On Wednesday July 10, 2013 viaForensics will discuss the topic of mobile risk and espionage via compromised mobile device. This is a free webinar, but space is limited so please register to reserve a seat.
viaForensics Director of Research Thomas Cannon recently demonstrated “Corporate Espionage via a Mobile Device” as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network.
Quotes from the Corporate Espionage via a Mobile Device demo:
“An attacker can just click this button and it turns the phone into a remote surveillance device”¦ Without knowing it, a user could be sitting in a meeting and their phone which is in their jacket pocket is acting as a remote bugging device and the attacker could be listening in on private conversations.”
“Localization will pinpoint my phone using GPS and I can be tracked in real time. If I was outside it would show where I am and would update the map in real time.”
“(The attacker) can also use the phone as a remote camera. The user won’t notice anything on their phone, but the attacker will be able to see anything the phone can see through its camera.”
“(The attacker) can actually turn this mobile phone into a USB keyboard”¦ as an attacker enters keystrokes and sends it over to the phone, the phone then enters those keystrokes on the corporate machine. This bypasses traditional controls such as firewalls and allows an attacker connected from anywhere in the world to send keystrokes through the internet to a phone and from that phone through USB to a desktop and take remote control over a desktop.”