Modern Smartphones Among Network Attacks on California University

Almost 50,000 separate network attacks each week take aim at the California State University, San Bernardino, and the latest trend is seeing attackers go after students' Google Android and Apple iPhone mobile devices.

"It's everything you can imagine," says Dr. Javier Torner, who is responsible for coordinating information security on the campus attended by 17,000 students. "[We've got] big bandwidth, 600Mbps of traffic, and it's everything from scans to SQL injections to brute-force attacks."

University information technology staff operate both open-source and commercially available intrusion-detection systems to monitor the incessant barrage, which originates mainly from the U.S., Russia and China, some of it automated, some not. Some attacks pound away day and night against university websites, trying to break in through them in order to get to another part of the network or post malware.

"They're trying to target our websites, and then going after mobile devices connected to a website," says Torner, the information security officer. He notes a large number of students now connect to the websites through their mobile Apple and Android tablets and smartphones, which outnumber traditional computers or Macs. So it's not surprising attackers are gunning for iOS and Android devices, and sometimes they succeed in compromising Web pages.

Android devices have a reputation for being more vulnerable to malware, but Apple iOS devices -- even ones that students themselves haven't "jailbroken," eliminating Apple's security -- also have been compromised through what appears to be Web-based malware, says Torner. "In Web pages, the payload now is more directed against mobile devices," he says.

This tallies with an observation made by analysts at Lookout Mobile Security last week that it has spotted for the first time websites that have been hacked to deliver malicious software to devices running Android in a drive-by download. Symantec last week said it has seen Android drive-by downloads since last November but that they have been limited. Drive-bys have been a common form of attack against PCs for quite a while, and now appear to be widening to mobile.

California State University, San Bernardino, operates an open-source SNORT intrusion-detection system, and has added the commercially available MetaFlows sensors to gain extra functionality in analyzing IP flows, Torner says. The dual monitoring system lets the university run comparative analysis. Sometimes university students working on degrees in information assurance join forces with IT staff in hands-on training projects for this.

Torner says the experience in intrusion-detection monitoring shows that within just a few hours of software vulnerabilities being made public by vendors or others, attackers will start going after any possible weakness, especially Web holes. "They're trying to find an opening," he says. This makes the task of updates and patching critical.

Occasionally an attacker or malware gets through and tries to go after university computers. There are about two or three incidents each month, "but we have been able to thwart attacks," he says.