6

-
-
.
Apple ll1c. CEO Steve
Jobs speaks abollt lit e
iPltolle OS4 at (/ evellf
at Apple ill Cuper/illo.
Ca/ijol'llia April 8, 2010. REUTERSI
Robert Galbrai,h
You gotta love security researchers.
"Oh, we're scientists," they say. "We can do
anythi ng we want in the name of research."
Imagine if you're in a town and a bunch of
scientists have decided to break into 8,000
homes, just to see if the residents have
secure locks on their doors. Would you let
the scientists off the hook, just because it's
research? Or would you book 'em, Danno,
because they just broke into 8,000 homes?
A
s it turns OUI , a bunch of actual
researchers tried a simil ar stunt, but
instead of breaking into homes, they
broke into smartphones.
According to the Web site, Da rk Reading,
Derek Brown and Daniel Tijerina, securit y re-
searchers with TippingPoinl 's Di git al Vaccine
Group wrote an appl ication for the iPhone and
Android smartphones. The application, call ed
WeatherFisl, was then distributed to a number
of sli ght ly shady application down load s it es.
Then Brown and Tijera sat back and waited
to see what would happen.
Before we explore the TippingPoi nt project
further, you' ll need to understand somet hing
about the dark underbell y of the smartphone
world. Yes, in fact , there is a dark underbell y
of the smartphone world.
As mos t people kno w, a ppli ca ti o ns for
smartphones are relati vely tightl y regul ated,
especiall y for Apple's iPhone. Appli cations
go through an approva l process from t he
manufacturer before they can be made ava il-
able to consumers - and thi s usuall y serves
the purpose of protecting the telephone net-
work, the phones, and the consumers from
malici ous software.
But not everyone likes the ir phone to be
locked down. A surprisingl y la rge number
of phone owners "j ailbreak" their phones,
removing or bypassing the manufactu rers '
securit y and downl oading all sort s of Cll S-
tomi zed applicat ions never permitt ed by the
phone makers or networks.
Just like the re are " app stores" for officially
sancti oned phones and soft ware, there are also
underground app stores for jai lbroken phones.
One such store, Cydia, estimates that full y
8.5% of all iPhones have been cracked. Given
that there are almost 43 milli on iPhones out
there, about 3.65 mi lli on of them have been
hacked, maki ng for a very la rge popul ation o f
rogue phones capabl e of being compromi sed.
ThaI doesn't COllnt the Android phone mar-
ket, whi c h has much less stringent controls
than Apple, plus all the BlackBerry phones,
Windows mobi lc pho nes, and th ose rUIl -
ning the Symbian
operati ng system
f rom Nok ia. No
matt er how yo u
slice it , there a re
milli ons o f hi ghl y
mobil e. te eny -
weeni e computers
running around in
the wild - and all
a re vulne rable to
malicioll s action.
Before I get back
to o ur break in g-
a nd-e nteri ng se -
curit y researchers
s imu la ti ng an a t-
tack b y in fec t-
ing un s us pecting
phone owners, let's
visit the real world
for a moment.
Last fall , a hacker ca lling himse lf "ikex"
infect cd Aus tr a lia n iPho ne s wit h a n ad -
mittedly humoroll s hack tha t changed the
phone 's background image to that of
opemti ons dynamicall y, it essentiall y became
a virulentl y mobile " bot " ne t.
lllen, as recently as this March, one smartphone
manufacturer, Vodaphone, inadvert entl y got inlothe
game of distributing mal ware to its customers. Ap-
parently, security wasn't
as ti ght as it should have
been in Vodaphone's
fac ility in Spain. Ac-
cording to the company,
more than 4,000 HTC
Magic Android-based
phones len the factory
with their memory cards
containing a cl ient for
the Mariposa bomel, as
well as Confiker and
Lineage password steal-
ing spyware.
All of thi s brings us
back to mad scienti sts
Brown a nd Tijerina.
What th ey did was
post thei r software,
ostensibl y an app fo r
providing weather in-
formati on, on a num-
ber of underground app
download sites. According to Dark Reading, the
researchers reponed 1,862 downloads within 24
hours and 8,000 downloads within a few days.
80s pop-mock sensati on Ri ck As tl ey.
Yes, it was Rick-roll ing in the forr; ",=o=f::::=j IUNRTERRORI,r
an iPhone hack. t. J
In Novembe r, several Dut c h
iPh o ne tl s er s fo un d their
phones had been hacked - and
they were be ing held hostage
fo r the princely Slim of five
Euros. When they turned their
phones on, they found a wall-
paper me ssage demandin g
they visit a certa in Web s it e
and pay a fee 10 gain access to
their phones.
These pr a nks lOok a muc h
nast ie r turn in just a few short
week s. The o ri g inal Ri c k
Ast ley " ikex" worlll was re-
written by actors with a much
less amusing intent. The new
form was rewritten to connect
to a c entrali zc d command
and control cent er, download
new ins truct ions dynamicall y,
and send personal informa tion
back to it s masters. Thi s new version
al so broke free from the Austra li an
continent and made it s way to Europe .
Because thi s variant communi cat ed to
a home base and was abl e to c hange
The Co\roIert.ItWi""'fIC1 HorneI.lnd
Then, as recently as this March, one
smartphone manufacturer, Vodaphone,
inadvertently got into the game of distributing
malware to its customers. Apparently,
security wasn't as tight as it should have
been in Vodaphone's facility in Spain.
W'\vw.thc ournalofcountcrtcrrori snl.or
COUNTER
Their software gat hered user data and GPS
location information and shipped it back to
the scientists' secret lair (the offices of Tip-
pingPoint), but the researchers claimed that
their program could have easily carried a rar
more mali cious payload.
wiped by the phone manufactur-
ers' normal securi ty protocols.
As a result , they may well truly
become rogue devices operat -
ing outside the normal reach of
phone security, able to be tapped
by trouble-makers at any time,
and even able to essentially stalk
their owners, no matter where
they go in the real world.

So what docs this all meall for secur ity profes-
sionals? First , it ' s a cautionary tale. It 's prob-
ably not advi sable to "jailbreak" your phone.
If you think you' re a security expert and you
can' t be compromised, you probably can be -
and if your security informati on is tapped and
report ed to some cent ral clear inghouse, the
damage could be far worse than if a civil ian's
personal information had been fi lched.
Second, it ' s important to remember that al-
though these devices arc primari ly phones,
they' re essentiall y high ly mobi le rull -nedged
computers. Given that mOSI smart phones also
have location awareness, ii' s possible ror bOI-
net operators to develop a rorm of positional
awareness previously unavai lable to crimina ls
and other bad guys.
Finall y, because the types or phones being
compromised are those Ihat have already been
altered against Illallul:1ctu rers' design, they' re
unl ikely to be able to be remotely updaled or
8
COUNTER
Special.
About the Author
David Gell'irf= is direcror of ril e
U.s. S'r(lfegic Perspective IlIsrilllre
alld edilor- ill- chief of /he ZATZ
,ec/mical mag(cilles. He reg/llarly
wdlel' cOlJlmellfary alld for
CNN"s Alldersoll Cooper 360. and
has II'riuen /lwre ,hall 700 arricles
abOIlf lec!mology. David is aforlller
professor of computer science, has
l eclt/red Of Prince/all. Berkel ey.
UCLA. alld Sumfor(/, has been awarded
Ihe presligious Sigma Xi Research Award ill
Engilleerillg, alld was a calldidale
f or Ihe 2008 Pulilzer Prize ill Lelfers.
He is Ihe Cyberl errorism Advisorfor .
lACS?
Vo1.l6, No.2
The Joumalof CounlenerrOO$IIlan(! Homeland 5ec\.Olly Inlemalional
Second, it's important to remember
that although these devices are
primarily phones, they're essential ly
highly mobi le full-fledged computers.
Given that most smartphones also
have location awareness, it's possible
for botnet operators to develop a form
of positional awareness previously
unavailable to criminals and other
bad guys.
WHERE THE PROFESSIONALS TRAIN-
For more information
visit www.sigsaueracademy.com/castle
email.KSltraining@yahoo.com
cali, 954-529-6124
TfRRORISM
Jo urnal o f Counterte rrorism & Home land Security International