Smartphones? There’s malware for that, too.

Smartphones? There’s malware for that, too.

Summary: Cyber crooks are infecting popular mobile platforms through malicious applications and, unfortunately, no mobile platform is immune from the destruction it can cause.


Commentary - Malware is finding a new place to wreck havoc: the smartphone. In fact, a recent study conducted by McAfee shows a 46 percent surge in malware and malicious software targeting mobile devices compared to one year ago.

Cyber crooks are infecting popular mobile platforms through malicious applications and, unfortunately, no mobile platform is immune from the destruction it can cause. According to McAfee’s report, Symbian remains the most targeted mobile platform, though vulnerabilities in both the Android and Apple IOS should not be overlooked.

Android’s open source software is something that gives the platform great appeal, but it is also the basis of its vulnerability. Users may enjoy the freedom to acquire apps both inside and outside the Android Market, but it doesn’t come without risk. The Android Market allows developers to upload apps without first running through an established screening process like one that you might find at Apple’s App Store or when using RIM’s application for BlackBerry. As a result, Google detected more than 50 malicious apps within the Android Market, downloaded to approximately 260,000 Android mobile devices. (Google later remedied the infections remotely via an auto installed software update.)

While Google’s remote “kill switch” might have been effective at removing the rogue apps, it was reactionary in nature and not a permanent solution to the underlying security problem. What’s more, human nature is typically the weakest link in security. Much of the dangers surrounding malicious apps could be avoided with more scrutiny on apps from the start. In the most recent Android Apps infection, for instance, many apps were disguised cleverly, using titles such as “Hilton Sex Sound” or “Hot Sexy Videos.” Those erring on the side of caution would most likely have been kept safe from falling prey to these malicious downloads.

Though the most recent malware outbreak was found on the Android platform, it is important to remember that there is malware readily available for every platform. To combat this, however, there are anti-virus solutions for every mobile platform, as well.

Despite this, malware screening for app markets may not be perfect—evidenced by the increasing number of infections—but there are a few things smartphone users can do to increase mobile security.

Safe Browsing Habits - Remember, the same dangers that exist on the Web (i.e. black hat SEO poisoning, social media, email and SMS) can also exploit your mobile device. Remain vigilant about all Web surfing habits.

High Risk Apps - There is an alarmingly number of apps available for various smartphone platforms that pose significant security threats. Such apps can potentially allow other programs access to your valuable personal information. Although the distribution platforms attempt to inspect the apps for security holes, the process, as of now, is feeble at best.

SMS or VM Phishing - SMS and voicemail are common vectors of attack for phishing scams. Always call the institution directly and verify the information whenever responding to a questionable voicemail or text.

Password Protection - Lost or stolen phones likely contain personal information, such as stored logins to banking or social media sites, and could provide someone with access to sensitive company email. This threat can be minimized by password protecting your mobile device.

VPN Access - When accessing corporate network resources via smartphone, utilize a SSL VPN connection to secure the session.

WiFi Hotspot Security - Nearly all smartphones are now equipped with WiFi functionality, making them highly vulnerable to attacks. There are various tools available that allow even the least talented hacker to exploit WiFi hotspots and intercept Web traffic. Avoid accessing any password protected site (i.e. Facebook, Banking, Paypal) when connected to an unsecured WiFi hotspot, such as those in a coffee shop or at the airport.

Remote Wipe & Encryption - Utilize encryption software on your smartphone to protect data in the event the device is lost or stolen. Consider using a remote wipe to brick the device remotely.

Smartphones have placed the power of personal computers in the palms of our hands. But it takes smart usage and strong security practices to keep our personal data out of the wrong hands.

Troy Gill is a security analyst at AppRiver

Topics: Mobility, Apps, Hardware, Malware, Security, Smartphones, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Smartphones? Thereâ??s malware for that, too.

    Windows phone is the most secure phone at this time. It's users can enjoy the "mac moment". No viruses, no spyware, nothing. Too bad there are almost no users :)
  • RE: Smartphones? There?s malware for that, too.

    Use a phone as a phone and what is the problem?
    Dr BobM
  • RE: Smartphones? There?s malware for that, too.

    Use a phone as a phone? Are you kidding? (smirk). That's what home phones are for. Haha.Smart phones have been competing with computers for years.
  • RE: Smartphones? There?s malware for that, too.

    Here's one I learned long before most of the readers here were born. You want it bad, you get it bad.
  • RE: Smartphones? There?s malware for that, too.

    This is meant to be helpful - the word you intended was "wreak" (pronounced "reek"). It was most likely a typo but in case others might like to use it this might avoid an error.
  • RE: Smartphones? There?s malware for that, too.

    [i]To combat this, however, there are anti-virus solutions for every mobile platform, as well.[/i]
    I think this statement is a bit of a stretch, at least based on recent App Store searches. Sure there are apps that will tell you what threats are out there but didn't fine anything that would scan the device and remove them which is what I would consider a anti-virus solution.
  • RE: Smartphones? There?s malware for that, too.

    You are right that no mobile platform is immune to malicious applications. Combine that risk with the wave of consumerization and employees who want to use their own phones to conduct their jobs ? what?s a company to do? Intel IT allows employees to use their personal smart phones to help do their jobs, but we first had to put together safeguards to protect the data and intellectual property on the smartphones. Check out our paper
    Janet G at Intel