HummingBad: 40,000 avoidable infections in Germany alone
Blocking malware before it can do damage – with cloud-based security
It’s an illusion. Current security solutions will never be installed on every single mobile device and kept up to date - says secucloud. Software will never be completely free of security vulnerabilities. Not all owners of the coolest Android devices will use – or be able to use – the latest version of Google’s OS with the latest security features. And users will never be persuaded to stop accessing certain web offerings like porn sites, even if they know that threats lurk on these sites more than elsewhere.
The sooner we acknowledge this situation, the sooner we will understand that security functions should really be integrated upfront by internet and mobile service providers. That way, users would be protected without having to worry about installing security software and keeping it updated. Telcos can play a decisive role in this protection – and the German-based security firm secucloud has already signed up several of them as partners. They make all the necessary security functionality available in the cloud. Of course, that’s still not a 100% guarantee of security. But it would have prevented most infections by the HummingBad Trojan, which according to Check Point has taken control of over 10 million devices worldwide and 40,000 in Germany alone.
With a cloud-based security solution such as the one provided by secucloud, all the security mechanisms – from the firewall and behaviour analysis through to reputation services and virus detection – are already integrated into the mobile service provider’s infrastructure, or in the cloud. That way, malware is blocked before it gets anywhere near the user’s device. This approach would have meant that drive-by downloads from porn sites, which HummingBad apparently used to propagate itself, would have had practically no chance of finding their way onto users’ Android devices. And it would have worked whether or not users had security software installed on their device.
Channelling communication
Owners of Android devices often receive them as part of a long-term contract with their telecoms provider. And in many cases, the Android version delivered with the device is never updated, or only after a long delay. This is almost like paradise for criminals behind threats like HummingBad, because they can infect a huge number of devices with relatively little technical effort and potentially make a lot of money. The people behind HummingBad apparently “earn” $300,000 a month from fraudulent ad clicks alone.
For a small monthly fee as part of the smartphone or tablet contract, secucloud routes the devices’ communications exclusively through a special, cloud-based security infrastructure – and at a level that is normally only available to large enterprises. In most cases, internet threats like HummingBad cannot get anywhere near their potential victims. secucloud is currently working with a growing number of mobile service providers in order to make cloud security available to more mobile customers. The goal is that these users won’t need to worry about installation or updates and will be protected in every network while they are out and about. The company has won four large telecoms firms as customers over the last year alone. They include T-Mobile in the Netherlands, which provides the secucloud solution as a software-as-a-service offering.
channels: software developement, IT security
