Malicious Mobile Code: What You Need to Know. Author: Eric Everson, MBA, MSIT-SE
The thought of someone hacking into your mobile phone to steal your personal data added to the growing number of mobile threats sounds bad enough, then you come across the industry term “Malicious Mobile Code” and it makes downloading any new mobile app a scary process.
So it sounds like scary stuff, but what is Malicious Mobile Code (MMC) REALLY? If you follow my journal, you know that I’m always knuckle-deep in this kind of stuff, and as a result I’ve lost many good computers and mobile handsets along the way. As threatening as the words may sound, MMC is really an industry catchall phrase that refers to any code that can hinder the operation of a mobile application or device.
Building software is kind of like building a house of cards in that each layer depends on the next to function properly. In software (just as in the house of cards) if you remove or otherwise tamper with a key component it can often corrupt the entire structure. MMC most often attempts to do this very thing by injecting faulty code into a key operating component of your mobile software or Mobile Operating System (MOPS).
Though mobile devices are steadily becoming more sophisticated with added computing power, the reality is that MOPS remain highly vulnerable to such MMC attacks. This is why third-party mobile security software is becoming so important to have on your mobile device. Many of the mobile security solutions on the market today block the MMC similar to antivirus software for a computer. Additionally, the demand for mobile app-driven handsets is significantly on the rise which is putting many users at greater risk.
Often consumers on the most popular app retail portals assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to unsuspecting mobile users.
This issue has created new demand for services like MyMobiSafe Verified, the first service of its kind that offers a formal review and validation of new mobile apps across every platform (iPhone, Android, BlackBerry, Symbian, Java, Orange, and all others). By creating an environment where developers and the mobile community alike are looking for the confidence of the MyMobiSafe Verified mark, this creates a significant hurdle for unwanted Malicious Mobile Code in the market.
MMC can range from the simplest corrupt code to the worst mobile viruses, yet the phrase and acronym remains as an industry catch all. As a software engineer and one with substantial frontline experience with this kind of code, my words of wisdom are to be cautious of anything that you are loading onto your handset. If it is free, remember that old adage that suggests “nothing good comes free.” In too many cases of mobile apps, free means that there is something else behind the curtains. Start looking for verified apps before you buy them as they will often display an industry-wide recognizable logo. Finally, remember that not all MMC is created equal, in many cases damage is not permanent and can often be repaired by a professional.