Attacks/Breaches
6/7/2010
05:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Smartphone Malware Multiplies

More than twice the number of malware and spyware hitting BlackBerry, Windows Mobile, and Android phones than six months ago

The number of malware and spyware programs found on smartphones has more than doubled in the past six months -- and some types of malware are more prevalent on certain smartphone platforms than others.

New data gathered from users of a free smartphone security tool shows the bad guys are increasingly going after smartphone users. According to Lookout, which offers a free lightweight mobile client with cloud-based security, backup, and anti-theft features, there were about nine pieces of malware and spyware per 100 smartphones as of last month -- more than twice as many as in November 2009.

Even more worrisome is how rapidly these threats are hitting smartphones in comparison to the desktop: What took 15 years to evolve with the desktop machine is happening practically overnight in mobile handsets, security experts say. "We call this the 1999 factor: It feels like about 10 years ago in terms of prevalence of threats. There was a tipping point between 2000 and 2002 [for PC threats] that was driven by broadband" and more consumers going online, according to John Hering, CEO and founder of Lookout, formerly Flexilis. "The same trends are going to hold true here [with smartphones]."

Tyler Shields, senior security researcher with Veracode, says he has seen a definite uptick in malware arriving for smartphones during the past few months. "It's coming at a much faster rate now. It's difficult to quantify the amount of growth," however, he says. Shields earlier this year developed and released proof-of-concept source code for a spyware app he created that forces a BlackBerry to hand over its contacts and messages. The spyware can also can grab text messages, listen in on the victim, as well as track his physical location via the phone's GPS.

Spyware is the main type of malware Lookout sees being created for BlackBerrys, while Windows Mobile phones suffer more from traditional malware, and Androids from a little of both, according to Lookout's data. "We're seeing a pretty equal spread [of the threats] across these platforms," Lookout's Hering says. The firm doesn't yet support the Apple iPhone in its app, so data on the iPhone isn't included.

Why mostly spyware on the BlackBerry? Veracode's Shields says it might be due to the heavy corporate use of BlackBerrys, which would make any data lifted from them more easily monetized. "The type of data on a BlackBerry generally is going to be corporate-centric and could be of interest to attackers," he says.

A recent malware attack against Windows Mobile phones basically took an existing, legitimate smartphone app and booby-trapped it with malware: The 3D Anti-Terrorist app game for Windows Mobile was rewritten with auto-dialer malware, according to Lookout's Hering. The app basically fires up the auto-dialer malware when the user runs the game. "It sits dormant for hours or days, and then wakes up and calls numbers at a premium rate -- from Somalia to the South Pole," for instance, he says. "The victim is then incurring charges but doesn't notice until [he] receives the phone bill."

A Windows codec and poker app also were hijacked, copied, and repackaged with malware. The apps are being distributed via typical mobile download and app store sites, such as sharewareplaza.com, geardownload.com, myzips.com, and top4download.com. "We're seeing the same evolution on mobile as on the desktop: It's going from notoriety [purposes] to trying to profit," Hering says.

The malware attack vector being used against smartphones isn't the SMS or email spam that was all the rage in the early days of mobile attacks. Instead, it's following smartphone user behavior trends and exploiting downloadable applications, experts say. "Users are downloading apps at a huge pace," Hering says.

And smartphones are actually more "personal" than PCs. They include GPS location, payment information, email, text messages, and records of who a user communicates with. Hering says today's smartphone malware is all about grabbing personal information and, now, attempting to monetize it. "On the spyware side, you can imagine an app grabbing personal data that you're unaware of [occurring] and transmitting that to a third-party location" where it can be resold, for example, he says.

Meanwhile, enterprises should be aware of the risks of breaches via their smartphone users. "They should be worried about this," Hering says.

But the likelihood of another Operation Aurora-scale targeted attack isn't as likely to hit via the smartphone just yet: "At this point in time, the PC [attack] model is so much easier and faster. I don't foresee that level of coordination to target mobile devices at this point," Veracode's Shields says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.