Last week at the RSA Conference, my colleague Derek Brown and I, presented findings from a research project titled MOBOTS: Pocketful of Pwnage, which was designed to show how easy it would be to create a large mobile botnet. Please note that we did not actually create a botnet; we simply presented results of two different experiments that showed how easy it would be to create one.
Despite the lack of actual drama (i.e. no botnet), the session has generated quite a bit of interest, so we wanted to take the opportunity to share the results with those that weren’t able to attend.
Background and Research
As stated, the point of this research was to show just how easily and quickly a hacker could amass a large army of mobile bots. The experiment involved two key pieces:
Results
The control application, WeatherFist, received a lot of promotion on app sharing sites and was further hyped through the social networking machine that drives people to those sites.
At the end of the project, 20,000 users had viewed the application and more than 8,000 actually downloaded it.
Again, it’s important to note that we did not actually create a mobile botnet. Instead we used these two experiments to show how easy it would be to 1) amass a large number of users if one wanted to create a botnet; and 2) create a legitimate-looking application that would render a mobile device a bot.
Smartphones are a critical piece of today’s network fabric and the results of this research show a gaping hole in the security of those networks. Organizations can use these results to create policy changes for appropriate use of smartphones in business settings, as well as provide better training on smartphone application usage. This further highlights the importance of locking down the enterprise network to keep smartphones from ‘phoning home’ any information that shouldn’t leave the data center.
The overarching goal was to highlight the security risks that continue to threaten the enterprise landscape and I think the results of this research did just that.
* Danny Tijerina is a security researcher within TippingPoint’s DVLabs focusing on BotNets, malware/spyware, code obfuscation techniques, binary analysis techniques, and P2P protocol analysis.