Skip to Content

Mobile Software Learns Your Phone’s Habits to Catch New Malware

Zimperium believes its machine-learning approach to mobile security can outwit hackers.
January 23, 2014

A mobile security startup is launching software that learns how your smartphone behaves in order to better spot and stop new security threats before they can cause harm or spread to other handsets.

Threat watch: Zimperium’s enterprise security app, zIPS, uses machine learning to detect new smartphone attacks.

Today, San Francisco-based Zimperium unveiled its zIPS Android app (the “IPS” stands for “intrusion prevention system”), which the company says uses machine learning to watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks. This kind of technique has long been used to spot malware on PCs, but it becomes trickier on smartphones, which can be exposed to ever-growing and changing security issues across different wireless networks.

While the zIPS app is geared toward companies that would deploy the software on employees’ phones and use new companion software called zConsole to manage all the handsets, Zimperium expects to roll out a consumer version in the future, and will perhaps eventually bring zIPS to other devices.

Long combated on computers, malware has begun to hit smartphones, too, as they become a popular (and for some people, predominant) way to get online. Since Android smartphones make up the majority of the market, they’re most affected so far: A recent report from F-Secure found 259 new security threats and variations on existing threats in the third quarter of 2013, 252 of which were focused on Android. According to a Juniper Research report, though, 80 percent of business and personal handsets are still unprotected.

The zIPS software works whether the user is on or offline, says Zimperium CEO and founder Itzhak Avraham, and can protect against malicious apps, such as those that can self-modify, as well as various types of network attacks, like a “man in the middle” attack where a hacker intercepts data being sent between two parties.

Avraham, who previously served as a security researcher for the Israeli Defense Forces and as a white-hat hacker for Samsung, showed me a demo of zIPS in action during a video chat over Skype. Holding two Android Samsung smartphones, he used one to attack the zIPS-running handset, which glowed with a green image meant to look like a radar screen. When Avraham performed a man-in-the-middle attack, a notification popped up on the zIPS display saying that a threat was just spotted and prevented. It also presented information on the type of threat (“MITM” in this case) and the IP address of the attacking device.

Avraham says that attacks such as these aren’t generally spotted by mobile antivirus apps because those apps tend to be designed just to look for incoming file signatures that can be compared with known bad code. “If I download an app, for instance, even if the app itself is benign at that moment in time, I can later download an update that has malicious intent to run outside of the sandbox that the [antivirus] product has access to,” he says.

The zIPS app is trained to recognize such attacks by using existing malware and known attack techniques. This is doable, Avraham says, because while there are tons of different attacks, there are just a few dozen different techniques.

Zimperium, which counts famed hacker-turned-security-researcher Kevin Mitnick among its advisors, hopes its software can eventually be used to prevent hacking on everything from smart TVs to refrigerators, as they are becoming increasingly common in homes (see “CES 2014: Smart Homes Open Their Doors”). Many security experts expect the so-called Internet of things to become a big target for hackers since protections on such devices are typically weak, the devices tend to be plugged in at all times, and it may not be as easy to determine if suspicious activity is taking place as it is on a smartphone or computer.

Internet-connected devices are already gaining some unwelcome attention: between late December and early January, one security software company, Proofpoint, noticed an attack in which hundreds of thousands of malicious e-mails were sent by over 100,000 Internet-connected consumer gadgets, including routers, TVs, and at least one fridge.  

Keep Reading

Most Popular

10 Breakthrough Technologies 2024

Every year, we look for promising technologies poised to have a real impact on the world. Here are the advances that we think matter most right now.

AI for everything: 10 Breakthrough Technologies 2024

Generative AI tools like ChatGPT reached mass adoption in record time, and reset the course of an entire industry.

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

What’s next for AI in 2024

Our writers look at the four hot trends to watch out for this year

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.