Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

Summary:Within 12 to 24 months over 1 in 20 (5.6%) of all Android phones and iPads/iPhones could become infected with mobile malware if fraudsters start to integrate zero-day vulnerabilities into leading exploit kits, claims security firm Trusteer.

Within 12 to 24 months over 1 in 20 (5.6%) of all Android phones and iPads/iPhones could become infected with mobile malware if fraudsters start to integrate zero-day vulnerabilities into leading exploit kits, claims security firm Trusteer.

According to the company, Google's Android platform is a 'fraudster's heaven' because the "security architecture is not currently up to the challenge" given the "ease of generating powerful fraudulent applications and the ease of distributing these applications." Also highlighted is the fact that there are no effective controls over the app submission process and that this allows malware into the Android Market.

Here's the killer quote:

"Compared to Apple's App Store, Android Market is the Wild West. You can't always trust applications you download from it."

Apple and the iOS doesn't escape criticism either. While the company admits that Apple's App Store is far more secure than Android market because of the strict controls placed on apps and the manual review process, jailbreaking represents a real threat, and vulnerabilities that allow for jailbreaking over the web could present a serious problem.

"JailbreakMe.com published an exploit which allows the automated jailbreaking of iOS devices from a specially created Web site. PDF files that exploit this vulnerability are reportedly publicly available. Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malware."

Trusteer also offers up a four-point recommendation for secure mobile banking which I think are worth repeating here:

  1. Check rating, user reviews, and comments for each mobile application you download. Avoid low rated, new applications, and bad reviews.
  2. Carefully review the permission requested by Android applications when you install them. Applications that ask for access to text messages and other sensitive information should raise a red flag and further researched before you download it
  3. Have your PC protected with an online banking security software such as Trusteer Rapport, which you can download from your bank's website. This software can break MitMo attacks by not allowing fraudsters control of the web channel.
  4. Regularly install updates for your mobile device

Is this crying wolf, or is there a serious threat out there? Whatever you do, take care out there!

Topics: Malware, Mobility, Security

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.