Remote Access Tools Threatens Smartphones

Malware tools that allow attackers to gain complete remote control of smartphones have become a major threat to owners around the world, security researchers say.

In a demonstration at the RSA Conference 2012 here Wednesday, former McAfee executives George Kurtz and Dmitri Alperovitch, who recently founded security firm CrowdStrike, installed a remote access tool on an Android 2.2-powered smartphone by taking advantage of an unpatched flaw in WebKit, the default browser in the OS.

The researchers showed an overflow audience how the malware can be delivered on a smartphone via an innocuous looking SMS message and then be used to intercept and record phone conversations, capture video, steal text messages, track dialed numbers and pinpoint a user’s physical location.

The tools used in the attack were obtained from easily available underground sources, Kurtz said. The WebKit bug, for instance, was one of 20 tools purchased from hackers for a collective $1,400.

The remote access Trojan used in the attack was a modified version of Nickispy a well-known Chinese malware tool.

Learning how to exploit the WebKit vulnerability and to modify the Trojan for the attack, was harder than expected, said Kurtz. He estimated that CrowdStrike spent about $14,000 in all to develop the attack.

But the key issue is that similar attacks are possible against any smartphone, not just those running Android, he said.

WebKit for instance, is widely used as a default browser in other mobile operating systems including Apple’s iOS and the BlackBerry Tablet OS. WebKit is also is used in Apple’s Safari and Google’s Chrome browsers.

Several mobile remote access Trojans are already openly available from companies pitching them as tools that can be used to surreptitiously keep tabs on others.

Source…