Overview of Smartphones and Malwares

Mobile devices/Smart Phones are used everywhere, so does it presents  an attractive target to cyber-criminals. Presumably attackers deduce that a smartphones contain a vast amount of personal and confidential information and can be used to perform all kinds of online transactions -so more & more malwares are developed targeting it. If you are more concerned with your PC security so should be  a  common smartphone . In the sense, they will cross over the   vulnerability factor as compared to  PCs  since the communication channels in smartphones like  SMS, Bluetooth, WiFi, Web browsers, applications and email  are easily prone to malware — these aspects lead to a proliferation of malicious code targeting these platforms. Overall the  ‘modus operandi‘ adopted by cyber-criminals has totally changed over years.

                                                                                                                                                                         

Before taking ahead of our discussion to Common Targeted Malware platforms and security factors, let’s figure what makes a Smartphone platform attracted to cybercriminals/Malware Distributors.

Cell phones as a new method of payment: It’s almost accepted fact that a lot of progress is being made in this field  with the technology like  NFC (Near Field Communication) chip. NFC is a wireless communication technology which enables the exchange of data between devices over a distance of about 5-10 centimetres. NFC can be used to make payments, transfer information, etc. Recent introduction of Google Wallets proves that.
Online banking applications  Trends: An increasing number of banks are now offering for cell phones the apps to trade over with bank transactions.This is one of the major factor why attackers target smartphone platforms.

Smartphones/Mobile Devices transformed more than what is it basically for:It’s almost a fact that Smartphones are becoming more smarter than it’s basic needs, Variable Apps, Gaming , Entertain , Interactive makes it more usable and popular there by increasing  malware intentional development  packages .Moreover those smartphone  platform’s with  open nature makes it more attractive to cybercriminals than many other mobile operating systems.

User tracking via GPS: Most  cell phones  in recent years over world incorporate GPS technology to  it. And this  would be trivial/loophole for attackers to create a program that checked the GPS system periodically and sent the phone location to an attackers‘ Web server there by  track the users movements.
Cell phones can connect to WiFi networks: As easy to deduce why the criminals could create mobile worms that scanned all devices connected to a WiFi network and exploited their vulnerabilities in order to transmit malicious code to other systems such as PCs via smartphones.

Advanced social-engineering attacks: Some of the malware strains mentioned in this report can manipulate the targeted user‘s phone book, which is extremely useful to launch targeted social engineering attacks, change a contact‘s information for impersonation purposes, etc..

Now if you think we are just hype/exaggerating on Smartphone malware and other sorts of attacks , no we are not. In fact experts predict it .Here is the reports from major web security vendors.

According to IBM’s X-Force 2011 mid-year trend and risk report, Malware targeting mobile devices is on the rise and is raising new security concerns for IT departments.

Recent research from G Data Security Labs found malware for smartphones and tablets was up 273% in the first half of 2011, compared with the same period in 2010.
Recently, ReadWriteWeb reported that the German government issued a warning: Some versions of the Apple iOS mobile operating system are vulnerable to malicious code contained in PDF files.

McAfee  reports that Google’s Android has seen an increase of 76% in the number of malware threats compared to the first quarter.53% of mobile users say they are unaware of security software for smartphones.

Sources by which malware gets to your mobile device.

  • Phishing — a fake version of a real site gathers your login and other information.
  • App Stores — Copies of legit apps are infected with malicious code and placed in official app stores.
  • 3rd Party Online Application Repositories — Unofficial websites where users can freely download applications.
  • Spyware — Silently collects information and sends it to eavesdroppers.
  • Exploiting — Malware that exploits mobile platform vulnerabilities to gain control of device
  • Worm — Program which replicates itself and is spread throughout a network.
  • Man-In-The-Middle Attacks — The malware/attacker is the proxy and intercepts information relayed between a server and mobile device.
  • Trojan — A “legitimate” looking program that is malicious.
  • Wi-Fi Snooping – Occurs when you connect to a public network and the malware/attacker “watches” and access your information.
  • Direct Contact — Files and viruses sent to your device, SMS text messages and Bluetooth connections.

Now all those major experts concern on Smartphone platform warnings shows the necessity indeed a user should take care of their favorite devices.Coming to various smartphone platforms , let’s check how they are subjected to these vulnerabilities.

iPhone
Malware is more commonly found on iPhones that have been jailbroken.”Jail breaking” means freeing a phone from the limitations imposed by the  provider and in this case, Apple.so that they can install unapproved software or reconfigure the operating system. Users install a software application on their computer, and then transfer it to their iPhone, where it “breaks open” the iPhone’s file system, allowing you to modify it.By jailbreaking a phone, users are possibly allowing malicious applications into their device which has access to their personal information .A Jailbroken iPhone is initially unsafe if you also install a SSH client and don’t change the password.
Windows Mobile
In case of Windows Mobile  it speeds up malware via SMS. Mostly the amount of SMS malware found on Windows Mobile devices is much higher in comparison to others. Research [Pew research center for mobile security]suggests that Symbian and Microsoft mobiles are targets of the worst malware.
Blackberry
Mainly prone to Spyware applications.However research suggest that Research In Motion [RIM], the developers of BlackBerry have done an excellent job of keeping the sensitive inner workings of this smartphone a secret from the public. This is a vital factor for the relatively small number of reliable exploits for the BlackBerry smartphone.
Symbian
Similar to Windows Mobile, the most attracted platforms for Malware developers.Although it is the oldest of the smartphones and one of the most popular outside of U.S
Android
As we know that it’s the speedy grown Mobile OS [Since under Google]and that’s why it’s more Prone.Reserach shows that More than 80 infected apps had been removed from the official Android Market by June 2011.n 2010 malicious Zeus banking Trojan hits Blackberry and in 2011, was modified to target Android phones.Malware for Android skyrocketed 400% in 6 months. (June 2010 to Jan 2011).According to McAfee reports Android malware shot up 76 percent in the second quarter, overtaking Nokia’s Symbian to become the most attacked mobile operating system in the world. And so far Android malware is becoming as sophisticated as PC-based threats, taking advantage of exploits, employing botnet, and using rootkits
Now it’s almost clear as sky that every popular Smartphones platforms is in love with Malware developers.Now what’s are the security Measures?Obviously we are n’t an expert to suggest the effective line of control for these issues, rather only suggest expert talks.Here are few security measures
Awareness among Users [smartphone is far more than just a phone and cannot be treated ease] : To begin with , the best suggestion is to avoid the lack of security awareness among cell phone users and their carelessness are the two most important risk factors for smartphones in the short-term.

  • Ensure OS and software are up to date at all times.Obtain Security Softwares and related measures.
  • Enable access protection measures such as a PIN or password (if possible). 
  • Configure the smartphone to automatically lock after a minute or so being idle. 
  • Before installing or using new smartphone apps or services, check their reputation. Only install applications from trusted sources.
  • Pay attention to the security permissions requested by every application and service you install. Don’t try always pressing ‘OK’ button.
  • Disable features if not in use: Bluetooth, infrared or Wi-Fi. If  you have Bluetooth enabled, set your device to be hidden and password-protect it.  
  • Make regular backup copies of your important files and contacts .
  • Encrypt sensitive information whenever possible.Try to Use call and SMS encryption software. 
  • Whenever possible, do not store sensitive information on the smartphone. Make sure it is not cached locally. 
  • Erase all information from the smartphone once you get rid of it. 
  • In the event your phone is lost or stolen, inform your service provider and give them your device‘s IMEI number to block it. 
  • You can also use remote or automatic deletion of data (after several failed login attempts).    
  • Monitor the smartphone for anomaly detection. 
  • Check your account activity [banks, emails] frequently to detect fraud. 
  • Take all necessary precautions when opening email messages, SMS attachments or clicking links. (Remember that this was one of the entry points of the famous ” Zeus-Mitmo”). Be wary of any files, links or numbers received from unsolicited email or SMS messages.  
  • Overall Avoid using untrusted WiFi networks.  

Check out this Infography too .

Advertisements

About Technology Timely

Aimed on updated tech news

Posted on October 8, 2011, in Hardware, Security, Tips'n'Tricks. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: