Will 2011 be the year of mobile malware?

While the expert predictions may have yet to fully come true, vendors are preparing for the worst

Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes.

None of those prognostications have really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users -- while generally aware of threats aimed at their desktop computers and laptops -- have a good chance of being caught flat-footed with their mobile phones.

In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 per cent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner. Smartphones are Internet- capable and therefore more vulnerable to attack than other mobile devices.

The threats against those devices are going to come in several categories:

Rogue applications: Marketplaces for mobile applications are becoming increasingly popular for platforms ranging from Apple's iOS and Google's Android to Microsoft's Windows Phone 7 and Symbian. Apple maintains tight control over its App Store, which has helped reduced rogue applications from being offered. But bad applications for other platforms have popped up.

In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions.

The mobile app carried a legitimate signing certificate, which allowed it to be downloaded and installed on devices. The development was particularly disconcerting as many banks are looking at using mobile phones to send one-time passcodes by SMS (Short Message Service) rather than issuing separate devices that can generate the code.

There's little defense from sneaky rogue applications, but users should be generally careful about downloading programs, particularly for platforms where those applications may not be vetted so closely.

Traditional malware: While desktop OSes such as Windows are plagued by malware, there have been far fewer malicious programs aimed at mobile devices as of yet. But researchers have seen applications such as rogue dialers, which will send SMSes to premium-rate numbers owned by the fraudsters. Other threats include worms spread by communication protocols such as Bluetooth.

With the increase in use of tablet computers that use mobile operating system, those devices will also be subject to those same threats. "We do believe that is going to arrive in the next 12 months," said Bradley Anstis, vice president of technical strategy for security vendor M86. Malicious hackers are "lazy people, they will always go after the low-hanging fruit."

Privacy, data collection issues: Mobile applications can also have other privacy-related risks such as collecting, transmitting or storing data. Advertising networks and mobile application developers are often highly interested in metrics around how and where people are using their applications. Data may include information identifying a specific device, with users unaware they are being tracked. Apple, however, allows application developers to collect location information but only as long as users are notified.

Social engineering: Just like on desktops and laptops, fraud doesn't have to involve a technical trick. Phishing -- the practice of using a fake website to trick users into revealing sensitive information -- is as much or more of a threat on mobile devices. People often trust their mobile device more than their computer and are therefore more vulnerable to phishing.

If a person is on a corporate network, phishing sites are usually blocked, Anstis said. But if someone is using a work mobile device over 3G, that connection is not going through a corporate gateway but the operator's network, which may not block those harmful sites. M86 has been developing a browser-based system that would send URLs to its data center for analysis and block malicious ones, Anstis said.

Other companies are also seeing opportunities for new services around mobile devices. Juniper Networks, for example, acquired SMobile Systems in July for US$70 million. SMobile has a laboratory in Columbus, Ohio, that focuses on studying mobile malware, said Amir Khan, business development manager for the U.K. and Ireland.

"The reason we set that up is because we realize the threats in the mobile space are very specific," Khan said. "It's not just that desktop threats have migrated to the mobile world."

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymobile securityYEAR END

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?