WE LIVE IN A WORLD that’s increasingly full of technology. However, along with technology comes malware and mobile devices are no exception, as the popularity of smartphones and tablets surges.
On the whole, mobile malware seems to be proliferating, and it’s happening quickly too. It’s been around for the last year or two and already has financial gain at the root of it, something which crept into desktop malware only after more than 10 years.
Mobile malware is pretty much at the stage that desktop malware was in 1986 or 1987 in terms of the number of threats, Tom Parsons, a senior manager at Symantec Security Response told me recently. The number of threats is into the thousands now.
Around half of threats involve premium text messages that the malware automatically sends without the user’s knowledge. Typically four are sent costing between £4 and £8 each. In my opinion, there is a big potential for this to get worse with upcoming technologies like near field communication (NFC), which will be used for day-to-day payments instead of a debit card.
Of the main mobile operating systems, it’s no surprise that Android is targeted the most. Parsons doesn’t think this will change this year and as a user of Android, I agree.
Google has made Android open, which has its benefits, but not when it comes to security. It’s not very tricky to get an app on the Android Market, especially when compared to Apple’s strict approval regime.
It’s partly this process, along with Apple’s walled garden ethos that makes IOS a less attractive target for attackers. At the moment Windows Phone has a very small share of the mobile market so unless this picks up there’s no point in choosing to target it over Android.
As I highlighted in a recent news story, a problem with Android is that malware is finding its way into legitimate apps. When a user downloads and installs an app they give it various permissions, but this can also let hidden malware contained in an advert module wreak havoc.
In this instance something needs to be done by Google. For starters it could change its permissions so the user can agree to different levels of access for the main app module and other parts including adverts.
Other attacks are far more obvious, such as apps that claim to remove Carrier IQ type monitoring and one that tempts users to unlock supposedly hidden features on the device that the manufacturer has held back.
It’s cases like this that highlight how naive some users can be and how easily they are fooled. They should really think twice before clicking on something that sounds and looks too good to be true. Common sense often goes out the window when it comes to clicking, however.
Luckily this seems to be changing. On the subject of mobile malware, Mikko Hypponen, chief research officer at F-Secure told me the firm is getting more and more queries from users concerned about the level of access applications have to their information on their mobile.
Consumers need to be aware of the risks when using devices such as smartphones, rather than assuming that nothing bad will happen to them. Vendors need to put some investment into educating users on the subject, but more than anything they have to take responsibility for their products and fight the criminals that are attacking them.
Hypponen says that users should carefully review the rights they grant to apps and complain to the vendor if they feel the app is looking for rights it can’t justify. He told me, “I know this is not an easy advice, but if app developers get no criticism for overreaching rights in their app or in their apps’ ad module, they aren’t going to change.”
I agree, as companies tend to respond to issues if their user base makes enough noise. People upgrading to smartphones or tablets for the first time need to deliberately learn the ins and outs to avoid becoming at risk. It’s often these types of users that get sucked into scams because they don’t know any better. There are also mobile versions of anti-virus software available and countless blogs that detail the latest threats. It’s time to educate users before, not after, malware attacks. µ
View full post on National Cyber Security » Virus/Malware/Worms
