Skip to Content

Mobile Software Learns Your Phone’s Habits to Catch New Malware

Zimperium believes its machine-learning approach to mobile security can outwit hackers.
January 23, 2014

A mobile security startup is launching software that learns how your smartphone behaves in order to better spot and stop new security threats before they can cause harm or spread to other handsets.

Threat watch: Zimperium’s enterprise security app, zIPS, uses machine learning to detect new smartphone attacks.

Today, San Francisco-based Zimperium unveiled its zIPS Android app (the “IPS” stands for “intrusion prevention system”), which the company says uses machine learning to watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks. This kind of technique has long been used to spot malware on PCs, but it becomes trickier on smartphones, which can be exposed to ever-growing and changing security issues across different wireless networks.

While the zIPS app is geared toward companies that would deploy the software on employees’ phones and use new companion software called zConsole to manage all the handsets, Zimperium expects to roll out a consumer version in the future, and will perhaps eventually bring zIPS to other devices.

Long combated on computers, malware has begun to hit smartphones, too, as they become a popular (and for some people, predominant) way to get online. Since Android smartphones make up the majority of the market, they’re most affected so far: A recent report from F-Secure found 259 new security threats and variations on existing threats in the third quarter of 2013, 252 of which were focused on Android. According to a Juniper Research report, though, 80 percent of business and personal handsets are still unprotected.

The zIPS software works whether the user is on or offline, says Zimperium CEO and founder Itzhak Avraham, and can protect against malicious apps, such as those that can self-modify, as well as various types of network attacks, like a “man in the middle” attack where a hacker intercepts data being sent between two parties.

Avraham, who previously served as a security researcher for the Israeli Defense Forces and as a white-hat hacker for Samsung, showed me a demo of zIPS in action during a video chat over Skype. Holding two Android Samsung smartphones, he used one to attack the zIPS-running handset, which glowed with a green image meant to look like a radar screen. When Avraham performed a man-in-the-middle attack, a notification popped up on the zIPS display saying that a threat was just spotted and prevented. It also presented information on the type of threat (“MITM” in this case) and the IP address of the attacking device.

Avraham says that attacks such as these aren’t generally spotted by mobile antivirus apps because those apps tend to be designed just to look for incoming file signatures that can be compared with known bad code. “If I download an app, for instance, even if the app itself is benign at that moment in time, I can later download an update that has malicious intent to run outside of the sandbox that the [antivirus] product has access to,” he says.

The zIPS app is trained to recognize such attacks by using existing malware and known attack techniques. This is doable, Avraham says, because while there are tons of different attacks, there are just a few dozen different techniques.

Zimperium, which counts famed hacker-turned-security-researcher Kevin Mitnick among its advisors, hopes its software can eventually be used to prevent hacking on everything from smart TVs to refrigerators, as they are becoming increasingly common in homes (see “CES 2014: Smart Homes Open Their Doors”). Many security experts expect the so-called Internet of things to become a big target for hackers since protections on such devices are typically weak, the devices tend to be plugged in at all times, and it may not be as easy to determine if suspicious activity is taking place as it is on a smartphone or computer.

Internet-connected devices are already gaining some unwelcome attention: between late December and early January, one security software company, Proofpoint, noticed an attack in which hundreds of thousands of malicious e-mails were sent by over 100,000 Internet-connected consumer gadgets, including routers, TVs, and at least one fridge.  

Keep Reading

Most Popular

computation concept
computation concept

How AI is reinventing what computers are

Three key ways artificial intelligence is changing what it means to compute.

still from Embodied Intelligence video
still from Embodied Intelligence video

These weird virtual creatures evolve their bodies to solve problems

They show how intelligence and body plans are closely linked—and could unlock AI for robots.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

pig kidney transplant surgery
pig kidney transplant surgery

Surgeons have successfully tested a pig’s kidney in a human patient

The test, in a brain-dead patient, was very short but represents a milestone in the long quest to use animal organs in human transplants.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.