IBM X-Force: Mobile devices are a fast growing target of malware

Look for double the mobile exploits this year vs. 2010 and particularly watch out for mobile applications that are really malware, says IBM's X-Force security research team.

Those are two warnings from the "X-Force 2011 Mid-Year Trend and Risk Report", which says that mobile application markets are a haven for malware.

Exploits of mobile operating systems will go from 18 in 2009 to about 35 by the end of 2011, the report says, as the number of vulnerabilities will go from about 65 to more than 180 over the same period.

MOBILE THREAT 

"The first half of 2011 saw an increased level of malware activity targeting the latest generation of smart devices, as attackers are finally warming to the opportunities these devices represent," the new report says.

The report uses Android devices as an example, and notes that since the operating system is open, many developers write applications to it. Some of these apps are malicious, so users should be careful which ones they choose and where they get them from. "One of the most popular and effective ways to distribute Android malware is through application markets. Besides Google's own official market, there are many unofficial third-party markets," the report says.

Another problem with mobile devices, particularly phones, is that users are at the mercy of their phone manufacturer to patch known operating system vulnerabilities. Known vulnerabilities may go unpatched, not because patches don't exist, but because they aren't provided by individual phone makers. "Many mobile phone vendors don't push out security updates for their devices," the report says.

Network defenders face a growing threat from weaknesses in software. These weaknesses are assessed via Common Vulnerability Scoring System (CVSS), with those scoring 10 out of 10 deemed critical. The percentage of critical vulnerabilities has jumped in the first halfof 2011 vs all of 2010 from 1% to 3%.

That's still a small percentage, but it is triple last year. And the actual number of critical vulnerabilities so far this year is already larger than last, the report says. "Almost every one of these critical vulnerabilities is a serious remote code execution issue impacting an important enterprise class software product," the according to the report.

Vulnerabilities are getting more concentrated among fewer vendors, the study finds. In 2009, the 10 software companies with the most reported vulnerabilities accounted for a quarter of all the vulnerabilities reported. This year so far, that number has jumped to a third (34%). IBM X-Force didn't name the top 10. "The bottom line is that enterprise IT staff are spending just as much, if not more time installing patches this year as they have in the past," the report says.The report does point out some bright spots:

* Web application vulnerabilities dropped from 49% of all disclosures to 37%, the first decline in five years.* Vulnerabilities ranked high and critical are at a four-year low.* Spam and traditional phishing are declining.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags smartphonesGooglewirelessAndroidNetworkingIBMconsumer electronicsanti-malwareIBM X-Force

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Tim Greene

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?