Will 2011 be the year of mobile malware?

While the expert predictions may have yet to fully come true, vendors are preparing for the worst

Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes.

None of those prognostications have really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users -- while generally aware of threats aimed at their desktop computers and laptops -- have a good chance of being caught flat-footed with their mobile phones.

In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 per cent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner. Smartphones are Internet- capable and therefore more vulnerable to attack than other mobile devices.

The threats against those devices are going to come in several categories:

Rogue applications: Marketplaces for mobile applications are becoming increasingly popular for platforms ranging from Apple's iOS and Google's Android to Microsoft's Windows Phone 7 and Symbian. Apple maintains tight control over its App Store, which has helped reduced rogue applications from being offered. But bad applications for other platforms have popped up.

In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions.

The mobile app carried a legitimate signing certificate, which allowed it to be downloaded and installed on devices. The development was particularly disconcerting as many banks are looking at using mobile phones to send one-time passcodes by SMS (Short Message Service) rather than issuing separate devices that can generate the code.

There's little defense from sneaky rogue applications, but users should be generally careful about downloading programs, particularly for platforms where those applications may not be vetted so closely.

Traditional malware: While desktop OSes such as Windows are plagued by malware, there have been far fewer malicious programs aimed at mobile devices as of yet. But researchers have seen applications such as rogue dialers, which will send SMSes to premium-rate numbers owned by the fraudsters. Other threats include worms spread by communication protocols such as Bluetooth.

With the increase in use of tablet computers that use mobile operating system, those devices will also be subject to those same threats. "We do believe that is going to arrive in the next 12 months," said Bradley Anstis, vice president of technical strategy for security vendor M86. Malicious hackers are "lazy people, they will always go after the low-hanging fruit."

Privacy, data collection issues: Mobile applications can also have other privacy-related risks such as collecting, transmitting or storing data. Advertising networks and mobile application developers are often highly interested in metrics around how and where people are using their applications. Data may include information identifying a specific device, with users unaware they are being tracked. Apple, however, allows application developers to collect location information but only as long as users are notified.

Social engineering: Just like on desktops and laptops, fraud doesn't have to involve a technical trick. Phishing -- the practice of using a fake website to trick users into revealing sensitive information -- is as much or more of a threat on mobile devices. People often trust their mobile device more than their computer and are therefore more vulnerable to phishing.

If a person is on a corporate network, phishing sites are usually blocked, Anstis said. But if someone is using a work mobile device over 3G, that connection is not going through a corporate gateway but the operator's network, which may not block those harmful sites. M86 has been developing a browser-based system that would send URLs to its data center for analysis and block malicious ones, Anstis said.

Other companies are also seeing opportunities for new services around mobile devices. Juniper Networks, for example, acquired SMobile Systems in July for US$70 million. SMobile has a laboratory in Columbus, Ohio, that focuses on studying mobile malware, said Amir Khan, business development manager for the U.K. and Ireland.

"The reason we set that up is because we realize the threats in the mobile space are very specific," Khan said. "It's not just that desktop threats have migrated to the mobile world."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymobile securityYEAR END

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?