01 Mar Mobile Malware to Worsen in 2013
You wouldn’t give a complete stranger access to your contacts, your banking details, your personal photos or your email messages, but by failing to take the necessary precautions while using your smartphone or tablet, you may be doing exactly that.
Now that we use our mobile devices for everything from banking to paying bills to social networking to storing sensitive information, essentially treating them as pocket PC’s, hackers (via malware) have the potential to very easily access confidential information.
From changing your wallpaper remotely, to tracking your GPS coordinates, to gaining remote control of your device, mobile malware has become more sophisticated and more numerous. And according to Cybersecurity company Eset, it’s about to get worse.
In their 2013 trends report: Astounding growth of mobile malware, Eset declared that the
However, not only will the number of malware increase, but Eset sees “malware becoming much more complex, thus expanding the range of malicious actions they perform on an infected device.”
While the increasing amount and complexity of mobile malware is scary, the real concern here is the failure of many mobile device users to view their smartphone or tablet as a target for malware.
[divider_line]
Bad News For Android Users…
Unfortunately, if you are a user of Google’s mobile platform, Android, you are particularly vulnerable to mobile malware, with Software Security company Trend Micro reporting that the Android platform took only 3 years to achieve the PC volume of malware threats achieved within 14 years (Trend Micro 2012 Mobile Threat and Security Roundup).
In fact, by the end of 2012, there were 350,000 threats for the Android platform. This number is set to increase, with Trend Micro predicting that Android threats will increase to 1 million in 2013.
McAfee states in their Threats Report 2012 that they have seen “the Android OS as the most popular target for writers of mobile malware,” with the present landscape being no different. In fact, “practically all new mobile malware was directed at the Android Platform.”
However, the main concern lies in the statistic that only 20% of Android device owners use a security app. If you are among the 80% that doesn’t have a security app installed on your Android device, your smartphone becomes a very attractive target for hackers.
Apart from the fact that the Android platform has claimed more than 72.4% of the smartphone market (source: Gartner November 2012 via Mashable), the Android platform is more open by design with users easily able to obtain apps from sources outside of the Google Play Store by merely changing a setting (as opposed to the iOS platform which requires a much more complex process called ‘Jailbreaking’). While the Play Store does have a malware detection system (named Bouncer), it is possible for apps with malware to slip past.
However, the Android platform has been subjected to various improvements since the release of Android 4.0 Ice Cream Sandwich, which changed the way the OS manages memory to make it harder to exploit memory corruption vulnerabilities, in addition to introducing full disk encryption – allowing devices to perform boot-time encryption and decryption of the application storage area.
In saying this, iOS users aren’t completely safe either. While the amount of malware for iOS is less than that of the Android platform, apps containing malware have previously breached the App Store’s rigid app approval process (e.g. Find and Call). The iOS platform does have the added benefit of running apps in a sandbox, which limits the access that a malicious app has to the rest of the system, in addition to supporting 256-bit, hardware-based encryption for data stored on the device.
[divider_line]
Types of Mobile Malware
In order to protect your mobile device from malware, it is important to understand the types of malware out there and what they do so you can identify if your mobile device is compromised.
Trojan
Hidden within legitimate applications, when activated it allows criminals to gain unauthorized access to a user’s computer or mobile device. Trojanized applications, on the other hand, are legitimate files that were reverse-engineered and adulterated with malicious code.
Familiar to PC users, a Trojan Horse (much like its Ancient Origin) disguises itself as a desirable function or program to persuade users to install them into their device. Once installed, the Trojan Horse can gain remote access to your device.
McAfee noted that it is likely a new Trojan Horse mobile worm will trick users into buying and installing malicious apps without user permission.
Botnet
A Botnet is a collection of malware compromised devices—ranging in size from a few dozen to tens of thousands—whose actions can be coordinated by a command-and-control server. All or part of the botnet can be sold or rented to other criminals for use in spam, identity theft or distributed denial of service attacks.
Spambot
An automated program that harvests personal contact information to send unsolicited email, SMS or social media messages. In some cases, spambots can crack passwords and send its messages directly from a user’s account.
Keylogger
Covertly captures passwords, usernames bank account info, and credit card numbers typed into a device, then transmits the information back to criminals.
Source: The Mobile Malware Problem 2012 Kindsight (Software Security Company)
Ransomware
McAfee predicted in their Threats Report 2012, that in 2013 the amount of Ransomware will increase significantly. Ransomware freezes a user’s phone or tablet, preventing users from accessing their data until they pay a sum of money to the hacker responsible.
Phishing
Phishing email messages are designed to steal your identity. They will usually ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data.
Phishing emails may take a number of forms:
[list style=”list1″ color=”green”]
- They might appear to come from your bank or financial institution, a company you regularly do businesses with or from your social networking site.
- They might appear to be from someone you in your email address book.
- They might ask you to make a phone call. Phone phishing scams direct you to call a phone number where a person or an audio response unit waits to take your account number, personal identification, password, or other valuable personal data.
- They might include official-looking logos and other identifying information taken directly from legitimate websites and they might include convincing details about your personal history that scammers found on your social networking pages.
- They might include links to spoofed websites where you are asked to enter personal information.
[/list]
Sources Of Malware:
Equally important as the types of malware, is knowing the source of malware so you can try and avoid potential malware hotbeds.
Malicious websites:
Malicious websites are a popular method for distributing malware. An update from Google last year revealed that it identifies almost 10,000 new malicious websites every day and serves up millions of daily malware-related warnings to users.
How Malicious websites attack devices:
- First, an existing vulnerability is exploited in a web server and malicious code is injected into the site.
- Then, targets are steered to the infected site through hyperlinks sent to a list of users through email, social networks, or any other means.
- When the target visits the site, the malware is downloaded to their computer or smartphone, where it performs its malicious actions.
Downloading files:
Using insecure networks: Wi-fi bootleggers or hackers can spy on your every move on unsecured networks, which means if you happen to be doing your online banking while using a Wi-Fi network, there is the possibility that someone may be able to procure your banking details.
Malicious Apps:
Seemingly harmless apps can contain malicious code which is activated once the app has been installed on the device, or a certain function of the app is used.
[divider_line]
What does this mean for the enterprise?
Many companies are now embracing BYOD (bring your own device), allowing employees to use their own personal mobile devices to connect to network resources and company data.
For companies with a large fleet of smartphones or tablets, this poses a significant security risk, particularly if users are not taking the necessary precautions when using their smartphone. Unless IT completely locks down devices (which is almost impossible to implement with BYOD devices), users will need to be educated on the risks associated with malware, the sources and what preventative measures to take to increase security on their mobile devices.
With this in mind, we have created a quick guide for end users and IT departments alike, outlining a few simple steps to improving the security of your mobile device, which you can find here.