The other day I was speaking to a techie who has good knowledge of things at Microsoft. Amongst iOS, Android, Mobile market, Windows 8 and other topics of discussion, we spoke about mobile security. The person in question highlighted that Android’s security concerns are huge. Mobile’s is computers now and for many people the only device to access internet on. As mobile gains more financial powers, the risk increases. And given that Google is the one pushing mobile wallet / NFC the most, this is even more alarming. On the other hand, iOS and WP7 are much more secure.
For once a Microsoft person tells us that they are akin to Apple when it comes to mobile security, and the curated ecosystem is doing better than Android’s open approach. This is not to say that Android isn’t innovative, or MS / Apple do better, the design of the OS ecosystem is the key here. Android is more widely distributed, is on lower cost handsets and is more likely to be used by unsuspecting common users (who are more likely to fall for phishing, unsecured apps etc). Also, given that installing 3rd party apps on Android is easier, compared to bypassing App Store or Marketplace on iOS & Windows Phone respectively.
What we have with us today is a study of mobile security trends by LookOut. And Lookout believes that there are two main aspects of mobile malwares which are of primary concern to the hackers making them.
- Cost of infection – How easily and cost effectively can the malware be spread to the most number of devices?
- Profit from infection – How much money does one make from the infected mobile devices?
There are about 6 Mobile Malware trends which can be classified into the 2 categories above.
Cost Of Infection
Automated Repackaging
This is one of the easier ways that malware makers have adapted to and probably one of the most profitable ones as well. Repackaging an already existing app or game not only allows the malware maker to make a hole in the pockets of the developers but also allows them to siphon off money from the users at the same time by loading these apps with unnecessary permissions and malware.
Malvertising
This one has been in existence since the birth of the internet on our desktops and now they are slowly making their way onto mobile devices. Malverts generally look like genuine ads, which once clicked though leads one to fraudulent websites which then starts download of a malicious malware onto your devices. And with the increasing capabilities of handheld devices it’s only expected to get even worse in the year 2012.
Browser Attacks
There are chances that an alert user might detect something fishy with the native apps on their handheld devices but the same is more difficult when it comes to web based apps. And web based apps are supposed to grow to new heights with the advent of the HTML5 browser based apps leading to the possibility of an even bigger network of mobile browser malware. While Android is thought of as the most unsafe of ecosystems, your mobile browser may just prove to be even more dangerous.
Profit from Infection:
Mobile Pick-pocketing
If you thought that your carrier billing was safe this one might force you to think again. Many of you download free smsing, chatting or calling software but if you happen to download one with a malware the app might just suck money from you by charging you for messaging and calling of premium services and numbers. 22 such applications were recently detected and removed from the Android market. GGTracker was one of the first such app to surface in June of 2011 and RuFraud has been one of the most notable ones which came to light recently.
Botnets Come to Life
DroidDream attack that launched Year of Mobile malware was the first example of mobile botnets ever created. These botnets can control your smartphone and can be used to spy on you or even fetch vital data from your devices. Geimini is another example of the 10 botnet like families detected in 2011.
Vulnerable Smart Devices
Lookout says that Android based smartphone are the most vulnerable devices with each one in their lineup having some kind of security hole. DroidDream exposed two vulnerabilities in Android while the PDF security hole in iOS was even well documented. Security holes exist everywhere be it any platform from Android, Mac OS X & iOS to Windows or even BlackBerry.
While it’s almost impossible to foolproof your device as security loopholes might always exist which can be taken advantage of, the best one individual can do is to ensure that they have a mobile security app installed on their devices and be careful while downloading apps and clicking on links when browsing.
Via: Readwriteweb
