The rising use of smartphones is gaining the attention of cybercriminals, according to a new study by Juniper Networks Inc., which tracked a sharp increase in Google Android phone malware in 2010 as a result of the platform’s success.
There are many different application layers on a phone and that means there are many opportunities.
Don Bailey, senior security consultant, ISEC Partners
According to the Juniper study, which analyzed malware detected on its customer devices in 2010, smartphone spyware accounted for 61% of all mobile customer infections and 100% of all infections for Android devices. The report, issued Wednesday by the Juniper Networks Global Threat Center, also documented a 400% increase in Android malware, as well as highly targeted Wi-Fi attacks.
Juniper called the rise in Android phone malware a result of a “perfect storm.” Individuals took advantage of Android’s security model and open ecosystem as well as a user base that is largely “unaware, disinterested or uneducated” in mobile security.
While mobile malware is rising, experts point out that it still accounts for less than 1% of all malware detected globally. The Verizon Data Breach Investigations Report, which was issued in April, noted that mobile devices are rarely the source of data loss across the Verizon caseload. But the company said it expected threats to mobile devices to increase and diversify. In a recent interview with SearchSecurity.com, Denis Maslennikov, senior malware analyst on Kaspersky Lab's global research and analysis team, predicts cybercriminals will find mobile devices a lucrative attack vector in the near future.
A spate of Android attacks in 2010 leaked sensitive data from Android handsets, according to the Juniper report. A bank phishing application sent data to an unknown location and the first mobile botnet was formed when SD cards preloaded with the Mariposa botnet were shipped by mobile service provider Vodafone.
In many ways, attack vectors for smartphones and other mobile devices are still emerging, said Don Bailey, a senior security consultant at ISEC Partners, in a recent interview with SearchSecurity.com. For example, near field communications (NFC), a technology that could support payment applications on handheld devices, poses a new threat.
“It gives an attacker a lot more reason to develop malware,” Bailey said. “There are many different application layers on a phone and that means there are many opportunities.”
Bailey said a lack of standards across device and platform makers and closed ecosystems make it more difficult for security software to gain visibility into processes on a device. The result is very few options available for people to protect their devices today, he said.
The RIM Blackberry and Apple iOS operating systems, which are known for having locked down environments, are also not immune to malware. Though malware is detected in fewer numbers, Juniper said it has identified a number of spyware applications that monitor device communications and can be remotely controlled by the attacker. In addition to listening to conversations, the spyware can monitor email and text messages. “Flexispy2, Mobile spy3 and Mobistealth4, are very effective at concealing both their presence and actions from the user,” Juniper said in its report.
The Apple iPhone suffers from little known malware, Juniper said. The threat of mobile malware is higher in Cydia applications associated with jailbroken devices. “Applications exist to obtain user data and clandestinely transmit this information outside of the device,” the company said in its report.
Juniper’s study supports the relationship between platform market share and mobile malware. Devices running the Symbian platform, one of the oldest and widely used mobile operating systems, are the most targeted by attackers. Malware affecting Symbian devices make up 77% of the virus definitions found in Juniper’s Junos pulse Mobile security suite’s database.
Attackers are using SMS Trojans that send SMS messages to premium rate numbers without the user’s knowledge. In addition, Juniper found background calling applications that charge victims for exorbitant long-distance calls. There are also keylogging applications and worm-like malware that infects devices and spreads to additional phones in the victim’s address book.
Increasing Wi-Fi threats
Juniper is also warning that an increase in use of Wi-Fi enabled devices could result in more man-in-the-middle attacks, a common attack technique that can be used on open public Wi-Fi hotspots.
A successful attack can enable a person to log all of the information relayed between the user and the website they are visiting. More sophisticated attacks can even read unencrypted email messages and take over a user’s browsing session without the victim’s knowledge. A Firefox browser plug-in, Firesheep, automated the process of snooping in on user browsing sessions.