Official Mobile Security & Innovative Technologies Blog
This blog is managed/edited by Eric Everson. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and the markets therein.
Thank you for taking the time to review my blog; I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a full-time graduate student and mobile industry researcher. As a mobile security expert and innovative technologies leader, I am glad to answer any questions you may have: EricEverson@Hotmail.com
Thursday 26 March 2009, 3:07 PM
CanSecWest Security Conference: $10K to Hack Your SmartPhone
CanSecWest Security Conference: $10K to Hack Your SmartPhone
Author: Eric Everson
Admittedly I was not in attendance at this year’s CanSecWest Security Conference, but as CNet.com confirms big money was being offered to hackers to exploit mobile devices.
According to the article, “That innocent-looking mobile phone you use to call your mother and check e-mail represents the next frontier for malicious hackers, though it eluded researchers who stood to earn $10,000 for exploiting a smartphone at the CanSecWest security conference this week. TippingPoint Technologies, which sponsors a Pwn2Own hacking contest each year at the event, was offering the prize money for each successful exploit of an iPhone, BlackBerry, and phones running Google's Android, Windows Mobile, and Symbian operating systems.”
Masqueraded as “research” apparently we don’t have enough problems with mobile hackers, thus prize money is now being attached to hacking Mobile Operating Systems (MOPS). Having been in the mobile security industry since 2005, I found it interesting to see the apparent divide between the skill levels of computer- versus mobile-based hackers from this event. Despite the prize money the computer-based hackers merely fumbled in the streamlined MOPS environment and were ultimately unsuccessful (at the CanSecWest event) at exploiting the security vulnerabilities of the mobile devices. This, as mobile-based hackers know, is due to the approach that was used, not because these mobile platforms are impregnable.
One other interesting tidbit from the CanSecWest event (mostly because it supports my long-held position on the matter) was when the founder of the event Dragos Ruiu noted, “"I carry two phones at any one time… and now, they are more capable computers." Is this further proof that mobile devices are displacing computer futures… you know where I stand, so I’ll let you decide.
Article In Ref: Mobile: The holy grail at security conference: http://news.cnet.com/8301-1009_3-10201356-83.html
Your friend and loyal researcher of mobile security,
Eric Everson – A.K.A: “The MobileTech”
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson
Admittedly I was not in attendance at this year’s CanSecWest Security Conference, but as CNet.com confirms big money was being offered to hackers to exploit mobile devices.
According to the article, “That innocent-looking mobile phone you use to call your mother and check e-mail represents the next frontier for malicious hackers, though it eluded researchers who stood to earn $10,000 for exploiting a smartphone at the CanSecWest security conference this week. TippingPoint Technologies, which sponsors a Pwn2Own hacking contest each year at the event, was offering the prize money for each successful exploit of an iPhone, BlackBerry, and phones running Google's Android, Windows Mobile, and Symbian operating systems.”
Masqueraded as “research” apparently we don’t have enough problems with mobile hackers, thus prize money is now being attached to hacking Mobile Operating Systems (MOPS). Having been in the mobile security industry since 2005, I found it interesting to see the apparent divide between the skill levels of computer- versus mobile-based hackers from this event. Despite the prize money the computer-based hackers merely fumbled in the streamlined MOPS environment and were ultimately unsuccessful (at the CanSecWest event) at exploiting the security vulnerabilities of the mobile devices. This, as mobile-based hackers know, is due to the approach that was used, not because these mobile platforms are impregnable.
One other interesting tidbit from the CanSecWest event (mostly because it supports my long-held position on the matter) was when the founder of the event Dragos Ruiu noted, “"I carry two phones at any one time… and now, they are more capable computers." Is this further proof that mobile devices are displacing computer futures… you know where I stand, so I’ll let you decide.
Article In Ref: Mobile: The holy grail at security conference: http://news.cnet.com/8301-1009_3-10201356-83.html
Your friend and loyal researcher of mobile security,
Eric Everson – A.K.A: “The MobileTech”
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday 11 March 2009, 7:10 PM
Mobile Malware: The JavaMite Evolution in Digital Security
Mobile Malware: The JavaMite Evolution in Digital Security
Author: Eric Everson, Founder MyMobiSafe.com
The landscape of digital security is evolutionary in nature. From one malware variant to the next, malware represents a means of interrupting digital norms. Occasionally there comes an evolution in technology that is so profound that it carries the ability to transcend all future developments. In such a paradigm shift, the digital landscape as we know it can become transcended to new heights. Such is the case for the latest form of mobile malware, the JavaMite.
As defined, “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” As an evolutionary form of mobile malware, this development stands to redefine the norms of mobile security. JavaMite malware has such a profound dynamic due to its overwhelming scalability given the modern mobile environment.
As upwards of 86% of handsets are Java-enabled this renders JavaMites as the most threatening class of mobile malware to surface – relative to its prospective mass industry epidemiology. Though currently there is not a JavaMite variant capable of mass market threat, this is exactly the medium that mobile malware could use to target unprecedented numbers of mobile handsets. The limitations that massive attacks face are primarily underpinned by handset processing capabilities, though there is no limit on the sophistications that JavaMites can embody.
In short, JavaMites are the newest form of mobile security threat to emerge and likewise represent the greatest opportunity for globalized attacks to mobile devices. Given the many formalities that have shaped the emergence of this unique mobile malware, JavaMites likely represent the basis of next generation mobile malware developments.
As we continue to rely on our mobile devices as a critical element of communication, JavaMites represent a paradigm shift in digital security for governments and businesses alike.
Keeping you informed,
“The MobileTech”
Eric Everson, Founder – MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, Founder MyMobiSafe.com
The landscape of digital security is evolutionary in nature. From one malware variant to the next, malware represents a means of interrupting digital norms. Occasionally there comes an evolution in technology that is so profound that it carries the ability to transcend all future developments. In such a paradigm shift, the digital landscape as we know it can become transcended to new heights. Such is the case for the latest form of mobile malware, the JavaMite.
As defined, “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” As an evolutionary form of mobile malware, this development stands to redefine the norms of mobile security. JavaMite malware has such a profound dynamic due to its overwhelming scalability given the modern mobile environment.
As upwards of 86% of handsets are Java-enabled this renders JavaMites as the most threatening class of mobile malware to surface – relative to its prospective mass industry epidemiology. Though currently there is not a JavaMite variant capable of mass market threat, this is exactly the medium that mobile malware could use to target unprecedented numbers of mobile handsets. The limitations that massive attacks face are primarily underpinned by handset processing capabilities, though there is no limit on the sophistications that JavaMites can embody.
In short, JavaMites are the newest form of mobile security threat to emerge and likewise represent the greatest opportunity for globalized attacks to mobile devices. Given the many formalities that have shaped the emergence of this unique mobile malware, JavaMites likely represent the basis of next generation mobile malware developments.
As we continue to rely on our mobile devices as a critical element of communication, JavaMites represent a paradigm shift in digital security for governments and businesses alike.
Keeping you informed,
“The MobileTech”
Eric Everson, Founder – MyMobiSafe.com
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday 4 March 2009, 5:02 PM
JavaMites: Next Generation Mobile Security Threats
JavaMites: Next Generation Mobile Security Threats
Author: Eric Everson – Founder, MyMobiSafe.com
As you may be familiar, upwards of 86% of mobile devices are now Java-enabled. This mass scale Java adoption in mobile is merely a result of the interoperability issues third-party content developers faced throughout the wireless industry. Java has been critical in the mobile environment for allowing an abundance of content to become accessible to users that would have otherwise faced interoperability hurdles caused by Mobile Operating Systems (MOPS). While the migration of creating Java-enabled handsets have been welcomed by millions starved for quality mobile content, the introduction of JavaMites has opened a new chapter of mobile security.
As defined in my Whitepaper (JavaMites: The Emerging Universal Mobile Threat 1Q09) a “JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a technical way of saying that if your handset is Java-enabled (as most of ours now are) there is a new form of mobile malware that you should be aware of.
How new is it? In all honesty this cutting-edge form of mobile malware began surfacing towards the end of 2008, but was not successfully executed until a few weeks ago. You may have heard about that mobile virus (more technically referred to as JavaMite file: Trojan-SMS.J2ME.GameSat.a) that targeted handsets in Indonesia to successfully override their handsets to transfer money from their mobile banking accounts. This was the first documented JavaMite attack that has been recorded, but unfortunately due to its success will not be the last of its kind.
Why are these “JavaMites” so different that anything else? Simply put, this form of mobile malware forces the curtains open to expose the pregnable weakness of nearly every mobile device. With the ability to infect the masses, JavaMites offer the first global platform for mobile security vulnerability. Much of this technology development has been driven by the availability of Open Source MOPS Software Development Kits (SDK) as JavaMite malware can now effectively gain control of the operating files (the sandbox of the handset) that were once inaccessible given a Java SDK alone.
This is an emerging threat that has yet to become a mainstream concern. As a safeguard, be very cautious when opening emails with attachments and when downloading new applications/content with your mobile device. Since the bulk of handsets are Java-enabled, the days of mobile malware targeting only one MOPS are behind us. We expect to see JavaMites emerge as the preferred platform of next generation mobile malware due to its ability to infect handsets by the masses. In short, whether you are an individual from a small business or one at a major corporate enterprise you share the same risks against JavaMites - these things are really scary!
As always, I’ll keep you up to date on the developments in this area.
Your friend in mobile security,
Eric E - “AKA: The MobileTech”
Eric Everson is a leading mobile security researcher and is the founder of MyMobiSafe.com: The Infrastructure of Delivery; The Future of Mobile Security. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson – Founder, MyMobiSafe.com
As you may be familiar, upwards of 86% of mobile devices are now Java-enabled. This mass scale Java adoption in mobile is merely a result of the interoperability issues third-party content developers faced throughout the wireless industry. Java has been critical in the mobile environment for allowing an abundance of content to become accessible to users that would have otherwise faced interoperability hurdles caused by Mobile Operating Systems (MOPS). While the migration of creating Java-enabled handsets have been welcomed by millions starved for quality mobile content, the introduction of JavaMites has opened a new chapter of mobile security.
As defined in my Whitepaper (JavaMites: The Emerging Universal Mobile Threat 1Q09) a “JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a technical way of saying that if your handset is Java-enabled (as most of ours now are) there is a new form of mobile malware that you should be aware of.
How new is it? In all honesty this cutting-edge form of mobile malware began surfacing towards the end of 2008, but was not successfully executed until a few weeks ago. You may have heard about that mobile virus (more technically referred to as JavaMite file: Trojan-SMS.J2ME.GameSat.a) that targeted handsets in Indonesia to successfully override their handsets to transfer money from their mobile banking accounts. This was the first documented JavaMite attack that has been recorded, but unfortunately due to its success will not be the last of its kind.
Why are these “JavaMites” so different that anything else? Simply put, this form of mobile malware forces the curtains open to expose the pregnable weakness of nearly every mobile device. With the ability to infect the masses, JavaMites offer the first global platform for mobile security vulnerability. Much of this technology development has been driven by the availability of Open Source MOPS Software Development Kits (SDK) as JavaMite malware can now effectively gain control of the operating files (the sandbox of the handset) that were once inaccessible given a Java SDK alone.
This is an emerging threat that has yet to become a mainstream concern. As a safeguard, be very cautious when opening emails with attachments and when downloading new applications/content with your mobile device. Since the bulk of handsets are Java-enabled, the days of mobile malware targeting only one MOPS are behind us. We expect to see JavaMites emerge as the preferred platform of next generation mobile malware due to its ability to infect handsets by the masses. In short, whether you are an individual from a small business or one at a major corporate enterprise you share the same risks against JavaMites - these things are really scary!
As always, I’ll keep you up to date on the developments in this area.
Your friend in mobile security,
Eric E - “AKA: The MobileTech”
Eric Everson is a leading mobile security researcher and is the founder of MyMobiSafe.com: The Infrastructure of Delivery; The Future of Mobile Security. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
