How safe is your smartphone? (Android is the top malware collector)
A major source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace:
More than 50 applications available via the official Android Marketplace were initially found to contain a virus.
Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times. The apps are also known to be available on unofficial Android stores too. Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it. Remote removal of the booby-trapped apps may not solve all the security problems they pose. The remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection.
Moreover, more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
http://www.bbc.co.uk/news/technology-13422308
The data being leaked is typically used to get at web-based services such as Google Calendar.
The open nature of the Android platform was a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.
http://www.bbc.co.uk/news/technology-12633923
Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.
Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code . Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.
In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area, and Android is still in the firing line:
http://www.bbc.co.uk/news/uk-15600697
Android: it's getting worse: Juniper found a 400% increase in Android malware from 2009 to the summer of 2010. We have since seen exponential grow in Android malware over the last several months. The Juniper Global Threat Center found that the months of October and November are shaping up to see the fastest growth in Android malware discovery in the history of the platform. The number of malware samples identified in September increased by 28% over the number of the known Android malware samples. October showed a 110% increase in malware sample collection over the previous month and a striking 171% increase from what had been collected up to July 2011.
One question Juniper always get when discussing our research is if Apple’s iOS is more or less secure than Android? Maybe, but it’s not necessarily because of the security or lack of vulnerabilities in the platforms themselves. The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught.
http://globalthreatcenter.com/?p=2492
At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.
Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.
The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack. |