TECH REPORT: Smartphones a target for attacks
By Mona Mattei
With a growing population of smartphones on the market and in use, it’s natural that security issues would start to pop-up on their systems. What took years to happen in the internet / personal computer (PC) evolution is taking mere months, says Lookout Mobile Security in their 2011 report on mobile security. Mobile devices are the fastest growing consumer technology, with worldwide unit sales expected to increase from 300 million in 2010, to 650 million in 2012. Mobile applications are likewise booming. In June 2011, for the first time ever people on average spent more time using mobile applications (81 minutes) than browsing the mobile web (74 minutes), explained Lookout’s report. “While once limited to simple voice communication, the smartphones now enable us to also send text messages, access email, browse the Web, and even perform financial transactions. Even more significant, apps are turning the mobile device into a general-purpose computing platform. In just three short years since introducing the iPhone SDK in 2008, Apple boasts over 425,000 apps available for iOS devices. Seeing similarly explosive growth, the Android Market now contains over 200,000 apps after only a short period of time. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware, for example, is clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Recently over 250,000 Android users were compromised in an unprecedented mobile attack when they downloaded malicious software disguised as legitimate applications from the Android Market.” Along with the increasing popularity of smartphones, using your phone for financial transactions is growing exponentially. Lookout says that the value of mobile payment transactions is projected to reach almost $630 billion by 2014, up from $170 billion in 2010. Many vendors, banks, and content providers are developing ways of enabling payments via your phone, including credit card companies whose efforts will culminate in your “mobile wallet.” The Google Wallet ran field tests in New York and San Francisco this year. The Wallet allows people with special phones pay for goods in retail shops by just tapping the phones against a payment terminal. The Google Wallet initially supports Mastercard credit cards from Citi and users can pay for goods at 120,000 U.S. shops. But beware; mobile payments create an attractive target for attackers. So now what? As the frequency of mobile threats increase, people can take measures to stay safe while using their smartphones, says Lookout. Here are some of their hints:
- Only download apps from trusted sources, such as reputable app stores and download sites. Remember to look at the developer name, reviews, and star ratings.
- After clicking on a web link, pay close attention to the address to make sure it matches the website it claims to be if you are asked to enter account or login information.
- Set a password on your mobile device so that if it is lost or stolen, your data is difficult to access.
- Download a mobile security tool that scans every app you download for malware and spyware and can help you locate a lost or stolen device. For extra protection, make sure your security app can also protect from unsafe websites.
- Be alert for unusual behaviors on your phone, which could be a sign that it is infected. These behaviors may include unusual text messages, strange charges to the phone bill, and suddenly decreased battery life.
- Make sure to download firmware updates as soon as they are available for your device.
Quick facts from the Lookout 2011 Mobile Security Report:
- Both web-based and app-based threats are increasing in prevalence and sophistication.
- Android users are two and a half times as likely to encounter malware today than 6 months ago and three out of ten Android owners are likely to encounter a web-based threat on their device each year.
- An estimated half million to one million people were affected by Android malware in the first half of 2011; Android apps infected with malware went from 80 apps in January to over 400 apps cumulative in June 2011.
- Attackers are deploying a variety of increasingly sophisticated techniques to take control of the phone, personal data, and money. Additionally, malware writers are using new distribution techniques, such as malvertising and upgrade attacks.
Research Methodology
The findings in this report are based on data collected and analyzed by Lookout through our Mobile Threat Network, which includes the world’s largest database of applications and aggregates detection results from mobile devices throughout the world. The Lookout Mobile Threat Network gathers application data from a variety of sources including official application markets, such as the Android Market and Apple App Store, as well as alternative markets in which apps are distributed.
Link:
