Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips
Watering Hole Attack

A large number of mobile apps—even those whose functionality has nothing to do with needing to know your location—report your location to marketing frameworks and ad networks. Such geo-location reporting means that your physical whereabouts are being tracked, 24 x 7. They know where you are at all times.

While most would agree that this is slightly creepy, it’s not obvious that such geo-location reporting can represent a risk to your enterprise’s network. What follows is one of many reconnaissance scenarios where that’s exactly what’s happened:

A small group of executives have lunch regularly at a local restaurant; an attacker with access to their geo-location data could easily detect this. The attacker correctly assumes that one or more of the execs access this website to browse the menu and make reservations. By placing malware on this lightly-defended web site, the attacker is able to compromise the computer of one or more company executives. The watering hole attack has been successful. From there, a successful breach is launched.

This is not idle speculation, as watering hole attacks are increasing exponentially. One example, reported by Palo Alto Networks, leveraged CVE-2015-5122 (an Adobe Flash vulnerability) provided attackers with a foothold in a large aerospace network. In fact, according to Invincea, over 30,000 legitimate websites are hijacked each day. Once malware has been installed on these sites, it lies in wait for an unsuspecting user to browse the site—and have their system infected. Examples of recent watering hole attacks include Council on Foreign Relations, Facebook, Microsoft, Apple, Twitter, and US-AID.

Watering hole attacks are yet another example of how risky mobile apps can put the entire enterprise at risk.


Image Credit: Ranger Chad Cocking of the Motswari Private Game Reserve