In the future, mobile phones are going to be among the top choices for hackers in hacking. Experts in a Georgia Tech say hackers can easily release malware onto guarded devices when they dock to sync or plug into USB ports to charge.
Compromised phones are going to infect computers as they get plug into for otherwise legitimate reasons, a lot like the same way malware such as Stuxnet found its way onto laptops via thumb drives, based on the “Emerging Cyber Threats Report 2012″ announcement at the Georgia Tech Cyber Security Summit 2011” today. It got presented by the Georgia Tech Information Security Center and Georgia Tech Research Institute.
The report warns that mobile phones are going to be a new on-ramp to planting malware on more protected devices. The document refers to an unnamed industry source saying that “… someone who has a need in charging its phone may get malware into his phone as soon as he plugs the phone to computer.
The report says that there are other problems that could mean the differences between laptop browsers and those used on phones. The latter exhibit address bars briefly, which leaves little time in observing the safety the safety status of sites visited. Once the user clicks on a malicious link in a mobile browser, it is easier in disguising the attack as the Web address bar is not visible.
Researchers think finding information about SSL certificates a site may be using may be hard if the data is accessible through the browser at all.
Touch screens on smartphones may make users more vulnerable to clicking on links that appear legitimate but hides malicious sites beneath them, leading to drive-by downloads of malware.
The report says patches and updates for mobile phones are not frequent. Although computers can be physically configured not to trust compromised certificates or manage to receive a software patch in a matter of days, it can take longer for curing the same threat on mobile devices, which leaves mobile users defenseless in the meantime.
Meanwhile, the authors believe that bot masters is going to find other ways to making money off their zombie machines further than using them as spam or DDoS engines. For instance, a downloader influenced by a bot master could contaminate machines with scouting malware that reports the user of the machine for marketing purposes. The information can be sold and resold waiting for the right business to buy the information as part of a lead-generation effort.