Mobile Software Learns Your Phone’s Habits to Catch New Malware
Zimperium believes its machine-learning approach to mobile security can outwit hackers.
A mobile security startup is launching software that learns how your smartphone behaves in order to better spot and stop new security threats before they can cause harm or spread to other handsets.
Today, San Francisco-based Zimperium unveiled its zIPS Android app (the “IPS” stands for “intrusion prevention system”), which the company says uses machine learning to watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks. This kind of technique has long been used to spot malware on PCs, but it becomes trickier on smartphones, which can be exposed to ever-growing and changing security issues across different wireless networks.
While the zIPS app is geared toward companies that would deploy the software on employees’ phones and use new companion software called zConsole to manage all the handsets, Zimperium expects to roll out a consumer version in the future, and will perhaps eventually bring zIPS to other devices.
Long combated on computers, malware has begun to hit smartphones, too, as they become a popular (and for some people, predominant) way to get online. Since Android smartphones make up the majority of the market, they’re most affected so far: A recent report from F-Secure found 259 new security threats and variations on existing threats in the third quarter of 2013, 252 of which were focused on Android. According to a Juniper Research report, though, 80 percent of business and personal handsets are still unprotected.
The zIPS software works whether the user is on or offline, says Zimperium CEO and founder Itzhak Avraham, and can protect against malicious apps, such as those that can self-modify, as well as various types of network attacks, like a “man in the middle” attack where a hacker intercepts data being sent between two parties.
Avraham, who previously served as a security researcher for the Israeli Defense Forces and as a white-hat hacker for Samsung, showed me a demo of zIPS in action during a video chat over Skype. Holding two Android Samsung smartphones, he used one to attack the zIPS-running handset, which glowed with a green image meant to look like a radar screen. When Avraham performed a man-in-the-middle attack, a notification popped up on the zIPS display saying that a threat was just spotted and prevented. It also presented information on the type of threat (“MITM” in this case) and the IP address of the attacking device.
Avraham says that attacks such as these aren’t generally spotted by mobile antivirus apps because those apps tend to be designed just to look for incoming file signatures that can be compared with known bad code. “If I download an app, for instance, even if the app itself is benign at that moment in time, I can later download an update that has malicious intent to run outside of the sandbox that the [antivirus] product has access to,” he says.
The zIPS app is trained to recognize such attacks by using existing malware and known attack techniques. This is doable, Avraham says, because while there are tons of different attacks, there are just a few dozen different techniques.
Zimperium, which counts famed hacker-turned-security-researcher Kevin Mitnick among its advisors, hopes its software can eventually be used to prevent hacking on everything from smart TVs to refrigerators, as they are becoming increasingly common in homes (see “CES 2014: Smart Homes Open Their Doors”). Many security experts expect the so-called Internet of things to become a big target for hackers since protections on such devices are typically weak, the devices tend to be plugged in at all times, and it may not be as easy to determine if suspicious activity is taking place as it is on a smartphone or computer.
Internet-connected devices are already gaining some unwelcome attention: between late December and early January, one security software company, Proofpoint, noticed an attack in which hundreds of thousands of malicious e-mails were sent by over 100,000 Internet-connected consumer gadgets, including routers, TVs, and at least one fridge.