News Stay informed about the latest enterprise technology news and product updates.

Mobile malware is not a serious threat, Damballa shows

An Atlanta-based threat prevention company says the chances of acquiring mobile malware infection are as slim as the chance of being struck by lightning.

According to new research from Damballa Inc., you're about as likely to download mobile malware as you are to be...

struck by lightning; that is, you have less than a 0.01% chance of experiencing either.

The Atlanta-based threat prevention company surveyed 50% of North American mobile data and found that the mobile malware threat is not as severe as infosec communities may let on. Over the course of two years, Damballa researchers observed a total of 2,762,453 unique hosts that were contacted by mobile devices.

Damballa compiled a blacklist from three disparate sources: a collection of mobile malware samples that the company had collected; malware domains from an undisclosed third-party security vendor; and domains of malware reports for mobile devices from other sources. They found only 0.0077% of mobile devices contacting this mobile blacklist.

Like Ebola, deadly but rare

"This research shows that mobile malware in the United States is very much like Ebola -- harmful, but greatly overexaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection," wrote Charles Lever, scientific researcher at Damballa, in a press release. "For a majority of the population, by simply staying within the authorized app stores for their respective devices, they will drastically reduce the risk of being infected with mobile malware."

Mobile malware has been more of an issue in countries that enforce strict censorship laws -- such as in China, where the jailbreaking rate is 13%. Jailbreaking phones is legal in the U.S. but a lot less common.

"If you root, or unlock or jailbreak your phone, that basically removes the barrier in your iPhone from only allowing software that comes through the App Store to run on your phone," Brian Foster, CTO of Damballa, said. "But if you jailbreak your phone, it's kind of your own fault and you kind of get what you deserve, in my opinion."

Damballa research did not make a distinction in their network traffic analysis between jailbroken phones or those using only the applicable Apple and Google stores. Foster noted that the percentage of jailbroken phones in the U.S. is likely very small.

"Our data is U.S.-based only, and in the U.S. your apps are very controlled by the app stores: Google and Apple," Foster said. "I think those app stores do a very good job of controlling and keeping bad apps from running on your phone."

Risks remain

Foster was quick to point out that mobile malware not being a problem did not necessarily mean the platform was foolproof. Although PCs are more likely to get infected, phones are more likely to be lost and the data on them forfeited to malicious actors. Phishing is also a significant threat in mobile.

"You can as easily get phished on your mobile phone as you can on your PC," Foster said. "Phishing could lead to malware, or it could lead to getting you to log into a fake Facebook website and steal your Facebook credentials. We would not see that phishing email being sent."

Damballa would see, however, if a phishing email redirected the user to a blacklisted site. Damballa uses a third-party blacklist site to judge such sites, but it has also compiled a blacklist of its own through a machine learning process.

"A blacklist is basically a list of domain names and IP addresses that are known [to be] bad ," Foster said. "If you see someone going to that domain or that IP address, then you know they're going to a bad place, for whatever reason."

Damballa has analyzed numbers for this, too.

"We saw about a billion look-ups for domains that were [not mobile-specific] threats; talking specifically about mobile blacklist, there were about 2,000," Lever told SearchSecurity. "And the percentage of all traffic that we saw -- good traffic and bad traffic -- the combination of all different types of malware is about 1%."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I don’t think it’s that surprising that the issue is mostly limited to a small part of the population that engages in behavior that puts them at risk for infection. It’s very similar to saying someone is less likely to get in a bar fight if they don’t go to a bar. A fight may sometimes move out into the street and affect passersby, but that’s the exception, not the norm. Those that do choose to go the bar are typically aware of the risks, and accept them. I think the same is true of people that root their devices.
Cancel
I agree with mcorum, not surprising at all, but I think malware could very easily get out of hand if people become complacent.

I don't think that rooting or jail breaking is the entirety of the problem either.
Cancel
Not knowing is a big part. When you are looking to download an app and it asks for permission for things that do not apply to it, I will not continue the install. If I am looking at a game app, they do not need access to a lot of things they are asking permission for. I think that is another way to get infected. 
Cancel
For me, the notifications and permissions it asks for tell me a lot about what it might be used for. Additionally, I tend to not jump on a lot of exotic apps unless I'm deliberately doing mobile testing and want to get a variety of apps for a specific purpose. On my own everyday personal device, I'm pretty choosy, and don't load very many apps.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close