Must Read: Galaxy Note 8.0 tablet: Beating the iPad mini (review)

Topic: Malware

Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

Summary: Within 12 to 24 months over 1 in 20 (5.6%) of all Android phones and iPads/iPhones could become infected with mobile malware if fraudsters start to integrate zero-day vulnerabilities into leading exploit kits, claims security firm Trusteer.

Adrian Kingsley-Hughes

By for Hardware 2.0 |

Within 12 to 24 months over 1 in 20 (5.6%) of all Android phones and iPads/iPhones could become infected with mobile malware if fraudsters start to integrate zero-day vulnerabilities into leading exploit kits, claims security firm Trusteer.

According to the company, Google's Android platform is a 'fraudster's heaven' because the "security architecture is not currently up to the challenge" given the "ease of generating powerful fraudulent applications and the ease of distributing these applications." Also highlighted is the fact that there are no effective controls over the app submission process and that this allows malware into the Android Market.

Here's the killer quote:

"Compared to Apple's App Store, Android Market is the Wild West. You can't always trust applications you download from it."

Apple and the iOS doesn't escape criticism either. While the company admits that Apple's App Store is far more secure than Android market because of the strict controls placed on apps and the manual review process, jailbreaking represents a real threat, and vulnerabilities that allow for jailbreaking over the web could present a serious problem.

"JailbreakMe.com published an exploit which allows the automated jailbreaking of iOS devices from a specially created Web site. PDF files that exploit this vulnerability are reportedly publicly available. Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malware."

Trusteer also offers up a four-point recommendation for secure mobile banking which I think are worth repeating here:

  1. Check rating, user reviews, and comments for each mobile application you download. Avoid low rated, new applications, and bad reviews.
  2. Carefully review the permission requested by Android applications when you install them. Applications that ask for access to text messages and other sensitive information should raise a red flag and further researched before you download it
  3. Have your PC protected with an online banking security software such as Trusteer Rapport, which you can download from your bank's website. This software can break MitMo attacks by not allowing fraudsters control of the web channel.
  4. Regularly install updates for your mobile device

Is this crying wolf, or is there a serious threat out there? Whatever you do, take care out there!

Topics: Malware, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion

  • Android is too dangerous, and Google doesn't care

    Android is a terrible choice for the normal consumer, only geeks should be permitted to purchase the dangerous devices.
    LP212
    Reply Vote

    • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

      @LP212 If you're not sharp enough to avoid malware on Android, then heck - just use the stock Android experiences - they've got most of what you need covered. Don't go to the store if you're terrified of being mugged.
      spark555
      Reply Vote

      • slight modification needed...

        @spark555

        If you're not sharp enough to avoid Android, then heck - you deserve malware... The roid store should be safe... "Should" being the key word... But Google cares as much about customer safety as they do about customer privacy... Not at all.
        i8thecat3
        Reply Vote

  • Silly

    Should we blame Microsoft that you can download potentially dangerous files from the internet? The fact of the matter is that any OS will have exploits written, and there is nothing anyone can do about it.
    cramleir
    Reply Vote

    • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

      @cramleir The difference here is the apps are from the Google's Android Marketplace - not some random little corner of the web. "Normal" users aren't used to this being a risk.

      So while I see where you're coming from, "normal" users won't see it this way - and I think their view is reasonable.
      jeremychappell
      Reply Vote

  • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

    People are buying these handsets because of hype. But its demise will be arriving sooner than expected. Android has no patents and is created using stolen code and IP because of Google greed. That idiot schmidt was sitting in apple board, and he has bribed lot of politicians and officals world wide. With the Nortel patents given to Apple/MS/Sony/Rim/Ericcson, the legal noose is tightening. And then there is java. Soon it will costs the OEM $100, just for paying royalities. Google should be taught a lesson for its evil/fraud ways of doing business.
    owlnet
    Reply Vote

  • How can I protect myself from iOS PDF flaw?

    Is this a drive by that can totally own my iPhone with no interaction required from me?
    toddybottom
    Reply Vote

    • Simple precautions

      @toddybottom Don't open emails you're not expecting, be careful what websites you visit, and apply any iOS updates that Apple supply. Oh, and for added security don't jailbreak your phone.
      Oh, and some user interaction is still required. You still need to visit the site hosting the PDF. It's not like this vulnerability can attack the phone whilst it's sitting in your pocket.
      keebaud@...
      Reply Vote

      • Thank you

        @keebaud@...
        I will be very careful what websites I browse to and what emails I open with my iPhone. Too bad, I was led to believe that iPhone could be used without any worries.

        By user interaction, I meant something out of the ordinary. A device that is only safe when it isn't being used isn't a useful device.
        toddybottom
        Reply Vote

    • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

      @toddybottom
      Yes, it is, it's a drive by exploit, the best thing to do right now is jailbreak it at jailbreakme.com and then install Cydia PDF patch...right now that's the only patch until Apple publishes one of their own.
      Doctor Demento
      Reply Vote

  • Nos. 5 and 6 (for online banking)

    5. Don't use the device's default web browser for anything.

    Download and install a 3rd party web browser and use it only for online banking.

    Download and install a 2nd 3rd party web browser and use it for everything else.

    6. Don't allow anyone else to use your device. Period.
    Rabid Howler Monkey
    Reply Vote

  • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

    I'm really not worried about malware because I'm really careful and I'm a tech so I know what to look for. The thing I hate is buying and/or installing an app and having it no longer work like TV Shows Stream. I really liked that app and now it's gone.
    dennyc5@...
    Reply Vote

  • RE: Report: Mobile malware to affect more than 1 in 20 devices within 12 to 24 months

    Hull have announced that Richard Agar will be John Kear's assistant for the 2005 and 2006 Super League seasons.
    The 32-year-old has had a successful year at National League Two side York City Knights<a href="http://www.jigoloekspres.com">jigolo</a> <a href="http://www.medyumanna.net">medyum</a> <a href="http://www.cihanhacihan.com">web tasarim</a> <a href="http://www.duvarkagidim.com">duvar kagidi</a> <a href="http://www.fobsam.com">ofis mobilyalari</a> <a href="http://www.fobsam.com">buro mobilyalari</a> <a href="http://www.kolcularltd.com">Hava Perdeleri</a> <a href="http://www.kolcularltd.com">Hava Perdesi Fiyatlari</a> <a href="http://www.kolcularltd.com">Hava Perdesi</a> <a href="http://www.nivahavaperdesi.com">Hava Perdesi Fiyatlari</a> <a href="http://www.nivahavaperdesi.com">Hava Perdesi</a> <a href="http://www.nivahavaperdesi.com">Hava Perdeleri</a> <a href="http://www.sosyal-medyam.com">sosyal medya</a> <a href="http://www.bezcantalarim.com">bez canta</a> and reached Grand Finals as a player for Dewsbury and Widnes.
    "He's a coach of undoubted potential as his record already indicates," said Kear, who takes over from Shaun <br><a href="http://www.ukeducation.com.tr">ingilterede dil egitimi</a> <a href="http://www.ukeducation.com.tr">ingilterede ingilizce</a> <a href="http://www.ukeducation.com.tr">ingilterede dil okullari</a> <a href="http://www.ukeducation.com.tr">Londra dil okullari</a> <a href="http://www.ukeducation.com.tr">ingilterede sertifika programlari</a>
    <a href="http://www.britisheducation.com.tr">ingilterede master</a> <a href="http://www.britisheducation.com.tr">ingilterede yuksek lisans</a> <a href="http://www.britisheducation.com.tr">ingilterede egitim</a> <a href="http://www.britisheducation.com.tr">ingilterede universite</a> <a href="http://www.britisheducation.com.tr">ingilterede mba</a> <a href="http://www.britisheducation.com.tr">ingilterede sertifika programlari</a>McRae as Hull's head coach next season.
    "He's a great thinker of the game who shows tremendous innovation."
    iceberg34
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close