BlackBerry Security Exec Warns of Smartphone DDoS Attacks

Smartphone users have to smarten up when it comes to mobile security awareness

BlackBerry and smartphone security in general hasn't garnered much attention or concern over the past few years--at least from a consumer, or user, perspective; enterprises have been invested in mobile device security since the advent of the PDA.

But that's going to have to change, thanks largely to the vast number of consumers embracing new, flashy smartphones like Apple's iPhone, Motorola's DROID and Research In Motion's (RIM) BlackBerry Bold 9700.

This plethora of new smartphone users means the potential for gain by hackers or other online baddies looking to crack smartphone security measures is drastically increasing; The more smartphone users, the more devices that could potentially be commandeered and used in various attacks. That means smartphone users are going to have to smarten up when it comes to mobile security awareness and be more vigilant in spotting and stopping potential problems before they happen.

Scott Totzke, RIM's VP of BlackBerry security, agrees, and he recently spoke with Reuters on the subject. Totzke told Reuters that he's concerned compromised or "rogue" smartphones could be used in the future to target and bring down wireless carrier's cellular networks via distributed-denial-of-service (DDoS) attacks.

Traditional DDoS attacks occur when hackers take control of large groups of computers and then order them to all access one website or service at the same time, overloading servers and eventually crashing or disabling the site.

Popular micro-blogging service Twitter was hit with a high-profile DDoS attack last August that brought the site down for hours.

RIM's Totzke warned that DDoS attacks could also be perpetrated on smartphone users, with wireless data packets being used to overload and disable carriers' wireless networks.

Reuters also spoke with Flexilis, a maker of mobile security software. The company's CTO suggests that such an attack could start with users carelessly installing infected or tainted mobile applications.

BlackBerry smartphones feature safeguards that prompt users after downloading new applications to determine whether or not owners want to grant the apps "Trusted Application status." (See image above.) And most applications require users to grant certain permissions before the software can access potentially sensitive information like location- or voice-data.

But because serious smartphone-related security threats are few and far between at this point, most users simply click on through the warnings without actually considering the implications of downloading and installing what should really be considered "untrusted" apps.

Flexilis told Reuters that it has already identified "virus-tainted" versions of well-known, and generally trusted, applications like Google's Google Maps for mobile, so avoiding dangerous apps may not be as simple as only installing applications that seem to come from reputable sources.

RIM's Totzke says the most effective way to protect yourself from BlackBerry viruses and other security threats is to aggressively monitor RIM's site for security patches and then promptly install them whenever new fixes become available.

Join the CSO newsletter!

Error: Please check your email address.

Tags Blackberryddosmobile securitysmartphones

More about AppleAT&TAT&TBlackBerryGoogleMotionMotorolaResearch In MotionResearch In MotionReuters AustraliaVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Al Sacco

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place