As the world returns to "normality," employees are hesitantly accepted back to the office, but could they be bringing any other threats with them besides the novel coronavirus? What could be hiding inside our mobile devices of people, and what threat trends are hot right now?
We've reached out to Avast's Head of Mobile Threat Intelligence & Security, Nikolaos Chrysaidos, to discuss these trends and how Avast's solutions are detecting and dealing with them. We also take this opportunity to touch on the most recent turbulence that the security company had to face, to clear the fog on that part.
The world of mobile is on an entangled, fragmented, complicated universe of interconnecting and also independent elements, so securing it is equally intricate and knotty. Chrysaidos explains their approach and why Avast's solutions are unique in a crowded market.
TechNadu: Tell us a few things about yourself and how your passion for mobile security and malware research was developed.
I took my first steps in cybersecurity at the very end of the ’90s, close to the end of the SoftIce (kernel-mode debugger) era, and the starting of the Ollydbg (x86 debugger) era. Back then, one of my main passions, including developing, was to try to reverse-engineer various "crackmes" that were available online to test reverse engineering skills.
My passion for mobile security first developed with the release of the first iPhone in 2007. A few months later, researchers released the first jailbreak for the iPhone, opening the “doors” to the system and every app included on it. That was when I started reverse engineering various apps and trying to understand and learn how they work. A few years later, in 2010, I moved to Android with the Nexus One, and continued experimenting, by rooting the device and exploring its internals. The same year, one of the first Android malware samples was discovered: “DroidSMS.” This was the reason I entirely shifted my focus to mobile malware, which remains my focus today.
TechNadu: As an Avast employee, what can you tell us about the work that you do for the security firm? How much of your time goes into “hands-on” engineering, and what is left for guiding teams and conducting research work?
I started almost seven years ago as a mobile malware analyst, mainly creating detections, developing tools to automate the detections, and understanding new malware families in-depth. In addition, I focused on creating blog posts and content, helping the security community by sharing our findings. In early 2017, I started developing apklab.io with my team, first for internal use, in order to help us automate most of our tasks and focus entirely on mobile threat intelligence, including easier tracking, hunting, classification, and the detection of mobile malware. We opened the platform to the security community in early 2019. Nowadays, our analysts are fully dependent on the platform, using it, and providing ideas and suggestions for new features.
Since early 2019, as the lead of Avast’s Threat Intelligence Platforms, I am working with teams on improving the current internal and public apklab.io platform and developing other exciting new projects.
TechNadu: “Avast Mobile Security” is among the top-notch solutions in the Android and iOS markets. Can you give us the main reasons why people should choose it over the competition? What unique features does it bring on the table?
Our Avast Mobile Security's protection technology is based on our threat detection network, which is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real-time. Our strong mobile protection has just recently been verified again by independent testing institution AV-Test, where we scored 100% in protection against the latest Android malware attacks in real-time, and 100% in the detection of new, widespread Android malware. Our users profit from features that go beyond traditional AV protection, as we provide additional security layers to protect their privacy, for example with our Wi-Fi Inspector feature that checks the network you're connected to for security risks, the photo vault that allows you to move photos to a password-protected, encrypted vault, and the App Locking feature, that allows you to password-protect sensitive apps from prying eyes.
TechNadu: Where do you stand on the iOS vs. Android debate when it comes to security. We’ve started to see a shift in terms of how easy iOS has gotten to break compared to Android, or how harder Android got over the years if you prefer. What do you see from your perspective?
Apple still has stricter restrictions than Google Play when it comes to the apps it uploads to its store and uses a sandboxing system that separates apps from one another. So iOS still is the safer system, but once in a while, we also see fraud apps, like the fleeceware VPN apps we recently found and reported to Apple. Apple does not allow antivirus apps in its store, which is why we cannot protect or warn users of scams like this. Android is more flexible, allowing antivirus apps, and is becoming more secure. We work with Google and report malicious apps when we see them, so they can remove them swiftly.
TechNadu: Google has formed the “App Defense Alliance” last November, aiming to stop malware on Android. Why do you think that advanced AI-based malware detection and the static and dynamic analysis systems that were put in place still fail to tackle the problem? Are we dealing with an ever-evolving threat and malicious updates that fetch payloads after the installation of the apps, or are the defense systems simply inadequate?
Apps still manage to obfuscate their real intention well enough, so when first submitted to the Play Store, they seem clean, like the 47 gaming apps we recently reported to Google, but they turned out to be adware, bombarding the user with ads even outside the apps. There is no perfect malware detection system. We have previously seen apps that worked perfectly fine when downloaded but started malicious behavior after a few days, so when Google tested them, this behavior might have never shown.
TechNadu: Mobile malware is rising right now, and the trend has been the same since 2018. What types of threats do you see the most in 2020? What can the typical users do to protect themselves besides installing a mobile AV solution?
In the first quarter of 2020, the adware again dominated mobile malware, with nearly half (47%) of blocked samples being apps that aggressively showed ads. This number decreased to 27% in April and May, while Lockers, mobile ransomware, were responsible for over 30% of attacks. We also saw many coronavirus-related mobile malware apps, varying from ransomware to spyware, and banking trojans.
Besides using an antivirus app, we recommend people only install apps from the official stores, like Google Play Store and the Apple App Store. They should also check user comments before installing an app, and take the warnings of other users seriously. People should also be careful when an app requests access to too much data that is unrelated to what an app will need to properly function. In the case of coronavirus threats, we also recommend people to use websites to access information, instead of apps, which is usually much safer than installing an app on your device. The World Health Organization and the U.S. Centers for Disease Control and Prevention provide good informational resources on their websites.
TechNadu: Security researchers are warning about people returning to work following the COVID-19 lockdown, bringing ransomware and spyware with them back in their offices through their mobile devices. What would you suggest that the companies and also their employees should do to mitigate this risk?
If a company supports the BYOD scheme, then it’s up to the company's IT department to use a good MDM & MDT solution to monitor devices for malicious applications. Furthermore, companies should provide at least minimal training and updates on how to be proactive and protect oneself from mobile malware.
TechNadu: Avast was recently caught in a storm of controversy when its browser extension was discovered to collect, store, and redistribute user data. This has definitely caused a stir in the security community, and many claimed that having your data control lost is simply the price to pay to enjoy a free product. Does this apply to all free stuff, even the Mobile Security, for example? How are you recovering from this event, and what are you doing in order to regain people’s trust in your free products and services?
Responding briefly to Jumpshot, despite many reports, our practice has been known before last December. We described our practice in our privacy policy and again in the product settings. We closed Jumpshot in January 2020 because data collection from the antivirus did not meet our diversification strategy. We accept reestablishing users' trust is critical, which is why we have doubled-down in developing new privacy apps, such as BreachGuard, that empower users to control their data online. We are serious about protecting people’s privacy, and therefore have committed to applying the European General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) privacy regulations to our user base worldwide, so, for example, our users in India will benefit from these strict privacy frameworks. We are also partnering with external privacy organizations such as TrustARC, OneTrust, and the Future Privacy Forum, to help us understand the best approach to privacy in our products and services.
TechNadu: Do you think that we will soon be able to seamlessly switch between mobile and desktop modes on our devices? We already had some projects aiming that way, but none has really caught up, while Android has only now started to tentatively play with desktop modes. As a security expert, are you preparing for the dawn of this new age, or are we still far from experiencing it?
I believe we are still far from these solutions becoming mainstream. People are used to separating their workflow differently on desktop and mobile. For now, only advanced users will use hybrid desktop and mobile modes. If it will start trending, we will, for sure, make a move and provide a security solution adapted to the security needs of our users.