12:41 AM
Ed Hansberry
Ed Hansberry

Reduce Your Android Security Risks

Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.

Hackers and criminals have been targeting Windows on the desktop for years simply because it is the biggest platform out there in terms of market share. You want to go after the biggest audience possible to increase your odds of success in finding a system that is unprotected. Now that smartphones are such a large market, with tens of millions of devices being sold and activated each quarter, the temptation is just too big to pass up.

Android is the king of the hill when it comes to smartphone market share, a fact that hasn't gone unnoticed to hackers and malware authors. Juniper Networks Global Threat Center has compiled a report showing that malware attacks on Android are up 400% since the summer of 2010.

According to the report, they are targeting the platform because many of its users are "unaware, disinterested, or uneducated" about security. The malware is focusing on monitoring phone calls and SMS messages made with the phone. When you think about how many people do online banking via their phone's voice capabilities or get confirmation codes via SMS to log into social networks, there is a lot of info to be gleaned from these two relatively old communication methods.

Juniper expects the attacks to gradually include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks."

The quick solution is to be careful what you download. Most of the infections are caused by users unwittingly installing them as part of a downloaded app. Your best bet is to stick to apps in a reputable online store and look for those that have good ratings. That is no guarantee you'll be ok, but side-loading apps from unknown developers is asking for trouble.

Longer term the report suggests that the user run security software on their phone. The problem here though is phones aren't like PCs. By comparison, desktop computers have virtually unlimited storage space, computing power, and memory. Phone manufactures are constantly struggling to keep their phone's user interface smooth and responsive. Adding software that is constantly looking at what the phone is doing and checking it against a database of thousands of signatures may slow the phone to a crawl. At a minimum, there will be a performance hit.

If you are an Android user, have you been hit? Are you running any security software or are you considering it?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
11/1/2011 | 12:40:43 AM
re: Reduce Your Android Security Risks
Symantec had some interesting research recently about some of the most prevalent Android malware attacks and how attackers are monetizing malware (PDF):
Brian Prince, InformationWeek/DarkReading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.