In the “Spy vs. Spy” world of cyber security and malicious software, Mark Grandcolas says the bad guys usually have an advantage with the element of surprise.
The traditional approach of anti-virus software compares programs being downloaded against the known universe of malware, and determines if a snippet of code matches anything on the blacklist that is known to disrupt or co-opt a computerized system. “You hope that the good guys come up with the next new mutation before the bad guys do,” says Grandcolas, who compares conventional cyber security to an endless game of “Whack-a-mole.”
The approach has worked well enough in desktop computing, at least so far, but the transition to mobile computing makes the anti-virus paradigm increasingly untenable for smartphones and other mobile devices. Scanning every download for the telltale signatures of bad code would quickly drain battery power, and even schemes to use cloud computing would still require significant energy-draining resources on the device itself. Meanwhile, the number of smartphones is expected to soon surpass desktop computers—and mobile malware has begun to proliferate as cyber criminals with their own programming resources target e-commerce and financial transactions.
Last month, for example, researchers at Kaspersky Lab posted their analysis of the most sophisticated “Android Trojan” discovered so far—a multi-functional program that is both encrypted and hidden in the Android operating system. The malware was designed to send text messages to premium-rate numbers, download other malicious programs, spread itself via Bluetooth to other mobile devices, and execute remotely delivered commands.
A new security paradigm is needed, but Grandcolas says it wasn’t until he met the computer security expert Markus Jakobsson that a new approach began to take form.
The two met at Xerox PARC, the renowned research center in Palo Alto, CA, where Grandcolas was a director of business development and Jakobsson was a principal scientist. They founded FatSkunk in 2009 to advance technology Jakobsson had devised for mobile devices, using a technique known as software-based attestation to provide an alternative defense to malicious code. Jakobsson, a Swede, got his doctorate in computer science at UC San Diego, and specialized in computer security at Bell Labs and Lucent Technologies, RSA Labs, Xerox PARC, and PayPal.
FatSkunk’s technology uses a bit of embedded software (that would be installed in each mobile device during manufacturing) to clear the RAM and scan the memory in a way that requires the device to execute a precisely timed set of instructions. If the computation takes too long, the only explanation is that unauthorized malware is taking up
