Control Compliance Suite

 View Only

The Mushrooming of Mobile Malware 

Jun 12, 2014 03:04 PM

Mobile workforces and BYOD have brought smartphone security to the forefront for enterprises and consumers alike. Due to Android’s widespread adoption and open environment, most of security the conversation has, understandably, centered on these devices. But our latest Symantec Internet Security Threat Report reveals that mobile security is a nuanced and varied problem that potentially affects users on all devices.

Smartphones users are very familiar and comfortable with the idea of downloading software applications (apps) on their devices and the majority often visit app marketplaces for easy and quick downloads. Compared to PCs, there has never been such a simplified software marketplace quite like the app markets of today, and cybercriminals have taken advantage of this with malicious apps.

Although mobile malware isn’t a new phenomenon, it really took off with the adoption of the Android platform. This is likely for two reasons: Android’s market dominance and its open platform.

According to the IDC Worldwide Mobile Phone Tracker, Android owned nearly 79 percent of the mobile operating system global market share in 2013. Savvy hackers have thus chosen to invest in attacks for Android, which are likely to yield the highest gains. Beyond its popularity, when Android gave smartphone users the freedom to create and install software from outside Google’s official marketplace, it also opened the doors to malware authors – who have used the marketplace as a vehicle to distribute their malicious apps.

In 2013, mobile malware seemed almost exclusively focused on the Android platform, in fact, only one new family was discovered outside this operating system. In addition, we found another risk to the Android landscape that grew in 2013. Mobile adware or “madware” is a new aggressive form of mobile advertising that displays ads throughout the user interface or suggests users install other apps. Besides being a nuisance, the threat isn’t well understood but it is prevalent and appears to be growing. In October of 2013, 65 ad libraries were identified. This number increased to 88 ad libraries by the end of 2013.

mobilemalware.pngSo does this mean that the Android platform is less secure than iOS?

Simply put, no, it doesn’t. Android’s large marketplace makes it a bigger target, and cybercriminals have for the most part avoided Apple’s products to focus on exploits for the more open Google Android platform. We found, however, in this year’s ISTR that iOS actually exhibits more vulnerabilities than any other system. In fact, 82 percent of mobile vulnerabilities were documented on the Apple iOS platform, compared to 13 percent on the Android platform.

Now we can see from the limited number of threats for iOS apps that a high number of vulnerabilities for a mobile operating system does not necessarily lead to malware that exploits those vulnerabilities. Rather, the more important lesson here is that in a world of growing mobile threats these vulnerabilities leave room for more types of attacks aimed at Apple devices in the future.

A further concern for Apple device security is the closed nature of Apple’s ecosystem, which makes it next to impossible for security providers to make third-party options to protect enterprises and consumers. Apple device security is handled exclusively by Apple so users have to rely completely on Apple for protection. On the other hand, there are numerous security products for Android, both paid and free, that can help consumers and enterprises protect their devices.

Overall it appears that the mobile threat landscape is still very much under development. Attackers are researching what they can do on Android and the iOS system and creating attacks that are getting more sophisticated. Although, most enterprises and consumers have baseline security for their PCs, many less have them on mobile. Since smartphones and other mobile devices have become many users’ primary computing device it’s essential that we seek out and develop better mobile security options. We hope to see continued research to make sure these threats are addressed and don’t become a liability for businesses and customers.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.