A new firm said it plans to make a dramatic debut at RSA Conference 2012 by demonstrating an attack against Google Android smartphones in which cybercriminals can gain access to critical processes and take complete control of the victim’s device.
The company is still in stealth mode, but we are focused on attribution of cyberattacks from nation-state adversaries as our core mission.
Dmitri Alperovitch, co-founder, CrowdStrike
CrowdStrike said it will demonstrate the flaw during a session at RSA. The firm told Reuters that the attack uses a malicious email message. If the recipient clicks on the link the attack targets a vulnerability in the Android browser.
The firm is being led by George Kurtz, the former CEO of Foundstone and CTO of McAfee as well as Dmitri Alperovitch who was vice president of threat research at McAfee. Alperovitch is known for leading a team that uncovered Operation Aurora in 2009 and Operation Shady RAT, the discovery of a command-and-control server containing data that Alperovitch said exposed lapses in cybersecurity at more than 72 organizations, including government agencies from a wide variety of different countries.
Alperovitch said CrowdStrike would address targeted attacks using a new defensive technology that could expose them before companies are infiltrated. The firm is shedding little light on its new product, but said that it utilizes “big-data” technologies.
“The company is still in stealth mode, but we are focused on attribution of cyberattacks from nation-state adversaries as our core mission and have received $26 million Series A round investment from Warburg Pincus,” he told SearchSecurity.com in an email message.
Alperovitch will lead the company’s RSA session “Hacking Exposed: Mobile RAT Edition.” The session is said to expose how attackers can target smartphones and take control of the device to steal sensitive information or covertly use the device’s microphone and camera.
Alperovitch told Reuters that the attack against Android handsets works on devices running Android 2.2, also known as Froyo. He said a second version is being developed that could be used against phones running Android 2.3. The attack targets an unpatched Webkit vulnerability, a common browser framework used in a variety of platforms including Research in Motion’s BlackBerry and Apple iOS devices.
Webkit vulnerabilities have been a common hacking technique to gain control of smartphones, said Aaron Portnoy, the leader of HP TippingPoint’s security research team. Portnoy oversee’s the Pwn2Own contest at the CanSecWest security conference in which over the last several years hackers took advantage of Webkit flaws to gain access to handsets.
Portnoy said Webkit errors are common and expose a serious patching problem in smartphones. Due to the wide variety of Android handsets and operation system versions, Google is slow to roll out Webkit updates. RIM and Apple also are slow and can take months to issue a security update patching Webkit, he said.
“Vulnerabilities fixed in Webkit today could be used against the iPhone or BlackBerry for months, because it takes a long time to distribute updates through the carriers to the devices,” Portnoy said.
View all of our RSA 2012 Conference coverage.