Malware declares war on Android OSKatya B Naidu / Mumbai Sep 12, 2011, 00:45
Print this
Email this
Researchers warn against random downloads, advise using security software.
Malware attacks on mobile devices, especially on Google Inc’s Android operating system, have surged in recent times, says computer security researchers.
According to Trend Micro, a global cloud security leader, there has been a 14-fold increase of malware targeting Android smartphone users in the last six months alone. Another report from McAfee, a security solutions company, estimates that the malware targeted at Android devices jumped 76 per cent since the last quarter, making it the most attacked mobile operating system.
Related Stories
Malware declares war on Android OS
Websense unveils cloud service in India
Security expert warns hackers can attack Android
Circumventing net censorship
Sample this: Bangalore-based software professional Swetosuvro Ghosh had started using an Andriod smartphone but was soon forced to move back to his BlackBerry device. “There was a virus attack and the phone would dial automatically. After a number of complaints from my colleagues and friends, I shifted back to my old BlackBerry.” And, Ghosh is not the odd man out.
Reseachers say Andriod is fast becoming the hotbed for malware and rogue apps. In the past year, Trend Micro reports that they have recorded cases of mobile malware infection and exploitation plague users straight from the shelf.
For example, Vodafone was blamed for shipping 3,000 worm-laden HTC Android smartphones. Trend Micro believes that it was an infected computer in the production line that had caused the problem. Samsung was another company that had inadvertently distributed malware along with its new S8500 Wave smartphones. The worm attempted to infect a user’s PC when the phone was connected to it.
In comparison, Apple’s iOS’ was found to be among the safest of all mobile platforms, according to Symantec. “There has been unprecedented growth of non-PC devices in recent years, as consumers rely on these new devices to communicate and store their private information. From streaming their favourite music station, getting the high score hurling birds through the air and filing their taxes online, consumers deserve to feel confident regardless of what they do on their mobile phone,” notes Gaurav Kanwal, country sales manager, (Consumer Products and Solutions), Symantec India.
Symantec says, Android offers no built-in, default level encryption, and instead rely on isolation and permissions to safeguard data. “Thus, a simple jailbreak of an Android phone or theft of the device’s SD card can lead to data loss. As with Apple iOS, Android has no mechanism to prevent social engineering attacks.”
The primary security flaw in Android devices is the lack of an approval system on its app store, according to McAfee. Today, over 3,00,000 apps are available on the Android app store and the total number of downloads is estimated to be around three billion, making it an ideal place for cybercriminals to target devices. This security hole has been well protected by Apple, which has notoriously stiff criteria that must be met by developers before their applications can be allowed on its App Store.
Pune-based Preksha Bhadodia, an interior designer, bought the HTC Thunderbolt, using the Android platform in March this year. “Since this was my first Android device, I downloaded hundreds of free apps to my smartphone without really checking the apps.” Later, Bhadodia received an email notification from Google informing her about some malicious apps on her device.
“Google informed me that an update will be automatically pushed to my device – an Android Market security update – that will undo exploits caused by the malicious applications that were removed from the Android Market on March 1,” she says, adding that she would have never figured the presence of rogue apps out of the 150+ apps that she had on her handset.
Google used remote security control to push a Android Market security tool that bulldozed a malware called DroidDream off Bhadodia’s phone that had been identified in the Android Market earlier this year.
Vinoo Thomas, technical product manager of McAfee, says compromised Android phones can be easily used to send SMSes to premium numbers automatically. “The malware writer can remotely control the device, leading to an inflated phone bill for the user,” he lists. Further the cybercriminals can also copy contents such as calendar entries, contact list, e-mails, text messages, pictures and private videos from mobile devices once their security is breached.
Given the many mobile phone risks, experts prescribe users to practice caution to avoid malware infection, including downloading apps from trusted sites, avoiding unsecure browsing, utilising built-in security features of the phone and installing security software offered by security providers.
Norton Mobile Security has launched a security system for Android 2.0, and McAfee too has released a product called McAfee Mobile Security, which works on BlackBerry, Android, Windows as well as Symbian devices.
With inputs from Priyanka Joshi
Article source: http://www.business-standard.com/india/technology/news/malware-declares-warandroid-os/448799/
View full post on National Cyber Security » Virus/Malware/Worms