Android Security Threats Surge With Infected ‘Angry Birds’
Jerome Favre/Bloomberg
Models display Samsung Electronics Co. Galaxy Nexus smartphones, running Google Inc.’s Ice Cream Sandwich Android operating system, in Hong Kong, China. Making malware is easier with Android software because the applications aren’t checked, the source code is open and the apps can be sold on external sites, Hoffman said.
Models display Samsung Electronics Co. Galaxy Nexus smartphones, running Google Inc.’s Ice Cream Sandwich Android operating system, in Hong Kong, China. Making malware is easier with Android software because the applications aren’t checked, the source code is open and the apps can be sold on external sites, Hoffman said. Photographer: Jerome Favre/Bloomberg
In the era of the personal computer,
Apple Inc. (AAPL)’s machines were often less vulnerable to security
threats than the alternatives. That may also be the case with
the rise of smartphones.
Google Inc. (GOOG)’s Android operating system for mobile devices
has had an almost sixfold increase in threats such as spyware
and viruses since July, according to Juniper Networks Inc. (JNPR) That
may increase the perception that Apple devices are safer than
smartphones and tablets that run on Android, said Juniper.
“You’re not going to see nearly the number of infections
on Apple as you see on Android,” said Dan Hoffman, who leads a
team tracking mobile threats for Sunnyvale, California-based
Juniper, the second-largest maker of networking equipment.
Most of the growth in Android threats comes from
applications, or apps, available from third-party sites not
associated with Google’s Android Market, according to data
Juniper collected as of Nov. 10. Apple doesn’t face the same
issue because iPhone and iPad owners can only get applications
from Apple’s App Store, which is controlled by the company.
“The open nature of the Android system makes it more
susceptible to attack,” Hoffman said in an interview. “If it’s
on a third-party site, Google can’t remove it.”
Making malware is easier with Android software because the
applications aren’t checked, the source code is open and the
apps can be sold on external sites, Hoffman said. Android is
free and available for download by anyone, while Apple screens
each application added to its store. With Android growing faster
than Apple’s system, it appeals to hackers seeking greater
reach, he said. Of the thousands of infected Android apps, 55
percent contain spyware, which can gather data from phone use.
Increasing Market Share
Google, based in Mountain View, California, and Apple,
based in Cupertino, are vying for control of a smartphone market
as computing evolves from desktop machines to mobile devices.
While Apple has championed a closed system in which it makes its
own hardware and doesn’t share its operating system, Google has
opted for an open approach, allowing companies such as Samsung
Electronics Co. and Motorola Mobility Holdings Inc. to use
Android in phones and tablets for free.
The wide availability of apps has helped the Silicon Valley
rivals outpace traditional handset makers such as Nokia Oyj (NOK1V) and
Research In Motion Ltd. (RIMM) Android devices had 45 percent of the
U.S. smartphone market in the quarter ended in September, up
from 40 percent three months earlier, according to research firm
ComScore Inc. Apple kept its 27 percent share.
Hoffman said the 472 percent jump in application viruses
since July stems from Android users’ ability to buy apps online
at third-party sites like mmoovv.com and samsunggalaxy-s.ru that
can contain malicious applications alongside legitimate ones.
Virus in Disguise
Android users may be drawn to the sites to find cheaper
versions of programs, or because the Android Market isn’t
available in some places, such as China. On a third-party site,
it’s possible to find an infected “Angry Birds” game uploaded
right next to a legitimate one, said Danielle Hamel, a Juniper
spokeswoman.
Spyware threats are increasingly coming from pirated
versions of popular apps, Hoffman said. While the apps are
designed to look and work like something legitimate already on
the market, they contain viruses that can grab users’ private
data or communicate with other parts of the phone.
Randall Sarafa, a Google spokesman, said the company had no
comment. Trudy Muller, an Apple spokeswoman, didn’t respond to a
phone call.
Citing competition from other security vendors, Juniper
declined to disclose the exact number of data samples used to
determine the increase in Android threats. In order for Juniper
to count an application as infected, it must have an instance of
“hostile” or “intrusive” code.
Evolving App Market
Juniper doesn’t have numbers for malware on Apple’s
operation system because cases are rare, Hoffman said. Security
researcher and hacker Charlie Miller said this month on Twitter
that he was kicked out of Apple’s development community for one
year after loading an app that exposed vulnerability.
The relative youth of the mobile-application market allows
programmers to exploit weaknesses in an open-source model and
once developers for Android discover all potential threats, it
might become more secure than Apple’s operating system over
time, said Edward Amoroso, chief security officer for ATT Inc. (T),
the second-largest U.S. wireless carrier.
“An open model tends to allow a flurry of vulnerabilities,
very quickly, that tend to stop being a problem as more people
find them,” Amoroso said in an interview. “A closed system
will have longer, more sustained, but more predictable and
controllable set of vulnerabilities.”
Open-Source Evolution
He said open-source operating systems for personal
computers were more vulnerable than Microsoft Windows for years,
until eventually the programming community was able to make them
safer.
The smartphone security threats may provide a business
opportunity for companies selling protection. IDC, an
information technology research firm, expects the mobile
security software market to expand 15.1 percent annually.
International Business Machines Corp. (IBM) and Symantec Corp.
are among the companies investing in the market. IBM last week
started selling a service that ensures personal devices comply
with corporate security policies and detects malware.
“People are routinely sending enterprise data to their
personal phones,” Latha Maripuri, a director of security
services at IBM, said in an interview. “Our clients are
struggling with the mix of business data and personal data on a
device.”
To contact the reporters on this story:
Sarah Frier in New York at
sfrier1@bloomberg.net
To contact the editor responsible for this story:
Peter Elstrom at
pelstrom@bloomberg.net
Article source: http://www.bloomberg.com/news/2011-11-15/android-security-threats-surge-with-infected-angry-birds-tech.html
View full post on National Cyber Security » Spyware/ Cyber Snooping