Recently the battlefield for Malware, Spyware and Trojan attacks has taken a paradigm shift. Earlier it was PC’s that were fervently targeted by hackers all around the world but with changing times and advanced technology in smartphones they are now tempted to venture into the handheld device’s arena. With most people now leaving their PC’s alone and using smartphones more and more for routine tasks, attackers are coming up with new techniques of compromising the security of such devices every day, every hour and so to speak every minute.
Now you can imagine what havoc a single loophole in the smartphone’s security can create. CEO of security company called CrowdStrike who is a former MacAfee CTO, famous for revealing the Chinese Shady Rat cyber attack on U.S. has demonstrated a newly found back door in WebKit, a browser technology shared by smartphone browsers of iOS, Android and latest BlackBerry devices.
This means that almost all the devices out there are at stake as the loophole is shared by all three major smart device manufacturers. Kurtz said that the latest bug allows intruders to use malware for harvesting confidential information such as sms, e-mails, conversations as well as take control of phone’s mic and camera.
The device can get infected through a single SMS where users are phished into clicking a link which takes them to an infected website. Even without this, users may click such links on other websites through their browsers. Once on the site, it will automatically download the malware in the background. The bug then allows for remote execution of the malware and lets malicious users take complete control of the compromised device.
There is currently no software available for these devices to detect such a malware or even protect against it. He says that his company has been able to re-devise a Chinese malware already active with the Android and was then able to take complete control of a smartphone through the WebKit vulnerability. This means Google will have to be more agile in bringing out updates to plug up this hole than others but according to Kurt , Apple and RIM also can’t just sit-back and relax, as all three are equally prone to threats.
Silver lining in the cloud, don’t be startled, it’s only for Microsoft and users of the WP7 operated smart devices as it seems that Microsoft’s stubbornness of writing it’s own web browser has finally paid off after such huge criticism from every tech forum because CrowdStrike has verified that WP7 based devices are the only devices unaffected by this vulnerability and are safe to use.
