h1

Quick-Take: Google Turns to Zynamics after recent Malware Proof

March 2, 2011

With enterprises eyeing mobile “smart” phones and tablets as the next wave of technology to improve worker productivity, responsiveness and presence, the recent infiltration of trojan malware into Google’s Android Market is likely to go unnoticed. However, the ramifications appear to be crystal clear to Google as they responded by quickly snatching-up German reverse engineering firm Zynamics. In a blog post yesterday, Zynamics’ CEO Thomas Dullien – aka Halvar Flake – simply stated:

We’re pleased to announce that zynamics has been acquired by Google! If you’re an existing customer and do not receive our email announcement within the next 48 hours, please contact us at info@zynamics.com. All press inquiries should be sent to press@google.com.

There is still no official press release from Google on the matter, however SecurityWeek and other sources have stated that Google has indeed confirmed the acquisition. It is unlikely that the timing of this announcement is unrelated to the recent Android Market fiasco or the “rumoured” Apple iPad2 launch supposedly to take place today at 10:00 AM PST.

An estimated 50,000-200,000 users downloaded tainted apps from Google Market before the items were pulled-off the site. Of course, Apple is not without its share of  problems in iPad. There was a major breach in June, 2010 resulting in at least 114,000 compromised iPad users including then Obama White House Chief of Staff Rahm Emanuel.  However, in the iPad case the breach came as a result of a direct attack on iPad vulnerabilities where the Android compromise attacked a weakness in Google’s Market policies – essentially taking a “trusted back door” approach.

Meanwhile, VMware has been on the road promoting it’s mobile virtualization platform with partner LG. In a hands-on video at the 2011 Mobile World Congress taken by Engadget, the VMware mobile hypervisor can be seen fronting two phones within a phone. While this approach can help to secure corporate data from infiltration of the “consumer” side of the schizophrenic cell phone, it cannot protect the phone from OS vulnerabilities (like the iPad Safari weakness) or authorized deployment vectors (like Google’s Market infiltration.) To protect assets from these kind of attacks, the use of mobile anti-virus and anti-malware will be imperative.

SOLORI’s Take: VMware’s type II hypervisor does enable corporate policy enforcement that would bee too “draconian” for most users to co-exist with their personal or mixed-use phone or tablet . While no official word from VMware has been given on when their mobile hypervisor will make the leap from phone to tablet, it’s not a huge leap given the software has already been shown on the Nexus One and LG Optimus Black.

Given that the LG Optimus is based on TI’s Omap 3630 and the Nexus One incorporates the older Qualcomm Snapdragon chipset, and both are based on ARM Cortex-A8 CPU core found in many Android and Apple iOS devices, VMware’s offering appears to be very mature. Also, it is only a type II hypervisor so it should be no time until we see it running on more current, mainstream devices running ARM Cortex-A9 CPUs used in Nvidia Tegra2-based devices like LG Optimus 2X, Motorola Altrix/4G & Xoom or the rumoured Apple A5 chip “destined” for iPad2 and iPhone 5 or even the new TI Omap 4430 that power the like of the Blackberry Playbook.

Can a type II hypervisor quell corporate America’s security concerns about information leakage and IP theft? Given the right deployment model, tools and resources it represents a step in the right direction. The jury’s still out to see how wireless sharing, two separate data plans and two anti-malware threads affect run-time on platforms that threaten the delicate balance of usability and battery life…

Follow

Get every new post delivered to your Inbox.

Join 48 other followers

%d bloggers like this: