Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection | post

Android smartphones under malware attack in unprecedented numbers

by Steve Schwartz on

Previously I blogged as to why it is a good idea to password protect your iPhone. Moreover, I quoted the experts who recommend that you do not simply use the four digit default password that is easy to set on an iPhone, by rather the longer "complex" password that can be set with a little effort. I detailed how you can go about setting this more complex (longer than four digits or characters) password.

I don't want you to get the idea that iPhones are particularly susceptible to being hacked. The other major smartphone platform - Android - to quote the experts – is the smartphone platform most under attack by hackers using malware.

Let me repeat some of the percentages of smartphones in use. There are more Android based smartphones in use in the U.S. that Apple IOs based phones. According to the latest figures from the Comscore Mobilelens Study, today 52.3 percent of the smartphones in use here are Android, 37.8 percent are Apple.

Currently it is Android based smartphones that are mainly under attack. The malware targeting of mobile devices is rapidly growing in both complexity and sophistication. The level of attack on Android phones is similar to the level of attack on Windows on the desktop PC in the XP days.

F-Secure Labs’ Mobile Threat Report for the latest quarter shows Android malware now accounts for 136 out of 149 known threats, or 91.3 percent of all malware activity (up from 79 percent in 2012).

Veracode, a company that makes a highly regarded test platform for Android applications, lists the three biggest hacking threats to an Android smartphone:

• Data in transit: Android devices and mobile devices in general are especially susceptible because they use wireless communications exclusively and often public WiFi, which can be insecure. An attack that is used frequently by hackers is a man-in-the-middle attack where an attacker breaks into the device and redirects data to exploit the resources on it before forwarding it to the original destination. This method allows the hacker to spy on Internet browsing activity, steal keystrokes to identify passwords and isolate the individual’s physical location, along with potentially listening to calls and intercepting texts.
• Third party apps: In a recent study, 57 percent of malicious apps in the Android marketplace were found in third party app stores.
• SMS Trojans: By including premium dialing functionality into a Trojan app an attacker can run up the victim's phone bill and get the mobile carriers to collect and distribute the money to them. Another malicious usage of SMS involves using an infected device to send out SMS text messages to all contacts in the address book with a link to trick the recipients into downloading and installing the worm, thereby infecting many devices at one time.
If all this wasn't bad enough there is more bad news coming out of the computer labs.

There are quite a few anti-malware software programs that are available for download; some free, some at a moderate cost. But researchers at Northwestern University and North Carolina State University have looked at the ten most popular of these programs and have determined that hackers can defeat them if they alter their hacking programs using what the researchers call evasion techniques.

I will not try to explain "polymorphism as a common obfuscation technique," or "transformation attacks," but suffice it to say it is a way of altering malware programs to bypass anti-malware defenses.

The researchers conclude that "It is thus imperative for mobile security systems to have good defenses against polymorphic strains."

All this is not to say if you or your kids are using an Android smartphone you are defenseless. In my next blog I will outline what you and they should be doing until technology from the good guys catches up with that from the bad guys.