Risk
5/17/2011
00:41 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Reduce Your Android Security Risks

Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.

Hackers and criminals have been targeting Windows on the desktop for years simply because it is the biggest platform out there in terms of market share. You want to go after the biggest audience possible to increase your odds of success in finding a system that is unprotected. Now that smartphones are such a large market, with tens of millions of devices being sold and activated each quarter, the temptation is just too big to pass up.

Android is the king of the hill when it comes to smartphone market share, a fact that hasn't gone unnoticed to hackers and malware authors. Juniper Networks Global Threat Center has compiled a report showing that malware attacks on Android are up 400% since the summer of 2010.

According to the report, they are targeting the platform because many of its users are "unaware, disinterested, or uneducated" about security. The malware is focusing on monitoring phone calls and SMS messages made with the phone. When you think about how many people do online banking via their phone's voice capabilities or get confirmation codes via SMS to log into social networks, there is a lot of info to be gleaned from these two relatively old communication methods.

Juniper expects the attacks to gradually include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks."

The quick solution is to be careful what you download. Most of the infections are caused by users unwittingly installing them as part of a downloaded app. Your best bet is to stick to apps in a reputable online store and look for those that have good ratings. That is no guarantee you'll be ok, but side-loading apps from unknown developers is asking for trouble.

Longer term the report suggests that the user run security software on their phone. The problem here though is phones aren't like PCs. By comparison, desktop computers have virtually unlimited storage space, computing power, and memory. Phone manufactures are constantly struggling to keep their phone's user interface smooth and responsive. Adding software that is constantly looking at what the phone is doing and checking it against a database of thousands of signatures may slow the phone to a crawl. At a minimum, there will be a performance hit.

If you are an Android user, have you been hit? Are you running any security software or are you considering it?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/1/2011 | 12:40:43 AM
re: Reduce Your Android Security Risks
Symantec had some interesting research recently about some of the most prevalent Android malware attacks and how attackers are monetizing malware (PDF):
http://www.symantec.com/conten...
Brian Prince, InformationWeek/DarkReading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.