Integrity & Validation In Mobile Spyware & Malware Research

Spyware is one type of malware that can monitor or control your computer use. It may be used to send consumers pop-up ads, redirect their computers to unwanted websites, monitor their Internet surfing, or record their keystrokes, which, in turn, could lead to identity theft. There are several steps consumers can take to avoid malware and spyware, such as having up-to-date security software on their computers. There also are steps they can take to reclaim their computers and electronic information.

Source: https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/spyware-and-malware

The Federal Trade Commission relates malware and spyware, and at this point in my research and career, I don’t fully agree with this statement. Scientifically I can prove validity of mobile malware and mobile spyware working in unison. Similarly, I can prove mobile malware and mobile spyware working independent of each other, but this is a scientific philosophical debate for another day.

Clear Distinctions

Spyware and Malware are very broad subject matters, and making a claim of being a malware researcher can be compared to saying I’m an engineer. In short conversation, general introductions, and filling out non technical forms, generalizing your occupation in this way in my opinion would be acceptable.

Outside of small talk, a need for clarity and specific discipline as it pertains to malware research is 100% needed.

I work for a top 50 cryptocurrency. I’m a mobile security engineer, and some of my duties include:

Job Responsibilities

Mobile security research (firmware, software, hardware)
Mobile app reverse engineering
Mobile malware research
Application pen-testing
Writing code for testing attack vectors
Analyzing and interpreting mobile data (I/O)
Identifying malicious injection points (mobile apps and OS)

My career history revolves around these same responsibilities, and I have many podcasts and information about my career history in my GitHub repository and on my website: https://www.0hak.com

Why The Background?

Mobile Malware/Spyware Research is a specialized field of security. I would be remiss to give a lecture about Windows & MacOS Malware and Spyware. Although I write code on MacOS,Windows, and Linux environments — that by no means makes me an expert in these Operating Systems.

The need for specialized mobile security engineers and researchers is far greater than the world can imagine. Non-mobile malware researchers writing and supporting false claims by other non-mobile researchers can undermine or completely invalidate the legitimate research of a specialized mobile researcher.

In my experience, world media, and many in the general public do not know the distinction between a malware researcher and a mobile malware researcher. Similarly, many in the information security community do not know the difference, and will take the word from influential people with the title of “malware researcher” or “security researcher”, and spread disinformation that can cause confusion and create distrust.

This is not to say that a non-mobile researcher cannot appreciate a well written analysis, white paper, etc., but to definitively exclaim research is false and spread this message around security research communities without being qualified to do so needs to be addressed.

Jonathan Scott @jonathandata1