Comment by Dennis Monner, CEO of German security specialist Secucloud
User behaviour – risky but impossible to change
However, the risk of being infected by malware like Gooligan does not only come from the operating system. Cyber-criminals exploit user behaviour too – such as when users download apps from third-party providers’ app stores instead of the very secure Google Play Store. These providers may not check the uploaded app for threats as thoroughly as Google does, so infected apps often find their way into the stores and are then downloaded and installed by unsuspecting users.
It is easy to say that it is the users’ own fault if they get infected. If they want to use apps of dubious provenance, they should at least install a decent security solution on all their devices and take responsibility for their security themselves. However, this is totally unrealistic. Children and teenagers in particular will override warnings and install a must-have app, even if its source is dubious. And then there are all the mobile threats that can infect devices without the user doing anything, such as drive-by downloads. This is why it is cynical to expect users to take sole responsibility for their own security.
Local protection is no longer enough
Another aspect is that cyber-criminals will be targeting more and more devices due to the internet of things (IoT). For these devices, local protection may not exist or may be impossible to provide. The recent attacks on routers and IP cameras are examples of this. So how can we ask users to please make sure they are secure? Do we want to make them responsible and liable if their smart light bulb becomes part of an IoT botnet that carries out denial-of-service attacks? That would be unfair.
Threats like Gooligan make it even clearer that we need to think differently. The approach until now has been to protect devices individually – and this will be increasingly insufficient. Instead, security needs to be built into the internet itself. That is where threats must be detected and blocked.
Effective protection from Gooligan and others
This works best when the security solution is based in the cloud, such as in telecom providers’ infrastructure. That would ensure that all the customer’s internet traffic would be routed through this separate security system and searched for threats, but without violating the user’s privacy.
This type of solution also requires a multi-layer structure in order to maximise its security effectiveness. It would need to combine a variety of security technologies, ranging from signature-based malware detection and reputation services through to deep packet inspection, IDS/IPS, sandboxing and more. That would achieve a level of protection that, until recently, was only available to large enterprises.
A solution like this would protect all Android device owners from Gooligan, even if they were running an older version of the operating system. One example is our cloud-based security solution ECS2, which has been protecting devices from this threat since February 2015.