It looks like that Christmas approaching is not stopping hackers who targeted a growing number of organizations including several security firms (Kaspersky, Nod 32 and Bitdefender) even if in secondary domains and with “simple” defacements.
Cyber chronicles report of Gemnet, another Certification Authority Breached in Holland (is the 12th security incident targeting CAs in 2011) and several massive data breaches targeting Finland (the fifth this year, affecting 16,000 users), online gambling (UB.com affecting 3.5 million of users), Telco (Telstra, affecting 70,000 users), and gaming, after the well known attacks to Sony, Sega and Nintendo, with Square Enix, which suffered a huge attacks compromising 1,800,000 users (even if it looks like no personal data were affected).
Online Payment services were also targeted by Cybercrookers: a Visa East European processor has been hit by a security breach, but also four Romanian home made hackers have been arrested for a massive credit card fraud affecting 200 restaurants for a total of 80,000 customers who had their data stolen.
As usual, hacktivism was one of the main trends for this first half of the month, which started with a resounding hacking to a Web Server belonging to ACNUR (United Nations Refugees Agency) leaking more than 200 credentials including the one belonging to President Mr. Barack Obama.
But from a mere hactvism perspective, Elections in Russia have been the main trigger as they indirectly generated several cyber events: not only during the election day, in which three web sites (a watchdog and two independent news agencies) were taken down by DDoS attacks, but also in the immediately following days, when a botnet flooded Twitter with Pro Kremlin hashtags, and an independent forum was also taken down by a further DDoS attacks. A trail of events which set a very dangerous precent.
Besides the ACNUR Hack, the Anonymous were also in the spotlight (a quite common occurrence this year) with some sparse attacks targeting several governments including in particular Brazil, inside what is called #OpAmazonia.
Even if not confirmed, it looks like that Anonymous Finland might somehow be related to the above mentioned breach occurred in Finland.
Other interesting events occurred in the first two weeks of December: the 0-day vulnerability affecting Adobe products, immediately exploited by hackers to carry on tailored phishing campaigns and most of hall, a targeted attack to a contractor, Lockheed Martin, but also another occurrence of DNS Cache Poisoning targeting the Republic of Congo domains of Google, Microsoft, Samsung and others.
Last but not least, the controversial GPS Spoofing, which allegedly allowed Iran to capture a U.S. Drone, even the GPS Spoofing on its own does not completely solve the mistery of the capture.
Other victims of the month include Norwich Airport, Coca Cola, and another Law Enforcement Agency (clearusa.org), which is currently unaivalable.
As usual after the page break you find all the references.
ComScore has just published its Press Release related to February 2011 U.S. Mobile Subscriber Market Share. 69.5 million people in the U.S. owned smartphones during the three months ending in February 2011, up 13 % from the preceding period. As we have become accustomed to a few months, the Android is still on the top, earning 7 percentage points since November 2010, achieving a 33% market share. RIM ranked second with 28.9 percent market share, followed by Apple with 25.2 percent. Microsoft (7.7 %) and Palm (2.8 %) rounded out the top five.
|Top Smartphone Platforms:
3 Month Avg. Ending Feb. 2011 vs. 3 Month Avg. Ending Nov. 2010
Total U.S. Smartphone Subscribers Ages 13+
Source: comScore MobiLens
|Share (%) of Smartphone Subscribers|
|Total Smartphone Subscribers||100.0%||100.0%||N/A|
Considering the market share on a per-vendor base, provides a different interpretation, and explains some strategic mobile choices of the Mountain View giant. Among the OEM, Samsung ranked at the #1 with 24.8% of U.S. mobile subscribers, up 0.3 percentage points from the previous three month period. LG ranked #2 with 20.9 percent share, followed by Motorola (16.1 %) and RIM (8.6 percent). Apple saw the strongest gain, up 0.9 percentage points to account for 7.5 percent of subscribers.
|Top Mobile OEMs
3 Month Avg. Ending Feb. 2011 vs. 3 Month Avg. Ending Nov. 2010
Total U.S. Mobile Subscribers Ages 13+
Source: comScore MobiLens
|Share (%) of Mobile Subscribers|
|Total Mobile Subscribers||100.0%||100.0%||N/A|
I am not new to this kind of considerations (already faced in a previous post in Italian), but it is clear that the Android Landscape is becoming a little bit too much fragmented, and this risks to be a serious issue for the Android, both in terms of consumers’ perception, both in terms of security. As far as the consumer perception is concerned: many vendors are pushing more and more customizations not only on their own Android ROMs, but even on the services provided to consumer (read vendor-dedicated markets and services). This sounds confusing for the consumer who will inevitably ask why should he consider, inside the same platform, different parameters of choice external to the mere features of the devices (and how they map to consumer’s need). Not to mention also the tragedy of software updates: a new major release of the Android may take also one year to be ported in some devices, because of the wide customizations made by the manufacturers on their smartphones.
As far as security considerations are concerned, customization affects platform (in)stability and, inevitably security, if it is true that the same code must be adapted to run on different architectures, and security bugs are always behind the door.
These factors are probably behind the rumors claiming that Google has been demanding that Android licensees abide by “non-fragmentation clauses” that give Google the final say on how they can tweak the Android code, to make new interfaces and add services, and also behind the (not confirmed) rumors of standardizing the ARM Chip for Android 3.0. If we sum up these rumors with the fact the Mountain View will not (at least initially) release the Honeycomb Source Code, it looks clear that Google is running for cover in order to stem the excessive number of fragments in which OEM vendors are reducing its precious Android.
The Android is winning the market share battle against Apple and RIM, and forecasts for the next years show a bright future for the Android, destined to achieve nearly the half of the market in 2015. So far the Mountain View Strategy has shown to be winning, but the only obstacle, in this triumphant ride, could by represented by fragmentation, which might drive consumers to the monolithic models of Cupertino and Waterloo.
The title of this post recalls a science fiction novel, but actually summarizes well a couple of news concerning the Android, which bounced in these days. Even if they seem apparently disjoined I decided to insert them in the same post: there is a logical link which connects the commercial success of a platform and the attention it attracts by malicious, and this seems to be the destiny of Android, to which the market share reserves a bright future, which become much less bright if one considers the information security consequences.
Part 1: Smartphone Market Share
This seems to be the right time for predictions as far as the smartphone market is concerned, that is the reason why I really was enjoyed in comparing the projections of ABI Research (released today), with the ones released from IDC a couple of days ago. The results are summarized in the following tables. Even if they are targeted at different years in the near future (respectively 2016 for ABI Research and 2015 for IDC), comparing the two reports is interesting for imaging what the future of the smartphone Operating System will be.
|Operating System||2010||2016||Operating System||2011||2015|
|Windows Phone 7/Windows Mobile||0,60%||7,50%||Windows Phone 7/Windows Mobile||5,50%||20,90%|
Often the providers of market intelligence do not agree on anything, but in this case, if there is one thing that seems to have no doubt, is the scepter of the Android, which seems to be destined, for both reports, to rule the market with nearly one half of the total smartphones shipped after 2015. The data also confirm a stable position for RIM (around 13%-14%), while do not completely agree as far as Apple is concerned, for which ABI research estimates a market share of 19% in 2016 and IDC a market share of 15% in 2015. But were the data are surprisingly different, is on the Windows Phone Market Share. According to ABI Research, Windows Phone will reach the 7% of the market (which become 7.5 adding the market share of its predecessor Windows Mobile). Unfortunately I do not think that, according to Microsoft’s hopes, the number 7 which identifies the mobile operating system series, pertains to the market share in 2016. Last and (unfortunately) least? IDC is more optimistic and foresees a bright future for Redmond in the mobile arena, with its creature ranking immediately behind the Android with the 20% of the market. Will be very amusing to see (in 5 years if we will remember) who was right.
Last and (unfortunately) least, the poor Symbian, sacrificial victim of Nokia and Microsoft agreement, which, in 5 years will remain little more than a romantic remembrance for mobile lovers, while, surprisingly, ABI research foresees a surprising 10% market share for Samsung Bada in 2016.
Part 2: Mobile Malware Market Share
Of course I am an infosec guy so I wonder if also the mobile malware will follow the same trend. This consideration arises from an interesting article I found in the Fortinet blog. Of course data must be taken with caution, but I could not help noticing that when one switches from smartphone market share to mobile malware market share, the ranking positions are reversed: over 50% of mobile malware families detected by the security firm concern Symbian, approximately 15% are Java ME midlets, while the Android approximately suffers only of the 5% of the infections. Of course, as correctly stated on the article, this does not means that Symbian is the less secure. In my opinion the bigger percentage of mobile malware is a simple consequence of the fact that Symbian is still the Operating System with the greater spread. Of course malware writers deserve bigger attention to those platforms which offer the wider attack surface (that is the wider possibility to spread infections). And in this moment, Symbian is an attractive prey from this point of view. My sixth sense (and one half as we say in Italy) says that the Android will not take a long time in order to achieve also the unenviable first position also in the mobile malware market share, not only because it is spreading at an incredible speed, but also because it is becoming an enterprise platform (so the value of the data stored are much more attractive for Cyber Crooks.
As if on purpose, today Symantec discovered yet another malware for Android (Android.Walkinwat), which, at least for this time, tries to discipline users that download files illegally from unauthorized sites. Analogously to some of its noble malware predecessors (Geinimi, HongTouTou, Android.Pjapps), the malware is hidden inside a non-existent version of a true application (in this case Walk and Text) and downloaded from parallel markets from Asia and United States, but instead of stealing private data, simply floods of SMS the contacts.
Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. I am stupid and cheap, it costed only 1 buck. Don’t steal like I did.
At the hand, after sending the SMS (affecting the user’s phone bill) it warns the user with the following message.
Unfortunately downloading malware from Asian parallel market is not new, and it is not a coincidence that the same report from Fortinet indicates that most mobile malware families are implemented by Russian or Chinese coders. This is undoubtely an increasing trend, and I am afraid that Chinese coders will soon shift their Cyber Espionage Operations to mobile devices…
Sembra che le voci di un possibile matrimonio tra Microsoft e Nokia, siano destinate a trovare conferma tra pochissimi giorni, forse addirittura l’11 febbraio. Il matrimonio dovrebbe avere come dote principale Windows Phone 7 che potrebbe andare ad equipaggiare i terminali di casa Nokia, che in tal caso vedrebbe modificare drasticamente la propria immagine: da produttore di una piattaforma completa (hardware più software) a semplice costruttore di terminali, alla stregua di altri colossi quali LG, HTC, (parzialmente) Samsung, etc.
Gli ingredienti ci sono tutti: in primo luogo da settembre 2010 al timone (sarebbe meglio dire alla slitta) del gigante finlandese c’e’ proprio un enfant prodige Microsoft, Stephen Elop, che per la prima volta ha spodestato un finlandese dal gradino più alto dell’azienda; in secondo luogo è ormai noto che Symbian e MeeGo (rispettivamente i sistemi operativi mobili per la fascia medio-bassa e alta del mercato), anche se su piani diversi, stanno arrancando per obsolescenza tecnologica (Symbian) e per la difficoltà di imporsi in un mercato dove l’Androide, la Mela e il Lampone oramai la fanno da padroni (con conseguente calo continuo dei profitti)
Ma se Esp00 piange, Redmond non ride: dall’altra parte dell’Oceano la situazione non è molto diversa. Sebbene l’ultimo nato di casa Windows sia un prodotto dignitoso, stenta comunque a diffondersi a causa del ritardo nel lancio e di alcune mancanze di gioventù (e di time-to-market) difficilmente perdonabili.
In questo senso si spiega dunque la strategia, applicabile ad entrambi i coniugi di questo matrimonio d’interesse, di appoggiare la sinergia su un ecosistema già esistente di terminali e servizi.
Con tutta probabilità il matrimonio porterà in dote ai Finlandesi Windows Phone 7 ed agli americani la possibilità di poter sfruttare la diffusione (ed il valore del brand) del principale produttore mondiale di terminali per numero di diffusione. Tutte rose e fiori quindi? Per niente affatto: sul piatto delle leggi di mercato dovrà essere lasciata almeno una vittima illustre. Tre sistemi operativi sono troppi per Nokia, per cui lo storico Symbian dovrà rassegnarsi a un mesto prepensionamento, oppure MeeGo non vedrà mai la maturità, interrompendo la propria carriera incompiuta nel bel mezzo di una stentata adolescenza.
Certo mi viene da storcere il naso al pensiero, ma oramai ho abbandonato Symbian senza troppi rimpianti, se non la romantica nostalgia di un sistema operativo che ha accompagnato la mia crescita professionale oramai da quasi 10 anni. Se invece guardo alla questione da una prospettiva più ampia, due sono le considerazioni che sorgono spontanee: una su un piano strettamente legato al mondo mobile ed una, più generale, relativa alla cultura manageriale:
- Relativamente al mondo mobile ho la sensazione che direttamente o indirettamente in questo matrimonio entrerà anche Intel: è vero che il colosso di Santa Clara ha storto il naso (con malcelata altezzosità) al fatto che Microsoft abbia pericolosamente strizzato l’occhio ad ARM, ma è altrettanto vero che Intel sta sviluppando MeeGo congiuntamente con Nokia e sta contemporaneamente investendo (anche) in tecnologie di sicurezza mobile con l’acquisizione di McAfee. Vedo quindi difficile una strategia mobile autarchica in un mercato che sembra ormai lasciare poco spazio agli outsider anche se dotati della potenza di fuoco di Santa Clara;
- Più in generale la mossa di Stephen Elop appare molto azzardata ma ribadisce un concetto: in un mercato globale e aggressivo il manager rompe le regole e gli equilibri. Non è un caso che lo stesso Elop stia, proprio in questi giorni, avviando una operazione di “mietitura” (di teste) all’interno dei papaveri Nokia responsabili dell’eccessiva inerzia dell’azienda. In maniera superficialmente banale, non ho potuto fare a meno di accostare la temerarietà (e mi auguro la vision) del CEO Nokia a quanto sta accadendo in questi giorni alla prima (e quasi unica) fabbrica nazionale di automobili, anche lei nel bel mezzo di un matrimonio d’interesse con un partner d’Oltreoceano che sta sconvolgendo i piani di una economia tradizionale.
Un’altro colosso sul piede di guerra nell’affollatissimo mercato mobile. Vedremo se il matrimonio snaturerà l’immagine di Nokia oppure l’azzardata scommessa di Elop darà i suoi frutti, restituendo lo smalto (e le quote di mercato) ad una nobile azienda che appare indirizzata verso la via del declino.