Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile Assassin

Jaime Blasco | April 2, 2012
An ethical hacker’s view on the dangers of mobile malware and what steps to take to stop it.

The mobile phone is unrecognisable in comparison to its original 'brick' form of the 80s. Instead of a 'yuppie' status symbol, now it's considered by many as a necessity with practically every handbag and pocket hiding these modern miracles of technology. While battery life used to be considered the key feature, today it's a heady mix of memory capacity, browser speeds, megapixels, touch screen quality, HD ability, playback, sleek design and available apps. Hardly anyone thinks about how secure the device is when making that all important decision between Apple, Blackberry or Android.

As our handsets become more than just a way to make and receive phone calls, their appeal to criminals also increases. Of course, having the physical device stolen is a major inconvenience, but that is just one way criminals are monetising mobiles. Mobile malware, once theoretical, is now very much a reality and a growing threat.

For the business user, accessing the corporate network and viewing e-mails using their mobile devices, criminals might have access to data that can prove lucrative in the right hands. For VIPs, it could be a little more personal as the little devils broadcast their locations via GPS. Even for the man on the street, with the introduction of mobile payments apps, there's more to lose than just the contact list and photos.

Malware on smartphones is used by criminals to make money. They steal information - contact details, e-mails, personal data or even financial information; they hijack browser sessions - interfering with online banking transactions and circumventing one-time password (OTP) security procedures; even certain apps can have a malicious undertone for example sending SMS messages to premium rate numbers.

A worrying trend is that, increasingly, attacks are becoming more targeted and it's executives that are firmly in the criminals' sights due to the valuable data they're carrying on their phones. Using a combination of SMS and social engineering tactics, hackers can spoof the phone number of a friend or a colleague to send an SMS asking the victim to click on a suspicious link etc, and opening up the phone to attack.

Malware Infections Rising

To prevent malware spreading, we're seeing a number of approaches from some of the mobile operating systems. Apple and Blackberry have introduced security protocols, in tandem with a meticulous acceptance process for apps offered via their stores.

The picture is less secure for Android. Perhaps because it currently has the highest market share, the mobile operating system provides attractive returns for criminals. Another theory is that due to the openness of the platform and the existence of other markets from which to download apps, it's easier to infiltrate. Whatever the reason, the stark reality is that it attracts the most malware.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.