BlackBerry Security Exec Warns of Smartphone DDoS Attacks
Research In Motion's VP of BlackBerry Security says he's concerned that online miscreants could increasingly target BlackBerry devices and other smartphones in the future, in attempts to take control of the handsets and employ them to bring down wireless carriers' cellular networks via distributed-denial-of-service (DDoS) attacks.
Wed, November 18, 2009
BlackBerry and smartphone security in general hasn't garnered much attention or concern over the past few years--at least from a consumer, or user, perspective; enterprises have been invested in mobile device security since the advent of the PDA.
But that's going to have to change, thanks largely to the vast number of consumers embracing new, flashy smartphones like Apple's iPhone, Motorola's DROID and Research In Motion's (RIM) BlackBerry Bold 9700.
This plethora of new smartphone users means the potential for gain by hackers or other online baddies looking to crack smartphone security measures is drastically increasing; The more smartphone users, the more devices that could potentially be commandeered and used in various attacks. That means smartphone users are going to have to smarten up when it comes to mobile security awareness and be more vigilant in spotting and stopping potential problems before they happen.
Scott Totzke, RIM's VP of BlackBerry security, agrees, and he recently spoke with Reuters on the subject. Totzke told Reuters that he's concerned compromised or "rogue" smartphones could be used in the future to target and bring down wireless carrier's cellular networks via distributed-denial-of-service (DDoS) attacks.
Traditional DDoS attacks occur when hackers take control of large groups of computers and then order them to all access one website or service at the same time, overloading servers and eventually crashing or disabling the site.
Popular micro-blogging service Twitter was hit with a high-profile DDoS attack last August that brought the site down for hours.
RIM's Totzke warned that DDoS attacks could also be perpetrated on smartphone users, with wireless data packets being used to overload and disable carriers' wireless networks.
Reuters also spoke with Flexilis, a maker of mobile security software. The company's CTO suggests that such an attack could start with users carelessly installing infected or tainted mobile applications.
BlackBerry smartphones feature safeguards that prompt users after downloading new applications to determine whether or not owners want to grant the apps "Trusted Application status." (See image above.) And most applications require users to grant certain permissions before the software can access potentially sensitive information like location- or voice-data. But because serious smartphone-related security threats are few and far between at this point, most users simply click on through the warnings without actually considering the implications of downloading and installing what should really be considered "untrusted" apps.
Flexilis told Reuters that it has already identified "virus-tainted" versions of well-known, and generally trusted, applications like Google's Google Maps for mobile, so avoiding dangerous apps may not be as simple as only installing applications that seem to come from reputable sources.
RIM's Totzke says the most effective way to protect yourself from BlackBerry viruses and other security threats is to aggressively monitor RIM's site for security patches and then promptly install them whenever new fixes become available.
You can keep track of the various RIM security patches as they're issued by following me on CIO.com--I posted about RIM's most recently listed BlackBerry-related security risks here and here--and by bookmarking RIM's security bulletins page.