IN-THE-KNOW: Top 5 Articles from the last 14 days.

Executive Summary

Snapshot summaries are below, but here’s the 30 second update for you to be in-the-know:

iOS 11 (including iPhone X) devices can now be unlocked by US defence contractor Cellebrite. While iOS is getting less secure, Android P is amping up security to prevent snooping on users and what apps can do in the background. Mobile banking and crypto trojans up 70% in 2017 according to McAfee, with a general total of 468,837 malware identifications according to Trend Micro. Lastly, RedDrop malware that is infecting at least 53 apps steals sensitive PII. Ouch.

Read on for More Details Below:


The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

According to a recent article by Forbes, an Israeli based US defence contractor, Cellebrite has found a way to unlock nearly all iPhones in market.  While they have not made public statements, sources indicate that they are able to bypass the security of devices running IOS 11, including the iPhone X which was found to be raided for data by the Department for Homeland Security back in November 2017.  The exact nature of the exploits used to access the data on locked devices is unknown and Apple continues to patch IOS making this a bit of a cat and mouse game. For the average user it should be noted that this does require physical access to the devices, Cellebrite does not perform unlocking remotely.

Android P security: snooping forbidden

Android P is set to include some new security features intended to make it more difficult to snoop on unsuspecting users.  Beyond the general patching of security fixes which is typically in the realm of monthly security updates, Android P includes new restrictions on what applications are able to do while running in the background.  While in idle mode an application has no access to the microphone, camera or device sensors. This means that if an application is no longer running in the foreground it will receive empty audio from the mic, along with error conditions returned if it tries to access the camera or sensors.  Applications must be running in foreground, or as a foreground service (which includes having an icon in the notification area) to access the microphone, camera or sensors. This means that malicious applications that attempt to secretly record a user will will have more difficulty hiding their activities.


Mobile ransomware & banking malware thrive as hackers put focus on mobile

In the 2018 Q1 Mobile Threat Report from Mcafee both banking trojans and cryptocurrency malware grew by over 60% in 2017. Banking trojans were attributed to malware such as Marcher malware which masqueraded as legitimate applications on Google Play, as well as MoqHao which spread by SMS to attack users with accounts at one of the Korean banks, as well as LokiBot which activated a ransomware module every time a user tried to remove the applications administrative rights.  Cryptocurrency malware rose by 70%, as well as an 80% growth in bitcoin mining malware.

Mobile ransomware & banking malware thrive as hackers put focus on mobile


According to Trend Micro's Mobile Threat Landscape report for 2017, the number of ransomware applications grew from 120,000 samples in 2016 to over 468,837 samples in 2017, a growth rate of over 415%.  The majority of mobile ransomware attacks took place in Asian countries including China, Indonesia, India, and Japan. The bulk of the ransomware samples were from SLocker, which had its source code published to GitHub last year, enabling malicious users to create new variants.

Beyond just ransomware, Trend Micro also observed a major rise in banking malware attacks on mobile devices.  Overall the number of banking malware samples grew by 194% in 2017. Similar to ransomware, the majority of the attacks were in Asian countries by a piece of malware called BankBot whose source code was released in an underground hacking forum last year.

RedDrop mobile malware infecting 53 apps, takes data and PII

A new threat has been uncovered that has 53 still operating apps distributing RedDrop malware.  RedDrop malware is designed to exfiltrate data off a victim’s mobile device. Discovered by researchers at Wandera, RedDrop is distributed by a complex content distribution network.  Wandera found RedDrop to be extremely dangerous, capable of delivered 7 or more malicious APKs including trojans, droppers, spyware and data extractors. Designed to look and function like valid applications such as calculators and image editors, RedDrop is capable of extracting personal information such as photos, contacts, images, audio recordings of the device's surrounding area.  


What to do next

Contact us to see a demonstration of the RECON Platform

Watch an overview of the Mi3 Security Portfolio