How a Smartphone can compromise Your Company

Posted: October 13, 2016

Smartphone hacks - a drawing indicates a phone being turned into a destructive weapon

Hackers can now use your own employees’ smartphones against you to launch digital espionage attacks, and hijack sensitive corporate information using a Trojan horse called DressCode.

Security specialists Trend Micro report the malware allows hackers to bypass your Firewalls by accessing connected internal networks through the compromised device, which are already beyond the router.

It can also turn the machine into a bot and build a botnet – an army of slave devices capable of launching distributed-denial-of-service (DDoS) attacks, or spam email campaigns.

So how does it work?

DressCode infiltrates your employees’ devices when they download infected apps ranging from games, skins, and themes, to phone optimization boosters. And the bad news is the malware is spreading.

Currently Android devices are particularly at risk, with more than 400 apps containing the malicious code detected on Google Play in August (they have since been removed), and a further 3,000 apps found in third party app stores.

Reports suggests DressCode is difficult to detect because it’s only a small part of the app and runs quietly in the background. If one of your staff’s devices are affected, however, once connected to Internet it creates a tunnel between the device, its connected networks, and the hackers, allowing the latter complete access to your company servers.

To understand the scope of the problem, just one of these apps was installed between 100,000 and 500,000 times according to its Google Play page, meaning millions of devices are now potentially infected.

Apple device owners are also at risk with the company recently forced to issue a security fix after hackers were able to intercept an iPhone’s every message and call, as well as track the owner’s location.

Findings in a recent study by Intel Security shows the malware threat is exacerbated by Australians’ laissez faire attitude towards smartphone cyber security. Two thirds of Australians (or 14 million people) admit they don’t have added security despite facing up to 100 malware threats every hour, and with five per cent of devices already found to be compromised.

So the short story is, if you’re one of the 82 per cent of businesses now either allowing, or actively encouraging, employees to use their personal devices for work with a Bring Your Own Device (BYOD) program, you could be leaving your company wide open to attacks from malware like DressCode.

And the risk isn’t just limited to personal devices, with almost four in 10 parents admitting to also handing their work devices over to their kids to play with – opening the door to a variety of unsanctioned (and potentially compromised) downloads.

So what’s the solution?

Smartphone owners can take these main precautions to protect their devices:

Avoid unsecured WiFi access
Check that all apps come from an official market complete with reviews from other users
Regularly update your phone’s operating system
And use a virtual private network (VPN) if connecting to public WiFi is unavoidable. It will encrypt your communication

From a company perspective, however, it’s impossible to ensure your employees’ compliance. So the answer is simple: invest in a mobile device management system (MDM) like CompterOne’s XenMobile – designed by Citrix – and take the risk out of BYOD.

What does it do?

XenMobile, which comes with more than 155 business compatible apps, can be tailored to meet your individual corporate needs.

Features include the ability to:

Provision policies and apps automatically
Blacklist or whitelist apps
Troubleshoot problems in a standardised environment
Wipe lost, stolen, or out-of-compliance devices
Restrict camera use
Provide a geofence to the device preventing it from being used to perform work-related functions outside set parameters and…
Chain these functions so your staff can only use your data in the way you want

XenMobile is somewhat restrictive in what it will let a phone do. But when it comes to the security of your network it’s a lot more effective than crossing your fingers.

April 2021 Update

DressCode Group Possibly Still At Large

In recent years, DressCode seems not to have shown itself to the public. Moreover, cybersecurity firm Lookout worked with the domain registrar and the hoster of DressCode’s command-and-control servers to disable the malware’s infrastructure.

Does this mean that DressCode has become harmless? It’s difficult to tell for sure. The authors of DressCode haven’t been caught, and although they appear to be lying low, they could still make a return – if not with the original DressCode, then with something that is based on it.

Additionally, DressCode seems to have had at least one successor – the MilkyDoor malware first detected in 2017. Largely similar to DressCode, MilkyDoor had a few new tricks up its sleeve. Among other things, MilkyDoor made use of SSH (Secure Shell) to encrypt its payload and thus complicate detection.

A similar piece of malware – TimpDoor – appeared in 2018, disguised as a voice messaging app.

Unlike DressCode, as far as we are aware, no one has attempted to shut down the servers behind MilkyDoor and TimpDoor. So although DressCode-like malware hasn’t shown intense activity recently, they may still be at large, posing a big security risk for organisations.

Mobile Device Management Has Evolved Into Modern Device Management

Mobile Device Management has evolved into Modern Device Management – a set of tools and procedures aimed to secure not just smartphones but also BYOD laptops and tablets.

Computer One uses Microsoft Intune to manage modern devices. Microsoft Intune is included in the Microsoft 365 E3 plan – a highly popular platform providing enterprises with access to cloud services, efficient Office workflows, and security.

Deeply familiar with Microsoft 365 E3, Computer One is an expert in managing licensing and helping you get more out of what you are already paying for.