Deep learning to protect mobiles from malicious apps
Attacks in the form of malicious apps in both Android and iPhone systems are increasing more and more. Now comes protection against malicious apps using deep learning.
increasingly security risk
The threat consists of everything from data leaks, Wifi intrusions and poorly updated devices. For cybersecurity officers, you have to be on your toes.
Mobile security is now at the top of the list of what companies are worried about – and that is justified. Nowadays, virtually all employees have access to corporate data from smartphones, and this, in turn, means that it has become an intricate puzzle to protect sensitive data from ending up in the wrong hands.
There is also more and more value at stake. According to a report by the Ponemon Institute, the cost of hacking increases. Last year, the average cost of a data breach at a large company was $3.86 million – which is 6.4 percent higher than the previous year.
It's easy to focus on malware in these contexts, but the truth is that mobile viruses are very rare. There are far more realistic mobile security threats.
AI, in its various forms, is increasingly likely to have an increasing impact in countering and stopping malware and other security threats. This is while the attackers are taking on the same technology, albeit not as much so far because there are more straightforward and more cost-effective methods to achieve the purpose of the attacks.
IT security company Sophos is now launching the Intercept X product, which is intended to protect users’ mobiles without signatures or other traditional methods, and will be delivered to both corporate and private users. Intercept X should stop installations of malicious apps, often referred to as fleeceware because apps cost more to use than is shown, by recognizing their special properties.
Fleeceware was discovered by Sophos Labs in September 2019 and means that seemingly free or cheap apps actually have high costs that apply when a trial period is over, or the user starts using more features. Recently, according to Sophos, some 20 new fleeceware apps were already downloaded nearly 600 million times.
Based on the artificial neural network
“Deep learning is the technology we have used so far in our endpoint protection on clients and servers. Most recently, we’ve also started using the same technology to identify malicious apps and threats to mobile devices. It is based on the fact that we use a so-called artificial neural network that we train using large amounts of data that come from legitimate applications and harmful applications,” says Per Söderqvist, security expert at Sophos in Sweden.
According to Sophos, the technology about refines the learning process and allowing the neural network itself to classify applications it has learned through training data.
It can quickly determine whether an application is good or bad even though Sophos has never seen it before. The same technology is used in areas such as facial recognition, image classification, voice control applications and self-driving cars.
Per Söderqvist believes that the advantages of this technology are that it is not based on signatures that must be kept up to date continuously. With signatures, Sophos, and other similar actors, must first get the malware in before they can create protection against it. Another major advantage of deep learning is that it takes significantly less resources from the mobile device, which above all becomes noticeable on a mobile phone where battery life is an important factor for the user.
“Today, there are no mobile devices that are immune to cyber threats. But with this service, users get as strong protection as we can offer with Intercept X for Windows, macOS and servers,” says Per Söderqvist.
Sophos Intercept X for Mobile is managed by business users through the cloud service platform Sophos Central. The service can be purchased as a standalone license or along with the new Unified Endpoint Management (Sophos Mobile) UEM, which is a platform with an integrated mobile device security solution. For private and unattended use, Intercept X for Mobile is free and available in the Apple App Store and Google Play.
Intercept X is unique in its complete functionality, and above all, the use of deep learning instead of machine learning, which is a simpler form of artificial intelligence.
Our previous protection for mobile devices Sophos Mobile Security was based on signatures. What we have seen is that deep learning is better and faster at catching new and old threats,” says Per Söderqvist.
Whitelisting can feel clumsy
Many organizations use mobile device management (MDM) systems, including to protect users’ mobile devices from malware by whitening out which apps can be installed and used by users. At the same time, it is common for employees to use their private phones in the service, and the whitelisting can feel clumsy.
” Some organizations are looking for tools to whitelist apps. This is also something that we have been working on for a long time. However, I am often told by customers that what they are really looking for is having an opportunity to separate a device that you do with, for example, Android Enterprise. Where you can create a part where you put everything connected to the company and another part of the device that is the user’s personal part, where they can save their private photos, videos, music and so on. And no data is shared between these two parts,” says Per Söderqvist.
“Regardless of this, we see that protection on mobiles is increasingly important, and we have seen for a long time that the threat to Android, in particular, has increased continuously. A user can become infected in different ways, such as vulnerable apps, vulnerabilities in the operating system, via email or web pages. Therefore, it is incredibly important that, for example, whitelisting or tools are used to separate the device, that real-time protection is also used on mobile devices.