Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Fraudsters Adopt Automation, Jailbreaking and Outdated Apps to Commit Mobile Fraud

Tuesday, June 30, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

A new report reveals cybercriminals are increasingly targeting mobile channels to commit fraud using a variety of device modifications to avoid detection. The researchers found increased use of jailbroken or rooted devices to automate malicious activities such as registration of multiple accounts for spamming, or use of emulators to run multiple accounts on the same device.

90% of mobile fraud originated from Android devices, mostly running older operating system versions of over six years old. The use of old ecommerce apps on iOS jailbroken devices was also a common method for targeting ecommerce sites. The researchers made their findings after processing over 76 billion mobile events from 1.3 million users, using over 2.1 million device types.

Online traffic and fraud sources

The report found that mobile apps accounted for 75% of the traffic, while mobile web and desktop web accounted for 12% and 13%, respectively. However, mobile web had more fraud rates (26%) compared to mobile app traffic that accounted for only 1% of fraud. Desktop web traffic remained the largest source of online fraud rate of 34%.

90% of mobile fraud originates from Android devices

The report by DataVisor revealed that 90% of mobile fraud originates from Android mobile phones. The reason is that Android is an open-source platform, and malicious actors have low-level access to the system. Consequently, they can add new system features as well as make system changes that other closed systems do not allow.

Additionally, the Android platform has more apps, many of which promise to provide automation and productivity for Android users. Such apps request elevated permissions, making them good candidates for committing mobile fraud.

Similarly, many OS versions available for Android due to lack of a centralized update management system allows fraudsters to target devices running an older version of Android. Older smartphones are more vulnerable because they lack security fixes and security controls available in newer devices.

Jailbroken and rooted smartphones are 22 times more active than intact devices

DataVisor report showed that jailbroken iOS and rooted Android devices generated more activity compared to non-jailbroken phones. The researchers suggested that criminals involved in mobile fraud were actively using jailbroken mobile phones to automate fraudulent activities.

According to the researchers, only 0.16% of Android devices were rooted, while 0.14% of iOS devices were jailbroken. However, the small percent of unlocked devices had higher traffic rates compared to intact devices.

Fraudsters preferred jailbroken devices because they allow them to create multiple unique accounts on the devices using third-party emulators. Using this method, the attackers could carry out several attacks using the same device.

Social media attacks using emulators and user-agent spoofing

DataVisor report found that most social media attacks were coordinated and used emulators and spoofed user-agents. One method involves the creation of multiple social media accounts on the same device to send spam messages.

The researchers found such accounts shared the same IP subnet and used the same template for spam messages. The attackers used different domains, for example, gmail.com, mail.ru, and hotmail.com, to avoid triggering suspicion if many email accounts were created on the same domain from the same device.

However, the accounts had a different user-agent string collected, indicating they were either run from different emulators or used spoofing to randomize user-agent strings. The user accounts associated with the attack ran from random OS versions, mostly very old Android version more than six years old.

Ecommerce attacks using jailbroken iOS devices and old shopping apps

Ecommerce mobile fraud activities targeted online stores with limited time promotions and high traffic. These sites received legitimate traffic mixed with automated bots and scripts. The sites received up to 3,000 fake users who registered using VPNs with Chinese IP addresses, while purchases made to these sites shipped to fake locations.

Addresses used in these fraudulent purchases followed a similar pattern, such as a [random house number] + [common road name] + [directions (North, South, East, West)] + [Large city or state]. Most of the criminals committed mobile fraud activities using iOS devices using very old ecommerce apps. Such attacks used jailbroken iOS devices customized to carry out large-scale attacks.

Device flashing

Fraudsters switched device identifiers to avoid raising suspicions about many accounts running on the same device. Device flashing mobile fraud targeted popular gaming apps. Fraudsters acted as brokers helping gamers buy virtual items using stolen personal information, credit cards, and virtual currency.

Criminals switched user accounts to complete purchases without generating any gameplay activity. They also switched device identifiers such that each device was associated with a small number of users.

Device modification rooting and flashing can be used to commit mobile ad fraud where publishers earn money by creating multiple accounts to click on their own ads. Similarly, these types of fraud could be used to falsify mobile marketing results.

The same could be used to boost app install on the play store to popularize fraudulent apps. Criminals also have an opportunity to run several bank accounts on the same device using stolen personal information.

To combat fraud, the available fraud protection solutions should rely on tracking user behavior in real time, phone numbers verification, in addition to device identifiers which could be easily spoofed.

Photo and Link: https://www.cpomagazine.com/cyber-security/fraudsters-adopt-automation-jailbreaking-and-outdated-apps-to-commit-mobile-fraud/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.