Malware threats to the mobile operating system have “matured” last year and can no longer be taken lightly, according to a study released last week by Juniper Networks Mobile Threat Center, the mobile security research wing of the U.S.-headquartered networking equipment company.
The ‘2011 mobile threats' report is based on a survey of nearly 0.8 million applications across major mobile device operating systems (OS). It concluded that 2011 was the year when hackers penetrated mobile OS and moved their malware from “proof of concept” phase to “profitability” phase.
There was a 155 per cent percentage point increase during 2011 in overall mobile threats across platforms. This was mainly because of the ‘low barrier of entry.'
Particularly vulnerable was the Android OS, the open mobile platform from Google. In the last seven months of 2011 alone, malware targeting Android jumped 3,325 percentage points. In 2010, malware detected in the Android OS contributed 0.5 per cent of all mobile OS, with a majority of the malware targeting the Nokia Symbian and Java ME platforms. But in 2011, Android accounted for 46.7 per cent of all threats assessed.
Spyware and SMS Trojan comprised the majority of malware targeting mobile devices, at 63 per cent and 36 per cent respectively. A new method of attack dubbed ‘fake installers' was the fastest growing type of malware. These installers trick users into paying for free applications.
The study did not include the Apple iOS platform because of the company's policy not to open its systems for external scrutiny. It, however, said it should not be construed that Apple's OS was safer. Both Apple and Google have repeatedly pulled the ‘kill switch' on some Apps in the recent past.
Challenges ahead
In a telephone conference with The Hindu , Micheal Greco, director (business development) for Asia-Pacific at Juniper Networks, said the scenario had become one where smartphone users would have to take the same level of care as they would with desktop computers in having up-to-date anti-malware applications.
The challenge for mobile security firms like Juniper Networks will be in keeping tab of both the end-points where the applications reside (mobile phones) and the network itself.
“The biggest threat with some of the mobile malware we are tracking is that they don't have any visible impact on operation,” he said. “This is unlike the malware and viruses that most consumers have experienced on gadgets like the desktop computer where often screens go blank or something else happens that blatantly affects the user-experience.”
Mobile handset shipments reached 1.6 billion units last year. Tablet PCs have shipped over 66 million units. Google's Android and Apple's iOS have been the most dominant mobile OS in recent times.
There is a difference in operation when it comes to malware, as compared to desktop computers. A vast majority of devices do not yet deploy any endpoint anti-malware solution. The study notes that this empowered malware writers to simply create a malicious application and post it to an application store. While mobile operating systems of Google and Apple may pull the ‘kill switch' on such Apps periodically, there is still no control over third-party Apps or applications downloaded directly from the web.
The study, apart from recommending smartphone users to install anti-malware applications, also suggests users to utilise password protection, use discretion before installing third-party Apps and also install remote locators that can track, lock, wipe and backup mobile handsets.
