lolloj - Fotolia

Manage Learn to apply best practices and optimize your operations.

How to prevent preinstalled malware on mobile devices

Preinstalled malware has become a major mobile security risk. Expert Nick Lewis explains how to detect malicious apps and defend against them.

Preinstalled malware is reportedly putting a number of new mobile devices at risk. Why is this happening and what is the best way to detect if these applications are malicious, and to prevent this mobile security risk?

The supply chain is more fragile than most people expect. It shouldn't be a surprise that the NSA was able to use vulnerabilities in the supply chain to set up "load stations" that installed malware onto devices prior to them arriving to their intended recipient. Nor should it be surprising that more general attacks occur, for example, when Android smartphones are found to contain a malicious app disguised as Netflix. Many other devices have also been found with preinstalled malware, including digital picture frames, Sony DVDs and so on. In all of these scenarios, people wrongly assumed their devices were secure when they were delivered from the manufacturer.

While the supply chain itself in most of these instances was probably not the target, these attacks do show that malware infections can be caused by insecure practices in the development and manufacturing process. The most likely scenario in these cases is that one of the devices used in the manufacturing of the equipment was infected with malware that was then copied to all the devices made on that piece of equipment. It's likely the device neither had antimalware software installed on it, nor was checked for malware before leaving the manufacturing facility. To remedy this, manufacturers should use antimalware software during manufacturing processes and also closely vet any software prior to installing it on their devices.

Enterprises can protect against devices infected with preinstalled malware by plugging the new devices into a known secure system prior to giving them to an employee and checking them for malware using standard antimalware on the file system. However, this might be unrealistic given the volume and time it would take to do these checks. Another option would be to check one of each new device type for malware before giving them to end users. This would be more reasonable, as it would lessen the scope of devices to be tested. Employees that use their own devices should make sure their systems are set up to check any new devices with file storage for malware when connecting them to a corporate network. Additionally, it would be a good defense-in-depth strategy to not assume any device is secure prior to connecting it to an enterprise asset or network -- always check every potential vulnerability prior to letting it on the network.

Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)

This was last published in October 2014

Dig Deeper on Malware, virus, Trojan and spyware protection and removal