Malware on smartphones, especially on Android phones exploded in 2011. But is this a trend that continues this year? Yes, assess security experts Kevin Freij and Janus R. Nielsen, co-founders of the security company www.mymobilesecurity.com. They look back on trends and threats in 2011 and give their take on the challenges the security industry and private smartphone users will face in 2012.
2011 was the year when malware on Android phones rose with lightning speed. According to a report by the network producer Juniper the increase was on 472 percent alone between July and November. Especially fake apps, mainly pirated versions of well known apps developed by criminals, have been the main sinner. The fake apps are primarily being downloaded from Android Market or from the Asian and especially Chinese app stores. And many of them have been an expensive acquaintance, because they install viruses on the phone and can drain the user’s account by sending SMS messages to expensive toll numbers. “We have seen an explosive increase compared to 2010 in terms of new apps entering the market and with these come more malware. Hackers have figured out how to find very clever ways to smartphone users mobile accounts, both prepaid and postpaid accounts. This trend will continue because it is a very lucrative market for fraudsters” says Kevin Freij, CEO of MYMobileSecurity, that makes security applications for smartphones. As for malware on iPhones, viruses are not the biggest issue for Apple-users. “The problem is rather the unstable iPhone OS. “iPhone has some problems when updating their systems regularly. When the updates are done we have seen serious security holes appear. There have been various examples on that, I remember one from this summer when one of the biggest newspapers in Denmark hacked up the current Danish Deputy Prime Minister Margrethe Vestager´s iPhone getting access to both her voicemail and emails.”
Fake emails (phishing)
According to a study by the security company Trusteer in January last year, smartphone users are three times more likely to fall for the fake phishing emails than computer users. The fraudsters behind phishing emails try to “fish” passwords and financial data out of the users by pretending to be credible and well-known companies or individuals. People can be more easily fooled on their smartphone because they are constantly “on” and because they answer their emails as soon as they come in. Also the small screen size of the phone makes it difficult to spot a bad link or logo. “The increase in phishing emails and also in fake SMS (smishing) will continue in 2012”, co-founder of MYMobileSecurity Janus R. Nielsen believes. He points out the fact that mobile banking is becoming more and more common. “It is getting still more important, especially for Android users, to have security software installed that can warn against the approximately 500 million links classified as hazardous. “This way you can at least avoid visiting the already known infected sites. The challenge for the mobile security industry will be to develop a technology similar to what exists on computers and which can recognize patterns and thus warn against suspicious but not yet registered hazardous sites. This technology is not yet available for smartphones, but it will be all though this will probably rather happen in 2013 than 2012 “, he says.
Stolen or lost phones
An employee forgetting his phone in a restaurant or somehow letting it fall into the wrong hands, will actually be amongst the biggest security risks for companies next year. Corporate data leakage can potentially end up being a very costly affair. “The attack risk is much bigger on mobile devices than on laptops and there are fewer security controls”, Kevin Freij says. “Apart from the same things you can do on a laptop, you also have other features on a smartphone like location information, camera, voice dialing and SMS channels that are potential ways into the phone. It is still a challenge for the mobile industry to find ways to deal with these new risks and threats”.
Spyware such as CarrierIQ
After the recent discovery of the existence of the program Carrier IQ on most smartphones, the discussion about whether surveillance is acceptable or not has been intense. “There is no doubt that the mobile security industry is still not defined. None of the mobile anti-virus firms in the market discovered CarrierIQ. Security firms simply do not look after those type of activities – yet, “says Kevin Freij. “We know that a combined approach of different functions working together is the best way to achieve the highest level of security on a mobile today. If you add antivirus, theft protection, backup, network monitoring, safe surfing, app security management and more, you will reach a higher security level than just having an antivirus. However, that does not solve the CarrierIQ issue right now, but the security industry works continuously towards developing new technologies, and hopefully we will be able to track that kind of programs in the future”, he says.
QR bar codes and viruses
In 2011 we saw the first mobile QR barcode – the codes that is scanned by the camera on the phone – spreading viruses. It was a Trojan virus that sent text messages to an expensive toll number. Janus R. Nielsen believes that 2012 we bring more examples of fake QR codes, but the threat will not be overwhelming. “There are certainly more of these examples to come – the more users of QR codes, the more hackers. But as long as you have a security program installed that warns against unsafe links and URL´s, this should be a manageable problem.”
Mobile banking and transactions
Bank apps had a breakthrough among the private smartphone users in 2011. “We see a huge demand for mobile banking applications that provide full access to the user’s bank accounts. Most of the apps are very safe, but if you use mobile banking, it is wise also to have some kind of security software installed.” Kevin Freij says. He estimates that the biggest risk with mobile banking can be found in cases where banks send a code via SMS to the mobile phone so that the user can enter the code to confirm that it is the right person logged in. “The code can be easily intercepted if a spyware program is installed on the mobile. And if that is the case, the user is usually unaware of it unless the security software has spotted it. Another good tip is to check your account statements regularly so you are sure that no unpleasant surprises appear”, he says.
For more information contact:
Stine Mynster, PR Manager
Mobile: 0034 699403895