Mobile software learns your phone’s habits to catch new malware
Mobile security startup is launching software that learns how your smartphone behaves so it can better spot and stop new security threats before they can harm or spread to other phones.
Today, San Francisco-based Zimperium unveiled its Android app zIPS (âIPSâ stands for âintrusion prevention systemâ). to detect and prevent attacks, including those that can strike over unprotected Wi-Fi networks. This type of technique has long been used to detect malware on PCs, but it becomes trickier on smartphones, which can be exposed to ever-increasing and changing security concerns on different wireless networks.
While the zIPS app is for companies that would deploy the software to employee phones and use a new companion software called zConsole to manage all handsets, Zimperium plans to roll out a consumer version in the future and may bring possibly zIPS to other devices.
Long fought against on computers, malware has also started hitting smartphones as it is becoming a popular (and for some people, predominant) way to connect. Since Android smartphones make up the majority of the market, they are the most affected so far: A recent report from F-Secure found 259 new security threats and variations on existing threats in Q3 2013, including 252 focused on Android. . According to a report by Juniper Research, however, 80% of work and home phones are still unprotected.
ZIPS software works whether the user is online or offline, says Itzhak Avraham, CEO and founder of Zimperium, and can protect against malicious applications, such as those that can self-modify, as well as various types of network attacks, such as a “man in the middle attack where a hacker intercepts data sent between two parties.
Avraham, who was previously a security researcher for the Israel Defense Forces and a hacker for Samsung, showed me a demo of zIPS in action during a video chat on Skype. Holding two Samsung Android smartphones, he used one to attack the zip-powered handset, which glowed with a green image supposed to resemble a radar screen. When Avraham performed a man-in-the-middle attack, a notification popped up on the zIPS screen indicating that a threat had just been detected and prevented. It also presented information about the type of threat (“MITM” in this case) and the IP address of the attacking device.
Avraham says such attacks generally go undetected by mobile antivirus apps, as these apps tend to be designed only to look for signatures of incoming files that can be compared to known bad code. “If I download an app, for example, even though the app itself is benign at the time, I may later download an update that maliciously intends to run outside of the sandbox. that the [antivirus] product has access, âhe said.
The zIPS application is trained to recognize such attacks using existing malware and known attack techniques. It’s doable, says Avraham, because while there are tons of different attacks, there are only a few dozen different techniques.
Zimperium, which counts famed hacker-turned-security researcher Kevin Mitnick among its advisers, hopes its software can eventually be used to prevent hacking into everything from smart TVs to refrigerators as they become more and more common in homes ( see âCES 2014: Smart Homes Open Their Doorsâ). Many security experts expect the so-called Internet of Things to become a significant target for hackers, as protections on these devices are generally weak , devices tend to be plugged in all the time, and it may not be so easy to determine if suspicious activity is happening as is on a smartphone or computer.
Internet-connected devices are already attracting unwelcome attention: Between late December and early January, a security software company, Proofpoint, noticed an attack in which hundreds of thousands of malicious emails were sent by over 100,000 Internet-connected consumer gadgets, including routers, televisions, and at least one refrigerator.