Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Three Reasons Mobile DDoS Never Materialized

In my previous SecurityWeek column “Where is the Android DDoS Armageddon,” I looked at the reports that showed that mobile DDoS just isn’t a thing. Malicious mobile malware (say that three times fast with a cracker in your mouth) is barely a thing, either, once annoyance adware is removed.

In my previous SecurityWeek column “Where is the Android DDoS Armageddon,” I looked at the reports that showed that mobile DDoS just isn’t a thing. Malicious mobile malware (say that three times fast with a cracker in your mouth) is barely a thing, either, once annoyance adware is removed.

Mobile DDoS AttacksBut why aren’t the one billion Android mobile handsets being leveraged as attack clients? I put this question to Ken Scott, a ten-year veteran of DDoS defense, and Brian McHenry, a Security Architect, both with F5. Between them, they offered three main reasons: apps, better browser sandboxing, and service provider control. Ken Scott states:

“For my own experience in DDoS, I’d say the real reason there isn’t a huge number of infections is that mobile phones are used to run apps as opposed to desktops running browsers. Browsers are exposed to many, many more sites that can infect them. Even if you just go to one site, their rotating ad network can infect you.


On the other hand, most apps are direct from client to the server with a much higher monetization value on mobile users; therefore you have less shenanigans in mobile ad infections.”

This makes sense when you think about it. When I load my United Airlines application on my iPhone, it is only contacting United Airlines services. The exposure is limited. I don’t use the browsers on my phone—they’re just so inefficient and clumsy compared to the desktop browsers. I suspect many other users feel the same way about their mobile browsers.

Ken also states that “[s]ince there’s no shortage of Desktop and WordPress-style server exploits with direct fiber links, there’s no need to build a bot of phones.”

McHenry says that even users who do use their mobile browsers aren’t likely to get truly malicious malware because mobile browsers have been better sandboxed from the underlying operating system than their desktop counterparts. He elaborates, “It will be interesting to see how improvements in browser security and the deprecation of Java and Flash applets improves the infection rates, even on desktops. Downloading an .exe or .dmg/.pkg on a desktop is still a problem, but more easily contained and detected than with Java and Flash.”

Lastly, data connections from mobile handsets nearly always go through the carrier providers’ mobile core network before they hit the Internet. These networks, while not bulletproof, are at least under the control of a single entity. The carriers, after all, finally have enough visibility to start enforcing usage caps on individual handsets. This means that they may have enough visibility and control to stop a DDoS on a per-handset basis, if it ever comes to that.

So while we in the security industry had been busy getting our panties in a bunch about the coming Android DDoS explosion, it never materialized. DDoS continues to wax and wane in unpredictable cycles, but the ecosystem has evolved to keep it out of the mobile space.

Advertisement. Scroll to continue reading.

At least, for now.

Related: Verizon 2015 DBIR: Don’t Sweat Mobile and IoT

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.