape as we know it can become transcended to new heights. Such is the case for the latest form of mobile malware, the JavaMite.
As defined, “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” As an evolutionary form of mobile malware, this development stands to redefine the norms of mobile security. JavaMite malware has such a profound dynamic due to its overwhelming scalability given the modern mobile environment.
As upwards of 86% of handsets are Java-enabled this renders JavaMites as the most threatening class of mobile malware to surface – relative to its prospective mass industry epidemiology. Though currently there is not a JavaMite variant capable of mass market threat, this is exactly the medium that mobile malware could use to target unprecedented numbers of mobile handsets. The limitations that massive attacks face are primarily underpinned by handset processing capabilities, though there is no limit on the sophistications that JavaMites can embody.
In short, JavaMites are the newest form of mobile security threat to emerge and likewise represent the greatest opportunity for globalized attacks to mobile devices. Given the many formalities that have shaped the emergence of this unique mobile malware, JavaMites likely represent the basis of next generation mobile malware developments.
As we continue to rely on our mobile devices as a critical element of communication, JavaMites represent a paradigm shift in digital security for governments and businesses alike.
Keeping you informed,
“The MobileTech”
Eric Everson, Founder – MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday 4 March 2009, 5:02 PM
JavaMites: Next Generation Mobile Security Threats
JavaMites: Next Generation Mobile Security Threats
Author: Eric Everson – Founder, MyMobiSafe.com
As you may be familiar, upwards of 86% of mobile devices are now Java-enabled. This mass scale Java adoption in mobile is merely a result of the interoperability issues third-party content developers faced throughout the wireless industry. Java has been critical in the mobile environment for allowing an abundance of content to become accessible to users that would have otherwise faced interoperability hurdles caused by Mobile Operating Systems (MOPS). While the migration of creating Java-enabled handsets have been welcomed by millions starved for quality mobile content, the introduction of JavaMites has opened a new chapter of mobile security.
As defined in my Whitepaper (JavaMites: The Emerging Universal Mobile Threat 1Q09) a “JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a technical way of saying that if your handset is Java-enabled (as most of ours now are) there is a new form of mobile malware that you should be aware of.
How new is it? In all honesty this cutting-edge form of mobile malware began surfacing towards the end of 2008, but was not successfully executed until a few weeks ago. You may have heard about that mobile virus (more technically referred to as JavaMite file: Trojan-SMS.J2ME.GameSat.a) that targeted handsets in Indonesia to successfully override their handsets to transfer money from their mobile banking accounts. This was the first documented JavaMite attack that has been recorded, but unfortunately due to its success will not be the last of its kind.
Why are these “JavaMites” so different that anything else? Simply put, this form of mobile malware forces the curtains open to expose the pregnable weakness of nearly every mobile device. With the ability to infect the masses, JavaMites offer the first global platform for mobile security vulnerability. Much of this technology development has been driven by the availability of Open Source MOPS Software Development Kits (SDK) as JavaMite malware can now effectively gain control of the operating files (the sandbox of the handset) that were once inaccessible given a Java SDK alone.
This is an emerging threat that has yet to become a mainstream concern. As a safeguard, be very cautious when opening emails with attachments and when downloading new applications/content with your mobile device. Since the bulk of handsets are Java-enabled, the days of mobile malware targeting only one MOPS are behind us. We expect to see JavaMites emerge as the preferred platform of next generation mobile malware due to its ability to infect handsets by the masses. In short, whether you are an individual from a small business or one at a major corporate enterprise you share the same risks against JavaMites - these things are really scary!
As always, I’ll keep you up to date on the developments in this area.
Your friend in mobile security,
Eric E - “AKA: The MobileTech”
Eric Everson is a leading mobile security researcher and is the founder of MyMobiSafe.com: The Infrastructure of Delivery; The Future of Mobile Security. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson – Founder, MyMobiSafe.com
As you may be familiar, upwards of 86% of mobile devices are now Java-enabled. This mass scale Java adoption in mobile is merely a result of the interoperability issues third-party content developers faced throughout the wireless industry. Java has been critical in the mobile environment for allowing an abundance of content to become accessible to users that would have otherwise faced interoperability hurdles caused by Mobile Operating Systems (MOPS). While the migration of creating Java-enabled handsets have been welcomed by millions starved for quality mobile content, the introduction of JavaMites has opened a new chapter of mobile security.
As defined in my Whitepaper (JavaMites: The Emerging Universal Mobile Threat 1Q09) a “JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a technical way of saying that if your handset is Java-enabled (as most of ours now are) there is a new form of mobile malware that you should be aware of.
How new is it? In all honesty this cutting-edge form of mobile malware began surfacing towards the end of 2008, but was not successfully executed until a few weeks ago. You may have heard about that mobile virus (more technically referred to as JavaMite file: Trojan-SMS.J2ME.GameSat.a) that targeted handsets in Indonesia to successfully override their handsets to transfer money from their mobile banking accounts. This was the first documented JavaMite attack that has been recorded, but unfortunately due to its success will not be the last of its kind.
Why are these “JavaMites” so different that anything else? Simply put, this form of mobile malware forces the curtains open to expose the pregnable weakness of nearly every mobile device. With the ability to infect the masses, JavaMites offer the first global platform for mobile security vulnerability. Much of this technology development has been driven by the availability of Open Source MOPS Software Development Kits (SDK) as JavaMite malware can now effectively gain control of the operating files (the sandbox of the handset) that were once inaccessible given a Java SDK alone.
This is an emerging threat that has yet to become a mainstream concern. As a safeguard, be very cautious when opening emails with attachments and when downloading new applications/content with your mobile device. Since the bulk of handsets are Java-enabled, the days of mobile malware targeting only one MOPS are behind us. We expect to see JavaMites emerge as the preferred platform of next generation mobile malware due to its ability to infect handsets by the masses. In short, whether you are an individual from a small business or one at a major corporate enterprise you share the same risks against JavaMites - these things are really scary!
As always, I’ll keep you up to date on the developments in this area.
Your friend in mobile security,
Eric E - “AKA: The MobileTech”
Eric Everson is a leading mobile security researcher and is the founder of MyMobiSafe.com: The Infrastructure of Delivery; The Future of Mobile Security. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Monday 16 February 2009, 3:20 PM
Mobile Banking Safe? Not So Much… Happy Valentines?
Mobile Banking Safe? Not So Much… Happy Valentines?
Author: Eric Everson; Founder MyMobiSafe.com
How many times do we have to read analyst’s sugar coating the threats that mobile banking faces? As a lead researcher and mobile security expert at MyMobiSafe, let me just say for the record that mobile banking is not secure.
With so many millions of dollars in infrastructure behind mobile banking, it is in the banks best interest to promote the security of this emerging medium, but at whose expense? I recently read an article from a reliable news site that essentially suggested that there are no mobile viruses designed to attack mobile banking. So what about the mobile malware file “Trojan-SMS.J2ME.GameSat.a”?
For those of you unfamiliar with this particular mobile virus, this is one of the first broad spectrum mobile viruses to target the mobile banking industry. In fact given its J2ME origin, this little application masquerading around as a cute dating/chat application might prove to be one of the bigger threats given the time to spawn more targeted variants. This particular malware is currently growing in popularity in the Asian market however given its success, it is expected that a variant will be making its way toward your market soon enough.
Those of you that read my entries know that it is from academic roots that I attempt to cut through the façade with regard to mobile security. Rather than just paint a picture of a perfect secure mobile environment, I’ll do my best to not only tell you that there is a threat but back it up with as much as the file name/origin. The truth is that this application must be loaded on to your handset with your permission even if it arrives via your inbox. The problem is that in pure Trojan nature, you think you’re getting a dating/chat application and you end up with a malware that attempts to access your mobile banking registries to transfer your money away.
With Valentines Day looming in the so recent past, don’t let your search for love steer you into the dating/chat application that is really the more dangerous “Trojan-SMS.J2ME.GameSat.a” file. If you are a small business owner or just another cell phone user, stay alert!
Your go-to guy in mobile security!
Eric Everson “The MobileTech”
Eric Everson, Founder MyMobiSafe.com. If you have any questioned related to mobile security, contact me at EricEverson@Hotmail.com.
Author: Eric Everson; Founder MyMobiSafe.com
How many times do we have to read analyst’s sugar coating the threats that mobile banking faces? As a lead researcher and mobile security expert at MyMobiSafe, let me just say for the record that mobile banking is not secure.
With so many millions of dollars in infrastructure behind mobile banking, it is in the banks best interest to promote the security of this emerging medium, but at whose expense? I recently read an article from a reliable news site that essentially suggested that there are no mobile viruses designed to attack mobile banking. So what about the mobile malware file “Trojan-SMS.J2ME.GameSat.a”?
For those of you unfamiliar with this particular mobile virus, this is one of the first broad spectrum mobile viruses to target the mobile banking industry. In fact given its J2ME origin, this little application masquerading around as a cute dating/chat application might prove to be one of the bigger threats given the time to spawn more targeted variants. This particular malware is currently growing in popularity in the Asian market however given its success, it is expected that a variant will be making its way toward your market soon enough.
Those of you that read my entries know that it is from academic roots that I attempt to cut through the façade with regard to mobile security. Rather than just paint a picture of a perfect secure mobile environment, I’ll do my best to not only tell you that there is a threat but back it up with as much as the file name/origin. The truth is that this application must be loaded on to your handset with your permission even if it arrives via your inbox. The problem is that in pure Trojan nature, you think you’re getting a dating/chat application and you end up with a malware that attempts to access your mobile banking registries to transfer your money away.
With Valentines Day looming in the so recent past, don’t let your search for love steer you into the dating/chat application that is really the more dangerous “Trojan-SMS.J2ME.GameSat.a” file. If you are a small business owner or just another cell phone user, stay alert!
Your go-to guy in mobile security!
Eric Everson “The MobileTech”
Eric Everson, Founder MyMobiSafe.com. If you have any questioned related to mobile security, contact me at EricEverson@Hotmail.com.
Previous
