According to new research from Damballa Inc., you're about as likely to download mobile malware as you are to be...
struck by lightning; that is, you have less than a 0.01% chance of experiencing either.
The Atlanta-based threat prevention company surveyed 50% of North American mobile data and found that the mobile malware threat is not as severe as infosec communities may let on. Over the course of two years, Damballa researchers observed a total of 2,762,453 unique hosts that were contacted by mobile devices.
Damballa compiled a blacklist from three disparate sources: a collection of mobile malware samples that the company had collected; malware domains from an undisclosed third-party security vendor; and domains of malware reports for mobile devices from other sources. They found only 0.0077% of mobile devices contacting this mobile blacklist.
Like Ebola, deadly but rare
"This research shows that mobile malware in the United States is very much like Ebola -- harmful, but greatly overexaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection," wrote Charles Lever, scientific researcher at Damballa, in a press release. "For a majority of the population, by simply staying within the authorized app stores for their respective devices, they will drastically reduce the risk of being infected with mobile malware."
Mobile malware has been more of an issue in countries that enforce strict censorship laws -- such as in China, where the jailbreaking rate is 13%. Jailbreaking phones is legal in the U.S. but a lot less common.
"If you root, or unlock or jailbreak your phone, that basically removes the barrier in your iPhone from only allowing software that comes through the App Store to run on your phone," Brian Foster, CTO of Damballa, said. "But if you jailbreak your phone, it's kind of your own fault and you kind of get what you deserve, in my opinion."
Damballa research did not make a distinction in their network traffic analysis between jailbroken phones or those using only the applicable Apple and Google stores. Foster noted that the percentage of jailbroken phones in the U.S. is likely very small.
"Our data is U.S.-based only, and in the U.S. your apps are very controlled by the app stores: Google and Apple," Foster said. "I think those app stores do a very good job of controlling and keeping bad apps from running on your phone."
Foster was quick to point out that mobile malware not being a problem did not necessarily mean the platform was foolproof. Although PCs are more likely to get infected, phones are more likely to be lost and the data on them forfeited to malicious actors. Phishing is also a significant threat in mobile.
"You can as easily get phished on your mobile phone as you can on your PC," Foster said. "Phishing could lead to malware, or it could lead to getting you to log into a fake Facebook website and steal your Facebook credentials. We would not see that phishing email being sent."
Damballa would see, however, if a phishing email redirected the user to a blacklisted site. Damballa uses a third-party blacklist site to judge such sites, but it has also compiled a blacklist of its own through a machine learning process.
"A blacklist is basically a list of domain names and IP addresses that are known [to be] bad ," Foster said. "If you see someone going to that domain or that IP address, then you know they're going to a bad place, for whatever reason."
Damballa has analyzed numbers for this, too.
"We saw about a billion look-ups for domains that were [not mobile-specific] threats; talking specifically about mobile blacklist, there were about 2,000," Lever told SearchSecurity. "And the percentage of all traffic that we saw -- good traffic and bad traffic -- the combination of all different types of malware is about 1%."