There’s a great deal of good news coming out of security firm Zimperium which first came out with the killer Android app zANTI that made it so easy that even the clueless could hack. Then after Itzhak "Zuk" Avraham, aka @ihackbanme, hijacked thousands of devices when people automatically connected to Wi-Fi hot spots at DEMO Spring 2012, he showed those poor souls how easily they could have been pwned with malware. Zimperium then introduced zDefender and zCore that are revolutionary leaps ahead to stop mobile malware. Red hot and on a roll, Zimperium is now honored and excited to announce that the world’s most famous hacker, Kevin Mitnick, has become the newest member of their advisory board!
Mitnick joined the Zimperium team to support the effort of providing advanced security protections for enterprises facing modern mobile threats; if companies mismanage such threats, the results can be disasterous and expose enterprises to cyber espionage. Mitnick said, "It's an honor and privilege to join Zimperium to help innovate solutions in the mobile security space. It will be a new, exciting and challenging pursuit ahead."
It was my pleasure to ask Kevin Mitnick a few questions about mobile security.
In the interview with Gizmodo, when asked what you think are the biggest threats to networks today, you replied: "Poorly coded applications, poorly architected networks, failure to update OS components and the human factor: being susceptible to social engineering."
In regard to joining Zimperium's team, you said, "Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should adopt a proactive approach to mobile security so they don't repeat the same mistakes that resulted in billions of dollars in economic loss.” What do you think are the biggest security threats on the horizon for mobile devices?
Mitnick: We can see the same issues affecting the computing world. For example, smartphone updates are not rolled out in a timely fashion and the existing users remain exposed.
Do you believe exploiting NFC vulnerabilities, such as when people pay with their smartphones, have the potential to be goldmines for malicious attackers?
Mitnick: NFC vulnerabilities require physical access to the device, which requires being near the target. Malicious attackers will try to gain remote control of the device instead of having to risk being close to the target. Also, attackers will likely send 100 emails with malicious links to your organization (see KnowBe4.com) instead of attempting to get near the victim. Without any additional security controls with VPN access, smartphones are the easiest way to infiltrate an organization remotely. As such, layers of security are a must! That's why I believe that zCore IPS adds value as a layer of protection against malicious attackers.
With everything from NFC, BYOD, to mobile malware, some 'experts' who also have something to sell have said that mobile devices will become the new low-hanging fruit. Do you agree?
Mitnick: Yes. Mobile security is still trying to catch up with the security issues affecting corporate servers and personal computers. The smartphone is the new target-rich environment. It's similar to hacking an un-patched Windows XP system in today's world.
In light of us learning that mobile phone surveillance has gone wildly out of control, that the government and police departments collected at least 1.3 million customer records, and then add in the fact that mobile app ads track users, do you believe there is any way for mobile device users to truly protect their privacy?
Mitnick: Privacy issues are not just related to mobile devices. As former Sun Microsystem's CEO Scott McNealy said many years ago, "You have no privacy, get over it!" Now businesses are moving their data into the cloud, which is stored on cloud provider's servers. Now your confidential corporate information can be compromised and you'll never know it happened!
The mobile threat is indeed growing. On that ominous note, Zimperium will introduce its smartphone security solution, zCore IPS, for enterprises and mobile carriers at the Black Hat event next week. Between Black Hat and DefCon conferences, Zimperium will host a private event named "Compile n' Crash Bash" featuring Kevin Mitnick, Zuk, the rest of Zimperium's team, and the latest Pentester's World Cup Winner. I’ll most likely be there . . . how about you?
And about that winning zNinja hacker . . .drum roll please. Let’s send a big congratulations to Tim Medin, the Pentester's World Cup winner! Medin scored 157,555,891 points and Zimperium awarded him the sweet prize of a Black Hat Black card and a hotel room for the duration of the conference. In some games, it appears that you must cheat better than in the others. When asked if he had any advice for current/future hackers, Medin replied, “Never stop being curious. Never be afraid to ask for help.”