The most disturbing part of distributed denial-of-service (DDoS) attacks is the relative ease in which they are able to be carried out. By planting malware on unsecured operating systems, hackers can take control of these devices – often referred to as “slaves” or “zombies” – and overwhelm a network with so much traffic that it shuts down. In the past, DDoS attacks have mainly come from infected PCs. But mobile devices are becoming an attractive tool for hackers, given their explosive growth, and computing power and network resources available to them, which is something that every security professional should be paying attention to.
Going all the way back to 2001, we have seen even simple phone interfaces compromised. Today, the proliferation of tools available to help build mobile apps, including ones that can be used to inject malware and enable mobile devices to be used as DDoS zombies, has created an environment where “weaponization” is easier than ever. Mobile devices and tablets that are running on Android and iOS systems far exceed the necessary requirements for use in a DDoS attack. And unlike PCs, which are usually powered off or switched to sleep mode when not in use, mobile devices – especially smartphones – tend to have longer network connection times because they’re usually connected to the networks for several days before being turned off. That being said, we still see the PC as the primary vehicle for building botnets to launch attacks, which is due in large part to the fact that has been so effective.
However, that could soon change. The number of mobile devices is quickly surpassing the number of PCs worldwide. Statistics show there are more than 900 million Android-based devices and more than 600 million iOS power devices, compared with 1.78 billion PCs. Initiating an attack with a huge number of always-on devices could cause significant damage, and this temptation may be just the spark needed to drive creation of the malware and delivery mechanisms needed to build “zombies on wheels.” The catch is that even though these mobile devices hold the necessary power, those orchestrating the attack don’t know where the devices will be located when the attack order is sent out – whether it be a home network, roaming or behind corporate security systems. This means there are limitations to the types of attacks for which mobile devices can be used, and it’s another obstacle to overcome before we start to see wide-spread adoption.
Even though this method of attack has been slow to catch on, it does exist; just not in the quantity and range we see in PCs. Precautionary measures should still be taken. For example, corporations with bring your own device (BYOD) policies should be applying mobile security practices. For the end user, following corporate policies while using your mobile device at work is also vital in protecting pertinent information, and will help keep you from being limited or blocked. To prevent your device from being “bit” by hackers, treat your smart phone and tablet like you would a PC, equipping them with the proper protections and paying special attention when downloading files and applications. Not doing so invites a whole host of security problems beyond becoming a “zombie.”
More Tech articles from Business 2 Community: