IBM X-Force: Mobile devices are a fast growing target of malware

Look for double the mobile exploits this year vs. 2010 and particularly watch out for mobile applications that are really malware, says IBM's X-Force security research team.

Those are two warnings from the "X-Force 2011 Mid-Year Trend and Risk Report", which says that mobile application markets are a haven for malware.

Exploits of mobile operating systems will go from 18 in 2009 to about 35 by the end of 2011, the report says, as the number of vulnerabilities will go from about 65 to more than 180 over the same period.

MOBILE THREAT 

"The first half of 2011 saw an increased level of malware activity targeting the latest generation of smart devices, as attackers are finally warming to the opportunities these devices represent," the new report says.

The report uses Android devices as an example, and notes that since the operating system is open, many developers write applications to it. Some of these apps are malicious, so users should be careful which ones they choose and where they get them from. "One of the most popular and effective ways to distribute Android malware is through application markets. Besides Google's own official market, there are many unofficial third-party markets," the report says.

Another problem with mobile devices, particularly phones, is that users are at the mercy of their phone manufacturer to patch known operating system vulnerabilities. Known vulnerabilities may go unpatched, not because patches don't exist, but because they aren't provided by individual phone makers. "Many mobile phone vendors don't push out security updates for their devices," the report says.

Network defenders face a growing threat from weaknesses in software. These weaknesses are assessed via Common Vulnerability Scoring System (CVSS), with those scoring 10 out of 10 deemed critical. The percentage of critical vulnerabilities has jumped in the first halfof 2011 vs all of 2010 from 1% to 3%.

That's still a small percentage, but it is triple last year. And the actual number of critical vulnerabilities so far this year is already larger than last, the report says. "Almost every one of these critical vulnerabilities is a serious remote code execution issue impacting an important enterprise class software product," the according to the report.

Vulnerabilities are getting more concentrated among fewer vendors, the study finds. In 2009, the 10 software companies with the most reported vulnerabilities accounted for a quarter of all the vulnerabilities reported. This year so far, that number has jumped to a third (34%). IBM X-Force didn't name the top 10. "The bottom line is that enterprise IT staff are spending just as much, if not more time installing patches this year as they have in the past," the report says.The report does point out some bright spots:

* Web application vulnerabilities dropped from 49% of all disclosures to 37%, the first decline in five years.* Vulnerabilities ranked high and critical are at a four-year low.* Spam and traditional phishing are declining.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags IBM X-Forceconsumer electronicsGoogleIBMNetworkingsecuritywirelesssmartphonesAndroidanti-malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?