Zimperium Takes Aim at Mobile Security [VIDEO]
Smartphone security isn't quite the same as desktop security. Zimperium researchers discuss the pitfalls of mobile and what Zimperium is doing to limit risks.
Zuk Avraham started his company Zimperium in 2010 in a bid to help improve mobile security testing. Now in 2015, that effort is accelerating as mobile usage and threats proliferate and the need for mobile security is greater than ever before.
In a video interview, Avraham comments that while the attack vectors for mobile are different than they are for desktop PCs, there are also some similarities. For example, PDFs are known to be potentially malicious on desktops, yet when it comes to mobile, users will open PDFs without any concerns, even though there is still a risk.
Going a step further, privilege escalation attacks, which are increasingly common on servers and desktops, are difficult for typical antivirus technologies to detect. Joshua Drake, senior director of Platform Research at Zimperium, comments that mobile sandboxes aren't often enough to prevent exploitation either.
Zimperium has a commercial mobile Intrusion Prevention System (IPS) called zIPS that aims to help users and organizations detect and limit mobile attacks. Zimperium also has a mobile penetration toolkit called Zanti that initially required payment for certain levels of service, but Avraham has now made Zanti free for all to use.
"The reason is we want the industry to be able to use these tools easily to be able to show what the threat is," Avraham said.
Watch the full video interview with Zimperium below:
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist