Mobile security: interview with Nikolay Grebennikov, Kaspersky Lab


Nikolay Grebennikov– Smartphones are everywhere: from CEOs to CIOs, to HR Executives, to average end users – everyone is using a smartphone with lots and lots of really important data flowing around these little devices. We’ve invited the CTO of Kaspersky Lab Mr. Nikolay Grebennikov to talk about security issues on smartphones – what’s Kaspersky’s vision for protecting smartphones? So let me ask you: when you think about securing smartphones, are you cloning what you’re doing on the desktop exactly, or do you have to look at security of these devices entirely differently and kind of build it from scratch?

– Smartphones are really a hot topic and we’ve developed taxonomy of threats we see on smartphones. It’s not exactly the same as what we have on big machines. I can say our applications for smartphones are different compared to big applications for laptops and PCs. But if you talk about threats to smartphones, it’s not just malware – of course, we know about malware families, and this is growing right now. But we also have privacy issues here, as well as data protection and theft issues. At the same time, we deal with social engineering tricks like phishing; so URL categorization, URL filtering, parental control are also some of the topics we have to pay attention to.

– Right. And the growth of smartphones, the explosion of popularity of smartphones is driven entirely by the fact that there’s an app for that, there’s an app for everything. Do you look at the reputation of applications as they are downloaded? How do you go about determining whether or not they are clean or dirty? Can you talk a little about application protection?

– Yeah, we have antimalware component in our smartphone products for all Operating Systems we support right now, including Android, BlackBerry, Windows and others. The core technology here is the signature database, plus some type of heuristics – not so big as on big machines, but right now it’s enough to detect common families of malware. Some malicious applications we have on smartphones try to do very simple things, like trying to send SMS to premium numbers – it’s very simple, we can just check this by the list of premium numbers and apply the block. We can also, for example, work with malicious applications on smartphones which try to get the identificators of devices and some other information – we are going to just check and block the access to these important data on your smartphone. So right now, the behaviour of malicious applications on smartphones is not so complicated as on big machines, but our prediction is we will see the same types of trojans and worms as on big machines in the future.

– When you talk about taxonomy, you mention privacy – a big issue. What sort of privacy components are built into the mobile security products to protect end users? Are you just looking at, you know, GPS coordinates? How are you protecting privacy of mobile devices?

– One of the issues with mobile devices is that they are small, and you can simply lose this device somewhere. After that, if you have some important information – especially if you use this device as not just your home device but a working device, moving in pace with the IT consumerization trend – you are really interested that these data not be available for other guys.

– Like photographs?

– Yes. And in this case, it’s a good idea to remove these data from the device remotely, and we have this component now – Kaspersky Mobile Security Solution. So you can track the location of your device and you can remotely wipe your device if that’s necessary.

– URL watching – we know about URL watching on desktop side. Is that something you’ve brought entirely over to the mobile products, or is that something you also have to build from scratch? Just explain how you go about looking for malicious websites.

– We definitely think that URL filtering is a component which will be very useful for all types of mobile devices, including Apple devices, Android-based and others because here we have a very simple concept that people use the devices mostly to surf the web, and the bad guys will try to penetrate them via this channel. Unfortunately, browsers are not so smart on mobile devices as on big machines right now, so we have to provide protection against phishing, against malicious URLs and against some pornographic URLs (so it’s parental control). And yes, we are creating the database of bad links and classifying these links with our content filtering lab, but this is something which is on the rise and we’re also developing new technologies in this area right now.

– You mentioned a few platforms: Symbian, Windows Mobile, BlackBerry. The one thing you didn’t mention obviously is the big one in the room – it’s iPhone. Are you doing anything at all on the security side for iPhones? Are we likely to see a full security suite for iPhone? What can you do for iPhones, and what are you doing right now?

– You know, the Apple Company thinks that they do not need security on their devices because they are secure by default. There is a big difference there with Google approach, with Android-based devices. Android is a much more open platform compared to iOS and iOS-based devices. I think in the future, Apple will have to change their concept a little bit because people really like flexibility, they need new applications, and the initial push of iOS applications is not enough to attract people more and more for the next years. If we think about security on Apple-based devices, we can say that URL filtering is a different case here, phishing is a different case, and so are privacy issues. And we have to provide some security protection for this type of devices. So we have a research project in Kaspersky right now to create a URL filtering component for Apple-based devices. At the same time, we have already released one application for Apple devices, which is ‘SMS Deblocker’, and right now we occupy the third position in Russian AppStore for free applications.

– What does the Deblocker do?

– Deblocker is an application which helps you in case your machine is infected with a trojan-blocker. This type of trojans blocks your machine, shows some bad pictures on this machine and asks you to send SMS to a premium number to unblock. And in this case, you can get your iPhone and enter numbers you see on the screen of your big machine, and Deblocker will help you remove this trojan from your system.

– Excellent. Can you leverage the Cloud on the mobile side as well? Is that something that works on the mobile side the way you do it on the desktop?

– Exactly. You touched a very interesting point that Kaspersky Cloud Service is really useful, especially for such small devices as smartphones, because we can use the power and knowledge about threats on millions of big machines and the large storage we have on Kaspersky servers on the Internet to help smartphone users fight against new threats and block new threats in the Cloud. It’s a very beneficial model.