McAfee shows security flaws of smartphones (especially Android devices)

By Rob Enderle, CIO |  Security, Android, McAfee

The demo then moved to a Mac. This time, McAfee corrupted the firmware, which would not only destroy the data but require the machine be sent back to Apple for repair, since Apple doesn't let IT departments or users flash firmware themselves. The scariest scenario of, though, involved Android. While the Windows and Mac attacks seemed complex, the Android attack was comparatively easy, and McAfee got the hacked product to overheat and cook itself, destroying the hardware.

Analysis: Enterprise Version of Windows 8 Focuses on Security

McAfee also argued that attacks such as this are often associated with root kits. That makes it hard for security software that doesn't have a fixed hardware component to address this successfully. While this was clearly a pitch for Deep Defender, which McAFee co-developed with parent company Intel and which is only made available to Windows machines at large business, it is interesting to note that the attack would not have worked on Windows 8. That showcased (intentionally or otherwise) one of the more endearing aspects of the new operating system: secure boot partition.

Smartphone Security Leaves a Lot to Be Desired

However, there is no Deep Defender for smartphones, though McAfee has released mobile security software for Android devices. All you need is to install a vulnerability in a compelling free app. Get a target to install the app, then attack the vulnerability to access whatever's on the device (passwords, IDs, addresses, bank account numbers and so on) and/or activate camera and microphone functionality to essentially turn the device into a spy.

This is when I had my "A-ha!" moment. While you can protect, to some extent, a business phone, how many employees have personal phones on the corporate network that you don't know about? Let's say I wanted to bug a politician, executive, security officer, teacher, competitor, ex-spouse, rival&you get the point. I just need to get them to use a compromised phone; if they carry two, I can go after their personal phone. I could make the compromised app look like some sort of promotion and, once it's installed, turn that phone into a bug that's constantly taking pictures or recording every meeting and conversation, even if the phone isn't used for that particular call. I could try for a drive-by download, too.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness