IBM X-Force: Mobile devices are a fast growing target of malware

Look for double the mobile exploits this year vs. 2010 and particularly watch out for mobile applications that are really malware, says IBM's X-Force security research team.

Those are two warnings from the "X-Force 2011 Mid-Year Trend and Risk Report", which says that mobile application markets are a haven for malware.

Exploits of mobile operating systems will go from 18 in 2009 to about 35 by the end of 2011, the report says, as the number of vulnerabilities will go from about 65 to more than 180 over the same period.

MOBILE THREAT 

"The first half of 2011 saw an increased level of malware activity targeting the latest generation of smart devices, as attackers are finally warming to the opportunities these devices represent," the new report says.

The report uses Android devices as an example, and notes that since the operating system is open, many developers write applications to it. Some of these apps are malicious, so users should be careful which ones they choose and where they get them from. "One of the most popular and effective ways to distribute Android malware is through application markets. Besides Google's own official market, there are many unofficial third-party markets," the report says.

Another problem with mobile devices, particularly phones, is that users are at the mercy of their phone manufacturer to patch known operating system vulnerabilities. Known vulnerabilities may go unpatched, not because patches don't exist, but because they aren't provided by individual phone makers. "Many mobile phone vendors don't push out security updates for their devices," the report says.

Network defenders face a growing threat from weaknesses in software. These weaknesses are assessed via Common Vulnerability Scoring System (CVSS), with those scoring 10 out of 10 deemed critical. The percentage of critical vulnerabilities has jumped in the first halfof 2011 vs all of 2010 from 1% to 3%.

That's still a small percentage, but it is triple last year. And the actual number of critical vulnerabilities so far this year is already larger than last, the report says. "Almost every one of these critical vulnerabilities is a serious remote code execution issue impacting an important enterprise class software product," the according to the report.

Vulnerabilities are getting more concentrated among fewer vendors, the study finds. In 2009, the 10 software companies with the most reported vulnerabilities accounted for a quarter of all the vulnerabilities reported. This year so far, that number has jumped to a third (34%). IBM X-Force didn't name the top 10. "The bottom line is that enterprise IT staff are spending just as much, if not more time installing patches this year as they have in the past," the report says.The report does point out some bright spots:

* Web application vulnerabilities dropped from 49% of all disclosures to 37%, the first decline in five years.* Vulnerabilities ranked high and critical are at a four-year low.* Spam and traditional phishing are declining.

Read more about wide area network in Network World's Wide Area Network section.

Tags IBM X-ForceGoogleconsumer electronicssecurityNetworkingIBMAndroidsmartphoneswirelessanti-malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?