MALWARE GOES MOBILE
Computer viruses are now airborne, infecting mobile phones in every part of the globe. Security companies, cellular operators and phone makers are moving to quash these threats before they spiral out of control.
As cell phones have evolved into smartphones—able to download programs from the Internet and share software with one another through short-range Bluetooth connections, worldwide multimedia messaging service (MMS) communications and memory cards—the devices’ novel capabilities have created new vulnerabilities.
Mobile service provider NQ Mobile released a study of malware covering 2012, using data gathered from the company’s Security Labs. It found that malware threats in general on mobile platforms grew 163 percent in 2012, totally more than 65,000 identified distinct forms of app repackaging, malicious URLs and SMS phishing (also known as smishing). The attacks were mostly geared towards Android devices, which was the platform of choice for almost 95 percent of threats identified by NQ.
Trends indicate we’ll only see more attacks, and more creative ones, according to NQ. In February 2013, security researchers identified a new type of malware that uses an Android device as a launch platform for infecting a target computer via USB connection, the company said. That remains limited to only a few identified infected handsets, but it’s a troubling attack vector that could pose plenty of problems down the road if it becomes more sophisticated. In a release, NQ Mobile co-CEO Omar Khans said that what’s needed is a system that can detect threats in advance of infection and prevent them, something which so far hasn’t really been widely available.
NQ Mobile’s report found that more than 32.8 million Android devices were infected over the course of 2012, up more than 200 percent from 2011. Of course, the general Android device population grew massively over the course of the year – a recent ABI Research study indicates that there will be over 798 million active Android devices by the end of the year, compared to around 300 million as of early in 2012. And the U.S., despite having a large chunk of the overall user population, is actually further down the list in terms of target countries, with just 9.8 percent of infected devices, compared to 25.5 percent in China, 19.4 percent in India and 17.9 percent in Russia.
“Smartphones could in the very near future make up most of the world’s computers.”
Mobile malware infections are likely to continue to rise as it takes over popularity from PCs as a way for users to connect, and there’s little that can be done about that save ensuring that users take the same precautions on mobile that they would on those platforms. The problem may be more complicated on mobile operating systems, however, due to fragmentation, which NQ says contributes to weaker security for users running older versions of Android like Gingerbread. App sideloading and a user population that’s skewing younger every year is also contributing to a rise in potential security risks, the company says.
NQ’s data indicates that Android is a big risk for malware, but iOS has also recently come under fire for free apps that leak more personal data than on other platforms. Overall, mobile security is likely to be a growing concern, and one that could potentially become more complicated as the pace of improvements to mobile tech increases and our usage of those devices grows higher still. For now, common sense is probably the best defense against security threats, but a more unified Android platform would help to limit malware problems as well as significantly improve developers’ lives.
“Out of the world’s estimated 7 billion people, 6 billion have access to mobile phones”.
MORE PHONES, MORE TARGETS
The number of smart mobile devices in the world has expanded dramatically in recent years, and so has the amount of malware set loose to attack them. That mix is a recipe for disaster: as the size of a target audience increases, so, too, does the likelihood that miscreant programmers will attack it. And audience size is expected to soar in the years ahead. Industry analysts predict that there will be more than 400 million smartphone users, till the end of 2013.
Symantec report says “Small and nascent Issue”.
Players at the other end regards this “Mobile malware” a small and nascent issue, especially when compared to the scale of threats crowding around desktop OSes, but the threat that is out there continues to mostly affect Google’s Android platform. This despite Apple’s iOS technically having more vulnerabilities, according to a new report by security software firm Symantec. The difference in threat level is a natural consequence of the two differing mobile ecosystem approaches: Apple’s walled garden vs Android’s open playground.
Symantec identified just 108 new unique threats to all mobile platforms in 2012, 103 of which targeted the Android platform vs one targeting iOS. Symbian was second after Android, with three unique threats identified, while Windows Mobile had one. But when looking at platform vulnerabilities Symantec said there were 387 documented vulnerabilities for iOS vs just 13 for Android. Elsewhere, BlackBerry also had 13, and Windows Mobile had two.
Symantec’s report notes:
Today, mobile vulnerabilities have little or no correlation to mobile malware. In fact, while Apple’s iOS had the most documented vulnerabilities in 2012, there was only one threat created for the platform. Compare this to the Android OS; although only thirteen vulnerabilities were reported, it led all mobile operating systems in the amount of malware written for the platform. Vulnerabilities likely will become a factor in mobile malware, but today Android’s market share, the openness of the platform, and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors.
The root cause of the (small) threat level for Android is typically downloads from third party app stores (i.e. not Google Play) or users directly side-loading apps — something the Android platform allows, via a user-enabled setting, while iOS users wanting to sideload apps or use third party app stores have to jailbreak their device. It’s that open vs closed approach that explains the differing threat level, says Symantec, noting: “Android users are vulnerable to a whole host of threats; however, very few have utilized vulnerabilities to spread threats.”
Symantec does flag up one example in its report of “rogue software masquerading as popular games on the Google Play market, having bypassed Google’s automated screening process” last year. But clearly the vast majority of Android malware lands on devices via the unofficial routes cited above.
In terms of location, Android threats are “more commonly” found in Eastern Europe and Asia, according to the report. China has a thriving market of Android-based devices that dispense with Google’s Play store, which likely explains some of the Asian distribution of Android threats.
Another security issue affecting Android is platform fragmentation, with multiple older versions of the OS potentially creating a risk, says Symantec, along with carrier additions and Android skins — since these can delay the progress of OS updates. So while Google has made changes to Android 4.x to help bolster security, the vast majority of users (circa 90% last year) are stuck using older versions of the platform.
Symantec notes security-focused tweaks made by Google in Android 4.x include adding a feature to allow users to block any particular app from pushing notifications into the status bar (to combat adware); and in Android 4.2 adding a feature to prompt the user to confirm sending a premium text (to combat premium SMS threats).
The report adds:
…at around 10 percent market penetration at the end of 2012, Android 4.2 devices account only for a small percentage of the total devices out there. The Android ecosystem makes it harder to keep everyone up to date…
For most exploits in the OS, Google released quick fixes; however, users still had long waits before they received the fix from their network operators. Some exploits are not in the original OS itself but in the custom modifications made by manufacturers, such as the exploit for Samsung models that appeared in 2012. Samsung was quick to fix it, but the fix still had to propagate through network operators to reach users.
As you’d expect, Symantec is predicting continued growth in levels of mobile malware this year, as tablet and smartphone use continues to grow and attract more malware writers. Specifically it is expecting to see “ransomware and drive-by website infections on these new platforms in the coming year”.
Security companies been charting ‘rising levels of mobile malware’ for years but overall relative threat levels remain low. Still, Symantec said 2012 saw a 58 per cent increase in mobile malware vs 2011, and said the year’s total accounts for 59 per cent of all mobile malware discovered to-date — so while the threat is still small it is now more than doubling year-on-year.
Here’s Symantec’s breakdown of the types of mobile threat it identified last year, with information theft being the most common threat. Add in user tracking and more than fifty per cent of the mobile malware identified was trying to steal user info or track their movements:
Forbes covered a McAfee report that claimed it had identified 36,699 pieces of mobile malware, 95% of which cropped up last year — a hugely higher figure compared to Symantec’s figure of 108 new unique threats. In its report, Symantec says its figure is smaller than “other estimates on the scope of the mobile threat landscape” owing to other companies’ estimates counting overall threats (rather than new unique threats).
Many estimates are larger because they provide a count of overall variants, as opposed to new, unique threats. While many of these variants simply undergone minor changes in an attempt to avoid antivirus scanners detecting them, Symantec counted at least 3,906 different mobile variants for the year.
But even Symantec’s variant figure — 3,906 — is orders of magnitude smaller than McAfee’s count. Differing approaches to counting malware variants and threats presumably explains the discrepancy. We’ve reached out to Symantec to ask what specifically it includes in its mobile malware count and will update this story with any response.
Another report into mobile malware, conducted by mobile security software provider NQ Mobile, apparently identified more than 65,000 distinct forms of mobile malware, such as app repackaging, malicious URLs and SMS phishing.
■ The first malicious software aimed at smartphones hit in 2004.
Smartphones are mobile phones that permit users to install software applications from sources other than the cellular network operator.
■ Today more than 300 kinds of malware—among them worms, Trojan horses, other viruses and spyware—have been unleashed against the devices.
■ As sales of such sophisticated phones soar worldwide, the stage is being set for the massive spread of malware. Steps are being taken to prevent that scenario, but the opportunity to block the onslaught is unlikely to last long.
Staying a Step Ahead
Mobile malware, though little more than a nuisance today, could quickly escalate into an even more formidable problem than PC malware in the years ahead unless the security community, cellular network operators, smartphone designers and phone users all work together to hold it in check. The history of PC malware is humbling, but it offers lessons that will help us to anticipate some of the ways in which mobile virus writers will strike next and to take steps to thwart them.
t h e o n ly h op e of stopping mobile malware before it seriously degrades the utility and value of smartphones is quick and concerted action on the part of all concerned. Antivirus software now available from many companies can immunize and disinfect smartphones. Yet few customers have installed such protection.
That needs to change. Phones should also incorporate firewall software that warns the user when a program on the phone seizes the initiative to open an Internet connection. This is an especially important form of protection for smartphones that can connect to Wi-Fi networks and thus directly to the public Internet.
Many cellular companies aggressively filter traffic on the GPRS or UMTS data networks that their mobile devices use; open Wi-Fi networks have no such protection. And while some carriers already filter their MMS streams to remove messages bearing malicious attachments, all should do so.
Some of the biggest phone manufacturers have joined the Trusted Computing Group, which has been hammering out industry standards for microcircuitry inside phones that will make it harder for malware to get at sensitive data in the device’s memory or to hijack its payment mechanisms. And Symbian recently released a new version of its operating system that does an improved job of protecting key files and that requires software authors to obtain digital certificates from the company. The new Symbian system refuses to install programs not accompanied by a certificate. Unless disabled by a user, the system effectively excludes all mobile malware discovered to date.
“Computers do not have a built-in billing system;
Mobile phones do.
The bad guys will exploit this feature before long.”
Governments could also play a more constructive role than they have so far. Even though most countries have passed laws against hacking both ordinary computers and the computers inside cell phones, enforcement is lax or nonexistent in most of the world. Many of the nations hit hardest so far by mobile malware outbreaks, such as Malaysia, Indonesia and the Philippines, do not always collect reliable and timely statistics that could be helpful for tracking software crimes.
But sincere efforts..
Security companies of course have a vested interest in hyping malware threats, since they are in the business of selling security software, so it’s worth taking the highest figures with a big pinch of salt.
- Malware Attacks Growing, Getting Smarter, Targeting Android: Report (eweek.com)
- Android infections tripled in 2012, “Bill Shocker” costliest mobile malware ever (fitcom.co)
Along with thanks and compliments to the sources for the shared data
Creative Commons Copyright © Shanepedia 2012