Hacking Team gives us incontrovertible proof of targeted mobile threats

It's time to put the same amount of effort into securing our mobile devices as we do our PCs and servers

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The data from the recent Hacking Team breach provides yet another example of governments actively using targeted malware. While state-sponsored hacking has been going on for some time, a new wrinkle is emerging.

There is clear evidence that governments around the world are actively targeting both iOS and Android devices. And contrary to early coverage of Hacking Team, this breach also revealed the group possessed an Apple enterprise certificate, which allows apps signed with that certificate to be installed on any iOS device, jailbroken or not.

Hacking Team is an Italian company that sells so-called "surveillanceware" to various governments--ranging from free democracies to oppressive regimes--around the world. Its software claims to capture Skype, message, location, social media, audio, visual, and more data and is marketed as "stealth" and "untraceable." While Hacking Team has long been known to be a vendor of such software, the recent hack, which revealed its customer lists, emails and other internal data, confirmed the software's capabilities and the breadth of countries acquiring it.

Recent reports have suggested that because there have been few public episodes of targeted attacks against mobile they are not occurring. Insiders, however, have known that advanced, targeted mobile attacks have been going on for years. This breach provides hard evidence that targeted attacks against mobile devices are indeed occurring.

Why would governments target mobile? Mobile devices typically store sensitive personal and company data, have access to protected company networks, and carry sophisticated sensors (e.g. GPS, microphone, camera). The information accessible to mobile devices is, in many cases, greater than on PCs. Indeed, attacks against mobile devices are not simply a theoretical risk, the Hacking Team revelations provide a rare glimpse into the international surveillance technology trade, where nation states are actively purchasing malware.

Now that we know that a significant number of governments in the world are actively seeking to compromise iOS and Android devices, it's time to re-evaluate how we address the risk of mobile attacks.

Mobile security solutions deployed today are focused on preventing accidental data leakage and setting security policies, not preventing malicious attacks. Now that it has become easy for attackers to acquire malware capable of targeting mobile devices and gathering a tremendous amount of data, security professionals and IT managers must utilize threat detection and protection tools alongside existing device and app management solutions to adequately address real-world mobile risks.

In a recent analysis of 25 Fortune 500 companies, my company, Lookout, found that approximately 5% of Android devices on their networks encounter one or more pieces of serious malware each year. In the case of targeted threats, a single compromised device is enough to compromise the organization as a whole.

We now know that countries around the world have both the intent to compromise iOS and Android devices and access to the technology to do so. With this incontrovertible evidence of targeted mobile threats, we need to realize that the problem is not insurmountable. Now is an appropriate time for us to put the same amount of effort into securing our mobile devices as we do our PCs and server infrastructure.

Join the CSO newsletter!

Error: Please check your email address.

Tags Appleskypesecuritymobile securityNetwork WorldHacking Team

More about AppleindeedSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Kevin Mahaffey, CTO, Lookout

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place