Intelligent Machines

Mobile Software Learns Your Phone’s Habits to Catch New Malware

Zimperium believes its machine-learning approach to mobile security can outwit hackers.

As smartphones become ever more popular, we’ll need more ways to protect them from digital attacks.

A mobile security startup is launching software that learns how your smartphone behaves in order to better spot and stop new security threats before they can cause harm or spread to other handsets.

Threat watch: Zimperium’s enterprise security app, zIPS, uses machine learning to detect new smartphone attacks.

Today, San Francisco-based Zimperium unveiled its zIPS Android app (the “IPS” stands for “intrusion prevention system”), which the company says uses machine learning to watch how your smartphone normally acts and can spot strange changes in its usage, enabling it to detect and prevent attacks, including those that may strike via unprotected Wi-Fi networks. This kind of technique has long been used to spot malware on PCs, but it becomes trickier on smartphones, which can be exposed to ever-growing and changing security issues across different wireless networks.

While the zIPS app is geared toward companies that would deploy the software on employees’ phones and use new companion software called zConsole to manage all the handsets, Zimperium expects to roll out a consumer version in the future, and will perhaps eventually bring zIPS to other devices.

Long combated on computers, malware has begun to hit smartphones, too, as they become a popular (and for some people, predominant) way to get online. Since Android smartphones make up the majority of the market, they’re most affected so far: A recent report from F-Secure found 259 new security threats and variations on existing threats in the third quarter of 2013, 252 of which were focused on Android. According to a Juniper Research report, though, 80 percent of business and personal handsets are still unprotected.

The zIPS software works whether the user is on or offline, says Zimperium CEO and founder Itzhak Avraham, and can protect against malicious apps, such as those that can self-modify, as well as various types of network attacks, like a “man in the middle” attack where a hacker intercepts data being sent between two parties.

Avraham, who previously served as a security researcher for the Israeli Defense Forces and as a white-hat hacker for Samsung, showed me a demo of zIPS in action during a video chat over Skype. Holding two Android Samsung smartphones, he used one to attack the zIPS-running handset, which glowed with a green image meant to look like a radar screen. When Avraham performed a man-in-the-middle attack, a notification popped up on the zIPS display saying that a threat was just spotted and prevented. It also presented information on the type of threat (“MITM” in this case) and the IP address of the attacking device.

Avraham says that attacks such as these aren’t generally spotted by mobile antivirus apps because those apps tend to be designed just to look for incoming file signatures that can be compared with known bad code. “If I download an app, for instance, even if the app itself is benign at that moment in time, I can later download an update that has malicious intent to run outside of the sandbox that the [antivirus] product has access to,” he says.

The zIPS app is trained to recognize such attacks by using existing malware and known attack techniques. This is doable, Avraham says, because while there are tons of different attacks, there are just a few dozen different techniques.

Zimperium, which counts famed hacker-turned-security-researcher Kevin Mitnick among its advisors, hopes its software can eventually be used to prevent hacking on everything from smart TVs to refrigerators, as they are becoming increasingly common in homes (see “CES 2014: Smart Homes Open Their Doors”). Many security experts expect the so-called Internet of things to become a big target for hackers since protections on such devices are typically weak, the devices tend to be plugged in at all times, and it may not be as easy to determine if suspicious activity is taking place as it is on a smartphone or computer.

Internet-connected devices are already gaining some unwelcome attention: between late December and early January, one security software company, Proofpoint, noticed an attack in which hundreds of thousands of malicious e-mails were sent by over 100,000 Internet-connected consumer gadgets, including routers, TVs, and at least one fridge.  

The latest Insider Conversation is live! Listen to the story behind the story.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.