Biting the hand that feeds IT
Biting the hand that feeds IT
|
|
Original URL: http://www.theregister.co.uk/2007/04/11/cybercrime_trends_mcafee/
Spyware - malicious programs that covertly track surfing habits or steal confidential data - are likely to migrate onto new platforms, including mobile phones and RFID chips.
The scenario is sketched out in the second issue of McAfee's twice annual Global Threat Report.
RFID chips, which began life as a replacement for bar codes in retailing and warehousing (http://www.rfidjournal.com/article/articleview/642/1/1/), are now being integrated into some identification documents, such as passports, and in emerging technologies like contactless credit cards. In January, SoMark Innovations announced the development of bio-compatible chipless RFID ink (http://www.somarkinnovations.com/Files/SomarkBiocompatibleChiplessRFIDInk.pdf), making RFID "tattoos" and synthetic biometrics possible.
The British government plans to test RFID-embedded license plates, developed by Hills Numberplates. Such e-plates (http://www.e-plate.com/videos/e-plate.mov) might be read by any strategically placed reader along a road at speeds of up to 300km/h and up to 100 metres away.
Applications include speed traps, detecting stolen vehicles, and traffic management. Network security firm McAfee reckons that the technology also lends itself to its use as a surveillance tool by governments or criminal exploitation.
The growing, almost ubiquitous, use of RFID technology creates a platform for malware. Research first presented in March 2006 shows how vulnerabilities in RFID technology might be used to spread viruses, worms, and spyware. Dutch researchers showed how RFID tags could be virally infected (http://www.rfidvirus.org/papers/percom.06.pdf) through SQL injection attacks, exploiting links between an RFID tag and a vulnerable database.
The increasing processing power and growing features set of mobile phones make the devices an "ideal candidate" for exploitation by spyware, according to security researchers at McAfee.
Examples of this limited breed are capable of forwarding call logs to a remote server, recording and forwarding text messages, listening to calls, or even remotely turning the device into a live radio "bug" without the phone user's knowledge or consent. These applications hide or camouflage themselves once installed on mobile devices.
Sold as a means for suspicious partners to track the activities of their potentially errant spouses, applications such as FlexiSpy (http://www.flexispy.com/products_flexispy_pro.htm) pose a wider threat to security, McAfee warns.
A lack of awareness among consumers about how to use Bluetooth securely also represents a serious security threat (http://www.securenetwork.it/bluebag_brochure.pdf) to mobile phone users such as Bluebugging, where an attacker manipulates a phone to dial numbers, and Bluestabbing, where an attacker tries to crash vulnerable devices.
The second issue of McAfee's twice annual Global Threat Report also looks at other security issues the industry is likely to face over the next five years. McAfee continues to criticise the security shortcomings of Vista it first made prior to the release of what Microsoft describes as its "most secure" operating system ever.
"While Microsoft has taken steps to make the base of Microsoft Windows Vista more secure, the improvements both weaken third-party efforts to secure systems and don't go far enough to do the job alone," McAfee analysts argue.
The majority of cybercriminals target PC users, making money by selling access to compromise PCs to spammers, for example. As technologies such as Voice over IP (VoIP) and radio frequency identifications (RFID) tags become more widely adopted, attackers are likely to branch out.
Security crystal ball gazers at McAfee also predict that application security will become a key battleground between hackers and security defenders over coming months and years. Using disk encryption technologies to prevent stolen or purloined PCs giving up secrets will become "ubiquitous" in enterprises within five years, McAfee predicts.
The report also forecasts that online crime will "migrate" to mobile phones, something McAfee has been predicting since Bill Clinton and John Major were in power, with scant evidence to date.
More on all these threats to e-commerce can be found in McAfee's report here (http://www.mcafee.com/us/local_content/misc/sage_0407.pdf). ®
Stay focused on fuzzy tests, warn security experts (7 April 2008)
http://www.theregister.co.uk/2008/04/07/fuzzing_advice/
Man uses networked 'crazy' toaster to hack PC (18 December 2007)
http://www.theregister.co.uk/2007/12/18/networked_toaster_hack/
Crypto boffins break car cypher (24 August 2007)
http://www.theregister.co.uk/2007/08/24/car_cypher_crack/
Oklahoma offers War on Terror numberplates (3 August 2007)
http://www.theregister.co.uk/2007/08/03/okies_offer_war_plates/
The growing pains of RFID (5 June 2007)
http://www.theregister.co.uk/2007/06/05/rfid_growing_pains/
Symbian signing is no protection from spyware (23 May 2007)
http://www.theregister.co.uk/2007/05/23/symbian_signed_spyware/
Exam papers tagged to deter cheats (11 May 2007)
http://www.theregister.co.uk/2007/05/11/edexcel_tags_exam_papers/
RFID mirror automatically insults your fashion sense (8 May 2007)
http://www.theregister.co.uk/2007/05/08/magic_mirror/
Researchers, spooks favour satnav-based road pricing (3 May 2007)
http://www.theregister.co.uk/2007/05/03/better_living_through_gps_spoofing/
Hot-air powered railway to harvest energy from cars (2 May 2007)
http://www.theregister.co.uk/2007/05/02/architects_like_infrastructure_shocker/
Embedded devices a cinch to pwn (19 April 2007)
http://www.theregister.co.uk/2007/04/19/embedded_devices_security/
California Senate fights RFID tracking for schoolkids (17 April 2007)
http://www.theregister.co.uk/2007/04/17/california_fights_rfid_child_monitoring/
Boffins working on RFID super-shield (8 April 2007)
http://www.theregister.co.uk/2007/04/08/rfid_guardian/
China displaces Britain as botnet epicentre (19 March 2007)
http://www.theregister.co.uk/2007/03/19/symantec_threat_report/
EC chucks RFID regs back to industry (15 March 2007)
http://www.theregister.co.uk/2007/03/15/ec_passes_rfid_buck/
RFID security presentation pulled after legal threat (28 February 2007)
http://www.theregister.co.uk/2007/02/28/black_hat_rfid_demo_pulled/
Vulnerability tallies surged in 2006 (21 January 2007)
http://www.theregister.co.uk/2007/01/21/2006_vulns_tally/
Apple's iPhone: theoretical risks of unreleased handset (16 January 2007)
http://www.theregister.co.uk/2007/01/16/iphone_malware/
Security vendors talk up VoIP threats (9 January 2007)
http://www.theregister.co.uk/2007/01/09/voip_threats/
How to crash a Windows mobile using MMS (2 January 2007)
http://www.theregister.co.uk/2007/01/02/windows_mms_vuln/
VXers dabble in mobile spyware (7 December 2006)
http://www.theregister.co.uk/2006/12/07/mobile_spyware/
Malware wars: Are hackers on top? (5 December 2006)
http://www.theregister.co.uk/2006/12/05/malware_trends/
The spy - or thief - in your pocket (16 November 2006)
http://www.theregister.co.uk/2006/11/16/symantec_phone_crime/
US.gov tunes out scathing RFID privacy report (2 November 2006)
http://www.theregister.co.uk/2006/11/02/rfid_study_disavowed/
Code highlights e-passport eavesdropping risk (31 October 2006)
http://www.theregister.co.uk/2006/10/31/rfid_e-passport_attack/
Hackers target home users for cash (25 September 2006)
http://www.theregister.co.uk/2006/09/25/symantec_threat_report/
Flexispy release causes legality debate (8 September 2006)
http://www.theregister.co.uk/2006/09/08/flexispy_illegal/
Trojan row over spouse monitoring software (30 March 2006)
http://www.theregister.co.uk/2006/03/30/flexispy/
Spyware-for-hire couple plead guilty (15 March 2006)
http://www.theregister.co.uk/2006/03/15/spyware_trojan_guilty_plea/
Zombie PCs menace mankind (7 March 2006)
http://www.theregister.co.uk/2006/03/07/symantec_net_threat_report_2h2005/
© Copyright 2008
