YOU ARE AT:OpinionReader Forum: Mobile’s latest threat: Is your phone a zombie?

Reader Forum: Mobile’s latest threat: Is your phone a zombie?

Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected].

Since mobile devices have now officially outpaced traditional PCs as the most popular conduit to the Internet, what kind of security impact will this have in the future? Can a smartphone be used as a weapon when it comes to distributed denial of service attacks? What should you know in order to protect your device from being a participant in one of these attacks?

First, let’s look at how a DDoS attack works and why anyone whose business relies on website uptime should be concerned. Hackers orchestrate attacks using a network of so-called “zombie” computers to sabotage a specific website or server. The premise is fairly simple; the attack orchestrator tells all the computers on his botnet (who have either joined willingly, like members of various activist groups, or unwittingly, like computer owners who have contracted a virus) to contact a specific server or website repeatedly. The sudden spike in traffic causes the targeted site to load very slowly for legitimate users. DDoS attacks have two popular methodologies: they focus on the so-called “layer three” of infrastructure, or they target what’s known as “layer seven” of the server stack, where all of the site’s applications are stored. Eventually, the traffic increases to such a high volume that it is enough to shut the site down completely.

Once a botnet begins a DDoS attack against its chosen site, there are few things the system administrator can do to fight back. In many cases, by the time a site’s administrator has figured out that it is under attack, it’s already too late. Administrators can try to limit the amount of traffic allowed on the server, but this can also restrict access by legitimate Internet connections and zombies alike. If the administrator can determine the origin of the attacks, he can try to filter the traffic. Unfortunately, since many zombie computers disguise (or spoof) their addresses, this isn’t always easy to do. A dedicated DDoS prevention system is the best plan to battle zombies and their DDoS attacks.

The power to compute – and execute an attack?

The most popular consumer mobile devices are now equipped with at least a dual-core central processing unit speed of more than 1 GHz and at least 1gigabyte of RAM. This makes the standard smartphone fully capable of conducting a DDoS attack. This level of power and functionality means that a mobile device is just as capable of becoming part of a botnet as a desktop or laptop computer. The transmission speed of the average 3G network meets the requirements for launching DDoS attacks – and the transmission speed for the typical “4G” network exceeds that minimum.

Also, it’s important to note that mobile devices are usually connected to the Internet longer than PCs. Normally, after finishing work, people will power off their PCs or switch them to sleep mode. However, mobile device users are more inclined to turn the mobile devices to standby mode and keep them connected to the network for several days without powering them off or restarting them. This behavior opens up the device to a wide array of malicious behavior, including attackers who make use of this condition to initiate DDoS attacks.

DDoS in disguise: Fear of apps?

With the proliferation of tools out there to help build apps – good ones and bad ones – logic tells us that using mobile devices as DDoS weapons is a possibility, and one that is going to grow in the future. A little more than a year ago, the dreaded Low Orbit Ion Cannon, an anxiety-producing, open source denial-of-service attack application written in C# language, was scripted for Android operating systems. Hacktivist groups have also disguised LOIC as a popular app and have uploaded them to app download websites. This insidious piece of code enables DDoS behavior using a mobile Web browser. The goal of LOIC is to be downloaded, either intentionally or unintentionally, by multiple individuals to launch a DDoS attack on a target site by flooding the site’s Web server with transmission control protocol or UDP packets with the intention of disrupting the service of a particular host.

Compared with PCs, mobile devices have weaker security protection and are more likely to become zombie devices. Android-based devices can easily fall prey to malicious codes that are implanted through bad apps and then become zombie devices due to the openness of the operating system. Apple iOS devices are relatively enclosed, but they can also become zombie devices if they get third-party apps installed after a user succeeds at jail breaking the device.

zombie

Zombie prevention strategies

Protecting mobile devices from DDoS attacks is a tough task. It’s important for businesses to insist that bring-your-own-device workers follow corporate policies while using mobile devices at work. Sidestepping security puts the entire organization at risk. One of the solutions is to make apps support scripts or verification codes, so that a preventive device can distinguish legitimate users from Zombie programs and effectively screen and discard the access requests sent by the latter. Another solution is to study the attacks and analyze their characteristics through pattern matching, and then develop a specific protection measure. This might be the most effective way to prevent application-layer attacks from mobile devices. A dedicated DDoS mitigation strategy enables IT administrators to monitor user behavior and separate good traffic from bad.

ABOUT AUTHOR