Simon cracks smartphone ransomware

An ingenious student who graduates on Tuesday 8 July created a stir in the tech world before he’d even finished his BSc in Computer Science at the University of Sussex.

Simon BellSimon Bell

At the same time as putting in the work to achieve a first-class degree, 26-year-old Simon Bell managed to neutralise malicious software that had been targeting smartphones and tablets around the globe.

Simon used the skills that he had acquired during his final-year project to create an antidote to Simplelocker - a type of ‘ransomware’. This is a recent form of malware that attacks vulnerable computers and smartphones by encrypting important files - making them inaccessible - and asking the user to pay a ransom to release the data.

But Simon was more than a match for Simplelocker, which is the first ransomware targeting devices that use the Android operating system and displays a message in Russian on the user’s phone or tablet, demanding a ransom in Ukrainian currency.

For his final-year project, Simon created a ‘honeypot’, a program that simulates an internet-connected vulnerable computer. The purpose of honeypots is to attract malicious software (known as ‘malware’) and study its behaviour.

Then, using the malware analysis skills that he had acquired during his project, Simon published an article on his blog explaining how Simplelocker works.

Finally, he used his insights to create an antidote, a program that decrypts any file encrypted by Simplelocker.

His analysis and antidote – which he released online in the form of a Java applet - were picked up by many specialist news websites.

Professor John Carroll, Head of the Department of Informatics at Sussex, said: “Apart from analysing techniques used in malware, Simon has also investigated the common steps that hackers make when they attempt to break into an organisation’s computer systems, for example exploiting users’ poor choices of passwords.”

In his blog, a modest Simon wrote: “The antidote for this ransomware was incredibly easy to create because the ransomware came with both the decryption method and the decryption password. Therefore producing an antidote was more of a copy-and-paste job than anything.”

But he went on to warn: “Future versions of advanced smartphone ransomware will likely prove significantly harder to reverse engineer.”

Despite Simon’s warning, users of Android-based devices don’t need to worry just yet: the Simplelocker ransomware has not yet been encountered in any apps in the Google Play store or in other app store sites.

Simon, who also dissected a malicious version of the popular mobile game Flappy Bird to reveal premium-rate text messages sent without user permission, is going on to do a PhD in cyber security.