Threat Intelligence Blog

Posted September 17, 2015



By: Val Vask

The news has been rife with reports recently of pre-installed malware on smartphones, specifically Android devices. You may have heard, for instance, that the Android Star N9500 comes pre-installed with spyware designed to send personal data to a server located in China and surreptitiously install unwanted applications through a Trojan called ‘Uupay.D’. In another case, a pre-installed Trojan was discovered on devices sold by the smartphone manufacturer Coolpad.

So, should you be concerned about pre-installed programs and backdoors on your employee’s mobile devices? And if so, how can they impact your company’s bring-your-own-device (BYOD) policy?

The answer is unequivocally yes, you should be concerned. Although the problem doesn’t seem to be widespread yet, stories of compromised mobile devices are becoming more common. Criminals can use such devices as potential conduits to obtain sensitive personal or company-related data.

To fully be able to protect your organization from malware and backdoors, it’s important to note the difference between the two. Malware, or malicious software, refers to unwanted software – including Trojans, worms, and viruses – designed to disrupt, degrade, or disable computers and other programmable devices without your knowledge or permission. Backdoors are programs that are designed to allow remote access to computers and other devices.

Backdoors can be tricky as they can serve both legitimate and illegitimate purposes. Software developers install backdoors to legitimately upgrade, improve, or enhance end-user applications. While some of these backdoors automatically uninstall once an application or system upgrade is complete, sometimes, the backdoor remains on the user’s system whether the owner knows it or not. In every case, the developer, whether legitimate or not, has unhindered access to the data on that system, regardless of if a backdoor resides on the system intermittently or persistently. Criminals can then take advantage of these backdoors, and that’s where BYOD problems begin.

The first and easiest step you can take when securing your BYOD environment against malicious backdoors is educating employees to be aware of the manufacturers and origins of their devices.

Many reports of pre-installed programs, or malicious backdoors, stem from compromises in the manufacturer’s supply chain that allowed criminals to introduce malware on the device. The introduction of pre-installed programs poses an immediate and often difficult threat to identify.  Once this has occurred, criminals can exploit these programs and steal a user’s identity to monetize the stored data by selling information to third parties.

One thing to note is that countries can create backdoors in support of domestic surveillance objectives. The ultimate function of these government-sanctioned backdoors are to support local and/or national law enforcement initiatives and will likely not affect the average business professional. Organizations should be aware that if their device’s network is owned by a foreign entity, they are subject to that entity’s laws.

The bottom line is: when implementing a BYOD policy, businesses should first and foremost be concerned with the integrity of the manufacturer’s supply chain to address concerns about malicious backdoors. This can be done by:

  • Educating employees on why it’s important to purchase mobile devices from reputable companies
  • Whitelisting or approving certified-for-use devices from reputable companies with uncompromised supply chains
  • Creating stricter standards and appropriate application controls for devices that access higher level of access to valuable company information
  • Remaining cognizant of the origin of employee devices: smartphones with pre-installed malware frequently surface in Asia through dubious or substandard third-party vendors who market inferior knockoffs or counterfeit brands of popular smartphones via online marketplaces like eBay or Amazon

Although BYOD policies are popular and have a lot of advantages, they can also introduce other risks into your corporate security environment. For example, if employees download applications from unofficial or authorized app stores, also referred to as sideloading, they can be exposed to malicious or rogue apps. Being proactive about your organization’s BYOD policy will not only save time and money in the long-run, but it will also ensure the safety of your corporate information.

Contact us for more information on our Cyber Safety Awareness Training for your employees.

Additional Posts

Weekly Phishing Report – September 21, 2015

Phishing Report: Top Targets Week of September 13-19, 2015 Author: Robert McDaniel   In this ...

LookingGlass Weekly Threat Intelligence Brief – September 15, 2015

We publish this weekly threat intelligence brief keep you informed on the latest security ...