More Supply Chain Woes: DeathRing Is Factory-Loaded Smartphone Malware

The folks over at Lookout Security have an interesting blog piece on “DeathRing,” a Chinese Trojan that comes pre-installed on a number of smartphones most popular in Asian and African countries. According to the bulletin, the Trojan masquerades as a ringtone app, but downloads an SMS and WAP (or “wireless access protocol” ) content from a command and control server to the victim’s phone once it is installed. That downloaded content can be used for various malicious, money-making schemes, according to Lookout. For example, DeathRing can use the SMS content to send phishing text messages to the phone to elicit sensitive information from the user. The WAP content to manipulate a mobile user’s web browsing session. For example: the attackers might prompt victims to download additional mobile applications or add-ons, potentially extending their reach over the victim’s device and data. [Read more Security Ledger coverage of supply chain risks.] Lookout […]

Supply Chain Risk Escapes Notice At Many Firms

Online attacks that come by way of suppliers and other third party business partners are one of the biggest threats that modern organizations face. But too few firms are giving supply chain security the attention it deserves, a panel of legal and information security experts told attendees at a cyber security forum in Boston on Wednesday. Companies need to protect their exposure through third parties better, according to the panel: beefing up auditing of internal- and partner assets and including contractual protections that will indemnify them in the event that a breach at a supplier or business partner exposes data that materially affects their firm. The panel, “Fortifying the Supply Chain,” was part of a day long event at The Federal Reserve in Boston and sponsored by the Advanced Cyber Security Center, a technology industry consortium. It brought together top legal and information security experts, including FireEye researcher Alex Lanstein and Jim Halpert, the […]