“What makes the field of cell attacks so special is that there isn’t a single attack vector, and along with that, there are very few solutions”, says Adi Shaharavani, CEO and co founder of Skycure, in an interview for People and Computers. During the last few days and operation ‘Protective Edge’, there have been many activities over the net, including a fake SMS from the IDF to tens of thousends of Israelis instructing them to enter shelters.
Skycure developed an information security solution for smartphones and it’s distributed in Israel by Mobisec Techonlogies.
Shaharavani explains that “The paradigm built for the computing world isn’t relevant anymore. if we take whatsapp and try to analyse the app from an attacker point of view, we can find endless ways of sending messages with a different name. One way to go is attacking the phone owned by the user. whether you’re using IOS or Android, this system don’t come with a built in security solution, and there are ways of breaking into the mobile device. Skycure identified significant number of such holes in recent years. When the device is in charge of the attacker, all the user’s activites are also his (the attacker) to do as he pleases.”
Another way is to use a hole in whatsapp’s code, reveals shaharavani: “No one developer is immuned, and even though companies invest major resources to make sure their codes are secured, you can see that quite frequently, every 6 months or so, a significant hole is published, and also we must remember that not all holes go public – hackers do not tend to publish the ways in which they managed to attack their target.”
Other attack methods mentioned in the interview were physical access to the device, identity theft, attacking backup that nowadays sits mostly in the cloud, attacking the sim card itself, taking control on email account – where password restore is found.
Shaharavni also mentions the human factor: “users had a very active way in the distribution of the false information over Whatsapp – if they do not know the message is false, they simply pass it forward, like a chain letter of sorts.”
“Today at skycure we see that 7.5% of the networks and services in the world pose a threat to our clients’ mobile device, and 20% of the people are connecting to a network like this every month”, concluded Shaharavani.