How mobile technology is threatening your network and what you can do to stop threats in their tracks
By ZIFF DAVIS
A skyrocketing increase in mobile malware is giving new meaning to the term, “killer app.” According to a study from the Juniper Networks Mobile Threat Center, mobile malware rose a whopping 155 percent in 2011.
Most shocking was the dramatic growth in Android malware from roughly 400 samples in June to over 13,000 samples by the end of 2011 – a cumulative increase of 3,325 percent.
While mobile malware still accounts for a mere fraction of the millions of threats targeting personal computers, the past year has seen the explosive growth of malicious code. From privacy-violation apps to zombie armies, hackers are honing in on smartphone devices with increasingly sophisticated attacks. It’s easy to understand why. According to Nielsen Mobile Insights, through February 2012, 49.7 percent of US mobile phone users now own “smarter” versions of the handheld device – up from only 36 percent a year ago. What’s worse, more than 50 percent of employees currently use their mobile devices at work.
But an enlarged bulls-eye isn’t the only reason mobile devices are increasingly under attack. Just as mobile security experts are getting better at identifying operating system vulnerabilities and detecting malware, so too are virus and malware writers perfecting the art of distributing attacks, circumventing built-in security protection and exploiting operating system wrinkles.
Early recognition of mobile security threats is a company’s best line of defense. Here are today’s top 5 mobile security threats and how to stop them in their tracks.
- Misleading apps
- Root exploit attacks
- Attack of the zombies
- Bogus anti-virus apps
- Data leakage
You’ll have more than ‘angry birds’ on your hands if an employee accidentally downloads a malicious app onto a mobile device. Malware disguised as a popular mobile application can perform nefarious feats, from taking control of a mobile device and running code from remote servers to tracking an owner’s location, all of which can give rise to significant privacy and security concerns.
For the most part, misleading apps tend to fall into one of two categories: 1) apps that steal data, and 2) apps that leave you holding the bill for surprising charges. Take, for example, Droid Dream. Detected in spring of 2011, DroidDream is malware that invaded Google Android devices to grant hackers access to a phone owner’s unique identification information in order to download additional malicious programs without the user’s knowledge.
Similarly, GG Tracker is an Android Trojan that looks like any other popular app but, instead, tricks the user into signing up for premium text messaging services. The worst part: the victim is none the wiser until an astronomical phone bill arrives weeks later
Jailbreaking a mobile phone lets users install forbidden third-party applications and services not offered by the device’s manufacturer. But there’s a price to be paid for smartphone freedom. Because mobile operations systems are designed with built-in security, jailbreaking a mobile device compromises the OS security model and opens data to exploitation. For example, hackers can disable all of a smartphone’s functions, or easily install malicious applications.
What’s worse, the same kind of vulnerabilities that let users jailbreak their phones can also be used to introduce rootkit malware. Consider, for example, RootSmart.This Android malware made headlines by rooting nearly 30,000 phones on any given day without users’ consent. Essentially, RootSmart collects enough data from a device for a hacker to gain control and command of the phone in order to perform tasks like sending spam or calling premium phone numbers for cash.
You won’t find them in any B-movie but they’re just as dangerous. ‘Zombies’ are smartphones that have been infected by a bot and are co-opted to perform malicious activities under remote direction. Denial-of-service attacks, spam, unintended texting, calling premium phone numbers – they’re all signs that your smartphone is under the control of a botnet and its ill-intentioned creator.
The trouble is, bots are excellent at evading detection and can easily lurk in the shadows of your smartphone until it’s too late.
The saying ‘the path to hell is paved with good intentions’ couldn’t be more true than in the case of bogus anti-virus apps. Android Antivirus, Android Defender, MobileBot Antivirus, MYAndroid Protection Antivirus – they’re all fake Android anti-malware apps that look completely legitimate and guarantee protection from viruses and spyware. But the truth is, these fake apps are created by hackers to take your smartphone captive, collect its confidential data and charge you and your company to pay for fake viruses that don’t actually exist.
IT managers may scurry to secure network holes but the reality is, one of the greatest sources of a data breach is mobile technology. Smartphones, tablet PCs, laptops, USB sticks – they are all technologies jam-packed with confidential and sensitive corporate information just waiting to be lost or stolen.
What’s worse, many mobile users route traffic – unsecured data – from their iPad to their iPhone to DropBox and back again, without giving any thought to the potential for data leakages.
Fortunately, there are steps companies and mobile workers alike can take to avoid mobile threats, or at least minimize their damage. Here’s how:
- Lock and load.So your executives have a habit of leaving their smartphones behind in the backseat of taxis? Don’t just wipe or replace company-issued devices. Create an enterprise-wide policy of locking devices, using passwords and introducing location tracking services to quickly recover misplaced smartphones.
- Shop reputably.There are plenty of app stores claiming to have ‘the world’s widest selection,’ but independent app shops tend to be less regulated than those run by well-recognized tech titans like Google and Apple. Only authorize the downloading of apps from reputable vendors to circumvent the distribution of mobile malware in your organization.
- Deploy security software.Deploy an enterprise mobile security and management solution to better manage app rollouts, configure devices, gain greater visibility into the health of a mobile environment and seamlessly integrate employees’ own handheld devices into a corporate IT environment.
Without a doubt, mobile threats are on the rise. But by knowing what to look for, and putting a few precautions in place, a company can ensure the safety of on-the-go data.
About Ziff Davis
Ziff Davis, Inc. is a leading digital media company specializing in the technology market, reaching over 40 million highly engaged in-market buyers and influencers every month. Ziff Davis sites, which feature trusted and comprehensive evaluations of the newest, hottest products, and the most advanced ad targeting platform. Ziff Davis B2B is a leading provider of online research to enterprise buyers and high-quality leads to IT vendors. More information on Ziff Davis can be found at ziffdavis.com.