Zombie Phones

Just last week Cloudflare reported that as many as 650,000 mobile phones in China had performed a massive DDoS attack on a website that uses their DDoS defense service. According to Cloudflare, using mobile devices for DDoS attacks instead of desktop PC’s or laptops is a dangerous trend.

In short, a DDoS, or Distributed Denial of Service attack is one where numerous devices connected to the internet flood the servers of a website or service with data. This usually results in slow or no connection to the website or service for legitimate users. The attacks are usually carried out by compromised systems without the owner’s knowledge.

So how come the popularity of mobile devices in carrying out DDoS attacks? First of all, the sheer increase in mobile devices. According to Gartner, roughly 1.95 billion smartphones will be shipped in 2015, as opposed to ”only” 316 million PC’s and laptops. Secondly, the increased computing power of mobile devices has also contributed to the attractiveness of using mobile devices for malicious purposes. Lastly, the growing penetration of mobile data also contributes its share. The mobile technology has caught up to cable internet. It is currently possible to obtain speeds of 120 Mbit/s when using a supported phone. Combine this with the observation that mobile devices are often connected more continuously and longer than PC’s or laptops and then you see why it is interesting for criminals to abuse this platform.

The solution to limiting the abuse of mobile devices is not an easy one. According to a CloudFlare blogpost, the compromised users in last week’s attack were targeted by a malicious advertisements that were injected with JavaScript. Although JavaScript is easily disabled on both PC’s and mobile devices, doing so has its drawbacks. Sites rely on JavaScript to be more responsive, dynamic, and interactive. Disabling JS might impede your ability to login or interact with a website. So what can be done to combat this threat? One option is to improve security on mobile operating systems, especially Android which is vulnerable to multiple threats like Stagefright which has been in the news recently. A more secure and privacy sensitive Android device is possible, as shown by Silent Circle with their Blackphone 1 and the all new Blackphone 2.

All in all, it is undeniable that smartphones form an attractive platform to abuse for people with less than good intentions. Given the information above and what is available on the internet, what do you think that can be done to combat the rising threat to mobile devices?



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: