According to a recent report by McAfee Labs, Android smartphone users are now the sole target of mobile malware writers as of the third quarter of 2011. Now keep in mind that there are still many threats for every smartphone type. The McAfee report just indicates that all new development activity for the 3rd Quarter was centered on Android.
And this doesn’t necessarily mean that the Android platform is no longer safe for business use. It is more of a reflection of the fact that the massive popularity and explosive growth of the Android operating system has made it an extremely attractive bull’s eye for cybercriminals to focus on.
Mobile malware threats are based on the same basic principles of the traditional PC virus and spyware infections. The goal for the attacker is to gain access to a smartphone device in order to either collect data for later use or to gain control of the device. Either of these could result in exposure of sensitive business data.
Mobile malware can take many forms so it is important for business managers to understand what impact they can have on operations and costs. Here is a sample of some of the most common mobile attacks:
-
SMS Trojans like Android/HippoSMS sign victims up to premium SMS (text or instant messaging) paid subscriptions services. These automated message services result in additional phone charges by sending SMS messages to a hard-coded toll number. The attacker pockets the money from these fees while the user unknowingly receives the charges on their mobile phone bill. Typically the infection goes one step further in that it can be set to also automatically delete all incoming subscription confirmation messages received so that the victim remains unaware of the activity and the attacker continues to make more money.
-
The Android/PJApp family collects sensitive device information such as IMEI, IMSI, SIM data. These are ID numbers which are used to identify the phone or device to the carrier network (Verizon, AT&T, etc.). So for example if you were on the Verizon network and the attacker had your ID, they could then copy that ID onto another phone and trick the Verizon network into thinking they had a legitimate subscription. The attacker could then place calls, download paid applications, use premium subscriptions or services all on the victim’s dime.
-
Malware such as Android/NickiSpy.A has a relatively new method of stealing information in which the infection is able to record user conversations and forward them to the attacker. This is a much more involved process for the attacker in that the audio recordings have to be individually reviewed in order to collect any data. But the information gathered could be much more valuable in some circumstances.
-
The Android/DroidDeluxe families try to gain root access (high level access) in order to read system files such as emails, contacts, and the SMS database (texts, instant messages) in order to collect sensitive information.
For business managers these threats are very real and can have a substantial impact on finances and operations. But there are some easy steps to take that can reduce exposure and the risk of loss:
-
Be diligent in reviewing monthly mobile phone statements to look for any unauthorized subscription or usage fees. Report any suspicious activity to your mobile provider immediately.
-
Invest in mobile security software such as Trend Micro Security or other legitimate service.
-
Partner with an IT Support Provider that can monitor and protect mobile devices.
-
Disable the Wi-Fi auto-connect option on mobile devices or use an application to allow only known safe Wi-Fi hotspots (see Y5 Battery Saver by Polidea Lab).
-
Pay attention to device performance when accessing sensitive portals or sites. A significant performance drop off can be a signal of malicious activity in the background.
-
Enable the 4-digit security pin that allows access on mobile devices. For most Android devices this option can be found under Settings / Location and Security Settings.
-
Immediately report any lost devices to both financial institutions and phone carriers.
