Risk
5/17/2011
12:41 AM
Ed Hansberry
Ed Hansberry
Commentary
50%
50%

Reduce Your Android Security Risks

Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.

Hackers and criminals have been targeting Windows on the desktop for years simply because it is the biggest platform out there in terms of market share. You want to go after the biggest audience possible to increase your odds of success in finding a system that is unprotected. Now that smartphones are such a large market, with tens of millions of devices being sold and activated each quarter, the temptation is just too big to pass up.

Android is the king of the hill when it comes to smartphone market share, a fact that hasn't gone unnoticed to hackers and malware authors. Juniper Networks Global Threat Center has compiled a report showing that malware attacks on Android are up 400% since the summer of 2010.

According to the report, they are targeting the platform because many of its users are "unaware, disinterested, or uneducated" about security. The malware is focusing on monitoring phone calls and SMS messages made with the phone. When you think about how many people do online banking via their phone's voice capabilities or get confirmation codes via SMS to log into social networks, there is a lot of info to be gleaned from these two relatively old communication methods.

Juniper expects the attacks to gradually include "command and control zombies and botnet participators, devices that are remotely controlled to execute malicious attacks."

The quick solution is to be careful what you download. Most of the infections are caused by users unwittingly installing them as part of a downloaded app. Your best bet is to stick to apps in a reputable online store and look for those that have good ratings. That is no guarantee you'll be ok, but side-loading apps from unknown developers is asking for trouble.

Longer term the report suggests that the user run security software on their phone. The problem here though is phones aren't like PCs. By comparison, desktop computers have virtually unlimited storage space, computing power, and memory. Phone manufactures are constantly struggling to keep their phone's user interface smooth and responsive. Adding software that is constantly looking at what the phone is doing and checking it against a database of thousands of signatures may slow the phone to a crawl. At a minimum, there will be a performance hit.

If you are an Android user, have you been hit? Are you running any security software or are you considering it?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/1/2011 | 12:40:43 AM
re: Reduce Your Android Security Risks
Symantec had some interesting research recently about some of the most prevalent Android malware attacks and how attackers are monetizing malware (PDF):
http://www.symantec.com/conten...
Brian Prince, InformationWeek/DarkReading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.