Category Archives: Mobile Security

Mobile Security

Top 5 Deadliest Mobile Malware Threats Of 2012

While the amount of malicious software focused on the growing number of mobile devices on the market remains a drop in the bucket next to the amount targeting PCs, attackers are steadily turning the devices in consumers’ pockets into targets.

So far this year, several pieces of malware have popped onto the radar and underscored the growing sophistication of cybercriminals targeting mobile devices. After fielding feedback from security pros, here in no particular order is Dark Reading’s list of the five most dangerous, sophisticated, and prolific pieces of mobile malware that have appeared thus far in 2012. Continue reading Top 5 Deadliest Mobile Malware Threats Of 2012

Advertisements

Android malware spreads via website-injection campaigns

The Android platform continues to be a popular playground for malicious activity, with hijacked websites now being found that spread malware, researchers said Thursday.

According to a Symantec blog post, Android devices are being infected with a trojan thanks to website-injection campaigns that prompt an automatic download of a fake Android security update. Continue reading Android malware spreads via website-injection campaigns

Lookout app opens a window onto mobile threats

Lookout Mobile Security‘s latest project app peels away some of the secrecy and uncertainty surrounding mobile threats. Debuting today, the Threat Trackerprovides information about mobile threats going back two weeks.The app is meant to help people understand that mobile threats do exist, explained Derek Halliday, senior product manager for Security at Lookout. “We’re showing people what they’re being protected against,” he said. It was originally created by a Lookout summer intern in 2011. Continue reading Lookout app opens a window onto mobile threats

Android botnet infections on the uptick

The number of infected Google Android devices actively communicating with command-and-control (C&C) servers has grown significantly in recent months and is expected to continue on that path, according to a reportreleased this week by security firm Damballa.

During the first half of 2011, Damballa’s network of sensors observed nearly 40,000 Android devices in North America engaged in live interaction with criminal operators, according to the report, which chronicles botnet activity this year.

“If the bad guys can compromise the Android device and send and receive commands, then they have all the tools necessary to conduct online banking fraud,” Gunter Ollmann, vice president of research at Damballa, told SCMagazineUS.com on Friday. Continue reading Android botnet infections on the uptick

Preparing for mobile security emergencies

Recently a friend asked me to recommend a mobile anti-malware product for him to use.

I am loath to state any one product as the best, as I firmly believe that there are different products that are best for different people’s needs. There cannot and should not be one product that is all things to all computer-using people.

As he is using a platform that has seen a lot of malware development, my friend is wise to now be starting to investigate using anti-malware products. While malware on mobile devices is not yet an everyday affair like it is for Windows users, it’s better to have your defenses in place before an emergency arises. All signs indicate that the day is fast approaching when these infections will be common. But security products exist today that can secure your devices and protect sensitive information. Continue reading Preparing for mobile security emergencies

Security Firm Lists ‘Dirty Dozen’ Unsafe Smartphones

PC World— A list of 12 smartphones that pose the highest security and privacy risks to consumers and corporations was released today by a maker of security software.

The phones, all Android models, on the “Dirty Dozen list compiled by Bit9 of Waltham, Massachusetts are:

In compiling the list, Bit9 researchers looked at three things: the market share of the smartphone, what out-of-date and insecure software the model had running on it and how long it took for the phone to receive updates.

In gathering information for the study, the researchers were astonished by the state of the Android ecosystem. “What was surprising for us was really the extent of the chaos and the fragmentation that exists in the Android ecosystem itself, and the way that the Android smartphones are distributed and more importantly, the way that security updates are done,” Bit9 CTO Harry Sverdlove told PC World.

The researchers found that 56 percent of Android phones in the marketplace today are running out-of-date and insecure versions of the operating system. Buying a new phone doesn’t skirt that problem, either. In some cases, the researchers discovered, phones contained software as much as 300 days old out of the box.

“If there are vulnerabilities and you’re sitting on a phone that hasn’t been updated for six months, that’s an eternity for a hacker,” Sverdlove declares. “All that time, you’re that much more at risk of being infected, of having your personal information stolen, of becoming a victim to some sort of malicious activity.”

Vulnerabilities aren’t what make the “Dirty Dozen” so dirty, Sverdlove notes. “There are vulnerabilities in all software,” he says. “Apple and its iOS has as many vulnerabilities in terms of what’s been reported as does Android.”

“The challenge isn’t so much to create perfect software, but to know the vulnerabilities and, more importantly, to be able to update the software, to be able to respond to them quickly,” he adds.

An advantage that Apple has over Android is that it can push updates to its software to all its smartphones simultaneously, he says. With Android, on the other hand, the manufacturers and carriers are responsible for pushing out updates.

“There’s too many cooks in the kitchen,” he says. “It’s like buying a PC from Dell and expecting Dell and Comcast to be responsible for your Windows updates.”

Sverdlove argued that all the players in the Android universe have to start thinking of smartphones as computers and not handsets. “There has to be some changes made to the ecosystem itself,” he adds. “The manufacturers and carriers have to start relinquishing control of the operating system to the software vendors.”

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.